Edit tour

Windows Analysis Report
WiJVUxlOHs.exe

Overview

General Information

Sample name:	WiJVUxlOHs.exe renamed because original name is a hash value
Original sample name:	1ef8f4b15672104cf11d5b0aff138464.exe
Analysis ID:	1501453
MD5:	1ef8f4b15672104cf11d5b0aff138464
SHA1:	f0441c53f8817386ee5f63532a13c168669c90f2
SHA256:	c0c7a64abcfa82be148050cddc9df53967c4072ee0871528bc86971b486a3053
Tags:	DCRatexe
Infos:

Detection

DCRat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Schedule system process

Suricata IDS alerts for network traffic

Yara detected DCRat

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

AI detected suspicious sample

Creates processes via WMI

Drops PE files with benign system names

Drops executables to the windows directory (C:\Windows) and starts them

Machine Learning detection for dropped file

Machine Learning detection for sample

Sigma detected: Execution from Suspicious Folder

Sigma detected: Files With System Process Name In Unsuspected Locations

Sigma detected: System File Execution Location Anomaly

Uses schtasks.exe or at.exe to add and modify task schedules

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Process Start Locations

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

WiJVUxlOHs.exe (PID: 7296 cmdline: "C:\Users\user\Desktop\WiJVUxlOHs.exe" MD5: 1EF8F4B15672104CF11D5B0AFF138464)

schtasks.exe (PID: 7356 cmdline: schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7372 cmdline: schtasks.exe /create /tn "backgroundTaskHost" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7388 cmdline: schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7404 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 8 /tr "'C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7420 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7444 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 9 /tr "'C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7476 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 6 /tr "'C:\Recovery\hVZrtkHODdjkrqRpmkkd.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7504 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Recovery\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7524 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 13 /tr "'C:\Recovery\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7548 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 11 /tr "'C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7576 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7592 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 8 /tr "'C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7620 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7664 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7680 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 6 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7700 cmdline: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 13 /tr "'C:\Users\Default\PrintHood\dllhost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7716 cmdline: schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Users\Default\PrintHood\dllhost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7736 cmdline: schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 7 /tr "'C:\Users\Default\PrintHood\dllhost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7752 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7768 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7784 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 6 /tr "'C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7828 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7848 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7868 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7920 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 5 /tr "'C:\Users\All Users\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7936 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Users\All Users\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7972 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 8 /tr "'C:\Users\All Users\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7992 cmdline: schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 9 /tr "'C:\Recovery\spoolsv.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 8008 cmdline: schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Recovery\spoolsv.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 8028 cmdline: schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 7 /tr "'C:\Recovery\spoolsv.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 8048 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 12 /tr "'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 8072 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 8096 cmdline: schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 11 /tr "'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

backgroundTaskHost.exe (PID: 7436 cmdline: "C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe" MD5: 1EF8F4B15672104CF11D5B0AFF138464)

backgroundTaskHost.exe (PID: 7460 cmdline: "C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe" MD5: 1EF8F4B15672104CF11D5B0AFF138464)

hVZrtkHODdjkrqRpmkkd.exe (PID: 7488 cmdline: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe MD5: 1EF8F4B15672104CF11D5B0AFF138464)

dllhost.exe (PID: 8056 cmdline: C:\Users\Default\PrintHood\dllhost.exe MD5: 1EF8F4B15672104CF11D5B0AFF138464)

dllhost.exe (PID: 8080 cmdline: C:\Users\Default\PrintHood\dllhost.exe MD5: 1EF8F4B15672104CF11D5B0AFF138464)

hVZrtkHODdjkrqRpmkkd.exe (PID: 8108 cmdline: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe MD5: 1EF8F4B15672104CF11D5B0AFF138464)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://axmahr.github.io/posts/asyncrat-detection/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"R\":\"#\",\"i\":\"(\",\"W\":\"_\",\"C\":\"~\",\"0\":\",\",\"J\":\")\",\"L\":\"-\",\"o\":\"*\",\"X\":\"@\",\"N\":\"<\",\"V\":\"!\",\"T\":\"%\",\"S\":\" \",\"m\":\"|\",\"H\":\"`\",\"l\":\"&\",\"b\":\">\",\"A\":\";\",\"d\":\".\",\"n\":\"$\",\"9\":\"^\"}", "PCRT": "{\"L\":\"%\",\"F\":\"~\",\"E\":\".\",\"J\":\")\",\"B\":\";\",\"T\":\",\",\"U\":\"(\",\"x\":\">\",\"1\":\"!\",\"V\":\"&\",\"D\":\"@\",\"K\":\" \",\"t\":\"*\",\"R\":\"<\",\"Q\":\"$\",\"O\":\"`\",\"a\":\"|\",\"y\":\"_\",\"N\":\"#\",\"l\":\"^\",\"0\":\"-\"}", "TAG": "", "MUTEX": "DCR_MUTEX-IaTdVZVI7fGbUF3pt8W3", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000008.00000002.1768888703.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000025.00000002.1769633590.0000000002620000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000000A.00000002.1770226487.0000000002C71000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000027.00000002.1774435066.0000000002CBF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000027.00000002.1774435066.0000000002C81000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000023.00000002.1778315356.00000000032F1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.1684781297.000000000296D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000025.00000002.1769633590.00000000025E1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.1684781297.0000000002551000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000008.00000002.1768888703.0000000002B21000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000006.00000002.1768870855.0000000002591000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.1687435120.000000001255F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: WiJVUxlOHs.exe PID: 7296	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: backgroundTaskHost.exe PID: 7436	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: backgroundTaskHost.exe PID: 7460	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: hVZrtkHODdjkrqRpmkkd.exe PID: 7488	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: dllhost.exe PID: 8056	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: dllhost.exe PID: 8080	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: hVZrtkHODdjkrqRpmkkd.exe PID: 8108	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Click to see the 14 entries

Sigma Signatures

System Summary

Sigma detected: Execution from Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe, CommandLine: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe, NewProcessName: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe, OriginalFileName: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe, ProcessId: 7488, ProcessName: hVZrtkHODdjkrqRpmkkd.exe

Sigma detected: Files With System Process Name In Unsuspected Locations

Source: File created

Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\WiJVUxlOHs.exe, ProcessId: 7296, TargetFilename: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe

Sigma detected: System File Execution Location Anomaly

Source: Process started

Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: C:\Users\Default\PrintHood\dllhost.exe, CommandLine: C:\Users\Default\PrintHood\dllhost.exe, CommandLine|base64offset|contains: , Image: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe, NewProcessName: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe, OriginalFileName: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\Default\PrintHood\dllhost.exe, ProcessId: 8056, ProcessName: dllhost.exe

Sigma detected: Suspicious Process Start Locations

Source: Process started

Author: juju4, Jonhnathan Ribeiro, oscd.community: Data: Command: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe, CommandLine: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe, NewProcessName: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe, OriginalFileName: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe, ProcessId: 7488, ProcessName: hVZrtkHODdjkrqRpmkkd.exe

Persistence and Installation Behavior

Sigma detected: Schedule system process

Source: Process started

Author: Joe Security: Data: Command: schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe'" /f, CommandLine: schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\WiJVUxlOHs.exe", ParentImage: C:\Users\user\Desktop\WiJVUxlOHs.exe, ParentProcessId: 7296, ParentProcessName: WiJVUxlOHs.exe, ProcessCommandLine: schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe'" /f, ProcessId: 7356, ProcessName: schtasks.exe

Suricata Signatures

ET MALWARE DCRAT Activity (GET) - Source IP: 192.168.2.4 - Destination IP: 141.8.193.236

Timestamp:	2024-08-29T23:47:02.053099+0200
SID:	2034194
Severity:	1
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: WiJVUxlOHs.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Recovery\spoolsv.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984

Found malware configuration

Source: 00000000.00000002.1687435120.000000001255F000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: DCRat {"SCRT": "{\"R\":\"#\",\"i\":\"(\",\"W\":\"_\",\"C\":\"~\",\"0\":\",\",\"J\":\")\",\"L\":\"-\",\"o\":\"*\",\"X\":\"@\",\"N\":\"<\",\"V\":\"!\",\"T\":\"%\",\"S\":\" \",\"m\":\"|\",\"H\":\"`\",\"l\":\"&\",\"b\":\">\",\"A\":\";\",\"d\":\".\",\"n\":\"$\",\"9\":\"^\"}", "PCRT": "{\"L\":\"%\",\"F\":\"~\",\"E\":\".\",\"J\":\")\",\"B\":\";\",\"T\":\",\",\"U\":\"(\",\"x\":\">\",\"1\":\"!\",\"V\":\"&\",\"D\":\"@\",\"K\":\" \",\"t\":\"*\",\"R\":\"<\",\"Q\":\"$\",\"O\":\"`\",\"a\":\"|\",\"y\":\"_\",\"N\":\"#\",\"l\":\"^\",\"0\":\"-\"}", "TAG": "", "MUTEX": "DCR_MUTEX-IaTdVZVI7fGbUF3pt8W3", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false}

Multi AV Scanner detection for dropped file

Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	ReversingLabs: Detection: 84%
Source: C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe	ReversingLabs: Detection: 84%
Source: C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe	ReversingLabs: Detection: 84%
Source: C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe	ReversingLabs: Detection: 84%
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	ReversingLabs: Detection: 84%
Source: C:\Program Files\Windows Sidebar\hVZrtkHODdjkrqRpmkkd.exe	ReversingLabs: Detection: 84%
Source: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe	ReversingLabs: Detection: 84%
Source: C:\Recovery\hVZrtkHODdjkrqRpmkkd.exe	ReversingLabs: Detection: 84%
Source: C:\Recovery\spoolsv.exe	ReversingLabs: Detection: 84%
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	ReversingLabs: Detection: 84%
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	ReversingLabs: Detection: 84%
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	ReversingLabs: Detection: 84%
Source: C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe	ReversingLabs: Detection: 84%

Multi AV Scanner detection for submitted file

Source: WiJVUxlOHs.exe

ReversingLabs: Detection: 84%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Recovery\spoolsv.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Joe Sandbox ML: detected
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: WiJVUxlOHs.exe

Joe Sandbox ML: detected

Source: WiJVUxlOHs.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows Portable Devices\eddb19405b7ce1	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows NT\TableTextService\en-US\13a54417f66e9d	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows NT\13a54417f66e9d	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows Media Player\13a54417f66e9d	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows Sidebar\hVZrtkHODdjkrqRpmkkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows Sidebar\13a54417f66e9d	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\13a54417f66e9d	Jump to behavior

Source: WiJVUxlOHs.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.4:49730 -> 141.8.193.236:80

Source: WiJVUxlOHs.exe, 00000000.00000002.1684781297.000000000296D000.00000004.00000800.00020000.00000000.sdmp

String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Fonts\13a54417f66e9d	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Provisioning\13a54417f66e9d	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\13a54417f66e9d	Jump to behavior

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Code function: 0_2_00007FFD9B8A34C5	0_2_00007FFD9B8A34C5
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Code function: 0_2_00007FFD9B8A9D47	0_2_00007FFD9B8A9D47
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 6_2_00007FFD9B88331F	6_2_00007FFD9B88331F
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 6_2_00007FFD9B88A9AD	6_2_00007FFD9B88A9AD
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 6_2_00007FFD9B88CFC8	6_2_00007FFD9B88CFC8
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 6_2_00007FFD9B88AE1D	6_2_00007FFD9B88AE1D
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 6_2_00007FFD9B889F41	6_2_00007FFD9B889F41
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 6_2_00007FFD9B889D47	6_2_00007FFD9B889D47
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 6_2_00007FFD9B88AE1D	6_2_00007FFD9B88AE1D
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 6_2_00007FFD9B889D47	6_2_00007FFD9B889D47
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 6_2_00007FFD9B88E4A0	6_2_00007FFD9B88E4A0
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 8_2_00007FFD9B8B34C5	8_2_00007FFD9B8B34C5
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 8_2_00007FFD9B8B9D47	8_2_00007FFD9B8B9D47
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Code function: 10_2_00007FFD9B8B34C5	10_2_00007FFD9B8B34C5
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 35_2_00007FFD9B8734C5	35_2_00007FFD9B8734C5
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 35_2_00007FFD9B8824AB	35_2_00007FFD9B8824AB
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 35_2_00007FFD9B881F19	35_2_00007FFD9B881F19
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 37_2_00007FFD9B87331F	37_2_00007FFD9B87331F
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 37_2_00007FFD9B87A9AD	37_2_00007FFD9B87A9AD
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 37_2_00007FFD9B879D47	37_2_00007FFD9B879D47
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 37_2_00007FFD9B87AFA0	37_2_00007FFD9B87AFA0
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 37_2_00007FFD9B879F41	37_2_00007FFD9B879F41
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 37_2_00007FFD9B879D47	37_2_00007FFD9B879D47
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 37_2_00007FFD9B87AE1D	37_2_00007FFD9B87AE1D
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 37_2_00007FFD9B87E4A0	37_2_00007FFD9B87E4A0
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Code function: 39_2_00007FFD9B8A34C5	39_2_00007FFD9B8A34C5

Source: WiJVUxlOHs.exe	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: hVZrtkHODdjkrqRpmkkd.exe.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: hVZrtkHODdjkrqRpmkkd.exe0.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: spoolsv.exe.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: hVZrtkHODdjkrqRpmkkd.exe1.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970

Source: WiJVUxlOHs.exe, 00000000.00000002.1694787541.000000001AFB0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs WiJVUxlOHs.exe
Source: WiJVUxlOHs.exe, 00000000.00000002.1694716818.000000001AF80000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs WiJVUxlOHs.exe
Source: WiJVUxlOHs.exe, 00000000.00000002.1684781297.0000000002551000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename( vs WiJVUxlOHs.exe
Source: WiJVUxlOHs.exe, 00000000.00000002.1684781297.0000000002551000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameFileSearcher.dclib4 vs WiJVUxlOHs.exe
Source: WiJVUxlOHs.exe, 00000000.00000002.1694604943.000000001AF60000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename$ vs WiJVUxlOHs.exe
Source: WiJVUxlOHs.exe, 00000000.00000002.1694768881.000000001AFA0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameFileSearcher.dclib4 vs WiJVUxlOHs.exe
Source: WiJVUxlOHs.exe, 00000000.00000000.1642614654.00000000002B0000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs WiJVUxlOHs.exe
Source: WiJVUxlOHs.exe, 00000000.00000002.1687435120.000000001255F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename$ vs WiJVUxlOHs.exe
Source: WiJVUxlOHs.exe	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs WiJVUxlOHs.exe

Source: WiJVUxlOHs.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: WiJVUxlOHs.exe, Oda2rNA1ZDMK6n5Jtdo.cs	Cryptographic APIs: 'CreateDecryptor'
Source: WiJVUxlOHs.exe, Oda2rNA1ZDMK6n5Jtdo.cs	Cryptographic APIs: 'CreateDecryptor'
Source: WiJVUxlOHs.exe, bVv5EMKBL2cSXJFR5HI.cs	Cryptographic APIs: 'TransformBlock'
Source: WiJVUxlOHs.exe, bVv5EMKBL2cSXJFR5HI.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@41/42@0/0

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe

File created: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe

Jump to behavior

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe

File created: C:\Users\Default\PrintHood\dllhost.exe

Jump to behavior

Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\0f06b5b4640a9ddbb24239d6e71f44b92dc153b8

Source: WiJVUxlOHs.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: WiJVUxlOHs.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: WiJVUxlOHs.exe

ReversingLabs: Detection: 84%

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe

File read: C:\Users\user\Desktop\WiJVUxlOHs.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\WiJVUxlOHs.exe "C:\Users\user\Desktop\WiJVUxlOHs.exe"
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe'" /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "backgroundTaskHost" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 8 /tr "'C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe'" /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe "C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe"
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 9 /tr "'C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe "C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe"
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 6 /tr "'C:\Recovery\hVZrtkHODdjkrqRpmkkd.exe'" /f
Source: unknown	Process created: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Recovery\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 13 /tr "'C:\Recovery\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 11 /tr "'C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe'" /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 8 /tr "'C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe'" /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 6 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 13 /tr "'C:\Users\Default\PrintHood\dllhost.exe'" /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Users\Default\PrintHood\dllhost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 7 /tr "'C:\Users\Default\PrintHood\dllhost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe'" /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 6 /tr "'C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe'" /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 5 /tr "'C:\Users\All Users\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe'" /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Users\All Users\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 8 /tr "'C:\Users\All Users\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 9 /tr "'C:\Recovery\spoolsv.exe'" /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Recovery\spoolsv.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 7 /tr "'C:\Recovery\spoolsv.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 12 /tr "'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe'" /f
Source: unknown	Process created: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe C:\Users\Default\PrintHood\dllhost.exe
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe C:\Users\Default\PrintHood\dllhost.exe
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 11 /tr "'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: mscoree.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: apphelp.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: version.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: uxtheme.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: windows.storage.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: wldp.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: profapi.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: cryptsp.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: rsaenh.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: cryptbase.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: mscoree.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: version.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: uxtheme.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: windows.storage.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: wldp.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: profapi.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: cryptsp.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: rsaenh.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: cryptbase.dll
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: mscoree.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: apphelp.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: version.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: wldp.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: profapi.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Section loaded: sspicli.dll

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows Portable Devices\eddb19405b7ce1	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows NT\TableTextService\en-US\13a54417f66e9d	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows NT\13a54417f66e9d	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows Media Player\13a54417f66e9d	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows Sidebar\hVZrtkHODdjkrqRpmkkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Windows Sidebar\13a54417f66e9d	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\13a54417f66e9d	Jump to behavior

Source: WiJVUxlOHs.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: WiJVUxlOHs.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: WiJVUxlOHs.exe

Static file information: File size 1231872 > 1048576

Source: WiJVUxlOHs.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x129200

Source: WiJVUxlOHs.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: WiJVUxlOHs.exe, Oda2rNA1ZDMK6n5Jtdo.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: WiJVUxlOHs.exe, qxOf8WTkec4nGEdJmNm.cs	.Net Code: D2jlg8BdZj System.AppDomain.Load(byte[])
Source: WiJVUxlOHs.exe, qxOf8WTkec4nGEdJmNm.cs	.Net Code: D2jlg8BdZj System.Reflection.Assembly.Load(byte[])
Source: WiJVUxlOHs.exe, qxOf8WTkec4nGEdJmNm.cs	.Net Code: D2jlg8BdZj

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Code function: 0_2_00007FFD9B8A2BE8 pushad ; retf	0_2_00007FFD9B8A2BF1
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Code function: 0_2_00007FFD9B8A2B88 pushad ; retf	0_2_00007FFD9B8A2BF1
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Code function: 0_2_00007FFD9B8A2BD8 pushad ; retf	0_2_00007FFD9B8A2BF1
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Code function: 0_2_00007FFD9B8A2BC8 pushad ; retf	0_2_00007FFD9B8A2BF1
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 6_2_00007FFD9B882BE8 pushad ; retf	6_2_00007FFD9B882BF1
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 6_2_00007FFD9B882B88 pushad ; retf	6_2_00007FFD9B882BF1
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 6_2_00007FFD9B882BD8 pushad ; retf	6_2_00007FFD9B882BF1
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 6_2_00007FFD9B882BC8 pushad ; retf	6_2_00007FFD9B882BF1
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 8_2_00007FFD9B8B2BE8 pushad ; retf	8_2_00007FFD9B8B2BF1
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 8_2_00007FFD9B8B2B88 pushad ; retf	8_2_00007FFD9B8B2BF1
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 8_2_00007FFD9B8B2BD8 pushad ; retf	8_2_00007FFD9B8B2BF1
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Code function: 8_2_00007FFD9B8B2BC8 pushad ; retf	8_2_00007FFD9B8B2BF1
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Code function: 10_2_00007FFD9B8B2B74 pushad ; retf	10_2_00007FFD9B8B2BF1
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 35_2_00007FFD9B872B74 pushad ; retf	35_2_00007FFD9B872BF1
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 37_2_00007FFD9B872BE8 pushad ; retf	37_2_00007FFD9B872BF1
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 37_2_00007FFD9B872B88 pushad ; retf	37_2_00007FFD9B872BF1
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 37_2_00007FFD9B872BD8 pushad ; retf	37_2_00007FFD9B872BF1
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Code function: 37_2_00007FFD9B872BC8 pushad ; retf	37_2_00007FFD9B872BF1
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Code function: 39_2_00007FFD9B8A2B74 pushad ; retf	39_2_00007FFD9B8A2BF1

Source: WiJVUxlOHs.exe	Static PE information: section name: .text entropy: 6.956387099644467
Source: hVZrtkHODdjkrqRpmkkd.exe.0.dr	Static PE information: section name: .text entropy: 6.956387099644467
Source: hVZrtkHODdjkrqRpmkkd.exe0.0.dr	Static PE information: section name: .text entropy: 6.956387099644467
Source: spoolsv.exe.0.dr	Static PE information: section name: .text entropy: 6.956387099644467
Source: hVZrtkHODdjkrqRpmkkd.exe1.0.dr	Static PE information: section name: .text entropy: 6.956387099644467

Source: WiJVUxlOHs.exe, Jp5BwYHgZSSKDPljLoo.cs	High entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'RfVfibNtbnFn8MGXT7K', 'e5LdqhNlu1tX0DtglAh', 'Rj3Cv2Nma5vuay3qL5u', 'WVXuysNuG0PCel0cZHm', 'pNlYfkN8pftB6HsGdnA', 'j9Khr7NfdXF5l3S0Hrl'
Source: WiJVUxlOHs.exe, f5dh7f6P3pWjv4dQvO.cs	High entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'w3mrwmF82AmnWcecl19', 'hK8AqXFf9LReNfAKMu1', 'HkitDsFq0lnS0jgtX9C', 'sJIsQPFhc6rwjaamGP0', 'AmHHq8F6SibDQuebBep', 'xV0v9sFIwd12swngxND'
Source: WiJVUxlOHs.exe, ekVi3HlgQNNvdnqEFWN.cs	High entropy of concatenated method names: 'qlsuLSg9JT', 'SbhuhXvqBo', 'iFAuXBJyY9', 'BPou6cufCd', 'nJsMjmSpBXL3pK5kpvl', 'R0WryiSi7JcyiJJoQgY', 'k29p5kSwWPnqxym3gyG', 'KJiUg9SPiXUI6TlPYKF', 'V33LRISdbTgap1IoUJD', 'Hup7Y2Sg6OTBG7TnQoq'
Source: WiJVUxlOHs.exe, DePPJxTBDMT2FMLIb24.cs	High entropy of concatenated method names: 'hGbTp7MrAG', 'chHTSh8K4v', 'nwGT0roAuu', 'TStJQZUdoopf1Yubw18', 'AacTTQUpxyhQuT0GriT', 'b7eXnVUix4OxFuHSEZN', 'gGtZTMUwjGV6gxU8njY', 'Ks6GB8UgR785CGsgebZ', 'oUw58JUGf14nGcsu5Mw', 'M1BY59U2MhNr6NOJSRT'
Source: WiJVUxlOHs.exe, cPdMP6FwxkAsTOQxQH.cs	High entropy of concatenated method names: 'U4msWEN12', 'FpFpyTcGO', 'v84SmZnej', 'LPI03ZjsH', 'E9Bngeo0T', 't1jfRdnJ5', 'BAbiRJylR', 'osZj63JB21SuabHcoj1', 'OVIuh8JRm0tFbSwgZqB', 'nv6gGSJ98FU7hHhu6Wv'
Source: WiJVUxlOHs.exe, qxOf8WTkec4nGEdJmNm.cs	High entropy of concatenated method names: 'YoelmEYCjG', 'YhnlosgwQZ', 'CMOltNwyxp', 'vyUlqOZXkP', 'kJllJbWCD7', 'Bqel7vuYSJ', 'cRol3PhXML', 'Rtq0Jj1ewHlwlpy3oEZ', 'gJCsIS1ELgnOvZgBXTu', 'BghPG81AZ8i9sGo2jrl'
Source: WiJVUxlOHs.exe, i1JVRXlNE5DPRbZ0yaI.cs	High entropy of concatenated method names: 'EZruoA3k48', 'rSGutRCNv1', 'qGLuqD6Nsc', 'sg1SmmSLgfFHCs6F1nu', 'q86YtKS5WtB40hPEAMv', 'UVS5TBS1d8IeQ8jC3b1', 'GpP0PXSHkZCTPOos1aG', 'DZWu2nQOdD', 'EX0uVNICPT', 'xrYu8jlJd0'
Source: WiJVUxlOHs.exe, QOqYeKeyg0a3Hkr7dEX.cs	High entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
Source: WiJVUxlOHs.exe, sWgwJr5pZuDweGmaCL.cs	High entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'VmxtjIaCLxaAy1mqSis', 'NgSEy1aTVIqxwG99wh8', 'Jo5QTmaYc7M7Bjd6LNV', 'J5vIkhakCNXBmkGlQmP', 'd0rqLba0Die6d5e7NpM', 'jaB1G6aWE1EcKysiFJT'
Source: WiJVUxlOHs.exe, hxEnH0cOrXAnLvTfB5O.cs	High entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
Source: WiJVUxlOHs.exe, lONwyxHIpFyUOZXkPjJ.cs	High entropy of concatenated method names: 'yZuTHDweGm', 'qCLTTayut7', 'PisTlNSJkx', 'N7ZAck9yIqB995iq46x', 'dQdCB39Qu10Sk9twPHK', 'qgP3ZL9IdfVgOU5w0nD', 'AcNrci9O12XY3k2VLKC', 'zryY7E9Cji8olfn2Oj1', 'KqqBFg9TFBpDKsJuDbo', 'OvSBSu9Y7hGj6mMjnxZ'
Source: WiJVUxlOHs.exe, ODtab4HQ5XqHu63A6kG.cs	High entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'wOsrRZBiVDOvQQHSZK9', 'afJTKhBwgKd3mjkRAFV', 'M2ic4dBgCK0LecCIp1f', 'inXFPMBGYR8darQ3sqk', 'EeXfIvBtilgaBNZP1qx', 'gIkwKEBlTcFBVeklNgy'
Source: WiJVUxlOHs.exe, mdCSbITDM82yW9SusQh.cs	High entropy of concatenated method names: 'ItbKu5PsWU', 'yqTKkY5Qbw', 'afJsQenTDm2YUtBuo2B', 'iBxXQQnYfMQFE6cMb49', 'BPyIbNnQu4bqme4D6Gt', 'JpbVCWnCPUrlyWfXZAl', 'h5FK8KOdXF', 'ICTaxbsMeppo9d2yNrB', 'TOkOpJsJGR8TEXPCev5', 'CIDUiQnWudp0ne5U3MQ'
Source: WiJVUxlOHs.exe, dThihbcEr07WFqRwaZL.cs	High entropy of concatenated method names: 'OwnpnmyUPL', 'ElspfdV9N3', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'UUepiVPtiL', '_5f9', 'A6Y'
Source: WiJVUxlOHs.exe, nK8i6MHfdVMfxhXifQB.cs	High entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'DDre5vRwJXNIg5bNr1l', 'aC716RRgAc9oIANkotQ', 'om48RpRGV6xu8rFW2X3', 'xEBoqJRt3PhfxatU5au', 'kvaoPuRlcm4uUhorpOE', 'qxEa3LRmto7Gbs4wQ3T'
Source: WiJVUxlOHs.exe, FTtRa2HpQ1FWohYikef.cs	High entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'mGqdnoBhF4E2e5OVufK', 'VhLgvWB63lAdYUor4rB', 'N0U1g1BIjTm32UsE9aW', 'X0ZV1cBODmZCi5BqNUn', 'IVg6bNByc2MuqwVDk6e', 'WkGeHABQhF9uS5gnntE'
Source: WiJVUxlOHs.exe, qOHWOmlz4Qa4HRwVJB7.cs	High entropy of concatenated method names: 'InXNnS2a7U', 'LuBNfCuOux', 'm3eNi4xSSg', 'gThoQqem45mTYIpnduT', 'IwfLajeuOJSwkaOUe1s', 'TifIyuetGh3aCqjd0GW', 'UFnqu6elMwbOiV8eTuh', 'GglS6se8tLurpjcvSJR', 'DUjEBuefOmwFTwxwNTp', 'nGRUfveqZUIrMNvZBQm'
Source: WiJVUxlOHs.exe, WVEV9qctq37hcC4p25j.cs	High entropy of concatenated method names: 'SBapBK4wFt', 'GRVXxcgkwUZcVMIigZG', 'q4RRThgTfV3XSOFIc6y', 'JheDJ7gYxU2s9KAdS4Q', 'vGUsaRg0SBHQ67xhAfB', 'tm89kkgWuQQvGqMjLN5', 'QHDTtugzPqlGdugIhuv'
Source: WiJVUxlOHs.exe, Oda2rNA1ZDMK6n5Jtdo.cs	High entropy of concatenated method names: 'WVsECAq3IZGNE04CaIq', 'd3rpQfqXAaLDBclsH7g', 'GA9EV2qe12n0BJSKwRd', 'nXAQ40qxytkitQGl9pm', 'D5Xrg1v7o2', 'k8TF62qZVXSd0asDBU1', 'qSK4dpq2w6CNf3432tG', 'b9LctLqP1q1WvemDOYA', 'vQOiB9qdWIVvgTEcpXu', 'LxlbuiqpNj1O55sPZlw'
Source: WiJVUxlOHs.exe, TwQrEfA49gyaSQiHN8.cs	High entropy of concatenated method names: 'wrE1f49gy', 'O27eWgd7vykIuooJQo', 'Y10ZyC2Bi1FQOqMY4N', 'nCpWTlP1QlOBjyv6ON', 'HndM29pZDN6i0KfRLV', 'e8OL1niOWh6IxIscvg', 'gyhThTZKE', 'tnjlAbjtk', 'YmEeUStvy', 'z2Nc2GQrV'
Source: WiJVUxlOHs.exe, rR58t5HEiuTG0Qm5aic.cs	High entropy of concatenated method names: 'OBPTFctk6d', 'GcoTQyFcbF', 'uxMTsUjxwc', 'ffdWr4UomcA5638emoN', 'LqJwSvUR0ryEUFIQmm5', 'NrvH7eU9m1GSdJmtRHP', 'J3D8FBUUCfo3U4iYGQJ', 'iFy7uAU5ZQnHZARn7Cx', 'LgIwPBU1nQLvseoYY8t', 'NbbWk9ULrIUtA0Gbg1C'
Source: WiJVUxlOHs.exe, IO8J9bKQ3A9WLRjQjYb.cs	High entropy of concatenated method names: 'IGD', 'CV5', 'UUcSsvyDGF', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
Source: WiJVUxlOHs.exe, I7AEjvHc0G7mV6j7YFV.cs	High entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'gBFQ0dbq3KGKl5FQYid', 'bCBtsVbhOKi0mT2j20O', 'A0o1NZb6g86mtfUyQQ7', 'Rs31rsbI1Uq1ETbGflC', 'MNWwL0bOqQjadZPJXkA', 'YvHaZxbyE2Iafas0rTu'
Source: WiJVUxlOHs.exe, rD1y39KKgMRhLOnjFjj.cs	High entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
Source: WiJVUxlOHs.exe, Ba0lqhRi16TwgMkLba.cs	High entropy of concatenated method names: '_88Z', 'YZ8', 'ffV', 'G9C', 'jEg76YafB1AQsNqIYx3', 'txoVQfaqyRiZVcLmieK', 'OTw1mQah2Rl5KdBRpM5', 'ukgsS8a6UwTth6g9WnV', 'KrvbPeaIKpBoygCajeF', 'Oo6e61aOt3po0ElOfBO'
Source: WiJVUxlOHs.exe, IniMygDrExcAjjadEv.cs	High entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'F5xOJlvYXrweaGPyanb', 'HWFvBAvkptpWZqCH9yp', 'sAWIelv0aDOhAhotwOQ', 'za9V9OvWIT7F2pPAwBh', 'SvCZnLvz9viCkQVp724', 'QLUJu8FMXRQCAC8sYHj'
Source: WiJVUxlOHs.exe, nBD9WhTTZNi6VTR3pfY.cs	High entropy of concatenated method names: 'yfoT4i7osr', 'dQvTd9kJe8', 'cLnTx3xFLG', 'VpoTvojDP7', 'mOnTObhRRf', 'tcLTbEi320', 'jbiKfv5nasS5JNAIIhS', 'o6Bcpg5sZIB96wwfH9O', 'BDRMpF5c5cDex4RNAip', 'UB8HjN5rwR1W8enOMPc'
Source: WiJVUxlOHs.exe, AG0Rk5KprmQeKYucqn8.cs	High entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
Source: WiJVUxlOHs.exe, knUPRaKrkUChRgtqobM.cs	High entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'R200pHm5lX', 'fuy0SjMwkl', 'dJ700sWKW9', 'FQt0nKhV9x', 'iDg0fXQt0N', 's0V0iUpwX8', 'yr5eEsugdvdJXdJ8Uky'
Source: WiJVUxlOHs.exe, Ow0FZWlVQgdKc6YdAV2.cs	High entropy of concatenated method names: 'GjludLbL3v', 'xQbuxutKVr', 'UGduvOqYeK', 'Whk1swSqqDURpcyH8m5', 'fqfjWLShl9ek4QCWs2L', 'uRTFZlS6468EbHs0i1V', 'XB5I9VSI0wnPwJZTAn4', 'yshdSiSOXShM3T9qAva', 'sysJrASyhYmHcjAyhgV', 'fDxZRwSQCOjYuyyVvRq'
Source: WiJVUxlOHs.exe, nkXYX7KTXuSfsU417t4.cs	High entropy of concatenated method names: 'EBFSuJTA5t', 'xXxSkwy6Ye', '_8r1', 'tt3SN0231p', 'CgxSytRtJj', 'aK6SjCvnL0', 'kkPSM81cDU', 'eeQRgOlc0bgUo7TUO21', 'S1QdZVlrcajkyDSuo9v', 'JE9VpMlnZxXluTqHmcG'
Source: WiJVUxlOHs.exe, p4FWjuT8pqWfKplkdpt.cs	High entropy of concatenated method names: 'serl54r4lR', 'AHrlESxknj', 'xvmstXLDnMMHKNQGAT3', 'oSWOeDLj7lfFL5TnEUV', 'Xo1pxbLSxc6q9PLtBiV', 'hailgjLVRrfYAfAi8JG', 'eU1UM9LEsZAKJakBrKN', 'TPbkH6LA5DXGfs1qNwd', 'upZrC8LeIchUNAKfCJy', 'ydU8iPLxe7NnVpP50ij'
Source: WiJVUxlOHs.exe, w3UUWKT76ro8xE1fNO4.cs	High entropy of concatenated method names: '_0023Nn', 'Dispose', 'bRXctdc7eq', 'hIZcqns3UU', 'CK6cJro8xE', 'lfNc7O4K1h', 'd3pc3x6ZTV', 'pae9ipnRbyFIbW1SkPk', 'PuqQ6vn91IGcEMHFwup', 'qCO1ltnNrpLHslsi58J'
Source: WiJVUxlOHs.exe, soeoUeTfR1QKvN8utYD.cs	High entropy of concatenated method names: 'eO5e5neXn4', 'sG9eEoMHGs', 'hEWezlu1lA', 'hRYcBdGWJu', 'mYFcHDeMal', 'zYFcT3Y8Nv', 'HQBcl72plS', 'QGmceTPB39', 'we2ccDWVnw', 'tO8pkkcTduqOWRSf4hm'
Source: WiJVUxlOHs.exe, r8y6fRKod77xeN27nGm.cs	High entropy of concatenated method names: 'T3GAL68F2qd2VWjRSex', 'M6Yacc8aUvKZGFfEk9u', 'YY6ygv84wBpj4stPPHD', 'o6TJpV8vnp9Ybg1JiNc', 'XT10tNPfWJ', 'WM4', '_499', 'ajQ0qjK8Al', 'EFU0JjB8ep', 'O7y07ZwJ07'
Source: WiJVUxlOHs.exe, TSjBMEc3A42ZkNXDkpY.cs	High entropy of concatenated method names: 'wFQoHFGayxq1cwKrkbS', 'rHn8faGbxxwlluNkaZr', 'qbaOhhGveCWSpHCqDnf', 'CDneMoGFRwqiUv51vIR', 'Lhxbu0GNt0sFctBHfM4', 'Q3KjXqGB6c0bedKNET1', 'v4t692GRgZWHWA2hRwM'
Source: WiJVUxlOHs.exe, DKoENI7BcH8qAnjq2K.cs	High entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'yWeYA1vwX7a1CZ9BPtl', 'BBuslPvg4cn6BEGGRdl', 'c97sccvGOSHfROPKqxL', 'Ce75o8vtDXdhyb3IduR', 'S3mb6Wvl5DyFHHS3Yri', 'hhTExcvmd2Uq30o6xcg'
Source: WiJVUxlOHs.exe, DdLfk1KJnbDl4fNJ7bu.cs	High entropy of concatenated method names: 'S8Sf7YMDUg', 'numu0n8Zj9L2Mk31pqd', 'C8Q2Zs82FltLs5FuQjF', 'r4G7uw8KsqBEZkq2FmW', 'W8hX6q87ikx5WhGd9cZ', '_1fi', 'uLSnvX7GGe', '_676', 'IG9', 'mdP'
Source: WiJVUxlOHs.exe, pOmEH2ckbnqcsxRb2B3.cs	High entropy of concatenated method names: 'xNxsCxgmDe', 'GVWs9ew2e1', 'xj5ILOwCmMGmNXlEd98', 'esfg2awTKFvBvScd1F8', 'Bxw9kYwYJTrWO0Zh7L5', 'GbwNX9wkGHm88xR5M1l', 'CyZSTJw0pamlPltML4d', 'I4FDpGwWbTgbGOJ4aQc', 'qitPIMwzpxMh97pD8sL', 'fmGfoRgMdqsxbcdyDWp'
Source: WiJVUxlOHs.exe, yd8DfKlwlXEh5lBAYJ9.cs	High entropy of concatenated method names: 'bJXk2ejINP', 'wgNkV4vkDw', 'UFIk8uI7WM', 'JnKRcjV80tbA3ipgudV', 'VTPe51Vm2Iehjj1EgNL', 'GuBE4LVuUxp92iG4jCx', 'NODadbVf5WpinhjdEJp', 'nNHkK1xU2b', 'cppkAY4tYr', 'U7pkuPINoT'
Source: WiJVUxlOHs.exe, dbFqDLesCKbXcufKgYH.cs	High entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'r8y1B6fRd7', '_3il', 'Ixe1HN27nG', 'ETt1T4MaEZ', '_78N', 'z3K'
Source: WiJVUxlOHs.exe, p7EhyiSkOlsORvm8Xl.cs	High entropy of concatenated method names: 'wFetqcnT4', 'fqUqZraMC', 'GPHJsWbA1', 'gXDBV8JGuiejJjB2O6y', 'Gc9yJ6JwFCPyHI0qNVW', 'hnO6UdJgJ5XVmjk9Egx', 'MjyaIFJtywUpRban7qb', 'x7fRrXJlROsU5we09RU', 'dMFs3WJmspVoToGykZV', 'TGt9XYJuH1isgPBofud'
Source: WiJVUxlOHs.exe, oRCI5BKhtVsY1gn2PP1.cs	High entropy of concatenated method names: 'PJ1', 'jo3', 'd1KikxHV6D', 'Wf7iNEZKfJ', 'EIKiyyYmsF', 'EC9', '_74a', '_8pl', '_27D', '_524'
Source: WiJVUxlOHs.exe, kThr8wlZDjwvmkSFn5M.cs	High entropy of concatenated method names: 'n0auO3Hkr7', 'REXubvcLZs', 'n0cuPLFuTi', 'UjFuR1kd25', 'WFhuUemvfA', 'QVwTFgVb4iAafpWVbnV', 'pmwMlPVNaHfxbDV0PFc', 'tQgZRRVFNC6tyIp3I9l', 'dtiUk1Va2jV33dJTnnL', 'rGu4FvVBxFp5FhsuYH2'
Source: WiJVUxlOHs.exe, asNM2hHd0pMdMPEIU9F.cs	High entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'm6YTqyoSUAZZAaoiDXp', 'AjANOnoVxnn7FC4h667', 'xFEUevoERJHP8i9E7bJ', 'nUME3poAfCjyF0n3yZu', 'Ie4Fgeoe8dqHxDK2Xe0', 'QtvYNUoxmDlLqAoitw1'
Source: WiJVUxlOHs.exe, VgiqM0n98vZk2FM5ni.cs	High entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'mJF7Dm4o2LMAnh9PS28', 'xDSFmd4UB697npm3gjY', 'FxKbbo454q8sAXPZigM', 'EGfxl541kLXc82owteC', 'wvUvUJ4L61YakQ1sbTj', 'xQ17yd4HGkeSNQVipUN'
Source: WiJVUxlOHs.exe, t5Piqjlv3lxl0MRrZCu.cs	High entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'p1ANyvXk9l', 'GmKLZaLoC4', 'JP7NjUFRlq', 'UddLft2DV2', 'eng90aAGmmdQeEnr0LC', 'MaaDTJAtdVBa5VVcQdA', 'uiqvxNAwtsaOIo1v1sH'
Source: WiJVUxlOHs.exe, Qfgw7xlGGSPpMnyX63f.cs	High entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'UCZ2WiE1PSMLB4j9Bbe', 'lFv0uDELtGt4hhabXxM', 'a5kc4LEHY72N4VHwxWA', 'dE8fmmEcKwjGcUKLHlJ'
Source: WiJVUxlOHs.exe, Q6QiEKHAf0Qkgar7Lh4.cs	High entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'iAYS4YbTL2W10rv1afG', 'gvhUDwbYFX0I0sdgBFi', 'jCBO8SbkR0qUEbsHOmE', 'ED0DAob0FFJ0yLhnVhE', 'CcWUnvbWavPS6GImF5b', 'oQITwHbztYGdlbDQed5'
Source: WiJVUxlOHs.exe, GG24IWe0giFg77VvQlx.cs	High entropy of concatenated method names: 'sos1odI2xI', 'slu1tdGxq2', 'H6P1qsvYQe', 'c7a1JkvUNj', 'uVa17WXCms', 'f3mUvYXDGdkxXGB4wAC', 'vRFxXSXnA1qp8KidUFB', 'dXKx72XsVUx67mVnUAq', 'EPcL6yXjPwTTlYmKoU2', 'a3pQ2IXSPlZ4BcyJbxC'
Source: WiJVUxlOHs.exe, nwGroAHyuurF73FSTJK.cs	High entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'yvdJOeND1bX4dI0pbwi', 'pOHMMXNjp3Xh5k5ZmDv', 'LX1BP1NSn6BELj8hGdx', 'QBnf4INVyS8O3Jfm8OH', 'pMPAXCNE4n41nul6Uro', 'OXmMebNANqhbnJgjYIc'
Source: WiJVUxlOHs.exe, S9kJe8HwlLn3xFLGRpo.cs	High entropy of concatenated method names: 'oGEHifsmgB', 'dDsB14Bn5aZihvYj2XQ', 'gQXtR1BsGlMTVw8yLtL', 'eN02pGBcVncOPt33xdm', 'nKubinBrENum9JyqRnx', 'iaBlE3BD4Qb5TCUdHyi', 'yhUhcUBjTcrsSYAWIaU', 'qg7PhpBSnoe3ifYC4ed', 'VtPZakBVUfXk8rbLpGk', 'f28'
Source: WiJVUxlOHs.exe, TKGl3Plb9rrZWnQOdDm.cs	High entropy of concatenated method names: '_269', '_5E7', 'ei8LVGBbaD', 'Mz8', 'JA5LuNDKKU', 'UCCLwIAymyRnMR7RFv6', 'IKj0G6AQcRRYETZbS55', 'L3I8PxACaUEl6OZiXOB', 'PotBSsATRViNdSXyWeJ', 'U112MUAY3rqekB2bItj'
Source: WiJVUxlOHs.exe, OS2a7Ue5IuBCuOux13e.cs	High entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
Source: WiJVUxlOHs.exe, mmqERIHGhjwg17i58ib.cs	High entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'uLFoLwBeYiKtMOivX7J', 'JgvQ7QBxQdMZOWAmiZd', 'xjVHI1B3AH3tTCX28Jv', 'Xh0rMNBX0vFUZiF0NGf', 'VyQsyEBKRcCIX2ZpS5D', 'DTDPiRB7Cssmo0nMuSI'
Source: WiJVUxlOHs.exe, rDqHw2lRFUWmUGfUhSm.cs	High entropy of concatenated method names: 'CSo2XDegMG7LJ5b56Jh', 'RCB4GoeGisKPuYAd3mm', 'pyF0tXeioZITxGMf9Le', 'eZQ4DCew21Vd8ROU96w', 'IWF', 'j72', 'x77N8PZRpw', 'ebVNZ6le4G', 'j4z', 'qnuNaEdYns'
Source: WiJVUxlOHs.exe, SjcbJ1K00DF94t8Xctf.cs	High entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
Source: WiJVUxlOHs.exe, ov85iFcP8RAdoWk9s9F.cs	High entropy of concatenated method names: 'jSQpepAWm1', 'hUBpcTcrL9', 'PXjpKuUgbx', 'pjfpAwStOQ', 'eOMpu9X2Bb', 'NFvpk1qJlv', 'hD8pNVV3ug', 'rF9pyNMORD', 'C2tpjgcu8Y', 'MCYpMa6AtZ'
Source: WiJVUxlOHs.exe, DqDHOGl6yUVUJ0b4q90.cs	High entropy of concatenated method names: 'oYo', '_1Z5', 'MhpLiqQ125', 'dvrNeLeqG4', 'ntqLcIAbrd', 'PEOsc5A1qclRRO8tm2X', 'jDYj0NALSl4gCkPqq7x', 'LeM3X1AHVSsvJWSNEbB', 'dr7eQrAcnww3K5wGx7K', 'xjJMOyArT5lfKJKQKiW'
Source: WiJVUxlOHs.exe, kgvjE8HRV7E0clChKHs.cs	High entropy of concatenated method names: 'DEaTwTd6Qi', 'F9uMuRUbFmtsQMHunTD', 'Bu5KuIUNqN1ZjkgZgB9', 'vIVZHmUF7sYx0Afekec', 'fj9TG2Ua9PyK1ASHTIk', 'v2xAGiUBtfcOHR1LN9B', '_5q7', 'YZ8', '_6kf', 'G9C'
Source: WiJVUxlOHs.exe, WkFvlkex4BYp88Dp77P.cs	High entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'qWLg2Ieisx', 'GiRgVj9VIC', 'r8j', 'LS1', '_55S'
Source: WiJVUxlOHs.exe, uHBHKgH6NQaW5qhVuvb.cs	High entropy of concatenated method names: 'HFvTyFE99F', 'r3oTjHgC2m', 'SDyHyyoU6CdGNbPQLel', 'EmnyQoo9D3NKoUiTSXj', 'o6END0oo71rYUxvR4rf', 'qn2HB5o5kVvSUwLxu1B', 'MxAqLKo19RaeI3KA6h8', 'zXGwXyoLDiLkPMuCrVL', 'VRIXH8oHHtyftLGQuCc', 'PDsvcWockSGMOLQqvL8'
Source: WiJVUxlOHs.exe, YWlu1lTCAuRYdGWJu1Y.cs	High entropy of concatenated method names: 'eGre1rePPJ', 'RDMegT2FML', 'pdXGVDHeUYjQhuUJnJW', 'HNjd8VHxwdO0AmH7qvr', 'H1n65mHEa8aosIiuQBS', 'VNArfQHAXaHulXjYqHN', 'BtIcAtH3Rf5tEvqLXRh', 'XjZZvKHXoZHVBdPhrAj', 'EIqHEoHKSFR619b7hwM', 'AOBcZmH75agUiPnsoLR'
Source: WiJVUxlOHs.exe, haXf5UcmmWZSHxOwK8v.cs	High entropy of concatenated method names: 'WwnsO7Q9I1', 'rd9sbWnoJv', 'aJ4sPrLwwE', 'msNsRMpDMF', 'owtsUOJWOv', 'iUks5Znakg', 'YPrkGTg64JgP97DEBEB', 'GXwCY1gqBniNM8727oy', 'WRDthyghiXxGL20BNBZ', 'q3Bw1IgIVXBy5b5RpoU'
Source: WiJVUxlOHs.exe, MhdLkaKxnvWhjJMES8M.cs	High entropy of concatenated method names: 'OukiFUoFof', '_1kO', '_9v4', '_294', 'rIIiQIelV2', 'euj', 'suGis74mhZ', 'CHWipk3PEJ', 'o87', 'MtFiS7EjNf'
Source: WiJVUxlOHs.exe, RW1O7VlH4mtBJPSeQBX.cs	High entropy of concatenated method names: 'zyaAi9lxDy', 'i66AWMW2aT', 'F8dArI5hor', 'gx1AmuaNxD', 'xh4cO1szaiTo6UPkPxq', 'hldAHRs0scbSF3DKP1D', 'bMAHJ6sW575Red4Zikf', 'gf7yuJDM7M4DZSwwL0j', 'Gft0K6DJXwoD1V56pK8', 'PG1ESnD4BPFBDdEyGOl'
Source: WiJVUxlOHs.exe, g00ddlH7LlOxeL3Nh9J.cs	High entropy of concatenated method names: 'PTwH5gMkLb', 'dKhuEy9gpNgNDECUeHw', 'V7gxmr9GS0oRgSvkDr1', 'KaVuOD9iAXu7jiXDakt', 'mEMFpC9wQjVkVeoZMOK', 'DqTfm69tfecpl4qTh34', '_3Xh', 'YZ8', '_123', 'G9C'
Source: WiJVUxlOHs.exe, lHkRhcHl1nJa5OCUGvU.cs	High entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'nB37bubZJLcFeEGJT61', 'VGwf2Hb2BcuthCC0dX7', 'U3OUVTbPZJpLwWIpeYA', 'VbkhT9bd7w7T45xElDi', 'npTrXLbpiCy7DbgeqyJ', 'efpjxYbionLFr4S5WNe'
Source: WiJVUxlOHs.exe, YMj53Ylh0RYPfMb5uhj.cs	High entropy of concatenated method names: '_5u9', 'M9mLX6ESlr', 'JerNBwX560', 'SMpLWgwWhA', 'XbEdNcEkx0anvDq4vUY', 'vZfgt1E0x872Ogvsr0P', 'wDagEOEWrV9k1jSA0Vo', 'FbwApPETSIF6OkXPPVc', 'dJJt8nEYbFPqrnJYjPQ', 'L04qfAEzX4pJklW0wBV'
Source: WiJVUxlOHs.exe, LyZoONHvPAIH0e0cCer.cs	High entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'S5bNN1oPoy4c2oApxOJ', 'CKuR2qodDLUR5f5d6pq', 'ydVY03opcGLKTQ0K0wM', 'MRsgX8oi6TlN9su8Bhx', 'DIdPHLow15MnF9oBs5S', 'UnbPkTogW4Yats4N5x5'
Source: WiJVUxlOHs.exe, Wk5FKOTEdXFouipbKVn.cs	High entropy of concatenated method names: 'cg7ApHE5Dv', 'gDo7UWsOGO2RKvVN16Y', 'fjic5Os66RMXWiJKvFd', 'PpPguSsIePqN1e9NCSC', 'qQjdg4sySujnKR6icjX', 'zCxJCJsQrUVf9OXB0rc', 'vtVAaL2gVG', 'IsLAwnpYEK', 'gPPACvA8oR', 'nrwA9ynpMe'
Source: WiJVUxlOHs.exe, LWL1Yjea8xWAAd1HNqu.cs	High entropy of concatenated method names: '_7zt', 'M7RMwgVwXF', 'XAcMCxXh8V', 'SKxM9TkgP9', 'v7aMG6MVeL', 'hnZMFxjxTs', 'SWxMQHdsRy', 'R4u5Ek3EwhQXtXJMcCo', 'pXAyaO3AKcOqvCqk9Zp', 'zkQKWJ3SNpOxo85lW6m'
Source: WiJVUxlOHs.exe, NBmGN4HtU09887bWk4K.cs	High entropy of concatenated method names: 'zPvHbt9nP2', 'pZYbnn9eEFsroMMBuvR', 'gocYt19xQuteouIaPDE', 'oH4PhE9EXrm8uCIeTMX', 'vIKnd89A8ob8x0ml8MK', 'iqFAXZ93AMJe4a9QyCI', 'QLw', 'YZ8', 'cC5', 'G9C'
Source: WiJVUxlOHs.exe, Teb93TlewJuIwokA4xE.cs	High entropy of concatenated method names: 'uCXAYxAjks', 'rnuAL7APq9', 'n2eAhhgL6I', 'eLSAXwxiTP', 'TpZA6IP85i', 'HtgA4devSw', 'Yaie9GD7lwDbaQwYQWt', 'PYeptGDXJXmawNhvmqB', 'lC6RU2DKZs5ljxvnoVO', 'xyWpu6DZtdrK4AJYhUY'
Source: WiJVUxlOHs.exe, N2kYkewtqiww6UYLsW.cs	High entropy of concatenated method names: '_0023C', 'IndexOf', '_0023D', 'Insert', '_0023E', 'RemoveAt', '_0023F', 'get_Item', '_0023G', 'set_Item'
Source: WiJVUxlOHs.exe, WUbw13h6Ql8Qf7fgZw.cs	High entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'mTOehOFntXlsGy6p2ts', 'v5mvFvFsHcmHvOuPVAU', 'UI6mfCFDC1NtSxjwsfR', 'er5iT4FjKBHKQCxOBKK', 'PrCDnbFSfFob9ByNDwo', 'OQuN3xFVqcL2la2ZP5t'
Source: WiJVUxlOHs.exe, xYorpMApdKspXSKD9NM.cs	High entropy of concatenated method names: 'oyFrsju84X', 'ocqrp4TVX3', 'yhnrSdBEgb', 'pJWr0rsYD4', 'vPhrncNoFN', 'Q3BrfKFuwF', 'DJ8riiD87f', 'xMLrW9GlZu', 'b1ErrFwj8i', 'WjZrmVbU20'
Source: WiJVUxlOHs.exe, vGwFaVo1CRQk18pqsu.cs	High entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'wIaLprZ6u', 'LU8xOu4i67WkxKDjN0Y', 'a2jObb4wS99fDiC0tpP', 'SlbJl94gaYL24qYTJl0', 'R7Wup14Gq7HpCrtgG6b', 'M93jyC4tf4IAA6G6QZh'
Source: WiJVUxlOHs.exe, fDFStulM6NxMGseSxa8.cs	High entropy of concatenated method names: '_223', 'iaggiXSnLgt4FUtUhfh', 'Xl3t08SsAy7CGBkwP4t', 'c2YpOuSD9jLyRLpUISE', 'wxMshbSjsYQc6snoPuF', 'eIP4SrSSb3Eq5hTUBaD', 'L431TYSVVcdJXZp5FWG', 'qKJLQeSE0VsOWpThtks', 'bTOWF4SA1VJXTvrkhSM', 'SOm54BSeNck14fxAyJ5'
Source: WiJVUxlOHs.exe, iH1xU2e8blppY4tYrP7.cs	High entropy of concatenated method names: 'qD4MeFfYFc', 'crxMcpGwtN', 'tmPMKtU2fC', 'QYfDoT3rnmKYrOd5QXL', 'o9Jj6W3nd4o7paZ3f54', 'ObQv9Y3HvbOJrn5pRBq', 'k705qm3cM5U0KChiBAc', 'sPvCxZ3srYBQeGCOiAq', 'dfKkfq3Dk7TAvwqUpex', 'znNvDB3jnoIowPP52bX'
Source: WiJVUxlOHs.exe, fkakruvUpvoKbsfIBK.cs	High entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'QWCbTFaHLlY5TYjIkuJ', 'Le2SfHacEsbhjIHx28G', 'k2ddK3arx4a5ZL7UX9p', 'cBSqYran3tCNollDUVu', 'lcqQSmasP9PhTNbm86h', 'umFDxfaDOP2vaGfRpEd'
Source: WiJVUxlOHs.exe, B5VYe3KfePBscVAl257.cs	High entropy of concatenated method names: 'PsC0k7FbLr', 'kT40NJGTgY', 'X4I0yaMvhO', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'Fl10jbpRFF'
Source: WiJVUxlOHs.exe, tWIXbQcUdX8HT9PvHlo.cs	High entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'DaVpQ6BbTY', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
Source: WiJVUxlOHs.exe, dZR6PMHW8CZWjk8bKWH.cs	High entropy of concatenated method names: 'XmBHXIKRMt', 'k7JsJk94SggiG6yTxjr', 'lNypHy9vuL32SPEmP4s', 'rk1gqi9M9YmAbqV4xP9', 'AlmUId9JmGgEaWrsuWy', 'hbpl5L9FhtFcHjZZOmP', 'EiVhI89aKIrya3249Qq', 'bikDlL9bGY3PIrhD4Mx', 'DuUH4pvoKb', 'AfrNhS9RFEJfWRSSg8D'
Source: WiJVUxlOHs.exe, ro7mQrcWneiSdMh5dmy.cs	High entropy of concatenated method names: 'LWAs4ADq9g', 'TvIsdPvOxL', 'i94sxRk6sd', 'trUapxglAjb72bcgdmk', 'XGAHOdgGCiawpGj7hPU', 'QF71EagtuEwRExvADHA', 'R75jVsgmRJdKGbOIeQL', 'nTEeZJguA6Z0HBoQ9DH', 'Mm1jpbg87PM4ixuH4nO', 'vY1IKngfwjglVFhwmVd'
Source: WiJVUxlOHs.exe, asCtKJHZjwWbs4lkFKB.cs	High entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'f9gyTuBMQQEqPbtfhPR', 'Lw4LGRBJMLetX4Pe3u9', 'Yx8yc4B4bntVq87c0YP', 'ljY2puBvxviqRfuuE1V', 'WunnbJBFwsKLsclwjEE', 'zHGZN0BawaDhsipfem7'
Source: WiJVUxlOHs.exe, WhXNm0c0AYR7VSsNtvO.cs	High entropy of concatenated method names: 'PYws3WRCrM', 'rmJsDIRco3', 'HXBsIn1yDl', 'd61sY5mU7G', 'YcqsLnq5Ae', 'B7s7tTgK9UccNk8GGUl', 'mHUhf6g3SfGH7dF01eZ', 'RF7TksgXEGkcNLuGdwv', 'xAqmZ2g7MYobrOuLbdS', 'AFHfIbgZlI1RCwH6kuF'
Source: WiJVUxlOHs.exe, SD4tgPecDk8aEEsIup8.cs	High entropy of concatenated method names: 'I3Cj8nAUbd', 'HYV45pxsmDFQY586aoj', 'SbW9HcxDbhU2OldkJ5T', 'EtZsevxrXcIlY6PuOaW', 'gpjNOixngl55Oq9j6Gu', 'EXyNWUrhN8', 'WDxNr7g3XY', 'tsPNm4yLqO', 'OIbNoECJP2', 'FoXNtObmZf'
Source: WiJVUxlOHs.exe, LdeqFsldiiEYmdqptOG.cs	High entropy of concatenated method names: '_9YY', '_57I', 'w51', 'VFILyPQGPB', '_168', 'Pl84b9AxrIwM5B3dRvh', 'bgtdf2A3uY5fuLP06ir', 'p54WoiAXu1Zq5lMXLy0', 'GJsd4EAKdfQXnSQ31cJ', 'L82PnYA7frdX2uGd2jF'
Source: WiJVUxlOHs.exe, sB8BvoAyXW8LBgZWLIe.cs	High entropy of concatenated method names: 'BuTQ13NNRN4Jw', 'KE9nXaqHmHhH4DQBgNl', 'SK9fdcqc0B1gdkS12ON', 'U1BN6HqrSXZQZ4lfn8m', 'Rt0KaPqneD1PfSrHEfB', 'uRbq0nqsYNqqhcOio7p', 'vo2b0Bq1NKJ4MxSTe8S', 'GbDXyTqLDnl12qsixBG', 'cuTLEEqDuvHrMTDD1kR', 'KoAPkdqjheRbblUjQ0y'
Source: WiJVUxlOHs.exe, WBk8VGYEfsmgB6ut3L.cs	High entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'hhIvGjFo7makkRvtqHR', 'haCuGlFURrZtWNPg16a', 'WiQdIYF5IaeeNjdmOvD', 'zYKImvF14xEidS6mD4N', 'd7cqBMFLDZHDRTKrSXd', 'lTX2rLFHRXiiDTRDJh8'
Source: WiJVUxlOHs.exe, bVv5EMKBL2cSXJFR5HI.cs	High entropy of concatenated method names: 'zjRpXKxJEE', 'JyEp62iwoT', 'mKWp458tru', 'b1RpdfvsTO', 'gtfpxsOUD8', 'SVIpvk7Nik', '_838', 'vVb', 'g24', '_9oL'
Source: WiJVUxlOHs.exe, PdtcoyHkFcbFGxMUjxw.cs	High entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'qhAg6cNNMKy4DS0XfaO', 'wnmX0hNBlm0vxJ65pIU', 'UdNvJKNRRgrnYxscuKj', 'Y5we7UN9xpWSiyvgmCk', 'GxFtaYNo5K1uyT8o6t3', 'p3U6nmNUE8C6tRH90lJ'
Source: WiJVUxlOHs.exe, hjxxfhTt9nKkk8OjyHP.cs	High entropy of concatenated method names: 'kujcixxfh9', 'k6Nf5er0TViYAl3AH9V', 'uacu7WrWYJprucKttyU', 'rkd4ZjrYvoeZUIlEnyf', 'aCSgderkvun3iJo5YMI', 'GXFWHhrzWZj9IAkKCQQ', 'XGPg4bnMpbvruFWC2xO', 'xreKSHnJ6c6Kldk0OJn', 'BZFYgCn4kO3uZR8X2JH', 'WFEnHvnvbS5eHcLqRQV'
Source: WiJVUxlOHs.exe, hd25RFeMhemvfAX9osd.cs	High entropy of concatenated method names: 'F4ojq3ie6E', 'fDojJ5NFrv', 'ulTj7hihbr', 'z7Wj3FqRwa', 'qLLjDEYcRB', 'T6yU35xWGu9Un5cnl8q', 'ly7MmwxzNlgHOLI25wP', 'XtACRsxkSSJ77L6nJ7J', 'TDytoVx0psWvfQGvgSv', 'iSAN503M0S9oKHgYRy0'
Source: WiJVUxlOHs.exe, nfPKWFeRlUgNtwU0Wtm.cs	High entropy of concatenated method names: 'TfL2p2kGTU', 'rMG205OWvB', 'q8L21IWpkw', 'JQU2gLvhUe', 'nQD22qNurw', 'KnJ2VPrfdw', 'N5q28VVQx2', 'Yhr2ZgmEjw', 'bKf2au6vPq', 'Cqh2wGAB8y'
Source: WiJVUxlOHs.exe, HhhYxpHMOMFycH3ODcV.cs	High entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'iaYOc7NXOTxL9nC12Mu', 'QCy5TeNKDIvexe04mA9', 'voybkAN72FEalQxZdLR', 'iA2CmrNZq1wRyYX13JF', 'gpRaXmN25iVL5EPiniM', 'O1XM2HNPrJFLG1WXemt'
Source: WiJVUxlOHs.exe, FSoOAkcluaYsuD96E0s.cs	High entropy of concatenated method names: 'bpmOdedEL1WqlPNqSOj', 'krWtmMdARvZ5LBoZyi4', 'Ly9yNMdS3mXw0kpfKBm', 'riKoXPdVDP25ZOfJcIJ', 'xZ2CsF8HFc', 'ecMOWWd38SMJCedZpYw', 'GJDskmdXo12vra3Y7bA', 'tpSaYcdeYCkWO3PvnKm', 'IGq0nOdxlqBmgOCFCcj', 'B0VT9GdKt6xTkypXSUl'
Source: WiJVUxlOHs.exe, iffai6lY19wL6xvMfO5.cs	High entropy of concatenated method names: 'sg9', 'oYuLpXqBr7', 'nwNk5tAdtM', 'aE1L6WxNmW', 'jfAoRnE6JG8tmIJDe5L', 'mUPrpIEIAakO1Kk7IF5', 'suvjVCEOAaqeIO5rdqI', 'BppxqOEqSRyx7wm3yxW', 'VPI3EOEh1LaJBfWPA8Q', 'zXgtj7EyLlqC28FOHoK'
Source: WiJVUxlOHs.exe, vnAgvRH01kRLdnPTtd6.cs	High entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'HmHlxLBWqY7uL2nkyFr', 'eEvoc5Bz6XQx31fV6sM', 'd1uCrQRMvfe8pufy3vO', 'cOyqbxRJSHNsjuCWZGy', 'wVMqE3R4XttdVCndGnh', 'DQD3a6Rvig8865Sd5aG'
Source: WiJVUxlOHs.exe, iPsgN4e9vkDwbFIuI7W.cs	High entropy of concatenated method names: 'PRhMokjP2k', 'S0DMtTeJO8', 'H9bMq3A9WL', 'WjQMJjYbkW', 'iBbM76PLnB', 'fW2j6a3iBvWUKJPbdI0', 'p0pyRy3wd5SfgMmfGBU', 'BGKJ6m3dLLgKrgagUdt', 'SJKdlc3py7kEJuaXgDD', 'hFtgl23gdkUy8YdUcPT'
Source: WiJVUxlOHs.exe, z3SrnBba72Z0Pvt9nP.cs	High entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'dyO8iYaKtOjcd319MFC', 'wOBnPVa7fN4uGg6FOSw', 'H2536haZALvfJ1a41Vd', 'EK57tya22Ac24l8kAKg', 'AQqWrtaPJHpEVZvTvLP', 'vooYM4adLUGi3P784yE'
Source: WiJVUxlOHs.exe, MyJTvTz0uXWmhsVDIQ.cs	High entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'Gb4il2bvRlakocrYCID', 'iHnVjnbFrghExtkGADM', 'DNAuLsbaeqfygdrEHqO', 'HhsCJ7bblRvNXD2DmPD', 'Nv53lrbNdFBa15GP94m', 'LPAUdObBEwS7knENimt'
Source: WiJVUxlOHs.exe, DVnwRdTFh8mVPcDPPi1.cs	High entropy of concatenated method names: 'rufe9GW8FW', 'vh6eGqOpTC', 'DNueF4dyLi', 'bfceQDgIqo', 'PXNesk4ou2', 'SP6sU8cMy98vhF9Kg9F', 'xycHjTcJ6JCbUph2NHG', 'fpheYvHWS6eVnDe55b3', 'BIyo3wHzVo56dLkI2QR', 'jiNjNQc452IVjob8SV9'
Source: WiJVUxlOHs.exe, jCPUgyHHmQbM0wqDBP9.cs	High entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'DUW6ShbDJr37XS7LNVb', 'rpnGxIbjiinDWLb5ST2', 'JD7TWtbS97U7NeMkE2X', 'LZOyITbVLuN3DWHlPrh', 'TXPR5qbEpbHbbFKQbKd', 'nNBAYGbAn4oNevgWxqY'
Source: WiJVUxlOHs.exe, CrmtnmqRYRu1f8CdV8.cs	High entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'CQaD0H40iaRcRMslf4a', 'TTMNqs4WnI6TZPnQPvl', 'GuikTv4zKVPIA1XkVTI', 'LF8F2FvM9x5nE2KPrJB', 'TUQm52vJTyctQxXeecV', 'q9lAZ8v4FMtaPqCpwtx'
Source: WiJVUxlOHs.exe, OapawDTaquRu3DoyBcD.cs	High entropy of concatenated method names: 'gP2lzwYfsZ', 'h3keBTacyS', 'Ax6eHS6HAQ', 'GsSeTd8q9T', 'NTIelGWVjg', 'SjEee8V7E0', 'elCechKHsr', 'AB3eKoj4Q1', 'tqYeAkajEU', 'VKieuwMoS1'
Source: WiJVUxlOHs.exe, exBVaKTgRWPXqt7eUvD.cs	High entropy of concatenated method names: 'HPIlRyZoON', 'N859UuLvuyDPqOU111m', 'NxaJoDLFLbx71pns1df', 'tu0jFZLJ5xag4XXTA6l', 'P6Y4Y8L473TfNYfBm9a', 'UwJFstLaoLIBvGxY6Hq', 'CNNF3VLbi2RVYlObFq6', 'xyXrGWLNaX3jAGaJjky', 'GRIIo4LBLXoSYkihN41', 'BdmJDYLRXNxUT3slN1x'
Source: WiJVUxlOHs.exe, k69ZvvHVVbQO3lWVFBY.cs	High entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'yVlYRPNQRMAta5ASTtM', 'me9qxqNCXpbLXWJILnO', 'H635JlNTychHwAvmQAl', 'wOYsjPNYo1X02b8htMW', 'e4XNTbNkRiCFaP1v4jX', 'jPOTeLN0IAlVUMxGaak'
Source: WiJVUxlOHs.exe, m8BG00rKsSrF6sOFr1.cs	High entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'uC8DAh2kY', 'HOnyI34DNQsX2JMXbVL', 'g2aLMD4j7tJF8PL4iRs', 'DeJjaL4SBjl8eqwrFVF', 'FJfmwB4V4BETdN1RrMh', 'HKh1AL4EFVaV3qid8do'
Source: WiJVUxlOHs.exe, VvDwiNdDs4ipHaEOm7.cs	High entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'ism1DPabGhbGbyFNQtg', 'SaTM6qaNLWGiP7C3bhF', 'mcKlpfaB17EhfT0iADl', 'ykRdXVaR8JLNANqqdyq', 'BCXM9ra9xPED2K3JwHp', 'sWxryaaoj0CmLQj3uwV'
Source: WiJVUxlOHs.exe, IWJYdBKGNNnjC73Flaw.cs	High entropy of concatenated method names: 'RrjSCcylBy', 'SG1S91kjaN', 'CZNSGrCgu5', 'oXbSFrRQhi', 'pl8SQI7j0S', 'nlDVU6lkx0P6RvGSJGW', 'nPrPXcl0HZpri5AeVhv', 'vhaVVilW3A8nxpfrL2h', 'E5p3celzcR5biBkEGbZ', 'UK83tbmMsYqARrPETs7'
Source: WiJVUxlOHs.exe, BPocufekCdouoNAh78t.cs	High entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
Source: WiJVUxlOHs.exe, Px3LJvebQHqFMHb99E0.cs	High entropy of concatenated method names: 'X07g5hrbKe', 'TiGgtaSKn2', 'zX7gqhlTtT', 'o6TgJU3fNY', 'ShVg7P5coZ', 'NUxg3Z0Sp0', 'kwegD3Km0p', 'Kg2gIobk7i', 'jo6gYAUXwK', 'ywXgLa2uEy'

Persistence and Installation Behavior

Creates processes via WMI

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Drops PE files with benign system names

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe

File created: C:\Recovery\spoolsv.exe

Jump to dropped file

Drops executables to the windows directory (C:\Windows) and starts them

Source: unknown	Executable created and started: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe
Source: unknown	Executable created and started: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Recovery\spoolsv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Recovery\hVZrtkHODdjkrqRpmkkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Program Files\Windows Sidebar\hVZrtkHODdjkrqRpmkkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Jump to dropped file

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe

File created: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe

Jump to dropped file

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File created: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe

Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe'" /f

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Memory allocated: 7E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Memory allocated: 1A550000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Memory allocated: 8C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Memory allocated: 1A590000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Memory allocated: F50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Memory allocated: 1AAE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Memory allocated: FA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Memory allocated: 1AC70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Memory allocated: 1520000 memory reserve \| memory write watch
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Memory allocated: 1B2F0000 memory reserve \| memory write watch
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Memory allocated: BE0000 memory reserve \| memory write watch
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Memory allocated: 1A5E0000 memory reserve \| memory write watch
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Memory allocated: 1010000 memory reserve \| memory write watch
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Memory allocated: 1AC80000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Window / User API: threadDelayed 1398	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Window / User API: threadDelayed 519	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Window / User API: threadDelayed 361	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Window / User API: threadDelayed 361	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Window / User API: threadDelayed 363	Jump to behavior
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Window / User API: threadDelayed 367
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Window / User API: threadDelayed 364

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe TID: 7344	Thread sleep count: 1398 > 30	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe TID: 7336	Thread sleep count: 519 > 30	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe TID: 7320	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe TID: 7908	Thread sleep count: 361 > 30	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe TID: 7724	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe TID: 7904	Thread sleep count: 361 > 30	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe TID: 7572	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe TID: 7988	Thread sleep count: 363 > 30	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe TID: 7824	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe TID: 7500	Thread sleep count: 309 > 30
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe TID: 7496	Thread sleep count: 98 > 30
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe TID: 7416	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe TID: 7372	Thread sleep count: 367 > 30
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe TID: 4996	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe TID: 7428	Thread sleep count: 364 > 30
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe TID: 7136	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Thread delayed: delay time: 922337203685477

Source: WiJVUxlOHs.exe, spoolsv.exe.0.dr, hVZrtkHODdjkrqRpmkkd.exe2.0.dr, dllhost.exe.0.dr, hVZrtkHODdjkrqRpmkkd.exe6.0.dr, hVZrtkHODdjkrqRpmkkd.exe.0.dr, backgroundTaskHost.exe.0.dr, hVZrtkHODdjkrqRpmkkd.exe8.0.dr, hVZrtkHODdjkrqRpmkkd.exe1.0.dr, hVZrtkHODdjkrqRpmkkd.exe5.0.dr, hVZrtkHODdjkrqRpmkkd.exe3.0.dr, hVZrtkHODdjkrqRpmkkd.exe0.0.dr, hVZrtkHODdjkrqRpmkkd.exe7.0.dr, hVZrtkHODdjkrqRpmkkd.exe4.0.dr	Binary or memory string: WEyfNPH1fNEcOsQEmuS
Source: WiJVUxlOHs.exe, 00000000.00000002.1697828995.000000001B9C7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\G
Source: WiJVUxlOHs.exe, 00000000.00000002.1698434618.000000001BB2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: WiJVUxlOHs.exe, 00000000.00000002.1697828995.000000001B9C7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process token adjusted: Debug
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Process token adjusted: Debug
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe

Process created: unknown unknown

Jump to behavior

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Queries volume information: C:\Users\user\Desktop\WiJVUxlOHs.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\WiJVUxlOHs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Queries volume information: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	Queries volume information: C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	Queries volume information: C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe VolumeInformation	Jump to behavior
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Queries volume information: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe VolumeInformation
Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	Queries volume information: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe VolumeInformation
Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	Queries volume information: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe VolumeInformation

Source: C:\Users\user\Desktop\WiJVUxlOHs.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected DCRat

Source: Yara match	File source: 00000008.00000002.1768888703.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.1769633590.0000000002620000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1770226487.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.1774435066.0000000002CBF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.1774435066.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.1778315356.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1684781297.000000000296D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.1769633590.00000000025E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1684781297.0000000002551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.1768888703.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1768870855.0000000002591000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1687435120.000000001255F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: WiJVUxlOHs.exe PID: 7296, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: backgroundTaskHost.exe PID: 7436, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: backgroundTaskHost.exe PID: 7460, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: hVZrtkHODdjkrqRpmkkd.exe PID: 7488, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dllhost.exe PID: 8056, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dllhost.exe PID: 8080, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: hVZrtkHODdjkrqRpmkkd.exe PID: 8108, type: MEMORYSTR

Remote Access Functionality

Yara detected DCRat

Source: Yara match	File source: 00000008.00000002.1768888703.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.1769633590.0000000002620000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1770226487.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.1774435066.0000000002CBF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.1774435066.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.1778315356.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1684781297.000000000296D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.1769633590.00000000025E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1684781297.0000000002551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.1768888703.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1768870855.0000000002591000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1687435120.000000001255F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: WiJVUxlOHs.exe PID: 7296, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: backgroundTaskHost.exe PID: 7436, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: backgroundTaskHost.exe PID: 7460, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: hVZrtkHODdjkrqRpmkkd.exe PID: 7488, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dllhost.exe PID: 8056, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dllhost.exe PID: 8080, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: hVZrtkHODdjkrqRpmkkd.exe PID: 8108, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Windows Management Instrumentation	1 Scheduled Task/Job	11 Process Injection	223 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	14 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
WiJVUxlOHs.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
WiJVUxlOHs.exe	100%	Avira	HEUR/AGEN.1323984
WiJVUxlOHs.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Recovery\spoolsv.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Avira	HEUR/AGEN.1323984
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Avira	HEUR/AGEN.1323984
C:\Recovery\spoolsv.exe	100%	Joe Sandbox ML
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Joe Sandbox ML
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	100%	Joe Sandbox ML
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Joe Sandbox ML
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Joe Sandbox ML
C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	100%	Joe Sandbox ML
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Joe Sandbox ML
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Joe Sandbox ML
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Joe Sandbox ML
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Joe Sandbox ML
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Joe Sandbox ML
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Joe Sandbox ML
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	100%	Joe Sandbox ML
C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files\Windows Sidebar\hVZrtkHODdjkrqRpmkkd.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Recovery\hVZrtkHODdjkrqRpmkkd.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Recovery\spoolsv.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe	84%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus

Source	Detection	Scanner	Label	Link
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	WiJVUxlOHs.exe, 00000000.00000002.1684781297.000000000296D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501453
Start date and time:	2024-08-29 23:46:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	WiJVUxlOHs.exe renamed because original name is a hash value
Original Sample Name:	1ef8f4b15672104cf11d5b0aff138464.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@41/42@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 61% Number of executed functions: 418 Number of non-executed functions: 6
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Excluded domains from analysis (whitelisted): f1022242.xsph.ru, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target WiJVUxlOHs.exe, PID 7296 because it is empty
Execution Graph export aborted for target backgroundTaskHost.exe, PID 7436 because it is empty
Execution Graph export aborted for target backgroundTaskHost.exe, PID 7460 because it is empty
Execution Graph export aborted for target dllhost.exe, PID 8056 because it is empty
Execution Graph export aborted for target dllhost.exe, PID 8080 because it is empty
Execution Graph export aborted for target hVZrtkHODdjkrqRpmkkd.exe, PID 7488 because it is empty
Execution Graph export aborted for target hVZrtkHODdjkrqRpmkkd.exe, PID 8108 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: WiJVUxlOHs.exe

Simulations

Behavior and APIs

Time	Type	Description
22:46:53	Task Scheduler	Run new task: backgroundTaskHost path: "C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe"
22:46:54	Task Scheduler	Run new task: backgroundTaskHostb path: "C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe"
22:46:54	Task Scheduler	Run new task: hVZrtkHODdjkrqRpmkkdh path: "C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe"
22:46:56	Task Scheduler	Run new task: dllhost path: "C:\Users\Default\PrintHood\dllhost.exe"
22:46:56	Task Scheduler	Run new task: dllhostd path: "C:\Users\Default\PrintHood\dllhost.exe"
22:46:56	Task Scheduler	Run new task: hVZrtkHODdjkrqRpmkkd path: "C:\Users\All Users\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe"
22:46:56	Task Scheduler	Run new task: spoolsvs path: "C:\Recovery\spoolsv.exe"
22:46:58	Task Scheduler	Run new task: spoolsv path: "C:\Recovery\spoolsv.exe"

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	92
Entropy (8bit):	5.361672249648525
Encrypted:	false
SSDEEP:	3:0yopm2zFKahcD0iVffmKT3zVOHbTq5M:N2xKnnVffmKT3IH3q5M
MD5:	C9D08267A44B90CA41B87AED0E727060
SHA1:	50DF87FB2E15542DB1A079651BFB0DE6A2AE3207
SHA-256:	E722D7A3F86FDEAE663E56303628FC0DB342BE7DB8B295442DF98E5C72922A95
SHA-512:	5E20036F72012AB2B013A9D9AFB53DCF74D4F99839230416E849D3CF87220DCB81E5E0427F42EC45B57EEDCC84528DE292FBE20DC48DEAC9274DB3DDF7AAC290
Malicious:	false
Preview:	keIFkj5tj4eg3yVXX6d3h749ZWHpDysaETG9rKgaQ4geGZZKxJpY83hmjJpObPpuLDbjrVpNaDmmba2A6724JUcKveZi

C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1231872
Entropy (8bit):	6.922721914406525
Encrypted:	false
SSDEEP:	24576:e7ra5u7fXiwUXFp6nFwxvY1c95xX+4V519ZlHY:ypLywep6nFwq1clT19Z
MD5:	1EF8F4B15672104CF11D5B0AFF138464
SHA1:	F0441C53F8817386EE5F63532A13C168669C90F2
SHA-256:	C0C7A64ABCFA82BE148050CDDC9DF53967C4072EE0871528BC86971B486A3053
SHA-512:	B1BD0F771C2C9C53C71C8C59C1C108C55DBCDA6C9F8642C0968F7E2381C5307108A5A12543E40CF9E4AD7CE163A406214D4E14E7E3F9EFD6E68E48AECE940B25
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Windows Media Player\13a54417f66e9d

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with very long lines (440), with no line terminators
Category:	dropped
Size (bytes):	440
Entropy (8bit):	5.828019707368211
Encrypted:	false
SSDEEP:	12:o0JSKKhy3qhVMoDQ83P6em6q+PDhO6HqMBQq/60Q21EWQ:BJSTQ6Ik3P6/F+s6/5il2yL
MD5:	5D9FD4A5228973BC92BF2D49AE668303
SHA1:	639B0E41A20B672DBD4230F3E5308F47363FFBC8
SHA-256:	969A504C2B55DF4EBF6483D1F95EC75494B199B21F33F161ADAFD7E868158DF4
SHA-512:	8630090954ADF90699296B744254C7983E2784A776B0FD36FE939CC98C95F4933E9106F244076144860F134AF7DFA867B7081EF06C56512D8E74802939265D94
Malicious:	false
Preview:	Td7PdOpbVVy3oeWUMIJJCQC49bHOzsH7k8YCKnY0T7xN59SruDYAFeYDbCQBHalnN1SpGTKjuTzEcy99JZdwTH2GkVkIXWt2WK9Dqmla3yQwoTkmCQ2r6zTG9MEusBMXk7sSy5ShyD2e1FbRu8FGeC5g03Eeh0r1m2MrkSxG8U236zO3uxAu6G2hBMb51y98VB283uqbK9IJJCjBoLtt075gAoqY02PKV4i56Q9AGij77tY8maQpEPHYFV8PESlRt8yPeoEYMtnSX8iQQrvamkFFwJzlSu5y7RN94Ie8V2dUmzAHxr9XgKpJ2tdUydFbyyUFuiWHMxFuGuc6JsxkviRxmEHLoKK1wBgye4WOU1KtE4CHQhLFpeqPhhdqbKcCnN8FOobOVjQ3XhsrCA5H9EMRUQQ7bqwJYHG0673lF6uGOx19zvnbPUDi

C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1231872
Entropy (8bit):	6.922721914406525
Encrypted:	false
SSDEEP:	24576:e7ra5u7fXiwUXFp6nFwxvY1c95xX+4V519ZlHY:ypLywep6nFwq1clT19Z
MD5:	1EF8F4B15672104CF11D5B0AFF138464
SHA1:	F0441C53F8817386EE5F63532A13C168669C90F2
SHA-256:	C0C7A64ABCFA82BE148050CDDC9DF53967C4072EE0871528BC86971B486A3053
SHA-512:	B1BD0F771C2C9C53C71C8C59C1C108C55DBCDA6C9F8642C0968F7E2381C5307108A5A12543E40CF9E4AD7CE163A406214D4E14E7E3F9EFD6E68E48AECE940B25
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Windows NT\13a54417f66e9d

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with very long lines (628), with no line terminators
Category:	dropped
Size (bytes):	628
Entropy (8bit):	5.88441709895688
Encrypted:	false
SSDEEP:	12:E/VTbtcoVmgpqcAQQy6OQkmKHHYBvmfWqokMryUzh1CtD6LlKsp:CTZxVmgsJ/k9HHYBvsZzq/uD6LAm
MD5:	9AE850C832EDE64213D86FAE0760A841
SHA1:	877268ABB1AE9FBE5C1A88544256BD6181F6EF0E
SHA-256:	C77903EC3F419FE66021FF2D6240D05D9BCF46151410913B0D35DE2AF916E716
SHA-512:	A373277C1A23E227D78565136024AE03E7024DC199DFB90017930BC7E09BE16B0275DCD309E77C191D04C0B2E22733EE85C0FD9E696CCA3EEEB2F0DF4C387A44
Malicious:	false
Preview:	L2LXUsicE6aNnoUwpFcQqaDNWedvEosBxN1SiUfhSZTtpwKEONlFmc6vz8B0PwXZOYZawCOVj58QGThjUZg1CmYVQFcjSpRgC3fQWtRM9Qfrdpogabf0PgXlAEJqkoC4ncONxRMkHU1vHq1lb6J1JbQgg4QSkklUOlDBbbsJO4s4oldTNhPofLuLLrq3B4AhthhgnzK9N9mPtW25a6ECV7yD11ztuzIT4KLGD7qXXQagifczzvcE07Mvseov9aOY1SUiLv1cQqoEgSeWZA39WDd68ZYjS5Y6BCoPK3nE39yJSHPa9SV8hPCyzXkvXSJUSsDeoOLgWzFWOTo1K7jAjZZwA0axT2rkzd1kDvwuHzlrJpjftslZtJv3SRexyYMeHfgvcDxZLy3uxrmUQ5DkRR1qs7SwQ86smHjoJxCp5LO5QAGkoJh2UmN0n0DeuAIM1KIpH8Kc2YpFD5Zr1sIGbEYA4tATuh44DBDG2acp8E966HxraVnC2BvxvIvY81rVduCB2TzbPcHWEbDw6S2Z42BBQQUuoErGWodLFvzHgLwZ3YtTF9bp9SaltAul9ExLvAAZ81qKcv2sFlI2hApomBHDN2cFBNHbYlo2YTVOTRMOZsfH22E8

C:\Program Files\Windows NT\TableTextService\en-US\13a54417f66e9d

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	104
Entropy (8bit):	5.39891811779214
Encrypted:	false
SSDEEP:	3:Q3IOUfgCUJ8smEAUWeWYHtL5BWqY16rbwA0n:WIZG1zQ6NL5BWqY6rbwZn
MD5:	2E9F42E553D8100B55506A83EFD2EFFE
SHA1:	8BF046351DE56C8E5237FBA03DDDAB71E04662FF
SHA-256:	CD65CE6DADDC9FDAAFA249B4F9B7F146EC43106D6ED12DD0FE4F1C843509EA9F
SHA-512:	922EC64AF45D1EFCEE4D209087F278F92DC2FF5537F3F87363ED44260D0F4EF5DCF7495A6D71A276B07E23DE4A49966A7C42C131C878CE805A27BE0A8008C1E5
Malicious:	false
Preview:	SdBpZ8LVLykKe98z6zIg1FPFWvVgFCae1sWUgQKxKULszKqqL7wxi6ONN6SonoPJYFTvmoSqoVVg3hPMEoVIPn64dJGk7gKgEBUu05Dh

C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1231872
Entropy (8bit):	6.922721914406525
Encrypted:	false
SSDEEP:	24576:e7ra5u7fXiwUXFp6nFwxvY1c95xX+4V519ZlHY:ypLywep6nFwq1clT19Z
MD5:	1EF8F4B15672104CF11D5B0AFF138464
SHA1:	F0441C53F8817386EE5F63532A13C168669C90F2
SHA-256:	C0C7A64ABCFA82BE148050CDDC9DF53967C4072EE0871528BC86971B486A3053
SHA-512:	B1BD0F771C2C9C53C71C8C59C1C108C55DBCDA6C9F8642C0968F7E2381C5307108A5A12543E40CF9E4AD7CE163A406214D4E14E7E3F9EFD6E68E48AECE940B25
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1231872
Entropy (8bit):	6.922721914406525
Encrypted:	false
SSDEEP:	24576:e7ra5u7fXiwUXFp6nFwxvY1c95xX+4V519ZlHY:ypLywep6nFwq1clT19Z
MD5:	1EF8F4B15672104CF11D5B0AFF138464
SHA1:	F0441C53F8817386EE5F63532A13C168669C90F2
SHA-256:	C0C7A64ABCFA82BE148050CDDC9DF53967C4072EE0871528BC86971B486A3053
SHA-512:	B1BD0F771C2C9C53C71C8C59C1C108C55DBCDA6C9F8642C0968F7E2381C5307108A5A12543E40CF9E4AD7CE163A406214D4E14E7E3F9EFD6E68E48AECE940B25
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1231872
Entropy (8bit):	6.922721914406525
Encrypted:	false
SSDEEP:	24576:e7ra5u7fXiwUXFp6nFwxvY1c95xX+4V519ZlHY:ypLywep6nFwq1clT19Z
MD5:	1EF8F4B15672104CF11D5B0AFF138464
SHA1:	F0441C53F8817386EE5F63532A13C168669C90F2
SHA-256:	C0C7A64ABCFA82BE148050CDDC9DF53967C4072EE0871528BC86971B486A3053
SHA-512:	B1BD0F771C2C9C53C71C8C59C1C108C55DBCDA6C9F8642C0968F7E2381C5307108A5A12543E40CF9E4AD7CE163A406214D4E14E7E3F9EFD6E68E48AECE940B25
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Windows Portable Devices\eddb19405b7ce1

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	184
Entropy (8bit):	5.6186338161916325
Encrypted:	false
SSDEEP:	3:+a0xWgRxIVUiwdlN2LH1R1WcFRqsrxRRgu6BOxdHdOGiSdzFASXnI6FIn:+/SVZVR1BllnnxdHFxPXZyn
MD5:	6AF381B59B4AA5DA702E2BA76E85FBDA
SHA1:	ADFF773F1F0C45AE67BA93708E59FF46AC3C896B
SHA-256:	C170D91A36C987C3158B431AC797E316B5977FA13A2B9169378C03132993E232
SHA-512:	825C4C79D85B8C2C26EBA7D461C0BBED131A0998AACE370541E762CC5A7E2BDBA7504835BDE011D8452ACCA555F26D915C313B9D2D45719DB70474629D017E84
Malicious:	false
Preview:	sNVhwLQTqmzDwxE4Tm0GxqeGUxLcEvwB9kfdYY0s0iGj1rnHPv0C7ZXBtPN8AyO50yDLRlf4wIQPj4OmKENT4tEkNdtJL1sCTLtDobznP5QzJIcyBly5k5AGud8x1Wt4ZN5YKK8tOjD9dObEB5HjDwbXKnTKcBw3MVa5NDo0nErB2BmfC3w6OK0m

C:\Program Files\Windows Sidebar\13a54417f66e9d

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with very long lines (617), with no line terminators
Category:	dropped
Size (bytes):	617
Entropy (8bit):	5.8925722279594694
Encrypted:	false
SSDEEP:	12:HZEBtjCfv0j+O6pjuL1YOil7sbJrwyERo21hFxRZwXHTbiDkk:HmXefv0j7MaL1YpsbSKWhFxRiXHaDkk
MD5:	631293DFDF57339DA551C4F8077D8D74
SHA1:	90349382B7D8CFD0E7BC849F12883F953854D9E4
SHA-256:	4DB31A0FEDE39A9B4C43935CC012A06C6E6B98A9D59179FE860C055D5FB84862
SHA-512:	6FAEA3AADF08C7B61350EF1CD1A3B24CB6907A5EDFAC9575FCB519D61FFF70C6ED1F30AA7B325F4563F27AB4BE1D062991C8E65211CE7AC716BD5FDCE6815643
Malicious:	false
Preview:	GCXf5kueofsAMwCQHKUIVlu4phm9GWsdyU4iIOF5tNpACmVyo9D13wQfRc0Y8uXRxOL22dI3FYZI5u1DLyUGT1kCDZRpYr780YNyad5L1KveXHjhlwMJaQ86oIycMdfYbaRhhCmr2JPIFFp5ztDlexijZQJRpd8YpXD60C9iKfRQBz0id2ncZ43n2sHQ3UCZK0drCsFxuea9fRijZkywzg8veZEH4tpzc2FKWJguw0s4d4IkKh0SgPjn1sNmo72AzlgnMXNQEDA9yDRkRd7W2XTMTbSo53Fy7rF2XeYwUjOcPjzyanVLAgIbRUTuEjUK8LCH8ZMwFKBSJ16tmeOSi4yajnkCLnsvPDeEhr0AajFzezSaXkHjVClDXliUzJlbcQDFX2L4oN29y86tVKpkgIaMcar5JfLQ7oXNvNDfYM5HJmPYpy9oeA5T00n6LPvICmBKls8HGKLTNSDzKSQUggw7tDX4kGTIbwFhkFx7z1iTylGhxxw29amf0EahUEhA0D2aNfOFfTfo8cIH7zGwUbJAJkrgoPmvUhdvtpURiqXq57gX6Tke7uqZ31RnysaPqtTb8WXRfyNnEcELDTjVpHyk1E21Yqd0PH9LoFZk5

C:\Program Files\Windows Sidebar\hVZrtkHODdjkrqRpmkkd.exe

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1231872
Entropy (8bit):	6.922721914406525
Encrypted:	false
SSDEEP:	24576:e7ra5u7fXiwUXFp6nFwxvY1c95xX+4V519ZlHY:ypLywep6nFwq1clT19Z
MD5:	1EF8F4B15672104CF11D5B0AFF138464
SHA1:	F0441C53F8817386EE5F63532A13C168669C90F2
SHA-256:	C0C7A64ABCFA82BE148050CDDC9DF53967C4072EE0871528BC86971B486A3053
SHA-512:	B1BD0F771C2C9C53C71C8C59C1C108C55DBCDA6C9F8642C0968F7E2381C5307108A5A12543E40CF9E4AD7CE163A406214D4E14E7E3F9EFD6E68E48AECE940B25
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Windows Sidebar\hVZrtkHODdjkrqRpmkkd.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\13a54417f66e9d

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with very long lines (861), with no line terminators
Category:	dropped
Size (bytes):	861
Entropy (8bit):	5.884889929273535
Encrypted:	false
SSDEEP:	24:k122tZSmJzmfEJmDFX3wCkaTFMuvwd5HNQO6Q+2ZDpwdz:rNciEJmDFnwCGGu5tZ8awl
MD5:	43F1227DD107151E79C9E1BD0B765A44
SHA1:	F2AE308015F078F4A1DF7930EB0A033D06774CA8
SHA-256:	D22C7B779F85D63878C9AA81AF59BCE1AABD34241AF10864DCEC9B05DC39AA35
SHA-512:	2D30A87175734C13501FBF19BC9C3C74493C70376437A4C6A0AF31764869BE745E70D8CED3A4CF5D0D6C023FEA6A50B7D73CFD97F39049C26DF759C0BD7BDEBA
Malicious:	false
Preview:	uFHTCCTGChYRHpCV4EEhzPM5NlJFTISli8BiU6SBP5oMiGWHmbLaL3Cf2LFa2Ow3PxsJoeB7vDS3kAXHOCd161Zp6fqI12IAIv7vYNcIaOpIkI42y8L0v56XXDNIx2G34RuzDmsBjVbsMRExkyU3qSPNyjYVAUUhIwNSXFyMPKQZdOLF8Zh9hMMmChAdNXAPA3jZDvae9InfBztjXSWlwU95jkQzFV82KBZkovCN9C9ZjrlMyaF5AZcp3o0cekZoJvV9aI5lPJltVkW29EBoPC1ujtrA5jsYnVPxWlvpfep1xsUTR8daivZH3karb4qqbNG9UifXTWIvWA60YYt7GR016I3vKDNlx9aklV8scFHMmou3nkTDLsjJXOCMpuMPIh7XkWOCZAfBKnPSXAHkuKZEZQNWSwDr21DEqXTRVQoKNi8t9uypmme8I27TI1un7xJSkLlAq0PefO11ReXi8YFQXF6yZ9IdgBNZZqJxIx8wWAc3AFBoeMois35ePxkqrw7eBbclVjZKZS3WmCxT8e8TWorguoiVNREkC82jnaT4xeJZ9j2M9QsNxoIWu61qBD6IOTToKOqhKEg1fRgLvWV6i1wYzgyrjm3thALpQOCvkLCsHR0cZp4prAjWg4yoZ98hLxTfG15hTjWXyDRipWR3rOBhayIVZYWlMehT7VWiuXVHoMidmP8DrF07vwERsjH5NuLTg7lUAsIU232OQpsKZS3HokiLQE0KQZ43BO6ponD96fE230BC17f41Eo6ZaD528Ed99MBtDfwP3KJfpRaDxTT49B7kAPOkHH8bl24n9Tybto73fauIm1EoviA7PbsxRLIwMr4wXxEef1KUEDEjfG7P

C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1231872
Entropy (8bit):	6.922721914406525
Encrypted:	false
SSDEEP:	24576:e7ra5u7fXiwUXFp6nFwxvY1c95xX+4V519ZlHY:ypLywep6nFwq1clT19Z
MD5:	1EF8F4B15672104CF11D5B0AFF138464
SHA1:	F0441C53F8817386EE5F63532A13C168669C90F2
SHA-256:	C0C7A64ABCFA82BE148050CDDC9DF53967C4072EE0871528BC86971B486A3053
SHA-512:	B1BD0F771C2C9C53C71C8C59C1C108C55DBCDA6C9F8642C0968F7E2381C5307108A5A12543E40CF9E4AD7CE163A406214D4E14E7E3F9EFD6E68E48AECE940B25
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Recovery\13a54417f66e9d

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.773889534110027
Encrypted:	false
SSDEEP:	6:HYBYD5HyGr9T0hiBgywo95DkHrxlO0ylTkW8JIYdNBtVx+MV4SIa:HYirr9QiBg3e9a1Wa1BxWO
MD5:	2E151D4B26A4C635AB63A98EE9F4F8E2
SHA1:	ECFFFBCFB6A888BDBB7FA35B6DAB742791FE0D7E
SHA-256:	9E921A214DA17BB2181A7400FA6474E09704A55E83B93A74C958931B9CC36AAB
SHA-512:	B48573B3965AC2D64DE98E733FAB094FFA9CBE15BCC9316241CB0CE246B11DEABD6587323BF857C95039BCBC4EED3A1374957DC440490EE8A1B44F312D21878D
Malicious:	false
Preview:	4LJQpSeXvl1kQxN6HsIElXqHzDGebbrWh31TPRz9dneJbcqCPeVtz0pgfBblMA6T4eCX64q03Ik83gqWWDO6F8grNUxNzNxdrKP6ZTFVyfzrPrn9VEPIvAO58VJlGdAqVHQtQu6D73IjIzbgry2v7orr5U7EJePUeJVIa3skHMK22oxJ3m4RkPsqZjx6w23doxE9dTGyGRnvdzzRhyKgk7uPaos1GwyOSrOEjxpkgFLTl7NktfZ8rW3qDzizkOrTdYcwkustJkAewaodbIHkX0h6yhBuPz

C:\Recovery\f3b6ecef712a24

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with very long lines (552), with no line terminators
Category:	dropped
Size (bytes):	552
Entropy (8bit):	5.87298022208589
Encrypted:	false
SSDEEP:	12:hXMYkykAEjEgEGxhUQ8PyibdL8pgWCATgxBYbU1gdz+Ihl8plhcJ/NUlrWmTR2e:WYky6j31xhUzPo6Brgd6Vo1ilrWle
MD5:	84E09BCC5CCA3DB0C130CFB7EA2952AA
SHA1:	2AD4DA15B9EEEFD70F380A45BDBD336FD163D0B1
SHA-256:	5A2BAAF559DB892EC2056B536377CABB90609468009311B326A3505A67AB42F1
SHA-512:	DFBC5272A6FC64E69C5073D7F9D647E98A5AD8A04F1DD0A71514D35B1C11E5B2D6DA6D255CD92052C73E6D51C90311ABED020A33D977330F739C3BA04B7FDF37
Malicious:	false
Preview:	gKryg7uzxjJ3Yp3LWJSKO2u1A23aZg4frmx3WQDiVHcdLxoMDMKbs9ToazxnDUaRpnMv29zGFtzGaQqNOqWMVdxrSJcgcZeBqKxhk2UDXEV8KNNJIkZW7O6M0fdshSnpPxZPdJmVWTzQHygF5SY29IEcOlqFZmgEaptXx8q87DAnYpEB8XxO4vpGs7A1dg6uwu0cFJR7mZ45IaDjhoHBzSKo9mo07zfaHQ1nym6yGzme1u8S3bUyZ54dkLcdfaAw4dy2iZu5sS49qqxPoV7ffqAMVYDmJcTqyzkX5FtdqYGHA5x4YNyJceRNcmhKWIvP8OK0FZUimdzGj3LZkJO6oJNUiW5TiiHin0Iwu6y83Qh8pLnjaHjM4zlzA0SteA9DWRdsuYpoUPCYmOoXsV2b84oxPTw4oFd2QdmYr5yBc51owNMvL5AIIiEbnpdamv9PvKIJmQpxg09DC9ACHAstEVtrYKvCbYZr5m3mFDJ5PNmRjBZnobTmCQLaaaubemVIbSHaGY7E1wd0sbIWvHXAExoobcLoSran1d0R48hQ

C:\Recovery\hVZrtkHODdjkrqRpmkkd.exe

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1231872
Entropy (8bit):	6.922721914406525
Encrypted:	false
SSDEEP:	24576:e7ra5u7fXiwUXFp6nFwxvY1c95xX+4V519ZlHY:ypLywep6nFwq1clT19Z
MD5:	1EF8F4B15672104CF11D5B0AFF138464
SHA1:	F0441C53F8817386EE5F63532A13C168669C90F2
SHA-256:	C0C7A64ABCFA82BE148050CDDC9DF53967C4072EE0871528BC86971B486A3053
SHA-512:	B1BD0F771C2C9C53C71C8C59C1C108C55DBCDA6C9F8642C0968F7E2381C5307108A5A12543E40CF9E4AD7CE163A406214D4E14E7E3F9EFD6E68E48AECE940B25
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Recovery\hVZrtkHODdjkrqRpmkkd.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Recovery\spoolsv.exe

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1231872
Entropy (8bit):	6.922721914406525
Encrypted:	false
SSDEEP:	24576:e7ra5u7fXiwUXFp6nFwxvY1c95xX+4V519ZlHY:ypLywep6nFwq1clT19Z
MD5:	1EF8F4B15672104CF11D5B0AFF138464
SHA1:	F0441C53F8817386EE5F63532A13C168669C90F2
SHA-256:	C0C7A64ABCFA82BE148050CDDC9DF53967C4072EE0871528BC86971B486A3053
SHA-512:	B1BD0F771C2C9C53C71C8C59C1C108C55DBCDA6C9F8642C0968F7E2381C5307108A5A12543E40CF9E4AD7CE163A406214D4E14E7E3F9EFD6E68E48AECE940B25
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Recovery\spoolsv.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\5940a34987c991

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	107
Entropy (8bit):	5.616199435056207
Encrypted:	false
SSDEEP:	3:x27RPcDeSwhRzh+Oi8vGHAtAag1JMlWNkLmMU02djCnRX:0RPc6Zh5DVtA9KKb0SCx
MD5:	B4D736BF2B9BF075DA030949FD701554
SHA1:	A7705A09980C9F44AFEDDC5CB9BBEDEC97590588
SHA-256:	0AA746F3212D9B2E46950A837FC38EDBD9091A7FBC0BE4342B6B72C96E125FFD
SHA-512:	A4D03960D67497A356C024BEBD5C5395ED6A9144B62999F3228C60B03A7100A23538A940C378F5AE4152740DB6852B5CF3277B62A1270E47058854939FB1B4A1
Malicious:	false
Preview:	j8TH4vIYSdhssIKyc1MfVJkydIetSvza317LN7Hjlbmk96YACwPbeKuZXenvRZGgoHy0K9lfun43hAyhudrggX6sHixsTWSLVF52HhzDLtr

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1231872
Entropy (8bit):	6.922721914406525
Encrypted:	false
SSDEEP:	24576:e7ra5u7fXiwUXFp6nFwxvY1c95xX+4V519ZlHY:ypLywep6nFwq1clT19Z
MD5:	1EF8F4B15672104CF11D5B0AFF138464
SHA1:	F0441C53F8817386EE5F63532A13C168669C90F2
SHA-256:	C0C7A64ABCFA82BE148050CDDC9DF53967C4072EE0871528BC86971B486A3053
SHA-512:	B1BD0F771C2C9C53C71C8C59C1C108C55DBCDA6C9F8642C0968F7E2381C5307108A5A12543E40CF9E4AD7CE163A406214D4E14E7E3F9EFD6E68E48AECE940B25
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WiJVUxlOHs.exe.log

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1830
Entropy (8bit):	5.3661116947161815
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHpHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKktJtpaqZ8
MD5:	FE86BB9E3E84E6086797C4D5A9C909F2
SHA1:	14605A3EA146BAB4EE536375A445B0214CD40A97
SHA-256:	214AB589DBBBE5EC116663F82378BBD6C50DE3F6DD30AB9CF937B9D08DEBE2C6
SHA-512:	07EB2B39DA16F130525D40A80508F8633A18491633D41E879C3A490391A6535FF538E4392DA03482D4F8935461CA032BA2B4FB022A74C508B69F395FC2A9C048
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\backgroundTaskHost.exe.log

Download File

Process:	C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dllhost.exe.log

Download File

Process:	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Windows\Fonts\13a54417f66e9d

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with very long lines (789), with no line terminators
Category:	dropped
Size (bytes):	789
Entropy (8bit):	5.903224559471106
Encrypted:	false
SSDEEP:	24:0IkMq6B10R9paczA/8sjRL0RB9kr1FbWjb9/Ku1I1:8MqSuR9/Q8r8Ub9iR
MD5:	4A4E4D7B0575B5EFED26BAF5892A76E0
SHA1:	A8047F9C79BE5896D0AC39BC936F0F5BAA9B54B3
SHA-256:	71C6A06AE95256F220971F786F2ABC60E94888C3E22A936C17DF4101205D0908
SHA-512:	CFBF33F478F00F29A38C14AED8B004ADCE0D7D0ED6DC9FFBE9A3E8A32F02278DCCA7A3BA09033EEADD987F99C233595ECA72D056E5615408FC88339116F86E0E
Malicious:	false
Preview:	KxIyf17RR69FZfIAxIjP0oBexIpzG9zyeOrOergCyp7N1hWBFhDor76fvnAXLHKSGLlKy3gGmgaLrymQvotj5KGgSMd0qI0qepHq5LNMA7CKgvy7AulhXlW5EE2mapZdqtqCq6Ujbhi7I59gXgz6hSS3SLl0TkvViidwFwQEZBG0DYxIEWO4zd6YbxtfUdQ0wMZjcNblPvggLc03Ycw6W1fFmFVRCvu5uQD09Oq14moE6aM87zG1rUd4rU6X1JjeAkv5Y94Jw4CtMaIM2XUMo3OawIIpRTAuDKEVoRj757FwSusQMuedzWzHWVIP0P2c4RpBWwikyWRrybICa2dgyg5rV69SITGqEm2AEq3ZM4pcFIT5NGz8wVnXW8qZxPceQknLjH7u8DU41cmNnEFBeI4s9foG9em6cKMeeHVFIF9sAsf3WdwtJaAIq4LDc1uebXcrQHsfs93ZILrR9vufr2xCKEyk6SmQUeRnPymOvQAJgl9eN4ErHOwikagMTHjaXmEo4EBLJfub2nfjEUXCN5JFrsCzRZ4nrkw4gVjI23ileVq657I9ugMcd96MBM3ulGuR1kDtuOJUXhlWCF3UR52KYUbhZXGq9yAXkZFU4YOfW1E5XjJ6SicpNk2hJgUWIdVjgNwnAja2qXxhPfJzNKYbVVJAgiLYE2X3gfZJwg5tIj90wURnWeJ7F3NLDwGbXCyy93BtF9DrOoSvVTNLQiBjsaymSOFAZdVGvL13TihWbbsalczuj5LzAPFiFZb13CRuTMAKbT1sAoIRrXBzZ

C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1231872
Entropy (8bit):	6.922721914406525
Encrypted:	false
SSDEEP:	24576:e7ra5u7fXiwUXFp6nFwxvY1c95xX+4V519ZlHY:ypLywep6nFwq1clT19Z
MD5:	1EF8F4B15672104CF11D5B0AFF138464
SHA1:	F0441C53F8817386EE5F63532A13C168669C90F2
SHA-256:	C0C7A64ABCFA82BE148050CDDC9DF53967C4072EE0871528BC86971B486A3053
SHA-512:	B1BD0F771C2C9C53C71C8C59C1C108C55DBCDA6C9F8642C0968F7E2381C5307108A5A12543E40CF9E4AD7CE163A406214D4E14E7E3F9EFD6E68E48AECE940B25
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\13a54417f66e9d

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with very long lines (379), with no line terminators
Category:	dropped
Size (bytes):	379
Entropy (8bit):	5.844303151967483
Encrypted:	false
SSDEEP:	6:BkiGq3madexPEpmGyXws9OOYzEDTg0dBpkUbewxPRfcMlyWIg0kj9BV+Fl:BbGqdexspmGHOoEDTgiBPxfIg0UT+Fl
MD5:	7571FD5BA0DF339DEAB96EDEF7239AFC
SHA1:	569D56DA3FBF88FE3695CFEB391764605DFA3F13
SHA-256:	CC73DE7C69072FD74D555777AB17C52D495BDA202E4B9962F368422230742CBA
SHA-512:	44A49DA38BE81BC651F639391A67F2D27C70CF5FA10C8DFAB302E7AF20C342502A1561F40F9AC01EA3C997ABE96E96F648EFE91E6B9F897C7ADC802AAA987894
Malicious:	false
Preview:	PVEonc9oMSvJV09Pl0cwkHgzCX0GuMV4CDXgZMnb93DLdl47VbXb43wIyOmQl23960HRcc0ZNBxrDVWac3vTz4AIRPsKjWzH9DOmemf2l7N2FEEd1LxsGkKC08AMtpz0Mqr9Gt50X2r2qHCMKOSYjGAZ3MvglSJ5HWqZXFXIP7VN2SVt5yBeWbRGpRF37ZOEtwuTbnzF1KImvxhl1ClxRoiqFjuF9dK0sQdGiBRS95mMSoU2ueC5yaxFNDO12tGYAS3fTbDzuTyVBWXbO2VeaOBScY3exaZPyOLAuziTbNKfmbE0pwm9Ym7vQlC5hiBU3igwLXqYUBDNEgpBTCyAyZ0MQZuIxnv2L0lD4RpSFNpWiurt6AlfuAgdrTg

C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1231872
Entropy (8bit):	6.922721914406525
Encrypted:	false
SSDEEP:	24576:e7ra5u7fXiwUXFp6nFwxvY1c95xX+4V519ZlHY:ypLywep6nFwq1clT19Z
MD5:	1EF8F4B15672104CF11D5B0AFF138464
SHA1:	F0441C53F8817386EE5F63532A13C168669C90F2
SHA-256:	C0C7A64ABCFA82BE148050CDDC9DF53967C4072EE0871528BC86971B486A3053
SHA-512:	B1BD0F771C2C9C53C71C8C59C1C108C55DBCDA6C9F8642C0968F7E2381C5307108A5A12543E40CF9E4AD7CE163A406214D4E14E7E3F9EFD6E68E48AECE940B25
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\Provisioning\13a54417f66e9d

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	44
Entropy (8bit):	4.862507470762515
Encrypted:	false
SSDEEP:	3:+QbZU5Cjn:+pYjn
MD5:	D6F79326F73FED5C9AA2F7EB912F52F4
SHA1:	F16F4A8BFB66D03D39EC1F1E880EDF0B364914CE
SHA-256:	17E17AD49E4625C960764F887944706700E29D2B5987F2D7C886D2DF4B2DBF29
SHA-512:	E531BD70E009CE7F85408062BA30DBB2FD1C1F811D88CF741A89CD1B148EB1DD5D6DC332A4E916C32AEA8EF0F3C9558E2295E0D14A549B05C5494A57345E5BBC
Malicious:	false
Preview:	lVnuRhWW92P62vfRpwY1Z42hcxfr6Bq3vDLUxpyi5kvW

C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1231872
Entropy (8bit):	6.922721914406525
Encrypted:	false
SSDEEP:	24576:e7ra5u7fXiwUXFp6nFwxvY1c95xX+4V519ZlHY:ypLywep6nFwq1clT19Z
MD5:	1EF8F4B15672104CF11D5B0AFF138464
SHA1:	F0441C53F8817386EE5F63532A13C168669C90F2
SHA-256:	C0C7A64ABCFA82BE148050CDDC9DF53967C4072EE0871528BC86971B486A3053
SHA-512:	B1BD0F771C2C9C53C71C8C59C1C108C55DBCDA6C9F8642C0968F7E2381C5307108A5A12543E40CF9E4AD7CE163A406214D4E14E7E3F9EFD6E68E48AECE940B25
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6........... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text........ ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\WiJVUxlOHs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.922721914406525
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	WiJVUxlOHs.exe
File size:	1'231'872 bytes
MD5:	1ef8f4b15672104cf11d5b0aff138464
SHA1:	f0441c53f8817386ee5f63532a13c168669c90f2
SHA256:	c0c7a64abcfa82be148050cddc9df53967c4072ee0871528bc86971b486a3053
SHA512:	b1bd0f771c2c9c53c71c8c59c1c108c55dbcda6c9f8642c0968f7e2381c5307108a5a12543e40cf9e4ad7ce163a406214d4e14e7e3f9efd6e68e48aece940b25
SSDEEP:	24576:e7ra5u7fXiwUXFp6nFwxvY1c95xX+4V519ZlHY:ypLywep6nFwq1clT19Z
TLSH:	C0456C427E44CE11F0091A33C2EF65488BB49D5166AAE32B7DBA377E25123973C0D9DB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....rb.....................6........... ........@.. .......................@............@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x52b00e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6272A3D7 [Wed May 4 16:03:35 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x12afc0	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x130000	0x218	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x132000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x129014	0x129200	e33f93fd62af0f8b9577bec6d4cb8bd3	False	0.6618143931426167	data	6.956387099644467	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.sdata	0x12c000	0x2fdf	0x3000	93470da1370c90cf0dc54e3ee05a4c61	False	0.31005859375	data	3.2424425023745234	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x130000	0x218	0x400	7088fc9747b26f17366bfd566d8692ca	False	0.26171875	data	1.8282194552185358	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x132000	0xc	0x200	e662d8ea433fe0259e4069b099500259	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x130058	0x1c0	ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970	English	United States	0.5223214285714286

Imports

DLL	Import
mscoree.dll	_CorExeMain

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	17:46:52
Start date:	29/08/2024
Path:	C:\Users\user\Desktop\WiJVUxlOHs.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\WiJVUxlOHs.exe"
Imagebase:	0x180000
File size:	1'231'872 bytes
MD5 hash:	1EF8F4B15672104CF11D5B0AFF138464
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1684781297.000000000296D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1684781297.0000000002551000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1687435120.000000001255F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	17:46:53
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	17:46:53
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "backgroundTaskHost" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	17:46:53
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	17:46:53
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 8 /tr "'C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	17:46:53
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	17:46:54
Start date:	29/08/2024
Path:	C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe"
Imagebase:	0x60000
File size:	1'231'872 bytes
MD5 hash:	1EF8F4B15672104CF11D5B0AFF138464
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000006.00000002.1768870855.0000000002591000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 84%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	17:46:54
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 9 /tr "'C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	17:46:54
Start date:	29/08/2024
Path:	C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe"
Imagebase:	0x470000
File size:	1'231'872 bytes
MD5 hash:	1EF8F4B15672104CF11D5B0AFF138464
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000008.00000002.1768888703.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000008.00000002.1768888703.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	17:46:54
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 6 /tr "'C:\Recovery\hVZrtkHODdjkrqRpmkkd.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	17:46:54
Start date:	29/08/2024
Path:	C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Fonts\hVZrtkHODdjkrqRpmkkd.exe
Imagebase:	0x940000
File size:	1'231'872 bytes
MD5 hash:	1EF8F4B15672104CF11D5B0AFF138464
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000A.00000002.1770226487.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 84%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	17:46:54
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Recovery\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	17:46:54
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 13 /tr "'C:\Recovery\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	17:46:54
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 11 /tr "'C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	17:46:54
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	17:46:54
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 8 /tr "'C:\Windows\Provisioning\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	17:46:54
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	17:46:55
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	17:46:55
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 6 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	17:46:55
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 13 /tr "'C:\Users\Default\PrintHood\dllhost.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	17:46:55
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Users\Default\PrintHood\dllhost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	17:46:55
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 7 /tr "'C:\Users\Default\PrintHood\dllhost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	17:46:55
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	17:46:55
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	17:46:55
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 6 /tr "'C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	17:46:55
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	17:46:55
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	17:46:55
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	17:46:55
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 5 /tr "'C:\Users\All Users\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	17:46:55
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Users\All Users\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	17:46:55
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 8 /tr "'C:\Users\All Users\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	17:46:56
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 9 /tr "'C:\Recovery\spoolsv.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	17:46:56
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Recovery\spoolsv.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	17:46:56
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 7 /tr "'C:\Recovery\spoolsv.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	17:46:56
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 12 /tr "'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	17:46:56
Start date:	29/08/2024
Path:	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\Default\PrintHood\dllhost.exe
Imagebase:	0xf90000
File size:	1'231'872 bytes
MD5 hash:	1EF8F4B15672104CF11D5B0AFF138464
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000023.00000002.1778315356.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 84%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	17:46:56
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkd" /sc ONLOGON /tr "'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	17:46:56
Start date:	29/08/2024
Path:	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\dllhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\Default\PrintHood\dllhost.exe
Imagebase:	0x280000
File size:	1'231'872 bytes
MD5 hash:	1EF8F4B15672104CF11D5B0AFF138464
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000025.00000002.1769633590.0000000002620000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000025.00000002.1769633590.00000000025E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	17:46:56
Start date:	29/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "hVZrtkHODdjkrqRpmkkdh" /sc MINUTE /mo 11 /tr "'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	17:46:56
Start date:	29/08/2024
Path:	C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\hVZrtkHODdjkrqRpmkkd.exe
Imagebase:	0x9b0000
File size:	1'231'872 bytes
MD5 hash:	1EF8F4B15672104CF11D5B0AFF138464
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000027.00000002.1774435066.0000000002CBF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000027.00000002.1774435066.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 84%, ReversingLabs
Has exited:	true

Show Windows behavior

Function 00007FFD9B8A34C5 Relevance: 1.5, Strings: 1, Instructions: 294COMMON

Download Yara Rule

Strings

L_H, xrefs: 00007FFD9B8A3770

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID: L_H
API String ID: 0-402390507
Opcode ID: 3ec7d5318f48b41b5cc608b06089d24c6f1041f80282815e2e9ff203c1fcb6c6
Instruction ID: 3db341643d254b59eddce8d0042491d8d97b89ed66293769746239676adf92fc
Opcode Fuzzy Hash: 3ec7d5318f48b41b5cc608b06089d24c6f1041f80282815e2e9ff203c1fcb6c6
Instruction Fuzzy Hash: E5A1BF71A19A4E8FEB98DBA8D8657ED7BE1FF99354F4001BAD00DC32D6DB7428018B41

Function 00007FFD9B8A0F5B Relevance: 4.0, Strings: 3, Instructions: 259COMMON

Download Yara Rule

Strings

H, xrefs: 00007FFD9B8A0D40
H, xrefs: 00007FFD9B8A0DEB
H, xrefs: 00007FFD9B8A0F47

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID: H$H$H
API String ID: 0-1989617792
Opcode ID: ba7157ff5842bf88b5b7b425c3088781438934487dcc52f2b9c817d9ddb2a845
Instruction ID: 9e0ddbab8d24f93d65ba2260e0825feecb940f02adef614533dc45f2d4f07b69
Opcode Fuzzy Hash: ba7157ff5842bf88b5b7b425c3088781438934487dcc52f2b9c817d9ddb2a845
Instruction Fuzzy Hash: 1591F772F1995E4FEB68DB68C825BAC73A1EF58710F0002FAD01DD71E6DE386A458B40

Function 00007FFD9B8ACAFD Relevance: 1.4, Strings: 1, Instructions: 101COMMON

Download Yara Rule

Strings

yL_^, xrefs: 00007FFD9B8ACB01

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID: yL_^
API String ID: 0-4278417862
Opcode ID: eda2bd9cc4d0b0ffa58805dd222e3ef1155e7ca4013adda66c5149e57681e89d
Instruction ID: 8758ffeb3c190a92654bcc7fb14ba14c05a1e75c2f571b286e67df7b70907416
Opcode Fuzzy Hash: eda2bd9cc4d0b0ffa58805dd222e3ef1155e7ca4013adda66c5149e57681e89d
Instruction Fuzzy Hash: D031F931B4D66B8BEB5A7BACBC294FC3794EF19324F050577D01DCA0E3DD29258286A1

Function 00007FFD9B8AC97D Relevance: 1.3, Strings: 1, Instructions: 92COMMON

Download Yara Rule

Strings

6O_H, xrefs: 00007FFD9B8C9974

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID: 6O_H
API String ID: 0-3404085925
Opcode ID: d88ed7f2ec52c4683667a2aae8b6ebc618dde8290611438743d003fc31833573
Instruction ID: dabc826c65c44ef3caf46968c8b2f1a7c006b970ca1a01c2c4ac4916206922e9
Opcode Fuzzy Hash: d88ed7f2ec52c4683667a2aae8b6ebc618dde8290611438743d003fc31833573
Instruction Fuzzy Hash: DB316170A09A5E4BE765EB68C4296BE77E1FF59304F0105BED00ED72A1CE245941CB41

Function 00007FFD9B8ADB99 Relevance: .4, Instructions: 421COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9d12ab43518e4ce055241f67928d52296fd66443beb928c62d491dc947b98af
Instruction ID: 567040383a983798e909c0764f04e4aac9b8c1eb89f6c33346417f38519805f4
Opcode Fuzzy Hash: f9d12ab43518e4ce055241f67928d52296fd66443beb928c62d491dc947b98af
Instruction Fuzzy Hash: D4E15B71E1965D8FEBA8DB98D864BB8B7B1FF58300F4041BAD01DD32E6DA386941CB50

Function 00007FFD9B8AADD5 Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b0ff9b007697bef27be3f494bd848934d6d89c7666c9de94f916658979cee18
Instruction ID: 513a3568fae421a7e3bf9328ade4b68fcf961a24c4f87f0d39ef621d2b926324
Opcode Fuzzy Hash: 4b0ff9b007697bef27be3f494bd848934d6d89c7666c9de94f916658979cee18
Instruction Fuzzy Hash: 8FD10830E1962E8FDB68DBA8C4646BCB7B1FF59705F14017AD00DA32A6CB386981CF41

Function 00007FFD9B8A1678 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc88c9656795082fe5c4ce185aa22a88031985b49ed117e83a9a20e639e4d4d9
Instruction ID: 2298509344a600c757401e269d25334aa3e380280c1cf348a0b2de4b80ab5ac7
Opcode Fuzzy Hash: cc88c9656795082fe5c4ce185aa22a88031985b49ed117e83a9a20e639e4d4d9
Instruction Fuzzy Hash: 6881C131B0DA4D4BDB58EF5C88615A977E2FF99300B15457EE49EC3292DE34AD02C781

Function 00007FFD9B8AAF28 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02bce4f5b054e3288a6e62665a7d0a53c31df3ddbed841b1149a05f28decd888
Instruction ID: 8e1f49e4b2142a2cd57f6469908b6ae39dca8a4cfdb1508de220f6058e61bfd9
Opcode Fuzzy Hash: 02bce4f5b054e3288a6e62665a7d0a53c31df3ddbed841b1149a05f28decd888
Instruction Fuzzy Hash: 0561E970E0991D8EEBA4EBA8C8697FDB7B5EF59300F51407AD00DE72A1DE346A408F54

Function 00007FFD9B8A1C4D Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d3d5525986cc43e2919be96323e7b9b4fe292014a3d072bfc953646aedb5efc
Instruction ID: c8d1c3942a841182cc304f3982a5b35302c027f3d908e6412d4e44dbe739b7ca
Opcode Fuzzy Hash: 4d3d5525986cc43e2919be96323e7b9b4fe292014a3d072bfc953646aedb5efc
Instruction Fuzzy Hash: 7251F131B09A8D8FCB58DF4888A45BA77E2FF99300B15457EE45EC7292DE34E802C781

Function 00007FFD9B8A3135 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a96981684ad527ee7f132d4a55bba8cde2d73bfa80fceff8c674e24b06828871
Instruction ID: 4988ffe0ee445d2aaf613ec64e98b6d905467234c31dcd3e9d457913afd643fb
Opcode Fuzzy Hash: a96981684ad527ee7f132d4a55bba8cde2d73bfa80fceff8c674e24b06828871
Instruction Fuzzy Hash: DC512B70E0A61E8FEB64DB98C4646EDBBF1FF59301F55017AD009E72A1DA386A44CB60

Function 00007FFD9B8A2065 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f7622f7d2fbf420658ab18ece53e2c176081b2be20ed96728707198651adc4d
Instruction ID: 7fe76c071c8b0bda5d4fdc16fd80749cf951f4fa59312066dfd7861bcf120706
Opcode Fuzzy Hash: 2f7622f7d2fbf420658ab18ece53e2c176081b2be20ed96728707198651adc4d
Instruction Fuzzy Hash: 51414831B0E68E4FE766DFB898655B97BE0EF8A310B0640FBD00CC71A6DE18B9418351

Function 00007FFD9B8ABEC9 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5145e3bf0d698b07edfbb512dbf35984f94ed9521c2352ab0ca7ea816f204629
Instruction ID: 2aaa1e31f8bfd266eff679c7f139a68f467a64f839ce589a4852cc683333e56a
Opcode Fuzzy Hash: 5145e3bf0d698b07edfbb512dbf35984f94ed9521c2352ab0ca7ea816f204629
Instruction Fuzzy Hash: BD51D770E0A65E8FDB68DFA4D8646EDB7B5FF09300F15053AD409E72A1DB386A44CB60

Function 00007FFD9B8ACC09 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18539b8fce4598170400b38bcff0e6ac1870efce26b57d428b6550d10b56daa2
Instruction ID: 20a27183f1b804900cf17983e542a1f4d2905cb63ff19c9523c242635de089a5
Opcode Fuzzy Hash: 18539b8fce4598170400b38bcff0e6ac1870efce26b57d428b6550d10b56daa2
Instruction Fuzzy Hash: 56318370A0D64E8FDB61EBA8D8255FE7BF0EF1D311F0604B7D408D31A6DA3865548B51

Function 00007FFD9B8A2337 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aff9a6a41d4ee21e99207e0b9bb159306d37191833da6032526f6e798fe53fb2
Instruction ID: 0a3144be1f2c6386d9463ec8fe4f7e09a1cf6ad5632ece2bc2b465070789193c
Opcode Fuzzy Hash: aff9a6a41d4ee21e99207e0b9bb159306d37191833da6032526f6e798fe53fb2
Instruction Fuzzy Hash: 6B316D30E1A11ECAEB34AF94C9617FDB370FF49311F0141BAD04E921A1DE382A45DB60

Function 00007FFD9B8AA8E5 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58e45b0c1e09532c462633c5de076d3b1e80aa02c20f21479bfa0c5a6f654fab
Instruction ID: 0627bd3c55c7b5d1abb6130c1e58c7d4b6e20309c5c0c895dc91396399b6cc1c
Opcode Fuzzy Hash: 58e45b0c1e09532c462633c5de076d3b1e80aa02c20f21479bfa0c5a6f654fab
Instruction Fuzzy Hash: 2B21AC31E1960E9FDB68EBA4D8616FDB7B1FF58310F0641BAD019D32E6CE3825058651

Function 00007FFD9B8A33C1 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de88593e33405fef31656847dfd9490ac3750c5d1d1b9fa3f559542156bd7963
Instruction ID: 0c44ece6e11c1a62bc409493aa4b4404abe75e28e692de8760396e07c18accab
Opcode Fuzzy Hash: de88593e33405fef31656847dfd9490ac3750c5d1d1b9fa3f559542156bd7963
Instruction Fuzzy Hash: 89214930A0A61E8FEB65EBA488692BE77E0FF18304F01087AD42DC21E5DF39A640C750

Function 00007FFD9B8A3445 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ed2dbcdb770df4c86315176e7f5ec182c07036ed5673d8c618e6b6d32ea0923
Instruction ID: 2fdd6f4e5bcdccc458c47462ee341c5bc553e773ea87fd284693e6774f0c0a22
Opcode Fuzzy Hash: 9ed2dbcdb770df4c86315176e7f5ec182c07036ed5673d8c618e6b6d32ea0923
Instruction Fuzzy Hash: BE213930E0A64E8FEB69EFA4C8656BD77A4FF29304F1104BED41EC21A1DB39A650C750

Function 00007FFD9B8AA6D1 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76a411aafedc71c451978736c0b7a716bf60a25b6bf5b475470047795cda6974
Instruction ID: b060d9684615c99c958baef75663d2ccc033d832f29835c7650fa25f198eb187
Opcode Fuzzy Hash: 76a411aafedc71c451978736c0b7a716bf60a25b6bf5b475470047795cda6974
Instruction Fuzzy Hash: FF214C30A0964D8FDB95EF58C8999AA3BF0FF1C305F01456AE459C72A5DB34E540CB80

Function 00007FFD9B8A331F Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11de1b7b90c5f8e5c4626c1cd6fd7201c0d37de6aca1e4ffb513c0d48791d7d2
Instruction ID: 0ba30232c18c6b6998697534eac44332eb0a438bad8adda94955d66a5c01ea8f
Opcode Fuzzy Hash: 11de1b7b90c5f8e5c4626c1cd6fd7201c0d37de6aca1e4ffb513c0d48791d7d2
Instruction Fuzzy Hash: 2A21833094E7C98FD753ABB488685997FF0EF5B304B0A44EBD049CB0B3DA289545C761

Function 00007FFD9B8A0A01 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5354cb24e7db26709c7884e566e0b58b9baf586abc67f1744b6a6930f61abd6b
Instruction ID: 57ab729968a2806c769bcae8c06aadd0e6ce5955bbda0a70b6dad00f4bd32569
Opcode Fuzzy Hash: 5354cb24e7db26709c7884e566e0b58b9baf586abc67f1744b6a6930f61abd6b
Instruction Fuzzy Hash: EB11BF30E2A90E4FEBA0EBA888695BD77E1FF58700F4146B6D01CC70A6EE34B6448710

Function 00007FFD9B8AC443 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ea72ab4a983dc0b2708d33a2e3547657b5c7d20678a2af05b8f1fb773a53eef
Instruction ID: a17d551ee1c520dd32b7d86f58bac8d9bac5d949530dec440f87692416ab0b5c
Opcode Fuzzy Hash: 6ea72ab4a983dc0b2708d33a2e3547657b5c7d20678a2af05b8f1fb773a53eef
Instruction Fuzzy Hash: 1511C570E1981D8EDFA8EBA89865AFCB7B5FF58300F515139D00DE32A6CE3469418B50

Function 00007FFD9B8A1F19 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5602c1e76c2f192fd1c2a3a6eac4a9d53374bcfd34395a769c1bcca59a04fdc3
Instruction ID: 94e5c65e183ed74395bdc5fdba2596830fc81cc2acaf9707faced7f758f4ab4d
Opcode Fuzzy Hash: 5602c1e76c2f192fd1c2a3a6eac4a9d53374bcfd34395a769c1bcca59a04fdc3
Instruction Fuzzy Hash: 4D117011A4F6C65EDB63A7B848744656FA55F07224B1E86FFD0D8CB0E3DA0C594AC322

Function 00007FFD9B8A116D Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c23fbd815b5407ed33b29d50275fcf3514ac38278373b477644579f3a553c523
Instruction ID: 254aab51c11070245d382ed0237e9b60d148756704baa0175b42a795e3ee8b14
Opcode Fuzzy Hash: c23fbd815b5407ed33b29d50275fcf3514ac38278373b477644579f3a553c523
Instruction Fuzzy Hash: 3111B670A0E64E4EEB65EBA4C8696B97FE0FF1A304F01157ED41AC61E2EE256544C710

Function 00007FFD9B8ACB80 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebc4b3c1e21c7198ac9726d03f7d51faef4408611f7a1d634d57add46f67afe5
Instruction ID: 7af4d16136465b8612661b88a10cff01f1762df37c997a6dc2d4db1247d18a1f
Opcode Fuzzy Hash: ebc4b3c1e21c7198ac9726d03f7d51faef4408611f7a1d634d57add46f67afe5
Instruction Fuzzy Hash: 24116D30A0A65E8EEB56AF6488685B97BA0FF09304F0108BBD419C71E6DE356585CB61

Function 00007FFD9B8ABE45 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 742fa9da753247f1dd96f158df0bff5f0cbd9d42f86ac6d1e6c975b583faea00
Instruction ID: d8188de8a50b4b24343c79925993de3a22d123af69fd068523f95350c3437059
Opcode Fuzzy Hash: 742fa9da753247f1dd96f158df0bff5f0cbd9d42f86ac6d1e6c975b583faea00
Instruction Fuzzy Hash: 33118E30A0AA4E8FEB55EFA8C8682BD7BE0FF18301F4105BED419C61A2DB35A650C740

Function 00007FFD9B8AC621 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e6f0f247b5f3b2ccf92cc7d158aff74f8dc6a22374a8194b94629a84ff977b2
Instruction ID: 4797162b71feabc2748ba8b84c0e5777cb6993e432f12ebc882b0fa178d2479f
Opcode Fuzzy Hash: 0e6f0f247b5f3b2ccf92cc7d158aff74f8dc6a22374a8194b94629a84ff977b2
Instruction Fuzzy Hash: 29117C30E0964E8FEB98EFA4C86D6B97BE0FF18300F0118BED419C61A1DA35A650CB01

Function 00007FFD9B8ACA55 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d053b3dd7847e2277cb1887ef375baf3d5754049dcc8e0b9fb4cd20576bebd34
Instruction ID: c155560047bede89d88cd9228de3be8df9213597e78e1c90490a2dd639aa8228
Opcode Fuzzy Hash: d053b3dd7847e2277cb1887ef375baf3d5754049dcc8e0b9fb4cd20576bebd34
Instruction Fuzzy Hash: B6115A30A1960E8FDB94EF68C4686BE77E0FF98305F10067BD41AD25A4CB30A290CB40

Function 00007FFD9B8A2DD1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 962b904ee9fe476cc279613278248a3d3ddb2b74e58fbc7d64095723da883e0e
Instruction ID: d4db58c7ccfc17902360d4db759c5a5d920044707bc556f4d11f2a9ed2ea167e
Opcode Fuzzy Hash: 962b904ee9fe476cc279613278248a3d3ddb2b74e58fbc7d64095723da883e0e
Instruction Fuzzy Hash: E3018430E1E64E8FE761EFA4C8695A97BE0FF19304F0645B6D40CC70A6EB34E6948710

Function 00007FFD9B8AAFF8 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f77bb8cee2e66dc4ebde889953323cd2ea34a31d73705ca6345bb20d3115a7d6
Instruction ID: ff934fee7260af3c3b544be4beb7c7ba1222d3f990552a5d7fd77499ba207fa5
Opcode Fuzzy Hash: f77bb8cee2e66dc4ebde889953323cd2ea34a31d73705ca6345bb20d3115a7d6
Instruction Fuzzy Hash: 4A015E30A1590E8EEB94EBA8C8686FE77E5FF1D304F11047AD41ED21A1DE346250CB50

Function 00007FFD9B8A27AD Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a741fb6cc301d38ed81e36d7b521c833ce8c7c979120ac76a44e40f18850e185
Instruction ID: 5997cd7ac1271758a8ea49105494702addc25d9ab7f88cd3dad3b09a2a9806df
Opcode Fuzzy Hash: a741fb6cc301d38ed81e36d7b521c833ce8c7c979120ac76a44e40f18850e185
Instruction Fuzzy Hash: 60017130A5E64E8FE761EFA488585A97BE0FF19300F0245B6D408C71A6EA38E6448711

Function 00007FFD9B8AAC19 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e75c4e0c97b70e74f4be3381cb7c46e794ec276506b5772905b5eb162f448533
Instruction ID: 86f672924376e3b90f33ba93b82df2090d2f345415ce9b957d3108531e5bfffb
Opcode Fuzzy Hash: e75c4e0c97b70e74f4be3381cb7c46e794ec276506b5772905b5eb162f448533
Instruction Fuzzy Hash: 10018830A4E64D9FE761EB7488695A97BE0EF19300F0608F6D008C74B6DE38A5448711

Function 00007FFD9B8A1BCD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd31f5ca6d466caa6632ed0ed8531cb51000561ae8f280cf8c0d7fe2082a7f08
Instruction ID: 1dc766cea5e38acf1385e79e7196a615995370499e8b95323987178ecd9efb39
Opcode Fuzzy Hash: bd31f5ca6d466caa6632ed0ed8531cb51000561ae8f280cf8c0d7fe2082a7f08
Instruction Fuzzy Hash: A701D630A0F64E8FEB55EF24C8656B93BA1FF5A301F45057ED40CC61A2DB399950C750

Function 00007FFD9B8A2E49 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 595e794e5667d7271c45b47d43d4a01d77a1be92fd67df9fa2132df7d3dac749
Instruction ID: 9b167f4eb906c9e2aa1f04bee1d4f567535d98b2940263970d8502d2f11bb2d0
Opcode Fuzzy Hash: 595e794e5667d7271c45b47d43d4a01d77a1be92fd67df9fa2132df7d3dac749
Instruction Fuzzy Hash: 2B018430A5E68E4FE762EBB489695A97BE0EF5A300F4604F6D40CC70B7DA28A5948711

Function 00007FFD9B8A05D8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc317a98c80e001b00c1f0f9fd106eb58d1794db363a1c3a80884b260527f604
Instruction ID: 0a48217a45d833310ed4b66e26a6b201cef42e48b8d61b9fdcbc664fa9fedc37
Opcode Fuzzy Hash: bc317a98c80e001b00c1f0f9fd106eb58d1794db363a1c3a80884b260527f604
Instruction Fuzzy Hash: 2A014B30A0990E8FEB98FF64C4696BA77E2FF5D305F21447ED40EC21A4DA35A691CB50

Function 00007FFD9B8A0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e52d492059fc1f15b40bbd5a3287f54035fa3ae17e86451610b442885c9a5195
Instruction ID: c5a8c22f290befa0533cdba44e14b7eb0e9da7423ebaa39fcbc6aa80ee2ebb1f
Opcode Fuzzy Hash: e52d492059fc1f15b40bbd5a3287f54035fa3ae17e86451610b442885c9a5195
Instruction Fuzzy Hash: C4018130A1A90ECAEB68EFA4C4686B973E0FF1D305F11087ED41EC21E5DE35B650CA50

Function 00007FFD9B8A0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a622afbe84bf3e699f00441afa290f1ef7dc20394452730f86e45298119c5f5c
Instruction ID: 5f74dc0ff5b2dc5407d2dfc61fd3e81d56818422bb1367d1929215d7070cd0d5
Opcode Fuzzy Hash: a622afbe84bf3e699f00441afa290f1ef7dc20394452730f86e45298119c5f5c
Instruction Fuzzy Hash: 77016D30A1950E8AEB69EFA4C4696B972E0FF18304F11087EE41EC21E5DE39B654CA10

Function 00007FFD9B8C5920 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 591a5a89775a99bed6600b3cfabde9cad5c2258f40a5d885f9a5be0322272374
Instruction ID: 6b885ac40cff49e908b58491a831caf95a7e16f81fd6e067a18d073c11ccfccb
Opcode Fuzzy Hash: 591a5a89775a99bed6600b3cfabde9cad5c2258f40a5d885f9a5be0322272374
Instruction Fuzzy Hash: 0C01FB70A1950E8EEB91FBA8C8596FA76E4FF18314F0149B6D41CD2065EE34A6948641

Function 00007FFD9B8AC235 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b58d2ac404216827c082b7d4733b67b7f67c4fd0a538ced4655848c671dc9d21
Instruction ID: 3e41d392b32f6827fa408384fa8c65c9feaac43c76684f1e79b4cbcde7ee27b5
Opcode Fuzzy Hash: b58d2ac404216827c082b7d4733b67b7f67c4fd0a538ced4655848c671dc9d21
Instruction Fuzzy Hash: D5F08130A1A68E8FEB94DFA888692FD7BE0FF19300F06057AD818C21A1DB3456548B40

Function 00007FFD9B8A1180 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbf47f367c1d7c7982451f58de95c0efebfd6aaad94823d373faaf57116f9d32
Instruction ID: b4970d2a63e7273843069426be7739935555c6cc90bada30c3e7b1377b40d552
Opcode Fuzzy Hash: dbf47f367c1d7c7982451f58de95c0efebfd6aaad94823d373faaf57116f9d32
Instruction Fuzzy Hash: 8BF0A470E1A54E89FBA4ABA498686F97BE4FF5A304F01143EE41EC21E1EE245214C610

Function 00007FFD9B8A26C9 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 563be68e56f3b88e2ba2e93a3e8fb1e5ad1064291a9a480ec89694593dfe18fa
Instruction ID: 3f0ba21fc659b2a3ce552344d126011aed7dbd8ea6256c4cd780c77248c984e3
Opcode Fuzzy Hash: 563be68e56f3b88e2ba2e93a3e8fb1e5ad1064291a9a480ec89694593dfe18fa
Instruction Fuzzy Hash: 59F0C83090F78D8FDB6A9F6088355A93BB0BF09200F0605BBD409C61E3DA28A648C741

Function 00007FFD9B8A273D Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 554990a6bbb40049be142b9e4d463f890d0853a735ca8a8c5cc4ef70679af52d
Instruction ID: 7c64c862289ef19e0c58f9ee316292ba14cf1c9f16f90019c4c122eec9e5afe4
Opcode Fuzzy Hash: 554990a6bbb40049be142b9e4d463f890d0853a735ca8a8c5cc4ef70679af52d
Instruction Fuzzy Hash: 3BF0B43090F78E8FEB799FA488252F97BA0FF09700F4105BAE819C51E5DB38A650CB41

Function 00007FFD9B8AB3C9 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26b3f839457687ab7e30652581b160575d9ef7cb34ed25508b30344cc01b4abf
Instruction ID: 2cfa90f568541547624a80899bc2d317064431281afd711c5d640298e50da5e2
Opcode Fuzzy Hash: 26b3f839457687ab7e30652581b160575d9ef7cb34ed25508b30344cc01b4abf
Instruction Fuzzy Hash: 8CF0EC70A1992D9FDBA5EB14C459BE9B3B1FF6C300F1181E6D40DD3165DE34AA828F40

Function 00007FFD9B8AC640 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95c91735249c82f224c60978ed551a0d2a2be6d0ccce527f0c88e20ab9edc9f0
Instruction ID: 55bc5326c14cdac15b00bcc9433ea3d37ee0a3b6705091c31e9dbac6f20aab27
Opcode Fuzzy Hash: 95c91735249c82f224c60978ed551a0d2a2be6d0ccce527f0c88e20ab9edc9f0
Instruction Fuzzy Hash: 31F05430E1554E8AEB94EF64DC186FE76E4FF08704F01143AE81DC21A4DB345250CB41

Function 00007FFD9B8AD94C Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a3d5667636a29e83ed4da61000e3249eb79a4dc77f0ab92625db0ec26d6f4d
Instruction ID: ea018c744fbf5092ebcf5d979ae819be75a9768351e5cff9cbd387dede5db369
Opcode Fuzzy Hash: c6a3d5667636a29e83ed4da61000e3249eb79a4dc77f0ab92625db0ec26d6f4d
Instruction Fuzzy Hash: E2F0E7B1E0521E8FDF54DF95C8506FDB7F1AB58311F11057AE405E32A2EA78AA04CF64

Function 00007FFD9B8A0FDB Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcb74b31759b4ca640e211543d0d926e24dfb00cf6f88d36970cbf816fb7795e
Instruction ID: 94e854d6419fe8ffe0f3317b84578fb0f0ce333826f6514dbe6e80bbb408331e
Opcode Fuzzy Hash: fcb74b31759b4ca640e211543d0d926e24dfb00cf6f88d36970cbf816fb7795e
Instruction Fuzzy Hash: C4F0A531E1461D8ADB54EBA4E8507EEB7B1FB48304F5144B6D01CE7295DA34AA418B90

Function 00007FFD9B8A16E0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fe8a46c296d93708f61b05d60e40878e9e488cc7cac960711ac09eb02f71a12
Instruction ID: 44f609c277306717eb325cecf8c725b5f5aca35b5ec4124e37adde3f4bd37e52
Opcode Fuzzy Hash: 0fe8a46c296d93708f61b05d60e40878e9e488cc7cac960711ac09eb02f71a12
Instruction Fuzzy Hash: 3BE06D20F0A88A4AEB34B398809463461D19F4A304FBA8675F01CCA1F1EB2CEE82C310

Function 00007FFD9B8A05D3 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f565e131ce32ce36d5ac2507e896677e4ad0e3b9cec7d75cfa652a1b902955f6
Instruction ID: eaacfaec10e4d67cdbbbc693f8c49ca440c6f8f52ed316c179427d583787d073
Opcode Fuzzy Hash: f565e131ce32ce36d5ac2507e896677e4ad0e3b9cec7d75cfa652a1b902955f6
Instruction Fuzzy Hash:

Non-executed Functions

Function 00007FFD9B8A9D47 Relevance: .4, Instructions: 381COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1698930402.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8a0000_WiJVUxlOHs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f32d4d4af9bf827ee93b4e2d966dbb936d23766c0227159e259b4727f68b90c0
Instruction ID: b8ab2f49bc3367af8cf6f5b55da606f7ce63cc447cbe26e5f81022fa4113e990
Opcode Fuzzy Hash: f32d4d4af9bf827ee93b4e2d966dbb936d23766c0227159e259b4727f68b90c0
Instruction Fuzzy Hash: 94E163A284E7C55FD7138B748C756953FB0AF27214B0B49DBC4C0CF4A3E6289A5AC722

Analysis Process: backgroundTaskHost.exePID: 7436, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B88331F Relevance: 1.7, Strings: 1, Instructions: 472COMMON

Download Yara Rule

Strings

N_H, xrefs: 00007FFD9B883770

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID: N_H
API String ID: 0-343878021
Opcode ID: 025805989dc0a707dbcd1d79d539739b7ecf76926351ddc323f4875005ef274c
Instruction ID: c19f0053fbe599ecf234c764f978581e5945a3d6afe12faaec33fe58a6a50688
Opcode Fuzzy Hash: 025805989dc0a707dbcd1d79d539739b7ecf76926351ddc323f4875005ef274c
Instruction Fuzzy Hash: 84F1E271A0DA4D8FEB59EBA8C8687E97BF1FF59310F4001BAD019C72E6DA786501C741

Function 00007FFD9B88CFC8 Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aa022624fe85ac31ca84237f6eb3108bda1bacc4d1c97026bc45c6ea8c60298
Instruction ID: ea9f993576c6190b8adbc66f95c1f154c765648b4a56c883fae326157cb17555
Opcode Fuzzy Hash: 6aa022624fe85ac31ca84237f6eb3108bda1bacc4d1c97026bc45c6ea8c60298
Instruction Fuzzy Hash: 4CD1C170A0A68E8FEFA9DF6488696BA7FF0FF19340F0145BED409C71A2DA346644C741

Function 00007FFD9B88A9AD Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2a8e2c5c1b2bde374358370668e0148d23a24c884d3b356fd4147dd2a14c5c0
Instruction ID: 8dd9a597525d7f0a37f9dbd8517762b86104c4e934f2aa3583b56766f2362620
Opcode Fuzzy Hash: a2a8e2c5c1b2bde374358370668e0148d23a24c884d3b356fd4147dd2a14c5c0
Instruction Fuzzy Hash: 36B1A030A0AA8E9FD756EB64C8696F97BF1FF19304F0645BAD419C70F2DA38A644C701

Function 00007FFD9B88ECA5 Relevance: 3.9, Strings: 3, Instructions: 171COMMON

Download Yara Rule

Strings

{, xrefs: 00007FFD9B890210
,, xrefs: 00007FFD9B88ECAA
=, xrefs: 00007FFD9B8903AA

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID: ,$=${
API String ID: 0-4157551264
Opcode ID: 3662d55b04377a851a77ce6c1f014aef90e5379ce959680a8c7ae98b8c92d9ff
Instruction ID: 22094a6d73f9136c45c723dd13066679e469fa68ea234c274bd6425ab82f5993
Opcode Fuzzy Hash: 3662d55b04377a851a77ce6c1f014aef90e5379ce959680a8c7ae98b8c92d9ff
Instruction Fuzzy Hash: DC710770E19A6D8FEBA8DF54D8657A9B7B1EF58301F0041FAD40DA2291DB346A81CF40

Function 00007FFD9B88EFE4 Relevance: 3.9, Strings: 3, Instructions: 115COMMON

Download Yara Rule

Strings

-, xrefs: 00007FFD9B88F01A
+, xrefs: 00007FFD9B88EFED
9, xrefs: 00007FFD9B890555

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID: +$-$9
API String ID: 0-3239800188
Opcode ID: 92f5842595b1a5ad80de383a718bc366f9b348a89602c107356884b7cb56faf9
Instruction ID: 1e52d910af5e2368b7e3aa5024a2ad043731ba4669cabc1d1d4ea4bfd930a9b2
Opcode Fuzzy Hash: 92f5842595b1a5ad80de383a718bc366f9b348a89602c107356884b7cb56faf9
Instruction Fuzzy Hash: ED41F670A18A2E8FDBA8DF58D850BE9B7B1FB49315F0101FAD51DE3291CB346A858F41

Function 00007FFD9B88CF50 Relevance: .6, Instructions: 594COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6594d168423aac1b8857b7c22d3e7cef10865dc30e42a606056fdfda4edf4c75
Instruction ID: 56ce8c2fe8283b3a5d01e543696dc40df69de029c8ff69a203568bb6f44397a9
Opcode Fuzzy Hash: 6594d168423aac1b8857b7c22d3e7cef10865dc30e42a606056fdfda4edf4c75
Instruction Fuzzy Hash: 8261DB21A0F7DA4FEB6297B888695A97FF0EF1A310B0904FBD498C70E7D914A9448341

Function 00007FFD9B88DA7C Relevance: .5, Instructions: 519COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aae054ec03ec61517c382f21e530cdae5c9a01ea21fb2d671cae3f11e342941
Instruction ID: a343d227695588e38fc250ca0f9a685f38e641e5516d06679dc048db0f2a7401
Opcode Fuzzy Hash: 5aae054ec03ec61517c382f21e530cdae5c9a01ea21fb2d671cae3f11e342941
Instruction Fuzzy Hash: 23125C31A19A4D8FEB69DB68C8647B8B7B1FF19300F0541BED01DD72A6DA386941CB41

Function 00007FFD9B882BD0 Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0360fb8393193d13aabbaa7b266023ce1141b8cd176768b4bec73aa2e57a2534
Instruction ID: 1f4d2b39984ecf35d30bb037bb0a1ac597a27d569a71eca9a07b1b7db2adb45e
Opcode Fuzzy Hash: 0360fb8393193d13aabbaa7b266023ce1141b8cd176768b4bec73aa2e57a2534
Instruction Fuzzy Hash: 3DD1A530E0EA4E8FE762EFB4C8695E97BE1EF19310F0505B6D468C70A6DE38A644C751

Function 00007FFD9B88BCFA Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abd321b49fa44ae2ba9b2a6812f9f05f96715dbcbd3631d5c10d99150b2355c3
Instruction ID: 4599853146e2cbf8f97d3e744ca94dd6c0eee47cafd64152de8b5a3aa0c8e6c1
Opcode Fuzzy Hash: abd321b49fa44ae2ba9b2a6812f9f05f96715dbcbd3631d5c10d99150b2355c3
Instruction Fuzzy Hash: FEC14C30A0AA4E8FEB65DFA4C8686FD7BF1FF49300F11057AD419D71A2DA39A644CB41

Function 00007FFD9B882065 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abd6bc0951dacb81d0be6618207f71b4b3c7c7de092fdab3c8046960391e7c99
Instruction ID: 140e4cc0572db38eb004d48561a95c70a03707110826d1fc22fd8124ab426d4d
Opcode Fuzzy Hash: abd6bc0951dacb81d0be6618207f71b4b3c7c7de092fdab3c8046960391e7c99
Instruction Fuzzy Hash: 1EB1D231A0EA5E8FE765DFA4C8607B9B7A0FF49310F0501BAD06DD71A2DE386A45CB41

Function 00007FFD9B8924F0 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 057079e23f1ad127f60d03ef0dfc46331220662efa2814460f14825dc876f431
Instruction ID: d85e5c50b49a14a668066c94bf8139f3be07d144a8fe5b6a1a68d4f12483cec7
Opcode Fuzzy Hash: 057079e23f1ad127f60d03ef0dfc46331220662efa2814460f14825dc876f431
Instruction Fuzzy Hash: F3A19330A5A64E8FDB59DFA4C8655FA3BF0FF09304F02457AE819C31A6DB38A654C741

Function 00007FFD9B881B05 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e07ca1a7d7a72d8e1546a594b45881170cd3e1c1018691874dbe5c0a08f2db05
Instruction ID: 27da49db81ab0ed5ef2feba42214fac1431bb09fd42cf0a74613039c3ceb613b
Opcode Fuzzy Hash: e07ca1a7d7a72d8e1546a594b45881170cd3e1c1018691874dbe5c0a08f2db05
Instruction Fuzzy Hash: E4910330B0DA8D8FDB59EF1888645B97BE2FF9D300F1541BED469C72A2DE34A9028741

Function 00007FFD9B8805F0 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10e7e26c1a0fe4a7275e5e2abf7e85742415d62fa4e8a33ac6454d6a477bc227
Instruction ID: 7dccaa40e1cca501946db1d80239448cab1b0c800447c0fc458979e7ca0ba98f
Opcode Fuzzy Hash: 10e7e26c1a0fe4a7275e5e2abf7e85742415d62fa4e8a33ac6454d6a477bc227
Instruction Fuzzy Hash: 2C91F230B09A4E8FDB58EF5888645B977E2FF9C304F15457ED459C32A6DE34A9028781

Function 00007FFD9B892560 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4212220ce2fd2ccd6f221e05a0057eb8559971d8e1b169c8fdf828c3b05bbcd8
Instruction ID: 5816af8cb9807702050b877dce5b0953c1d0fbfd476e9c9b7fe6a29b4d112244
Opcode Fuzzy Hash: 4212220ce2fd2ccd6f221e05a0057eb8559971d8e1b169c8fdf828c3b05bbcd8
Instruction Fuzzy Hash: 3DA18E30A1A64E8FDB59DFA4C8655FA3BF0FF09304F02457AE419D31A6DB38A644CB81

Function 00007FFD9B883000 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44763dd3c404078f759294ac2496419ae57c64804a22d393fc2522c44f7d339c
Instruction ID: 2e80045f14ae31830d33a17b65302903c0e27bdc562487848ad0e5c34ad0d027
Opcode Fuzzy Hash: 44763dd3c404078f759294ac2496419ae57c64804a22d393fc2522c44f7d339c
Instruction Fuzzy Hash: 7FA18330E1AA0E8FEB65EBA4C8686ED7BF1FF49301F014576E419D71A5DB38A644C740

Function 00007FFD9B892640 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06f7ace2535dbb46da43afea3f436561aa037f02ef6ab85c7942aa1ba1343043
Instruction ID: 22bb3f336d300130e55cb2c7e5fb21290c100dfbfbfe895f63cfb809f4fa33ed
Opcode Fuzzy Hash: 06f7ace2535dbb46da43afea3f436561aa037f02ef6ab85c7942aa1ba1343043
Instruction Fuzzy Hash: 76917A30A0964E8FDB59EFA4C8655FE7BE0FF08304F01457AE41AD31A5DB38A645CB81

Function 00007FFD9B881678 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16fa916c01ef3f167ebfa486dc52984fca3279f6c255c59130dbf04eecf80eff
Instruction ID: 155d11694df95b86430511857cf53d7f56a055d221d99343efa316ac631deb8d
Opcode Fuzzy Hash: 16fa916c01ef3f167ebfa486dc52984fca3279f6c255c59130dbf04eecf80eff
Instruction Fuzzy Hash: 6971B031B09E4D8BDB59EF5C88A15B977E2FF9C300B15057EE4ADC3292DE34A9028781

Function 00007FFD9B8962C0 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0e3fad0d8782c6ef7b7bd4c639604a52b19ea24c109e74697a1e6cb3bc6e7ef
Instruction ID: 7831ad8e09582379c644c08c7e1d150b87562eded7b7c217fa9f5bbd0b5c342e
Opcode Fuzzy Hash: f0e3fad0d8782c6ef7b7bd4c639604a52b19ea24c109e74697a1e6cb3bc6e7ef
Instruction Fuzzy Hash: 59A12F70E0965E8FEFA4DB94C8657F9BAB1FF59340F0141BAD40DD22A1DB385A85CB01

Function 00007FFD9B88C1E0 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd932b60a928b504b11ab404db97ac31471834f621323bc01ca76fb8f2182653
Instruction ID: b994d161a9974a24a3d935137f2b40bf262a28797ed3ef69e7ddf4d18a1421dc
Opcode Fuzzy Hash: bd932b60a928b504b11ab404db97ac31471834f621323bc01ca76fb8f2182653
Instruction Fuzzy Hash: 55914F30E1DA4D8FDBA4DBA888697FD77B0FF19300F41007AD41DD62A6DA385A44CB40

Function 00007FFD9B88AE60 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9489b4f0aed7a3c0b70f20275191422e3fde1202b322e1e6985779767458ca3
Instruction ID: 815ddeef5726c4ecc1f63a6df0646726c1c4a137f1887231212970865905fd5b
Opcode Fuzzy Hash: f9489b4f0aed7a3c0b70f20275191422e3fde1202b322e1e6985779767458ca3
Instruction Fuzzy Hash: 7381A330A1E68E8FEB55EF6488296FE3BB0FF19304F0505BAD819C71A6DB386654C741

Function 00007FFD9B88AE70 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 974aef208a064b7abd1ec6f395fb91fe97898181dea17e9c666027b9880ed2d1
Instruction ID: e7c4a349d7102851b8cdf6ed3fa3f418d57d7318f8cdf49b3eeb3b8f967b6a5e
Opcode Fuzzy Hash: 974aef208a064b7abd1ec6f395fb91fe97898181dea17e9c666027b9880ed2d1
Instruction Fuzzy Hash: B0818030A1E68E8FEB55EF6488296FE3BB0FF19304F0505BAD819C71A6DB386654C741

Function 00007FFD9B88AE50 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17026ac9839c36127bfd235aa8876e971f34f115f08174585bff0c38c960a3ab
Instruction ID: a8482e4b201595ee8847bd11db2aa1b2572abacded62c827d622588bdb239c75
Opcode Fuzzy Hash: 17026ac9839c36127bfd235aa8876e971f34f115f08174585bff0c38c960a3ab
Instruction Fuzzy Hash: 9A81AA30A0E64E8FEBA5EB64C8696BD3BF1FF19300F0105BAD419C71A5DB39A644C741

Function 00007FFD9B88CF55 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9811e469f62ae1333662b7408d86e3a2544573485205d12122e993850d3a93f
Instruction ID: 15b439901d3a81095d6b3e94d43d89abcf17a103de7717f87a72e9984483f099
Opcode Fuzzy Hash: c9811e469f62ae1333662b7408d86e3a2544573485205d12122e993850d3a93f
Instruction Fuzzy Hash: D361E431F0A91E8BEB64EBA8D864AFD77A0FF58310F00017AD45DD7296DE3869468780

Function 00007FFD9B882980 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14c6f5f511414479b162bedcb9f37bf3bb938176f60b0328cf8fce96a50de08b
Instruction ID: a294d1117d1231ba8526b4a787c17f1614af58fd6f596e2e8f118e3783f8b31a
Opcode Fuzzy Hash: 14c6f5f511414479b162bedcb9f37bf3bb938176f60b0328cf8fce96a50de08b
Instruction Fuzzy Hash: C0717F34A0A64D8FEB65EB6888696FD7BF0EF19314F1504BFC409D71A2DB38A545C701

Function 00007FFD9B88B09A Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2fd34c84b871be8e00fea71becf5284124e195bcab7b6ce3908da477e748bc8
Instruction ID: 2d853220a81f8ec0b072041fdeab214a94cebb85204e5307fd395b35cac1dfae
Opcode Fuzzy Hash: c2fd34c84b871be8e00fea71becf5284124e195bcab7b6ce3908da477e748bc8
Instruction Fuzzy Hash: 59519530A1EA4E4FE762EB7488696FD7BE4FF49300F4645BAD428C70B6DA39A544C701

Function 00007FFD9B88CB80 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1d391fb14b7f3a5816d66c20572c638ce9922f1027ae015a36143ab0dfa8e4a
Instruction ID: 0037ab2cf23dc3d6972f0cb89d158acfc29a05e9fb17b7f6785a89838ee61a45
Opcode Fuzzy Hash: c1d391fb14b7f3a5816d66c20572c638ce9922f1027ae015a36143ab0dfa8e4a
Instruction Fuzzy Hash: D1511821B0EAD68FE317A77898385E97FA0EF4631470A40FBC469CB0E7DD285545C751

Function 00007FFD9B882FD0 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1aebfe88cc025c178bf7a898b4b8f4d6da22023278be4d3fae002d72bee39ce
Instruction ID: 3aaafac9c94a20c624118ed9108638a9951ce55f7183f306c1dedf5f6b81f4e9
Opcode Fuzzy Hash: d1aebfe88cc025c178bf7a898b4b8f4d6da22023278be4d3fae002d72bee39ce
Instruction Fuzzy Hash: 7451A930A5E74E8FE7669BB488756E97BF0EF09304F0505BAE418D61E2DB38A644C741

Function 00007FFD9B882968 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68cda00e7999eb071384e941d9cf8208ade7d6666cb68c07acb9fbdf54f16159
Instruction ID: d07b1f84890fdc2b81cf57ebefb02da7430662edf6f4193a9f9a4f024b737b61
Opcode Fuzzy Hash: 68cda00e7999eb071384e941d9cf8208ade7d6666cb68c07acb9fbdf54f16159
Instruction Fuzzy Hash: EC51D434A0E68E8FEB66AB649C296FD3FA0EF0A314F0505BBD459C61E3DB286544C741

Function 00007FFD9B882D59 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2afabf4f165f278b16a354a148b7425322647761997775e937c91d27e43d6642
Instruction ID: f43c158b1e75654facf9ae7a674f24c37df631da9eb475a42d2b61281db4e15f
Opcode Fuzzy Hash: 2afabf4f165f278b16a354a148b7425322647761997775e937c91d27e43d6642
Instruction Fuzzy Hash: 05517430E5EA8E8FE7619FE488656F97BE0FF19300F0505B6D464C60E6DA78A648C741

Function 00007FFD9B8827AD Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e3e8a33b0e218f46711edce8511514c2c2e32ebcf70c5d08c5a97a01c9fc6ec
Instruction ID: 5c1b02496bace34462bea53104fb8ec92425c1fc0b88dc4cd69a054a238afc54
Opcode Fuzzy Hash: 8e3e8a33b0e218f46711edce8511514c2c2e32ebcf70c5d08c5a97a01c9fc6ec
Instruction Fuzzy Hash: 8041F8367096668BD316BF7CF8685E83760EF85325B4545B7C0D8CA0E7DE38644AC790

Function 00007FFD9B880500 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ca7303bd22957c44b27f39768b9a5773f189d1491f55a7ea3e53acd1fc2b248
Instruction ID: 1403a58efa98141f0d9073ce3651ecb2a47fb541fd299f8022f0157ac6789965
Opcode Fuzzy Hash: 7ca7303bd22957c44b27f39768b9a5773f189d1491f55a7ea3e53acd1fc2b248
Instruction Fuzzy Hash: 4241B530A1EA4E8FE756EFA4C8685A93BF0FF19300F0145B6D419C71A6DA38E544C701

Function 00007FFD9B88CF70 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a80539d0ec6dccf6a4808c53b086895ae57704ba5e8746dd4e3bbddf55c3585a
Instruction ID: 6170d13677d11f74fb51f28fbdf9e643927b6d24f3276fdab36aa7993ed2a74d
Opcode Fuzzy Hash: a80539d0ec6dccf6a4808c53b086895ae57704ba5e8746dd4e3bbddf55c3585a
Instruction Fuzzy Hash: 6841C434A0AA4E8FEFA9DFA488652BD7BA0FF19300F1105BED41DC21A2DF356544C741

Function 00007FFD9B881180 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41dec4e71b34cc67712300725f56a945394b9cd3a65a033d62a1b9e61768f994
Instruction ID: 838a555052cd94e923a6234a3da1e9095c8f5acb41fb894dfb9f9dd3aabd70ff
Opcode Fuzzy Hash: 41dec4e71b34cc67712300725f56a945394b9cd3a65a033d62a1b9e61768f994
Instruction Fuzzy Hash: DF31C030A1EA4E4BEBA9EBA888646F977E0FF5D300F01047ED42AC61E2DF3865448741

Function 00007FFD9B8811D7 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1eda66903f29dd5bcf75fd6e77377085bcd99279f6d0de60464af1813b7aeab
Instruction ID: f4a1a7458a6f228c06be10d202b34059f1e064a6c1e2e10a9b8d596a3a536f97
Opcode Fuzzy Hash: a1eda66903f29dd5bcf75fd6e77377085bcd99279f6d0de60464af1813b7aeab
Instruction Fuzzy Hash: 6731B031A0995E8FEF95EBA8C8649F977A1FF5D310F01007AD029DB1A2DF35A9458780

Function 00007FFD9B88CAE0 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 280c7b501ed41aa8846ea3161066eb704bb9c34d83beb8d08864be8d1a5dd7b3
Instruction ID: 1e8df23695fef8f1be8b9b4de6f3a42bc3ed8ba280594c2e8d4ccd5e9f52590a
Opcode Fuzzy Hash: 280c7b501ed41aa8846ea3161066eb704bb9c34d83beb8d08864be8d1a5dd7b3
Instruction Fuzzy Hash: 2F41AE34A5A64E8FEB56EF6488686BD7BE0FF09304F0104BAD419D61E6DB38A654C702

Function 00007FFD9B8825DD Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 545d9d3274d16f52ee0602524e448c2094f4de025390816b36f95cfe7910cdca
Instruction ID: 1cee29cc8908624fb35c19a6dc708c5519b04ae8ab5d98624f0b141830e8e8bc
Opcode Fuzzy Hash: 545d9d3274d16f52ee0602524e448c2094f4de025390816b36f95cfe7910cdca
Instruction Fuzzy Hash: E331923095EB8E8FD7669FA488245A93FF0FF0A310F0545BBD458C61E2DB38A558C741

Function 00007FFD9B882DE8 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b7bae797c9d0369ed43301296afcac70ed070e365d064206fe45b5a8ea136c4
Instruction ID: d367232b252680943ffc64a75cfa8601d49e04e52229d74261933cb7fc9bd919
Opcode Fuzzy Hash: 4b7bae797c9d0369ed43301296afcac70ed070e365d064206fe45b5a8ea136c4
Instruction Fuzzy Hash: FC417130E5FA8E8FE7619FE488252F97BE0EF19300F060576D468D61E6EB78A644C741

Function 00007FFD9B882E59 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73c76f742007baecbcd753b919577407d200f7d37f739c7cfaec90edeceb7ff7
Instruction ID: dbf9f73d9cf5a5ae01d84aa9c580bc54eacb0773794dcec8e01add2464d9118e
Opcode Fuzzy Hash: 73c76f742007baecbcd753b919577407d200f7d37f739c7cfaec90edeceb7ff7
Instruction Fuzzy Hash: 5B219F70E0EA4E8FEB619FE488246FE77E0EF19310F450676D464D21E6DE38A644C681

Function 00007FFD9B880A01 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 533950185c668ada4ba80019440922ed052df85af656ae488d324fa281dda7ba
Instruction ID: 530b3dc1b6af3978861bc214dbf8587ab9b37db694bc6c53c18615146a07f8af
Opcode Fuzzy Hash: 533950185c668ada4ba80019440922ed052df85af656ae488d324fa281dda7ba
Instruction Fuzzy Hash: DE11C431E2A90E4FEBA0EBA8C8595FD77E0FF58700F4145B6D02CC70A6EE34A6418700

Function 00007FFD9B88C443 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 503a148beedee0cd1f88bbdf8162340b177283998081c719d3d098bca236a509
Instruction ID: 69cedd1d61ff7e77dbb561764e3a0a246ccd30bc7f19a75b7be4a3da364f9ca1
Opcode Fuzzy Hash: 503a148beedee0cd1f88bbdf8162340b177283998081c719d3d098bca236a509
Instruction Fuzzy Hash: 1211B670E59C1D8FDBA4EBA898656BCB7B1FF59300F515139D01DE3296CE3469418B40

Function 00007FFD9B881F19 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcd3df219c86b26cd0d8e2a4ac486b471f7ef7feffdb096a1cf854992b860fbe
Instruction ID: 4f387de10863af3085496a0807fd80b02b9dce3ade41bb948b5c3a57a5027861
Opcode Fuzzy Hash: bcd3df219c86b26cd0d8e2a4ac486b471f7ef7feffdb096a1cf854992b860fbe
Instruction Fuzzy Hash: A9115411A4FAC65FDB6367B948744656F945F0B224B1E45FBD0E88B0E3DE2C594AC302

Function 00007FFD9B88EE8E Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c358ca6dcbdb1c56b0885f060f4624aaa794523ed80c3dda463d1aaf1dc26b39
Instruction ID: 9791b0e48588676501bd188c6969b1427a9e166326e94932beb43a061496035c
Opcode Fuzzy Hash: c358ca6dcbdb1c56b0885f060f4624aaa794523ed80c3dda463d1aaf1dc26b39
Instruction Fuzzy Hash: 41215C71E09A5D8FEBA8DB189C657A9B6B1EF59301F0001FA901DD32D1DE306A818F01

Function 00007FFD9B882668 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 322214b836508c89d74b1d63f350cf4a746e87d9e0286661d0376a6eb814f287
Instruction ID: d142d2ff4b77dfb27f48bb1de365f37855003665e3efa26e117b2d7b4d07d818
Opcode Fuzzy Hash: 322214b836508c89d74b1d63f350cf4a746e87d9e0286661d0376a6eb814f287
Instruction Fuzzy Hash: 6511DA31A1EB8E8FEB66EFA488245F93BE0FF19300F4505BAD419C61E6DB38A554C741

Function 00007FFD9B883148 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 620974839846e27058fb7390002cbee3343daa4acb56e906a2eb7305cf6d8d89
Instruction ID: 1b3f89b391abedac7c7e5c6bd8922b5b4c96ebb348960f0e3cdcb2edba29bbbc
Opcode Fuzzy Hash: 620974839846e27058fb7390002cbee3343daa4acb56e906a2eb7305cf6d8d89
Instruction Fuzzy Hash: 36216F30E1AA0E8BEB65DFA4C8606ED77F1EF48300F510539E419E62E1DB386A05CB41

Function 00007FFD9B8804F8 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4131459ca6fde63619bba0c19479222ed6c9fbaa5574829ff5b8f7f759a3e6d8
Instruction ID: d9e6343d5329beabdc8bfe4869d2975e036862ccdb710e1a163ed5221f39ac5b
Opcode Fuzzy Hash: 4131459ca6fde63619bba0c19479222ed6c9fbaa5574829ff5b8f7f759a3e6d8
Instruction Fuzzy Hash: 74119630A1EA8E8FE766EFA488245B93BE0FF19304F4105BAD419C61E2DB38A554C741

Function 00007FFD9B88AE98 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 847903fc3511840d157291ba7de7ab67930093f12ee495fe02bad7a56506d935
Instruction ID: d59682b1d6a3b7c4dbd0f03982237ae62b9369548d194c55424bca6279011b28
Opcode Fuzzy Hash: 847903fc3511840d157291ba7de7ab67930093f12ee495fe02bad7a56506d935
Instruction Fuzzy Hash: A0118C30A1964E8FDB99EF64C869ABE3BA1FF19309F1104BAD41DC61A9CB35A244C740

Function 00007FFD9B880F65 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 752cde8df78a19b29b810b4680061ca4b3e781913f444275d9f04ece2b363e19
Instruction ID: cd3ca720edd4bd0630175ef9f3ca83d9aee2b4fdf123b5cc6719aea487d6f2fd
Opcode Fuzzy Hash: 752cde8df78a19b29b810b4680061ca4b3e781913f444275d9f04ece2b363e19
Instruction Fuzzy Hash: 6A118F31E0591D8FEB64EB98C854BEEB7B1FB54311F1042B6D42DE72A0DE346A468F80

Function 00007FFD9B8805D8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6eaeb6af513a178914c31fa333377865e67b86cea0aa895277a4bf8dbefd942c
Instruction ID: 6a8125737cefc3385e87ca559f616528b1cd9040370fef35c22e7df3291df15e
Opcode Fuzzy Hash: 6eaeb6af513a178914c31fa333377865e67b86cea0aa895277a4bf8dbefd942c
Instruction Fuzzy Hash: E2014F30A0990E8FDB98EF65C4656B977E2FF5C305F21447ED41EC21A4CE35A651CB40

Function 00007FFD9B880610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4f9898325773a016836b9e88044589233380a4733e145756e8f8e34699d030f
Instruction ID: b3a73f37d35cd4bc03778b274e1ce8ec853062b7d43298043ac5cafd67978312
Opcode Fuzzy Hash: c4f9898325773a016836b9e88044589233380a4733e145756e8f8e34699d030f
Instruction Fuzzy Hash: DE014B30A1A90E8BEB68AFA584686B973E0FF19305F11087ED42EC21E5DE35A650CA00

Function 00007FFD9B880608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2513e6df9cc6fcd339a891649aac982a1e5c7d8d9b9181bd8f2530e908e7fa0c
Instruction ID: 79ec9181225371cd0c5c1db2f2572a51793282ed5dfb3ca2e681aeb4a7fc7d6c
Opcode Fuzzy Hash: 2513e6df9cc6fcd339a891649aac982a1e5c7d8d9b9181bd8f2530e908e7fa0c
Instruction Fuzzy Hash: 8B018130A1590E8BEB69FFA4C4696B973E0FF1C304F11087EE42EC21E5DE35A254CA00

Function 00007FFD9B88273D Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f2bb104b328dad40e053de03d12973f4a2ec780c27fed32f34f558a4523623a
Instruction ID: 0fbbf90a0e0012e4ecb301493f4a4d39eb169c18ec19894a504ef9a48756c163
Opcode Fuzzy Hash: 8f2bb104b328dad40e053de03d12973f4a2ec780c27fed32f34f558a4523623a
Instruction Fuzzy Hash: 8CF0BB3091FB8E8FEB69AFA484252F977A0FF09700F41057AD429C51E5DB389550C741

Function 00007FFD9B88B3C9 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49db883a70fb71dc7e1a5e22bc90996adbe80c1718c7ebfa4e6b4e8b6e09c575
Instruction ID: 8490bcdbbae42e301ebfb7a305520a52c25aa9a5ff8a878439aeaa9c6b336fe4
Opcode Fuzzy Hash: 49db883a70fb71dc7e1a5e22bc90996adbe80c1718c7ebfa4e6b4e8b6e09c575
Instruction Fuzzy Hash: 8DF03C70A1991D8FDBA4EB14C455BE9B3B1FFAC300F1181AAD40DD3165DE31AA818F40

Function 00007FFD9B88D94C Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a3d5667636a29e83ed4da61000e3249eb79a4dc77f0ab92625db0ec26d6f4d
Instruction ID: aca31a86997ee2dbfa94b0f82457c30cf6dec6862a27009043a2f3a84d7d41da
Opcode Fuzzy Hash: c6a3d5667636a29e83ed4da61000e3249eb79a4dc77f0ab92625db0ec26d6f4d
Instruction Fuzzy Hash: 52F03770E0561E8FDF50DF90C4506FDB3F1AB58300F11007AD015E32A2EA78AA00CF50

Function 00007FFD9B882345 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f5c43a575eb15cb7684b5f2594ede55287bc052fcba80954210da5184afe385
Instruction ID: 65aecea4092380126ab14f8eabc4678d1c359e524feb9a1138e902846982bab7
Opcode Fuzzy Hash: 0f5c43a575eb15cb7684b5f2594ede55287bc052fcba80954210da5184afe385
Instruction Fuzzy Hash: 46F0CD30E1552DCFEB64EF54C864BA9B3B0BF54301F0042A9D45DD72A1DE746A84CF50

Function 00007FFD9B8826D8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5464e5c89af72994a5614a58828b2e1f46aa1eaedf1f392f5b551ab127060600
Instruction ID: 8ab13617d75c3559d9457a77227dcf5769edfbb0a6e159434cc5329b8f546298
Opcode Fuzzy Hash: 5464e5c89af72994a5614a58828b2e1f46aa1eaedf1f392f5b551ab127060600
Instruction Fuzzy Hash: 02F0A730A0A64ECBDB69EF6484682F937A0FF09304F01087DE42EC10D5DF79A254CA40

Function 00007FFD9B880FDB Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c09f4d2227481e656e6ac1eb77c77e41004d100ba9771312771b117cf563023d
Instruction ID: 17cc59ad8806e57ce5bd5856971e9e6d6b1fda66c208ffaaca303b183922db06
Opcode Fuzzy Hash: c09f4d2227481e656e6ac1eb77c77e41004d100ba9771312771b117cf563023d
Instruction Fuzzy Hash: CCF0A531E14A1D8BDB64EBA4E8507EEB7B1FB48304F5144B6D01CE7295DA34AA418B90

Function 00007FFD9B8816E0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fe8a46c296d93708f61b05d60e40878e9e488cc7cac960711ac09eb02f71a12
Instruction ID: 5bd348d9afdfd73732ee79c8ae4d71efa73f9004a8fa18ab804107cf12f9f449
Opcode Fuzzy Hash: 0fe8a46c296d93708f61b05d60e40878e9e488cc7cac960711ac09eb02f71a12
Instruction Fuzzy Hash: C1E0C920F1AC0A4BEA74B798849567462D19F4C315FAA8675F03CC61F1EE3CAE86C641

Function 00007FFD9B8828FA Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 244f0337df5ac01aab6fe1c4fb9edc66809c90392f6b622943a0af8208d6551c
Instruction ID: 7e21a3f1b8a26ed38f461929b574af9ea52f8726914e8fce435e51088ea12362
Opcode Fuzzy Hash: 244f0337df5ac01aab6fe1c4fb9edc66809c90392f6b622943a0af8208d6551c
Instruction Fuzzy Hash: 4FE09A22508A3686C70AEFBCB5E5DD57790FF0162830801B6C0958A087EE24A44BC380

Non-executed Functions

Function 00007FFD9B88EB19 Relevance: 5.1, Strings: 4, Instructions: 89COMMON

Download Yara Rule

Strings

', xrefs: 00007FFD9B88EB84
", xrefs: 00007FFD9B88EB74
f, xrefs: 00007FFD9B88EC42
H, xrefs: 00007FFD9B88EBEE

Memory Dump Source

Source File: 00000006.00000002.1772679596.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9b880000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID: "$'$H$f
API String ID: 0-779256357
Opcode ID: a4d292ec372a2bdc84ac83b617171da1890daea07c66a9e97bc91578a47396fa
Instruction ID: 75ef18a274e23b8ce0741be27892fb0d3f751c6ca0a90d0406159dc5d1b566ba
Opcode Fuzzy Hash: a4d292ec372a2bdc84ac83b617171da1890daea07c66a9e97bc91578a47396fa
Instruction Fuzzy Hash: 8541F770E05A2D8FEBA8DF54D895BADB7B2EF58301F4081E9D41DA3291CB385A818F40

Analysis Process: backgroundTaskHost.exePID: 7460, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B8B34C5 Relevance: 1.5, Strings: 1, Instructions: 293COMMON

Download Yara Rule

Strings

K_H, xrefs: 00007FFD9B8B3770

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID: K_H
API String ID: 0-313846638
Opcode ID: 301361e920b5184cd0570c8b113588fb86dc4d68384209325b85962c4993cfc8
Instruction ID: 293235dd15027c07fe4aa6e344cd6206c185ed135b35ea97000724b5782fb245
Opcode Fuzzy Hash: 301361e920b5184cd0570c8b113588fb86dc4d68384209325b85962c4993cfc8
Instruction Fuzzy Hash: 71A1A171A1D94E8FEB98DBA8D8657ADBBE1FF59310F40017AD00DD32D6DB7468018B82

Function 00007FFD9B8BCAF3 Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

yK_^, xrefs: 00007FFD9B8BCB01

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID: yK_^
API String ID: 0-4199313219
Opcode ID: d95d4be845a8191ccad3420d6afcf937dbafece18ca8e417cae66f0559e1588e
Instruction ID: e7e08216da5f43f42255d030103138d6e46ce8bad58043fe14e3136748566e8c
Opcode Fuzzy Hash: d95d4be845a8191ccad3420d6afcf937dbafece18ca8e417cae66f0559e1588e
Instruction Fuzzy Hash: 5F31C631B0D67B8AEB1A7BB8B8294FD7760EF15328F050577D01DCA0E3DE2825858AD5

Function 00007FFD9B8BADD5 Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0f0bd6d7c89b589178d487a33cb283c6a02df7476b4e8f633b773255e3cdb90
Instruction ID: 2857c0efae523b4224800d8cfd53ec9ec281fcf51c4bdff1c0978b7702ca3ca1
Opcode Fuzzy Hash: f0f0bd6d7c89b589178d487a33cb283c6a02df7476b4e8f633b773255e3cdb90
Instruction Fuzzy Hash: 87D11B70E1961D8FDBA8EB98C4A46BCB7B1FF59705F11017AD00DE72A6CB386981CB41

Function 00007FFD9B8B1678 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccef5a3ef49592cf9e5b8e60ba6554f7592bb850cfdd5db361bd1512ec7f662f
Instruction ID: 62e834ac92cff53480eb4e0e88217390aae826da304422cd80582f16a2ac6fd3
Opcode Fuzzy Hash: ccef5a3ef49592cf9e5b8e60ba6554f7592bb850cfdd5db361bd1512ec7f662f
Instruction Fuzzy Hash: 1281E231B1DA594BDB58EF6C88705A977E2FF98300B15057EE45DC72A2DE34E9028B81

Function 00007FFD9B8B0F5B Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2be300cb796260050735cf5af66985822083c880cdbeaadedce81f743ffbf031
Instruction ID: b5c12cb04236b379b2a002ff539d56a0ed18084cf4f6570302ec6a2cd480efe5
Opcode Fuzzy Hash: 2be300cb796260050735cf5af66985822083c880cdbeaadedce81f743ffbf031
Instruction Fuzzy Hash: CE91F671F1992D4FE768DB78C865BE873A1EF58710F0002BAD01DD71E6DE346A458B80

Function 00007FFD9B8BC2B9 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 234d3dd9d62922785208713cfc404ec60ef44023e1486d442c23285d4677ba94
Instruction ID: c27df50bfafa649ee49a359e5cfded0654aa122ab5da1a3193a1456846ecc6ca
Opcode Fuzzy Hash: 234d3dd9d62922785208713cfc404ec60ef44023e1486d442c23285d4677ba94
Instruction Fuzzy Hash: 4161DB71E0952D8FDBA4EBA4C4656EDB7B1EF5D300F41417AD00DE72A2DE346A448F80

Function 00007FFD9B8B1C4D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38f0f181b47097175dda0f8e7edbed4d75ef14baf7f7a0161bc59368fb936f2e
Instruction ID: f2328b6b613a5479ddabd4fb6377540c551ef8e783bb35057caeede567893a5e
Opcode Fuzzy Hash: 38f0f181b47097175dda0f8e7edbed4d75ef14baf7f7a0161bc59368fb936f2e
Instruction Fuzzy Hash: BD51F231B19A994FCB58DF5888A45BA77E2FF98300B15417ED45AC7292CE34E8028B81

Function 00007FFD9B8B3135 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0796fbadddfa8d61fb337da30303e6ce7d85b5949e8738f5ae95d86c74c6768c
Instruction ID: 4e07ffa1d0ae25a14785bd02c42254ebcf292fa9cf5e16a756c488a479a08da7
Opcode Fuzzy Hash: 0796fbadddfa8d61fb337da30303e6ce7d85b5949e8738f5ae95d86c74c6768c
Instruction Fuzzy Hash: 3B511E70E0A52E8FEB64DBA8D4646EDBBF1FF59301F41017AD009E72A5DA386A45CF40

Function 00007FFD9B8B2065 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1849918729f52b857c5e674192403eb9b701f6e5f378439cd7d66062cc14afd3
Instruction ID: ac77da515327831fd2fa28ee78a98bd3a078b4e1c5a559588bb9de5641bf63ef
Opcode Fuzzy Hash: 1849918729f52b857c5e674192403eb9b701f6e5f378439cd7d66062cc14afd3
Instruction Fuzzy Hash: 21417D31B0E65E0FE765DFB8A4655B97BE0EF8A310B0544FBD04CC71A6DE18B9428781

Function 00007FFD9B8BBEC9 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d42d44847cd879a95388165d86f470eed9957dd0e3aec46d9cc5ecd3462e8626
Instruction ID: dc08338cf7c9676743a468351f1dac0bad0c0f7bcf32ddee1828331d76d75ec3
Opcode Fuzzy Hash: d42d44847cd879a95388165d86f470eed9957dd0e3aec46d9cc5ecd3462e8626
Instruction Fuzzy Hash: 6B51D770E0A66E8FDB64DFA4C8646EDB7B5EF09300F11013AD409E72A1DB386A44CF91

Function 00007FFD9B8B2337 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aff9a6a41d4ee21e99207e0b9bb159306d37191833da6032526f6e798fe53fb2
Instruction ID: 0a469278d253711d3d398bdfee6e41cd6bb890ee0ab4a542d2e1bd98d3244ec7
Opcode Fuzzy Hash: aff9a6a41d4ee21e99207e0b9bb159306d37191833da6032526f6e798fe53fb2
Instruction Fuzzy Hash: B5316D31E1A52ECAEB249FA4D8617FDB770FF49311F01417AD04E961A1DE382A45DF80

Function 00007FFD9B8B33C1 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ba3847db178b5c67f95d696c0764b7119232a9913cea97a210aeff8052ad033
Instruction ID: b54dcf6325dbc6b6938a7024942472f68b2bd71844a924ce22b4b04b0c03501a
Opcode Fuzzy Hash: 6ba3847db178b5c67f95d696c0764b7119232a9913cea97a210aeff8052ad033
Instruction Fuzzy Hash: 99212131A0A51E8FEB69EB7488696BE77E0FF18304F01047AD41DD61E5DF35A650CB80

Function 00007FFD9B8B3445 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1cea51f8b5767c85c7627ea8cbaf2685652dd4dd9212bac07afe366dab21ae4
Instruction ID: 54a43e9f249a4fd03b2331a3aa5397e0da59daf4e510d079512425040e05251e
Opcode Fuzzy Hash: d1cea51f8b5767c85c7627ea8cbaf2685652dd4dd9212bac07afe366dab21ae4
Instruction Fuzzy Hash: B5213C30A0A65E8FEB69DFA4C8656BD77A0FF19304F1104BED41DD21A1DB39A650CB80

Function 00007FFD9B8B331F Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 602c3c357a1656f740f4603f9891c7fee9f5cab436bd3602234ab49979855178
Instruction ID: 9472a312419024a253ba13bfcad71ca0c7c9fad1b6036ee0fd2ebd8928ac3838
Opcode Fuzzy Hash: 602c3c357a1656f740f4603f9891c7fee9f5cab436bd3602234ab49979855178
Instruction Fuzzy Hash: 3421B03194E3DA8FD7439BB488685AA3FF0EF5B300B0A04EBD089CB0B3DA289545C751

Function 00007FFD9B8B0A01 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c81aedd067ac4bc2485d3fd0da3696134d06282b8443b5d1b4c29cd98a218a31
Instruction ID: 043385b4254f8f28f82c611697e109e310d7e7e733fff8f78c59a8b20670405b
Opcode Fuzzy Hash: c81aedd067ac4bc2485d3fd0da3696134d06282b8443b5d1b4c29cd98a218a31
Instruction Fuzzy Hash: 8C11B231E2A51E4FE790EBB888695BD77E0FF58740F4159B6D018C70A6EE34A6418B80

Function 00007FFD9B8BC443 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 183c93af62b7a6eb35e50c1b49544313edf426ebb659fdb973fb6056552c7b8d
Instruction ID: 6da9244904fae1ab1d2bd69e0a0bcff717fb7f518d8297625b38aedab019a92b
Opcode Fuzzy Hash: 183c93af62b7a6eb35e50c1b49544313edf426ebb659fdb973fb6056552c7b8d
Instruction Fuzzy Hash: 0E11B970E5982D8FDBA4EBA89465AFCB7B1FF58300F515179D00DE3296DE3469418F80

Function 00007FFD9B8B1F19 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35275107ac934da8937e91fbe76d7b7f368c24b8838ff7727273a9c7c8850abf
Instruction ID: 560027d9ff39b1ed65cf86d772c6e426fe438813987e0be6b12a1f42145d51bd
Opcode Fuzzy Hash: 35275107ac934da8937e91fbe76d7b7f368c24b8838ff7727273a9c7c8850abf
Instruction Fuzzy Hash: 10119E00A6F2D64EDB63A7B848744656FA44F07224B2E46FBD0D88F1E3DA0C594AC782

Function 00007FFD9B8B116D Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 877de73f556b27f891b7cedcd45fc8abd7dccab9bad9023f65cbc45015d66a53
Instruction ID: 4b6fdfa58efc4910bd1049a1520f118d046a1cf50002a8bc07edfe64d01781ae
Opcode Fuzzy Hash: 877de73f556b27f891b7cedcd45fc8abd7dccab9bad9023f65cbc45015d66a53
Instruction Fuzzy Hash: F911E970A1A65E4EEB65EBB4C8656F97BE0FF19300F01157ED019CA1E1DE256144CB40

Function 00007FFD9B8BCB80 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95f2dece017f67be55c71b4cf1cd2017c7e3dfe7dc3dcd8b83b2ddf38b2cc0c0
Instruction ID: 2dbaacd825267dbbe210d0f1d6801ebc3e199f4ccb05600520567debbaaa837e
Opcode Fuzzy Hash: 95f2dece017f67be55c71b4cf1cd2017c7e3dfe7dc3dcd8b83b2ddf38b2cc0c0
Instruction Fuzzy Hash: DF114F30A0965E8FEB56AFB488685BD7BB0FF19304F4108BBD41DC60A6DE345654CB51

Function 00007FFD9B8BBE45 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9c354128220e6d22272c8d93ba982be1868f857adedf17783e05bcb6a9eefad
Instruction ID: dd218352216e0d2b0116df4a72f96f639f9d2a66247a08000209cb66b8a70cc5
Opcode Fuzzy Hash: e9c354128220e6d22272c8d93ba982be1868f857adedf17783e05bcb6a9eefad
Instruction Fuzzy Hash: 65117030A0A65E8FDB55EF68C8692BD7BA0FF18300F4104BAD419C61A2DF35A650CB80

Function 00007FFD9B8BB09A Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3db73971198a755682a3f8ad03b472a7f8355816484237d6fa4acc74be80568
Instruction ID: 6e9c700195e300211ae3e59c1adb6d890fd573d07999ef1277c09aa339827d14
Opcode Fuzzy Hash: a3db73971198a755682a3f8ad03b472a7f8355816484237d6fa4acc74be80568
Instruction Fuzzy Hash: DB11A030E1991E4EEB61EBB888A85BD77E4FF48300F414576D428C30A6EE34A6458A80

Function 00007FFD9B8BC6A9 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2327380906a8965f774d013957815914436647189d775c335d8c3c70db55ec8d
Instruction ID: b65db4998efbef9050b7a8415ba063b0a89d1dbbdca3ca6b51f8720c77ec6be5
Opcode Fuzzy Hash: 2327380906a8965f774d013957815914436647189d775c335d8c3c70db55ec8d
Instruction Fuzzy Hash: 5311AC30A0E68E8FDB59DF74C4695A93FA1FF1A304F1204BFD419C60A2CA39A550CF81

Function 00007FFD9B8B2DD1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45e1b19af2e9fbb0774c9b523c203e3624471b72230edf9445a2e301bbac2a0c
Instruction ID: 5111f2ae3db2ef5e5467fadeadb5da7dccadbe96a81c4a0a68756c320297457e
Opcode Fuzzy Hash: 45e1b19af2e9fbb0774c9b523c203e3624471b72230edf9445a2e301bbac2a0c
Instruction Fuzzy Hash: 7A017130E1A65E4FE751EFB4C8695A97FE0FF19301F0605B6D40CC70A6EA34E5548B40

Function 00007FFD9B8B27AD Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 976b8f5090f3f7016c18acbdb6f6de8f23d45a295754fff3d4a7a5a180cd52e7
Instruction ID: acebd407674a85d750791f02ffbd62b18b803c8fe865c322eab1c4ba8e341488
Opcode Fuzzy Hash: 976b8f5090f3f7016c18acbdb6f6de8f23d45a295754fff3d4a7a5a180cd52e7
Instruction Fuzzy Hash: BB017130A5E65E8FE761EFB488695A97BE0FF19300F0245B6D418C71A6EE34E1448B85

Function 00007FFD9B8BAC19 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91310c13a0cddfc88352902f6a653437a78493d653e8f666167e1759c59af9ef
Instruction ID: bca21a5da6abea93e2bedd7d347a5c9968a06093489ea15a03b3342008bb7fd0
Opcode Fuzzy Hash: 91310c13a0cddfc88352902f6a653437a78493d653e8f666167e1759c59af9ef
Instruction Fuzzy Hash: 6B018830A0E64D5FD761EB7488795A97FE0EF19300F0608F6D008C70B6DD38A5548741

Function 00007FFD9B8B1BCD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d15b04f401b8b4d9a38e9c956245273417474d4da529a71db77d46571e2e143
Instruction ID: ce264cabaabec9dbd288d845bba4d5036819f06d2ec6202cf6b03b09030a522e
Opcode Fuzzy Hash: 4d15b04f401b8b4d9a38e9c956245273417474d4da529a71db77d46571e2e143
Instruction Fuzzy Hash: CD01A230A0E65E8FEB65AF24C8256B93BA0FF59301F51007ED808CA1A2DA359950CB80

Function 00007FFD9B8B2E49 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d5dce91db2c5bb37d9babcb79317eef7efb7772f56504d9e3eda8d1e22bf05e
Instruction ID: 8f7233e235e0670aae52186c4b4c821337881d51ba6d3265551768efa23c7e47
Opcode Fuzzy Hash: 2d5dce91db2c5bb37d9babcb79317eef7efb7772f56504d9e3eda8d1e22bf05e
Instruction Fuzzy Hash: 24018830A5E64D4FE752EBB484695A97FE0EF5A300F4604F6D40CC70B7DA38A5448741

Function 00007FFD9B8B05D8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b103b035fdceec30ecec509b5bc3a0845515c3b19f26944ff3d126973d2beebb
Instruction ID: 20a8e25c0bb33354b75631ebe63672cde9b38ac7c33266c356d25b97a6d550e1
Opcode Fuzzy Hash: b103b035fdceec30ecec509b5bc3a0845515c3b19f26944ff3d126973d2beebb
Instruction Fuzzy Hash: 0A018B30A1991E8FEB98EF74C0686BA77E1FF5C305F21047ED40EC61A4CA31A690CB80

Function 00007FFD9B8B0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e19df86daf279d3cc4fe28c3210f9ad4dcb2e5ede7661e4ade9d44126d585a8
Instruction ID: 0ff3142dcfa0a039044de8d981fa99693e788288c102d4c591e1c826e600554f
Opcode Fuzzy Hash: 7e19df86daf279d3cc4fe28c3210f9ad4dcb2e5ede7661e4ade9d44126d585a8
Instruction Fuzzy Hash: D801AD30A1A50E8AEB58EFB4D4686B97BA0FF0C304F10087ED41EC21E5DE35A240CE44

Function 00007FFD9B8B0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e06a9df716232a97a068ba75a966ed727690a608cf9cea5dec5fb7bdac0e606
Instruction ID: d5620a3e90d8904d1b7d4bd61c225a50495c0f404650ee0d23abe56c49d3a1d3
Opcode Fuzzy Hash: 7e06a9df716232a97a068ba75a966ed727690a608cf9cea5dec5fb7bdac0e606
Instruction Fuzzy Hash: 1301AD30A1551E8AEB69EFB4C4296BA76E0FF08304F11087EE41EC21E4DE35A240CA44

Function 00007FFD9B8B1180 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f74cfd4094d17818d384b12f23c037be2cad52f125d02af9d92d9ddca91241c
Instruction ID: e3d200081c313a7ab9b839d57048d0a80ef12dc410c7cb4905a07d7143144cb5
Opcode Fuzzy Hash: 2f74cfd4094d17818d384b12f23c037be2cad52f125d02af9d92d9ddca91241c
Instruction Fuzzy Hash: BAF0A970E2955F49FBA5ABB488646F977E0FF59304F40153ED41DD51E1DE241254CA40

Function 00007FFD9B8B26C9 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae45f01e978f45946485c6c21ef89298ecaa8ad48d068899bf00d247f2e97bb2
Instruction ID: 5d3aca3a125912c8edf00c2dfae8d241ad5e21dba807d1328861f8d14d25bd0c
Opcode Fuzzy Hash: ae45f01e978f45946485c6c21ef89298ecaa8ad48d068899bf00d247f2e97bb2
Instruction Fuzzy Hash: 9EF0C83090F39D8FD76A9F7088355AA3FB0BF06200F0605BBD409C61E3DA289548CB81

Function 00007FFD9B8B273D Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 324676ebf2baf217bd9b883e615123757cbd8c343b8576d3557a8b03c21e8aa6
Instruction ID: 3ebe6cec459d42531b2f4516a08ffee54ac838b129cc7f158d6c5257adc81eed
Opcode Fuzzy Hash: 324676ebf2baf217bd9b883e615123757cbd8c343b8576d3557a8b03c21e8aa6
Instruction Fuzzy Hash: BAF0F63090B24E8FEB699FB488242E97FA0FF09600F01047AD419C50E1DB3895408A81

Function 00007FFD9B8BB3C9 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9ea458f266d22e30b4fff1e125f8c2f4795beead085a0e921aeb8679750d0e7
Instruction ID: 20297049edc43a521c5f27674f7519d47da4606a962bce7131e06efa68fc50c4
Opcode Fuzzy Hash: b9ea458f266d22e30b4fff1e125f8c2f4795beead085a0e921aeb8679750d0e7
Instruction Fuzzy Hash: 37F04471A1992D8FDB64EB14C455BE9B3B1FF5C300F1081E6C40DD3155DE30AA828F80

Function 00007FFD9B8B0FDB Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eceef80231701f315e39614ead34e9571058e6aa9ab50d5c9c88f22518663e6e
Instruction ID: eb7711e33ade64e55a61d859bc7d2d200df702003d56e05ef6f11377029777df
Opcode Fuzzy Hash: eceef80231701f315e39614ead34e9571058e6aa9ab50d5c9c88f22518663e6e
Instruction Fuzzy Hash: 7FF03031E1062D4BDB54EBA4E8107EEB7B0FB48300F4040B2D00CE3251DE349E418F80

Function 00007FFD9B8B16E0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fe8a46c296d93708f61b05d60e40878e9e488cc7cac960711ac09eb02f71a12
Instruction ID: dead0bc4485000d2445d8b07907c2eae78a453c0a7f6be7b35f1186af55c83d8
Opcode Fuzzy Hash: 0fe8a46c296d93708f61b05d60e40878e9e488cc7cac960711ac09eb02f71a12
Instruction Fuzzy Hash: 03E06520F3A81A8AE734B368809463461D19F48304F7A8274F01CCE2F2DB2CDD81CB80

Function 00007FFD9B8B05D3 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1772679718.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ffd9b8b0000_backgroundTaskHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 627766ca04b3b6cb7b488982133dd7ddc111fac5d2610409c5167ece477140f7
Instruction ID: 83ffb18aea65025ebb7b05713c94d7811ee8beeb50dd69d2a27d271842aeaa15
Opcode Fuzzy Hash: 627766ca04b3b6cb7b488982133dd7ddc111fac5d2610409c5167ece477140f7
Instruction Fuzzy Hash:

Analysis Process: hVZrtkHODdjkrqRpmkkd.exePID: 7488, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B8B34C5 Relevance: 1.5, Strings: 1, Instructions: 293COMMON

Download Yara Rule

Strings

K_H, xrefs: 00007FFD9B8B3770

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID: K_H
API String ID: 0-313846638
Opcode ID: 47715f00394a8df1ce69cdfa1bc1bf921a4e2b8d361517212be6801bf9b6169f
Instruction ID: 17f099933b39386fd5576e82b6f8a36d284b897accc3b898340cf04ae771ef79
Opcode Fuzzy Hash: 47715f00394a8df1ce69cdfa1bc1bf921a4e2b8d361517212be6801bf9b6169f
Instruction Fuzzy Hash: 22A1B171A0D94E8FEB98DBA8D8657ADBBE1FF59350F4001BAD00DD32D6DB7428018B81

Function 00007FFD9B8C1378 Relevance: 2.5, Strings: 2, Instructions: 27COMMON

Download Yara Rule

Strings

&, xrefs: 00007FFD9B8C180E
/, xrefs: 00007FFD9B8C1B74

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID: &$/
API String ID: 0-2578988991
Opcode ID: 3a5a8ce43bf593d32e645ac7848a814452b8ecbde71bc023ff74d077820b84f5
Instruction ID: f1c223ef820979f8213cba350fd307bbc5886b02df2c1327a8e522bd22207346
Opcode Fuzzy Hash: 3a5a8ce43bf593d32e645ac7848a814452b8ecbde71bc023ff74d077820b84f5
Instruction Fuzzy Hash: 0FF0D075A0961DCBEB24EF84C8A46FD73B2FB55301F01462AD0099B2A5DB785A04DF41

Function 00007FFD9B8BCAF3 Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

yK_^, xrefs: 00007FFD9B8BCB01

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID: yK_^
API String ID: 0-4199313219
Opcode ID: 01040ed84356033494d15a9d33abc1360aba27abba25365ebb5a7e1dc27d820c
Instruction ID: e7e08216da5f43f42255d030103138d6e46ce8bad58043fe14e3136748566e8c
Opcode Fuzzy Hash: 01040ed84356033494d15a9d33abc1360aba27abba25365ebb5a7e1dc27d820c
Instruction Fuzzy Hash: 5F31C631B0D67B8AEB1A7BB8B8294FD7760EF15328F050577D01DCA0E3DE2825858AD5

Function 00007FFD9B8C1328 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

/, xrefs: 00007FFD9B8C1B74

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 11eb8f1cb026d60aed7518d424f524e95fb448f36af97d858248446a559192ec
Instruction ID: e136269ab022366326f24000eb4f613340bf5f301c2f2b1c5e9ba941bf879ff5
Opcode Fuzzy Hash: 11eb8f1cb026d60aed7518d424f524e95fb448f36af97d858248446a559192ec
Instruction Fuzzy Hash: 3901BB71A0466D8FDB68EF44C8946FD73B2FB58301F0145AAD40DE7291DB745A80DF40

Function 00007FFD9B8BDB99 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd9816cd75fa067a68cf605a617aa796f30f3966507bc128bf4eb7e48d641f55
Instruction ID: 3a7b1cea91d60c869845252239bd452348505bd6c440b953c2d1f360b7da6d4d
Opcode Fuzzy Hash: cd9816cd75fa067a68cf605a617aa796f30f3966507bc128bf4eb7e48d641f55
Instruction Fuzzy Hash: 53E15C71E1965D9FEBA8DBA8C8A47B8B7B1FF58300F0441BAD00DD72A6DA346941CF41

Function 00007FFD9B8B1678 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccef5a3ef49592cf9e5b8e60ba6554f7592bb850cfdd5db361bd1512ec7f662f
Instruction ID: 62e834ac92cff53480eb4e0e88217390aae826da304422cd80582f16a2ac6fd3
Opcode Fuzzy Hash: ccef5a3ef49592cf9e5b8e60ba6554f7592bb850cfdd5db361bd1512ec7f662f
Instruction Fuzzy Hash: 1281E231B1DA594BDB58EF6C88705A977E2FF98300B15057EE45DC72A2DE34E9028B81

Function 00007FFD9B8B0F5B Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6d4d1b57dbebc6ecca5ecd7f5fc01bf1d540d7de509aaea3371df0690fee8e
Instruction ID: 46360093867e3e67253705861f28369cba9d2ac4749bdb8470b47f4beee3f267
Opcode Fuzzy Hash: 3e6d4d1b57dbebc6ecca5ecd7f5fc01bf1d540d7de509aaea3371df0690fee8e
Instruction Fuzzy Hash: 6191F571F1996E4FE7A8DB78C865BA873A1FF58710F0002BAD01DD71E6DE346A458B80

Function 00007FFD9B8BC2B9 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5540529f1831de3994e7f8f90cecbd6af02a3afaa97ccb774e2703446a8a397
Instruction ID: c27df50bfafa649ee49a359e5cfded0654aa122ab5da1a3193a1456846ecc6ca
Opcode Fuzzy Hash: a5540529f1831de3994e7f8f90cecbd6af02a3afaa97ccb774e2703446a8a397
Instruction Fuzzy Hash: 4161DB71E0952D8FDBA4EBA4C4656EDB7B1EF5D300F41417AD00DE72A2DE346A448F80

Function 00007FFD9B8C7975 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8642fad3783f198b044a2b78799ecb190966b03a7f6d684ae5db28b6437f4a0
Instruction ID: e54323e8cd7e8d6867ba8dfe75afe41d4b9beea7c56f6719a3a13522b6e845ef
Opcode Fuzzy Hash: e8642fad3783f198b044a2b78799ecb190966b03a7f6d684ae5db28b6437f4a0
Instruction Fuzzy Hash: 6F81F9B4E0921E8FEB68EFA4C4657FDB7B1AF18311F15007AD009A62D1CB385A85CB55

Function 00007FFD9B8C63C5 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf0e5f45887f6d28d1ec01794d177a1a4ab49b9bd34e888198ad0effd090b7c1
Instruction ID: a552bbc969254a292f5e1c3e37831a163c9febb84ee5bf8c552d20e76f0a9521
Opcode Fuzzy Hash: cf0e5f45887f6d28d1ec01794d177a1a4ab49b9bd34e888198ad0effd090b7c1
Instruction Fuzzy Hash: D4710AB0E0961D8EEBB4EB94C8657B9B6B1FF58300F5141BAD40DE32A1DB385A85CB01

Function 00007FFD9B8B1C4D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38f0f181b47097175dda0f8e7edbed4d75ef14baf7f7a0161bc59368fb936f2e
Instruction ID: f2328b6b613a5479ddabd4fb6377540c551ef8e783bb35057caeede567893a5e
Opcode Fuzzy Hash: 38f0f181b47097175dda0f8e7edbed4d75ef14baf7f7a0161bc59368fb936f2e
Instruction Fuzzy Hash: BD51F231B19A994FCB58DF5888A45BA77E2FF98300B15417ED45AC7292CE34E8028B81

Function 00007FFD9B8C2C4B Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9805e05693888f8dbcb604333b37b5d26090f51ee6835478056cc55032911a5e
Instruction ID: 89f8ceaba53323f31fef7e50604c2136a66f9d664fe81b3fbfa0b0a8f55c637c
Opcode Fuzzy Hash: 9805e05693888f8dbcb604333b37b5d26090f51ee6835478056cc55032911a5e
Instruction Fuzzy Hash: 3B619770E1962D8EDBA4EFA8C8597EDB7B1FF58300F5041AAD00DE3291DB746A818F40

Function 00007FFD9B8B3135 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 811e8c56a49590434c5b56f1975af59e4021c65601d03c601d88d3beff40dfe4
Instruction ID: 0cf5a1d3201db3b6f1a7c9e21654eb2451235a52d38630168ade3046c27c7966
Opcode Fuzzy Hash: 811e8c56a49590434c5b56f1975af59e4021c65601d03c601d88d3beff40dfe4
Instruction Fuzzy Hash: 11511D70E0A52E8FEB64DBA8C4646EDBBF1EF59301F41017AD409E72A5DA386A45CB40

Function 00007FFD9B8B2065 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a89fdd8d0e3cb55ec7f6d4406307411fcad7dbb93bbbbc2e1a1f3ed055bbfd2c
Instruction ID: 96c1dfeaf685147a533a3f43705c02473cd4776632194599f53afa1ff295d5b1
Opcode Fuzzy Hash: a89fdd8d0e3cb55ec7f6d4406307411fcad7dbb93bbbbc2e1a1f3ed055bbfd2c
Instruction Fuzzy Hash: FE417D31B0E65E0FE765DFB8A4655B97BD0EF8A310B0545FBD00CC71A6DE18B9428781

Function 00007FFD9B8BBEC9 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc71c34409b576f67f572ab49164d5e4ab4c593c3a996d72c0e425623a4117b3
Instruction ID: dc08338cf7c9676743a468351f1dac0bad0c0f7bcf32ddee1828331d76d75ec3
Opcode Fuzzy Hash: bc71c34409b576f67f572ab49164d5e4ab4c593c3a996d72c0e425623a4117b3
Instruction Fuzzy Hash: 6B51D770E0A66E8FDB64DFA4C8646EDB7B5EF09300F11013AD409E72A1DB386A44CF91

Function 00007FFD9B8C72C9 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5922827310e56a8ce7cacab90461ba795aefc796313d20379673a7adbdee2470
Instruction ID: b534305b93fb4cd0bf750d5790ed37fe5ad91f50b6f5c4db426b88050b83ec44
Opcode Fuzzy Hash: 5922827310e56a8ce7cacab90461ba795aefc796313d20379673a7adbdee2470
Instruction Fuzzy Hash: 5A41BCB4E0A60E8FEB65AFA4C8256FD76F1FF18310F01417BE409D31A2DB3869458B51

Function 00007FFD9B8C71A5 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 565f9aeff15f3e55831fa498d8cfa9f42d0b20417b86397a795298a10479a47c
Instruction ID: 93ec38b2c5b07a95f8e033c516b6cb9e91b3386163756871a792503c43832667
Opcode Fuzzy Hash: 565f9aeff15f3e55831fa498d8cfa9f42d0b20417b86397a795298a10479a47c
Instruction Fuzzy Hash: 3F31C7B5A0EA4E8FEBA8EF6488662B937E0FF19300F01157FD41DC21A2DE356554C741

Function 00007FFD9B8B2337 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aff9a6a41d4ee21e99207e0b9bb159306d37191833da6032526f6e798fe53fb2
Instruction ID: 0a469278d253711d3d398bdfee6e41cd6bb890ee0ab4a542d2e1bd98d3244ec7
Opcode Fuzzy Hash: aff9a6a41d4ee21e99207e0b9bb159306d37191833da6032526f6e798fe53fb2
Instruction Fuzzy Hash: B5316D31E1A52ECAEB249FA4D8617FDB770FF49311F01417AD04E961A1DE382A45DF80

Function 00007FFD9B8C7061 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d573126ac9527ff3b8c525ae2d158f9e6185ad15ebcd6a70150d21dcc0d4702b
Instruction ID: a52077e05c2016c9cd0bdc5856c36dc418f0fe19411402fcaaf4ab9a686a9103
Opcode Fuzzy Hash: d573126ac9527ff3b8c525ae2d158f9e6185ad15ebcd6a70150d21dcc0d4702b
Instruction Fuzzy Hash: 39217374A0A64E8FEBA8EF64C8655BE77A0FF29300F11457BD41DC71A6DE34A6408741

Function 00007FFD9B8C2DFB Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88310c09e099d727c813c47682faf0f4f07795b913127cd63f22f09878de9b7b
Instruction ID: 03047c3bb44c476c6f23a75c3e8c864bc565df6b77a61c150819035ae4c67ada
Opcode Fuzzy Hash: 88310c09e099d727c813c47682faf0f4f07795b913127cd63f22f09878de9b7b
Instruction Fuzzy Hash: FB318570E1992D8EDBA4EF68C8597ADB7B1FB59300F5041AAD00DE32A1DF345A858F40

Function 00007FFD9B8C76F1 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1925d05e13cd999e1a81066a5ba6f1cedb0614d3fad2a5900a35fe919fe2e479
Instruction ID: b786276ca7f25d14ee49d1c844636c6ebc1d24a3c0d41acc411c29a3c3fc7e78
Opcode Fuzzy Hash: 1925d05e13cd999e1a81066a5ba6f1cedb0614d3fad2a5900a35fe919fe2e479
Instruction Fuzzy Hash: CA218378E0E55E8EEBA1AFA8C8296FE37E0FF1D310F014472D40CD21A5DE38A6508B51

Function 00007FFD9B8C6339 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 926738be098700c2468f3268051fd4ea19dff52b38ccbab392915d636388de93
Instruction ID: b62ca416b7a4b45e1895f3124132f479e2b2a8dc7cdcb9647a539c00fba4a4a1
Opcode Fuzzy Hash: 926738be098700c2468f3268051fd4ea19dff52b38ccbab392915d636388de93
Instruction Fuzzy Hash: B72144B1E0E64E4FEB61ABB488695B97BE0FF29300F0505B7D45DC70A6DA34A544C741

Function 00007FFD9B8B33C1 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ba3847db178b5c67f95d696c0764b7119232a9913cea97a210aeff8052ad033
Instruction ID: b54dcf6325dbc6b6938a7024942472f68b2bd71844a924ce22b4b04b0c03501a
Opcode Fuzzy Hash: 6ba3847db178b5c67f95d696c0764b7119232a9913cea97a210aeff8052ad033
Instruction Fuzzy Hash: 99212131A0A51E8FEB69EB7488696BE77E0FF18304F01047AD41DD61E5DF35A650CB80

Function 00007FFD9B8BA6D1 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fd11d35b204ca471612819b95df012be11343fba3b559647a85daa0049570c0
Instruction ID: 04fd5595c4c439c8430ff4ec92ebef8444369b7ac72695b36656abfe1f44c4db
Opcode Fuzzy Hash: 4fd11d35b204ca471612819b95df012be11343fba3b559647a85daa0049570c0
Instruction Fuzzy Hash: FA214C70A0965D8FDB94EF68C8999AD3BF0FF19305F01416AE459C72A5DB34E541CB80

Function 00007FFD9B8B3445 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1cea51f8b5767c85c7627ea8cbaf2685652dd4dd9212bac07afe366dab21ae4
Instruction ID: 54a43e9f249a4fd03b2331a3aa5397e0da59daf4e510d079512425040e05251e
Opcode Fuzzy Hash: d1cea51f8b5767c85c7627ea8cbaf2685652dd4dd9212bac07afe366dab21ae4
Instruction Fuzzy Hash: B5213C30A0A65E8FEB69DFA4C8656BD77A0FF19304F1104BED41DD21A1DB39A650CB80

Function 00007FFD9B8B331F Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 602c3c357a1656f740f4603f9891c7fee9f5cab436bd3602234ab49979855178
Instruction ID: 9472a312419024a253ba13bfcad71ca0c7c9fad1b6036ee0fd2ebd8928ac3838
Opcode Fuzzy Hash: 602c3c357a1656f740f4603f9891c7fee9f5cab436bd3602234ab49979855178
Instruction Fuzzy Hash: 3421B03194E3DA8FD7439BB488685AA3FF0EF5B300B0A04EBD089CB0B3DA289545C751

Function 00007FFD9B8B0A01 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3d663291449695ae500a000b4825d112e12c68039aa20bab4a1cd4b54a0c0ff
Instruction ID: d18a8e5beb51c4465034216b39f38a0e26e904dd2ea7d7afbe5ba6f1da2c7434
Opcode Fuzzy Hash: b3d663291449695ae500a000b4825d112e12c68039aa20bab4a1cd4b54a0c0ff
Instruction Fuzzy Hash: 1D11B230E2A55E4FE790EBB888695BD77E0FF58740F4159B6D418C70A6EE34A6408B80

Function 00007FFD9B8C2721 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25596a9e25f9fcdb0c929ba0e278268496233f0cf0860f0bd19fce14fb0210ba
Instruction ID: 4c3d1e00080520ff69104a34c9b8e559ab5d79eb10d4428bed91cb67f626c5c5
Opcode Fuzzy Hash: 25596a9e25f9fcdb0c929ba0e278268496233f0cf0860f0bd19fce14fb0210ba
Instruction Fuzzy Hash: 0D116D70A1A64E8FDB58EFA4C4A55F93BA1FF58304F11017EE449C7295CA34A550CB81

Function 00007FFD9B8BC443 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 183c93af62b7a6eb35e50c1b49544313edf426ebb659fdb973fb6056552c7b8d
Instruction ID: 6da9244904fae1ab1d2bd69e0a0bcff717fb7f518d8297625b38aedab019a92b
Opcode Fuzzy Hash: 183c93af62b7a6eb35e50c1b49544313edf426ebb659fdb973fb6056552c7b8d
Instruction Fuzzy Hash: 0E11B970E5982D8FDBA4EBA89465AFCB7B1FF58300F515179D00DE3296DE3469418F80

Function 00007FFD9B8C4969 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e49408187b2f248693088aeece4f11a7232a1e7fe709386ebff8f7dd7cdfbd6
Instruction ID: 3748b22498a30ea1aa204fc1d6bb3f3cb9829ccb4be8acc83ce0d14fbe3e17ed
Opcode Fuzzy Hash: 9e49408187b2f248693088aeece4f11a7232a1e7fe709386ebff8f7dd7cdfbd6
Instruction Fuzzy Hash: 9121C370A0E65E8FEB59EF6484A52B93BB0FF29300F0505BFD419C71A2CA34A594C741

Function 00007FFD9B8B1F19 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35275107ac934da8937e91fbe76d7b7f368c24b8838ff7727273a9c7c8850abf
Instruction ID: 560027d9ff39b1ed65cf86d772c6e426fe438813987e0be6b12a1f42145d51bd
Opcode Fuzzy Hash: 35275107ac934da8937e91fbe76d7b7f368c24b8838ff7727273a9c7c8850abf
Instruction Fuzzy Hash: 10119E00A6F2D64EDB63A7B848744656FA44F07224B2E46FBD0D88F1E3DA0C594AC782

Function 00007FFD9B8BEE8E Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ed89e33627306accdf9d66d19de343e719bf146e6edad5f68c9a247ae085a83
Instruction ID: 266c66ff9147b0e894b84b68c6222115580a4a2988d65e2258144cd1b74d476d
Opcode Fuzzy Hash: 8ed89e33627306accdf9d66d19de343e719bf146e6edad5f68c9a247ae085a83
Instruction Fuzzy Hash: 21213D71F05A6D8FEBA8DF689C657A9B7B1EF59301F0001FA900DE3691DE346A818F41

Function 00007FFD9B8C4A05 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccad9190aee204a7b929240fd1f053107a688ab243f0e6bcb93a1ad7c69ac27e
Instruction ID: 4aa2268ac3f164cc691ec89c749896d0decef5b38c6f7582efa3a5450906c381
Opcode Fuzzy Hash: ccad9190aee204a7b929240fd1f053107a688ab243f0e6bcb93a1ad7c69ac27e
Instruction Fuzzy Hash: 0011AF70A09A4E8FEB98EFA8C4692B97BE0FF68300F0505BFD41DC31A1DA35A580C741

Function 00007FFD9B8C7105 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdde0269f5b9560f8d2b52e1bcab2b5dcef837b4e932e4c6d001b50612780497
Instruction ID: fdf3088b09f3357e368b5948f3999a2aab0819b61ccaa4820aa61d9c927d3634
Opcode Fuzzy Hash: fdde0269f5b9560f8d2b52e1bcab2b5dcef837b4e932e4c6d001b50612780497
Instruction Fuzzy Hash: 9C11AF74A09A4E8FEB98EF68846A2B97BE0FF68300F0105BFD419C61A2DA35A144C741

Function 00007FFD9B8C2927 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8d2bda055a8ace26d3982f6a2329b830b9696267528bbfe090a1b86553c2dd1
Instruction ID: 0e2601e68c24b7a9e2a24bd1962d3befa719b9ddd2b23f6f8bdc8c49d98911d4
Opcode Fuzzy Hash: e8d2bda055a8ace26d3982f6a2329b830b9696267528bbfe090a1b86553c2dd1
Instruction Fuzzy Hash: 1A11AF3094E6CE4FD71AABA088356B97FA0EF0A314F1A05FBD449C70E3DA295649C752

Function 00007FFD9B8C4F25 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8469ff1cd534b0f3a35e7e50d28f1672b3547adaa194870415c6e98c8b214557
Instruction ID: a89d312f4b1d8aab7d759959c2a6324df71740db768511a80047e4ad6df1e13d
Opcode Fuzzy Hash: 8469ff1cd534b0f3a35e7e50d28f1672b3547adaa194870415c6e98c8b214557
Instruction Fuzzy Hash: 2411EBB1A1EA8D4FEB59EB6484752B87BE0FF19304F0A00BFD01DC65F2DA656540C701

Function 00007FFD9B8B116D Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 877de73f556b27f891b7cedcd45fc8abd7dccab9bad9023f65cbc45015d66a53
Instruction ID: 4b6fdfa58efc4910bd1049a1520f118d046a1cf50002a8bc07edfe64d01781ae
Opcode Fuzzy Hash: 877de73f556b27f891b7cedcd45fc8abd7dccab9bad9023f65cbc45015d66a53
Instruction Fuzzy Hash: F911E970A1A65E4EEB65EBB4C8656F97BE0FF19300F01157ED019CA1E1DE256144CB40

Function 00007FFD9B8C2B11 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a16c811a2a5ad7acd37b1b3d59c3cc575a91ba79e69dca2bc0674787245047f
Instruction ID: 46db93d4b1d64e46aa2dff9f5aa24781af89e2ee12dd39d302931ce13633b111
Opcode Fuzzy Hash: 0a16c811a2a5ad7acd37b1b3d59c3cc575a91ba79e69dca2bc0674787245047f
Instruction Fuzzy Hash: 9D11A570A0A65E8EEB92FFB884585F97BE0FF09301F0505BBD418C70A6DA34A2418741

Function 00007FFD9B8C723D Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9592639d4eba32d6a69b22251d0cd935e28788349ccb15afd1403e7cfe587d8
Instruction ID: 3e5697fdbe66db18acf17ab010559b1efc7a9930889b14634ac9916517eff823
Opcode Fuzzy Hash: f9592639d4eba32d6a69b22251d0cd935e28788349ccb15afd1403e7cfe587d8
Instruction Fuzzy Hash: 8D110470A0A64F4FEBA9EF68C4656B93BA0FF59300F0101BFE01EC20A2DE35A540C741

Function 00007FFD9B8C5299 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd019e5f214984ac3e301e9b59717503eaaae14058a40a97d8fef5f94b4a458a
Instruction ID: 25024680522d6829db3c06ad2ab63b553913f3dc99da827255e4d085cb9926ca
Opcode Fuzzy Hash: cd019e5f214984ac3e301e9b59717503eaaae14058a40a97d8fef5f94b4a458a
Instruction Fuzzy Hash: 75118E70A0A68E8FEB55EF64886A2F97BE0FF19301F0104BBD41DC61A2DA79A6408741

Function 00007FFD9B8BBE45 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8d37541452be27fb280ce20b1798c41642a2343923f7972acec8e7a20373e74
Instruction ID: dd218352216e0d2b0116df4a72f96f639f9d2a66247a08000209cb66b8a70cc5
Opcode Fuzzy Hash: b8d37541452be27fb280ce20b1798c41642a2343923f7972acec8e7a20373e74
Instruction Fuzzy Hash: 65117030A0A65E8FDB55EF68C8692BD7BA0FF18300F4104BAD419C61A2DF35A650CB80

Function 00007FFD9B8BCB80 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdf57a87747e6686495bdaabc1b812cd36edb824e026b4585783a7284b1f661b
Instruction ID: 2dbaacd825267dbbe210d0f1d6801ebc3e199f4ccb05600520567debbaaa837e
Opcode Fuzzy Hash: bdf57a87747e6686495bdaabc1b812cd36edb824e026b4585783a7284b1f661b
Instruction Fuzzy Hash: DF114F30A0965E8FEB56AFB488685BD7BB0FF19304F4108BBD41DC60A6DE345654CB51

Function 00007FFD9B8C520D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f5cf8a0e5cb922181abecbd53e6419ffad167db689c2d8b9eb184a2ec5b53f7
Instruction ID: bdf8e46e61937111da879c503403e9a39d41fe806192d15537140ad8fede9cf1
Opcode Fuzzy Hash: 2f5cf8a0e5cb922181abecbd53e6419ffad167db689c2d8b9eb184a2ec5b53f7
Instruction Fuzzy Hash: A3118F70A0A64E8FEF59EF64C86A6F97BE1FF19300F4505BFD419C61A2DA24A640C741

Function 00007FFD9B8BB09A Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c73e4d846675279532e2beb75cbc984089eac5bf3d18e46952d6f092cad4a67
Instruction ID: cdd05e0628e3791e2f0e69ad78063f9bcf8c08533aa56f0b32e80af8fcda4d4f
Opcode Fuzzy Hash: 4c73e4d846675279532e2beb75cbc984089eac5bf3d18e46952d6f092cad4a67
Instruction Fuzzy Hash: 9411A030E1991E4EEB61EBB888A85BD77E4FF58340F414576D428C30A6EE34A6458A80

Function 00007FFD9B8C7781 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d784b3474916f866e5b6a6f263bd14e20985ebb24f20bef6a7971324dda82297
Instruction ID: 903a32798abf7d4730dc443516fb0458050b9bfffd35371978981434955f46fa
Opcode Fuzzy Hash: d784b3474916f866e5b6a6f263bd14e20985ebb24f20bef6a7971324dda82297
Instruction Fuzzy Hash: 8A115E74A0A64E8FE751FFB4C8586B97BE4FF19301F1505B7D418C70A5DE38A2808B51

Function 00007FFD9B8BC6A9 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44ca87ba1e6fb991f6edda9bfd76f6e1be1af87a6fd357c5b238ff982babc903
Instruction ID: b65db4998efbef9050b7a8415ba063b0a89d1dbbdca3ca6b51f8720c77ec6be5
Opcode Fuzzy Hash: 44ca87ba1e6fb991f6edda9bfd76f6e1be1af87a6fd357c5b238ff982babc903
Instruction Fuzzy Hash: 5311AC30A0E68E8FDB59DF74C4695A93FA1FF1A304F1204BFD419C60A2CA39A550CF81

Function 00007FFD9B8C504D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78ae6e0953375461264a330e95ae28b07da978dc71c84341a41395158bb3cd86
Instruction ID: 9f87c2cb6ab94e688347725c28786baaf437e1bc029eaf68ae8fb64e3215ef41
Opcode Fuzzy Hash: 78ae6e0953375461264a330e95ae28b07da978dc71c84341a41395158bb3cd86
Instruction Fuzzy Hash: 79118FB0A0A64E8FEB99EB64886A6FD7BF0FF18304F0105BFD419C61A6DE346540C741

Function 00007FFD9B8C25B1 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc80907f70c503f6dd66238337fb762f707286a175033f7626ede50085aad700
Instruction ID: b17c508fc3cc4572209d1bf654a47ca6f538bb06a2b4029a89ef9f2907fe0e32
Opcode Fuzzy Hash: bc80907f70c503f6dd66238337fb762f707286a175033f7626ede50085aad700
Instruction Fuzzy Hash: 9F01B170A1A20D8FDB59AFB4C464AFA3BA0EF19304F0205BBE40AC60E2DA35A650C700

Function 00007FFD9B8B2DD1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45e1b19af2e9fbb0774c9b523c203e3624471b72230edf9445a2e301bbac2a0c
Instruction ID: 5111f2ae3db2ef5e5467fadeadb5da7dccadbe96a81c4a0a68756c320297457e
Opcode Fuzzy Hash: 45e1b19af2e9fbb0774c9b523c203e3624471b72230edf9445a2e301bbac2a0c
Instruction Fuzzy Hash: 7A017130E1A65E4FE751EFB4C8695A97FE0FF19301F0605B6D40CC70A6EA34E5548B40

Function 00007FFD9B8C2F0E Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60010da2443b92c6b19edd555b1eb1bf665334cbef5307ddca59f712e43c9e46
Instruction ID: d013785c724f4834a499744a675c7168834d6409b6c21d4c17c78c6f060fccbe
Opcode Fuzzy Hash: 60010da2443b92c6b19edd555b1eb1bf665334cbef5307ddca59f712e43c9e46
Instruction Fuzzy Hash: 6D1145B4E1560E8BEB20EFE8C8545EDBBB1FF98310F14412AC408E3291DB78A9458F50

Function 00007FFD9B8C7F29 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c101e84d832bbd8d20a4ea5e5501f1232660cf95d8beb1cd86647f820faad24
Instruction ID: 8c59396de25b763219c94ba18881371f9c206574cfad886e8b1b773668d8d2e8
Opcode Fuzzy Hash: 9c101e84d832bbd8d20a4ea5e5501f1232660cf95d8beb1cd86647f820faad24
Instruction Fuzzy Hash: B401C070A5A68E4FDB56AF7488A45BD3BA0FF0A304F0104FFD019C71E2DA24A650C741

Function 00007FFD9B8B27AD Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 976b8f5090f3f7016c18acbdb6f6de8f23d45a295754fff3d4a7a5a180cd52e7
Instruction ID: acebd407674a85d750791f02ffbd62b18b803c8fe865c322eab1c4ba8e341488
Opcode Fuzzy Hash: 976b8f5090f3f7016c18acbdb6f6de8f23d45a295754fff3d4a7a5a180cd52e7
Instruction Fuzzy Hash: BB017130A5E65E8FE761EFB488695A97BE0FF19300F0245B6D418C71A6EE34E1448B85

Function 00007FFD9B8C10C0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23ffc5fff2f992238ab5a33a720e78d6665f0772a51cd961f19a4c451b26861d
Instruction ID: f64710395f8b19f9cdf2b125d37d0cea25b2abc1273022cfeee655852a04d59d
Opcode Fuzzy Hash: 23ffc5fff2f992238ab5a33a720e78d6665f0772a51cd961f19a4c451b26861d
Instruction Fuzzy Hash: EB011A70E1990E8EEB94FBA4D4696BE76E0FF18305F11047BD41ED21A5DE35A650CB40

Function 00007FFD9B8B1BCD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d15b04f401b8b4d9a38e9c956245273417474d4da529a71db77d46571e2e143
Instruction ID: ce264cabaabec9dbd288d845bba4d5036819f06d2ec6202cf6b03b09030a522e
Opcode Fuzzy Hash: 4d15b04f401b8b4d9a38e9c956245273417474d4da529a71db77d46571e2e143
Instruction Fuzzy Hash: CD01A230A0E65E8FEB65AF24C8256B93BA0FF59301F51007ED808CA1A2DA359950CB80

Function 00007FFD9B8B2E49 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d5dce91db2c5bb37d9babcb79317eef7efb7772f56504d9e3eda8d1e22bf05e
Instruction ID: 8f7233e235e0670aae52186c4b4c821337881d51ba6d3265551768efa23c7e47
Opcode Fuzzy Hash: 2d5dce91db2c5bb37d9babcb79317eef7efb7772f56504d9e3eda8d1e22bf05e
Instruction Fuzzy Hash: 24018830A5E64D4FE752EBB484695A97FE0EF5A300F4604F6D40CC70B7DA38A5448741

Function 00007FFD9B8B05D8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b103b035fdceec30ecec509b5bc3a0845515c3b19f26944ff3d126973d2beebb
Instruction ID: 20a8e25c0bb33354b75631ebe63672cde9b38ac7c33266c356d25b97a6d550e1
Opcode Fuzzy Hash: b103b035fdceec30ecec509b5bc3a0845515c3b19f26944ff3d126973d2beebb
Instruction Fuzzy Hash: 0A018B30A1991E8FEB98EF74C0686BA77E1FF5C305F21047ED40EC61A4CA31A690CB80

Function 00007FFD9B8BAC19 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dd330216c1bda7df08a00a7a3641f3b9e5d5963276efc60bed67635cecc8a4c
Instruction ID: bca21a5da6abea93e2bedd7d347a5c9968a06093489ea15a03b3342008bb7fd0
Opcode Fuzzy Hash: 1dd330216c1bda7df08a00a7a3641f3b9e5d5963276efc60bed67635cecc8a4c
Instruction Fuzzy Hash: 6B018830A0E64D5FD761EB7488795A97FE0EF19300F0608F6D008C70B6DD38A5548741

Function 00007FFD9B8C7909 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc7135b05134724deed99411b6973e35e459a1262716b934421d5edd3cd0cf94
Instruction ID: 3de8cfe28c2043fb521493702f57d194c05e45454ba711f9bbfacec0830be066
Opcode Fuzzy Hash: fc7135b05134724deed99411b6973e35e459a1262716b934421d5edd3cd0cf94
Instruction Fuzzy Hash: 38018470A4E64A4FE752FB7484595A97BE1EF0A310F0649F7C408C70B7DA28A544D701

Function 00007FFD9B8B0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e19df86daf279d3cc4fe28c3210f9ad4dcb2e5ede7661e4ade9d44126d585a8
Instruction ID: 0ff3142dcfa0a039044de8d981fa99693e788288c102d4c591e1c826e600554f
Opcode Fuzzy Hash: 7e19df86daf279d3cc4fe28c3210f9ad4dcb2e5ede7661e4ade9d44126d585a8
Instruction Fuzzy Hash: D801AD30A1A50E8AEB58EFB4D4686B97BA0FF0C304F10087ED41EC21E5DE35A240CE44

Function 00007FFD9B8B0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e06a9df716232a97a068ba75a966ed727690a608cf9cea5dec5fb7bdac0e606
Instruction ID: d5620a3e90d8904d1b7d4bd61c225a50495c0f404650ee0d23abe56c49d3a1d3
Opcode Fuzzy Hash: 7e06a9df716232a97a068ba75a966ed727690a608cf9cea5dec5fb7bdac0e606
Instruction Fuzzy Hash: 1301AD30A1551E8AEB69EFB4C4296BA76E0FF08304F11087EE41EC21E4DE35A240CA44

Function 00007FFD9B8B1180 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f74cfd4094d17818d384b12f23c037be2cad52f125d02af9d92d9ddca91241c
Instruction ID: e3d200081c313a7ab9b839d57048d0a80ef12dc410c7cb4905a07d7143144cb5
Opcode Fuzzy Hash: 2f74cfd4094d17818d384b12f23c037be2cad52f125d02af9d92d9ddca91241c
Instruction Fuzzy Hash: BAF0A970E2955F49FBA5ABB488646F977E0FF59304F40153ED41DD51E1DE241254CA40

Function 00007FFD9B8B26C9 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae45f01e978f45946485c6c21ef89298ecaa8ad48d068899bf00d247f2e97bb2
Instruction ID: 5d3aca3a125912c8edf00c2dfae8d241ad5e21dba807d1328861f8d14d25bd0c
Opcode Fuzzy Hash: ae45f01e978f45946485c6c21ef89298ecaa8ad48d068899bf00d247f2e97bb2
Instruction Fuzzy Hash: 9EF0C83090F39D8FD76A9F7088355AA3FB0BF06200F0605BBD409C61E3DA289548CB81

Function 00007FFD9B8B273D Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 324676ebf2baf217bd9b883e615123757cbd8c343b8576d3557a8b03c21e8aa6
Instruction ID: 3ebe6cec459d42531b2f4516a08ffee54ac838b129cc7f158d6c5257adc81eed
Opcode Fuzzy Hash: 324676ebf2baf217bd9b883e615123757cbd8c343b8576d3557a8b03c21e8aa6
Instruction Fuzzy Hash: BAF0F63090B24E8FEB699FB488242E97FA0FF09600F01047AD419C50E1DB3895408A81

Function 00007FFD9B8BB3C9 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9e4da7cf32d369d823315f585875d9da040c00dae883ad6f4d608372bda96f1
Instruction ID: 95cfb97923a9db4be1507acd484a5f19a2c25c400e20cf9014c18abd037a9e73
Opcode Fuzzy Hash: d9e4da7cf32d369d823315f585875d9da040c00dae883ad6f4d608372bda96f1
Instruction Fuzzy Hash: BBF04471A1992D8FDB64EB14C455BE9B3B1FF6C300F1081E6C40DD3155DE30AA818F80

Function 00007FFD9B8C79FF Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de98d39c607ac2eb3744f4f4ab6faea36ed4ede948de4b169b96cb917113e4b0
Instruction ID: 035af5c7c5783cee9e83adb83004f6429463ee945a3db37e77972acd4d0d7887
Opcode Fuzzy Hash: de98d39c607ac2eb3744f4f4ab6faea36ed4ede948de4b169b96cb917113e4b0
Instruction Fuzzy Hash: 1FF03C75E0A20E8BDB28EFA0D0A05FD76B5AB08321F25413FC01AA22E0CE385740CB58

Function 00007FFD9B8BD94C Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a3d5667636a29e83ed4da61000e3249eb79a4dc77f0ab92625db0ec26d6f4d
Instruction ID: 24166bf0169fdf000e7011b116a8ef0ce3bf940903540b797f896ef6fe2e9974
Opcode Fuzzy Hash: c6a3d5667636a29e83ed4da61000e3249eb79a4dc77f0ab92625db0ec26d6f4d
Instruction Fuzzy Hash: 5FF0E771E0522E8FDF60DFA5C450AFDB7F1AB58311F11157AD405E32A2EA78AA04CFA0

Function 00007FFD9B8B0FDB Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35a06f04235ad3e73158030e88b91a9bc202dd07fe71c3e84497aa8f3910b8be
Instruction ID: f6031e07e6a2623f3f82afb2c5e623eb730cac8859e87cb2abe01125dea65d2a
Opcode Fuzzy Hash: 35a06f04235ad3e73158030e88b91a9bc202dd07fe71c3e84497aa8f3910b8be
Instruction Fuzzy Hash: C6F01531E10A2D8ADB64EBA4E8107EEB7B0FB48300F4044B2D00CE3291DA34AA418F80

Function 00007FFD9B8B16E0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fe8a46c296d93708f61b05d60e40878e9e488cc7cac960711ac09eb02f71a12
Instruction ID: dead0bc4485000d2445d8b07907c2eae78a453c0a7f6be7b35f1186af55c83d8
Opcode Fuzzy Hash: 0fe8a46c296d93708f61b05d60e40878e9e488cc7cac960711ac09eb02f71a12
Instruction Fuzzy Hash: 03E06520F3A81A8AE734B368809463461D19F48304F7A8274F01CCE2F2DB2CDD81CB80

Function 00007FFD9B8C569B Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8C4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8c4000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9db6b7d677cb5452fc605d52040e3852a62355c0d71d3175c8e0e42091769818
Instruction ID: 4fe511b671991bd17249cce574265f2ad95f2ba1f8cb48c7172bf000202b5772
Opcode Fuzzy Hash: 9db6b7d677cb5452fc605d52040e3852a62355c0d71d3175c8e0e42091769818
Instruction Fuzzy Hash: C2D09262E56A199AEBA0EB68849E6A9B7B1EF58300B41402AE40892252DE2014129A40

Function 00007FFD9B8B05D3 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8b0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 627766ca04b3b6cb7b488982133dd7ddc111fac5d2610409c5167ece477140f7
Instruction ID: 83ffb18aea65025ebb7b05713c94d7811ee8beeb50dd69d2a27d271842aeaa15
Opcode Fuzzy Hash: 627766ca04b3b6cb7b488982133dd7ddc111fac5d2610409c5167ece477140f7
Instruction Fuzzy Hash:

Non-executed Functions

Function 00007FFD9B8BEB19 Relevance: 5.1, Strings: 4, Instructions: 89COMMON

Download Yara Rule

Strings

', xrefs: 00007FFD9B8BEB84
", xrefs: 00007FFD9B8BEB74
f, xrefs: 00007FFD9B8BEC42
H, xrefs: 00007FFD9B8BEBEE

Memory Dump Source

Source File: 0000000A.00000002.1773303160.00007FFD9B8BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_7ffd9b8ba000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID: "$'$H$f
API String ID: 0-779256357
Opcode ID: 6fb93caa292533f54b331c7c4959f37c617ecf5ce58cba0ab7f61a5bb27a706e
Instruction ID: 188b1f4cecaf4982d1981fdbca4b6f9617854ba8abe8ff30068b178bee145ba3
Opcode Fuzzy Hash: 6fb93caa292533f54b331c7c4959f37c617ecf5ce58cba0ab7f61a5bb27a706e
Instruction Fuzzy Hash: CC41D770E0562D8FEBA8DF64C895BA9B7B2EF58301F4185E9D40DA7291CF345A81CF80

Analysis Process: dllhost.exePID: 8056, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B8734C5 Relevance: 1.5, Strings: 1, Instructions: 294COMMON

Download Yara Rule

Strings

O_H, xrefs: 00007FFD9B873770

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID: O_H
API String ID: 0-364725170
Opcode ID: a8ccc3bc0999bdd6a5d25403dfdaab255e6e3d2bee32ffcc84b877d2d5e3e9a5
Instruction ID: 1e4df590fe7776725f09dfd926b1fc9afad0c9d0ee61766e61e225e143bd35e0
Opcode Fuzzy Hash: a8ccc3bc0999bdd6a5d25403dfdaab255e6e3d2bee32ffcc84b877d2d5e3e9a5
Instruction Fuzzy Hash: 72A1E471A1994D8FEB98EBA8C8647ECBBE1FF99314F5001BAD00DC72D6DB7429418742

Function 00007FFD9B8824AB Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B881000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B881000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b881000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a3103a32b86c4f308e040ea405f5f888244ed20714a68a1ec490c855c1b0fc0
Instruction ID: 2b92d830b647f36c4db8724f38bf3de7d472033bc04644eebb0654adbec34be5
Opcode Fuzzy Hash: 1a3103a32b86c4f308e040ea405f5f888244ed20714a68a1ec490c855c1b0fc0
Instruction Fuzzy Hash: C5E1D230A4EA8E8FDB55DFA4C8695F93BF0FF09304F0245BAD419C71A6DA38A645CB41

Function 00007FFD9B87CAF3 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

yO_^, xrefs: 00007FFD9B87CB01

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID: yO_^
API String ID: 0-4249208735
Opcode ID: 98082b38f6c6443fde3b165583ed4786a31b22ac5250f265e47938c6eebb1e6b
Instruction ID: bddcfa98be2559534866212eb8816689638c99b38bf8a7703c35d074eaa00838
Opcode Fuzzy Hash: 98082b38f6c6443fde3b165583ed4786a31b22ac5250f265e47938c6eebb1e6b
Instruction Fuzzy Hash: BD31E731B0D26B4AE71A7BACB8A84F83750EF55328F050177E01DCB0E3DE282581A695

Function 00007FFD9B881378 Relevance: 1.3, Strings: 1, Instructions: 27COMMON

Download Yara Rule

Strings

&, xrefs: 00007FFD9B88180E

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B881000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B881000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b881000_dllhost.jbxd

Similarity

API ID:
String ID: &
API String ID: 0-1010288
Opcode ID: 4f578592c80b122ce4804b0b60950cec0e1751a2900284b944c0c456f4e6eb31
Instruction ID: ef027c6b8cfe91555fc6d5324881669791ab373a722ee2a581c55e74b6c41213
Opcode Fuzzy Hash: 4f578592c80b122ce4804b0b60950cec0e1751a2900284b944c0c456f4e6eb31
Instruction Fuzzy Hash: E0F0D035A0961DCBEB24EF84C8646ED73B2FB59311F014639D01A9B2A5DF785A04DB41

Function 00007FFD9B87DB99 Relevance: .4, Instructions: 421COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaf76f2c8f41b9c3e55e7fcd30f6f7e6f4acbb43b9a3c31111b432244f492854
Instruction ID: 8f7bb874ae32ab6964b1d4699eee309bcc2f9667a668ea840cd9cf61a22d69af
Opcode Fuzzy Hash: aaf76f2c8f41b9c3e55e7fcd30f6f7e6f4acbb43b9a3c31111b432244f492854
Instruction Fuzzy Hash: BBF16D71E1965D8FEBACDB98C8A4BB8B7B1FF58304F0041BAD00DD32A6DA346941DB41

Function 00007FFD9B871678 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d6f1c3c50ab215d401fd99e388a14dacfb3a261832a3f8cc4b5878463ac221c
Instruction ID: 226d48e084fed51ebc28811139ebd2fdbf43d2d0687db96b601dcea605de8f98
Opcode Fuzzy Hash: 8d6f1c3c50ab215d401fd99e388a14dacfb3a261832a3f8cc4b5878463ac221c
Instruction Fuzzy Hash: 6981F331B0DA494BDB58EF5C88A45A977E2FFD8304B1501BEE49DC36A2DE34AD028781

Function 00007FFD9B870F5B Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1faefabdd05f9c8e70737a563dcc2b717dfa840bdcfcf259a3b5df1b7cc18f2
Instruction ID: c88f74f747519e32c994af9fe30b01d68547282ebc1087ae6ea0f1a7bf44a791
Opcode Fuzzy Hash: f1faefabdd05f9c8e70737a563dcc2b717dfa840bdcfcf259a3b5df1b7cc18f2
Instruction Fuzzy Hash: 9C912B72E1990E4FEB68EB68C865BED77A1FF58314F0002BAD01DD71E6DE3469458740

Function 00007FFD9B882C1A Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B881000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B881000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b881000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d8db4b0e7bc45f5ab9c714192f045d8169c01fea120091a3c4b6375198b79a5
Instruction ID: a84751b063573e8ce33bcbf53213fbbd99d9cec9d2260bcb0f68684316d90b04
Opcode Fuzzy Hash: 3d8db4b0e7bc45f5ab9c714192f045d8169c01fea120091a3c4b6375198b79a5
Instruction Fuzzy Hash: 3481A570E1991D8FDBA4EF98C8A97ECB7B1FF58300F5141AAD01DE3291DA746A858F40

Function 00007FFD9B887975 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94ba441bec2b9c48c311a0f75f09ba5776a5a5bc6c5faf930a1697c466bfd925
Instruction ID: 50e5ed7b29c16003343d9a7dc4bbbf94e94958008f4aa8dab2ecf03fcc22cc2a
Opcode Fuzzy Hash: 94ba441bec2b9c48c311a0f75f09ba5776a5a5bc6c5faf930a1697c466bfd925
Instruction Fuzzy Hash: C6810974E0961E8FEB68DFA4C4657FDBBB1AF18315F11007AD029A72D1CB386A85CB11

Function 00007FFD9B87C2B9 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fc037505fdb2d6c3966bc0e4622d1ecee5e705d60478fa56c61cf138d4f6c7
Instruction ID: 41b3472293d51acd73e24c68a22094dde271541c3528671a704dcc9443623ab5
Opcode Fuzzy Hash: c1fc037505fdb2d6c3966bc0e4622d1ecee5e705d60478fa56c61cf138d4f6c7
Instruction Fuzzy Hash: 8961FC70E0951D8FDBA4EBA4C4A96FDB7B1EF59304F51407AD00DE72A2DA386A409B40

Function 00007FFD9B8863C5 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b946f8b76fd1c6dc6a6a8d342dca1ea29299164bfbdbd8f3ff4093e1bce4b50
Instruction ID: 805f857cb19394c273a1c8e76f8aabc58bfdacfbd7933ccadf9d119e65b23b85
Opcode Fuzzy Hash: 4b946f8b76fd1c6dc6a6a8d342dca1ea29299164bfbdbd8f3ff4093e1bce4b50
Instruction Fuzzy Hash: D8712AB0E09A1D8FEBB4DB94C8647ADB6B1FF58300F5141BAD41DE32A1CB785A85CB01

Function 00007FFD9B871C4D Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 589af1d19286a7eb94b28abddf129930f2e5f913a3f560351677a462ea0f905f
Instruction ID: 1a441bda3e1b63ebe17a9b17f5feb83f0f99c8ba8ac70d96ffda55ced67d0592
Opcode Fuzzy Hash: 589af1d19286a7eb94b28abddf129930f2e5f913a3f560351677a462ea0f905f
Instruction Fuzzy Hash: A451E231B09A498FDB5CEF5888A45BA77E2FFD8304B15417ED45AC7692DE34E8028781

Function 00007FFD9B882927 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B881000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B881000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b881000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef261b35782aa0e8be0ee98e9ee4d4e9f19cddba7008f2ebf331eee9f893cc0f
Instruction ID: 22ea58ccfc47c966d51e16a098cc670f49f4a5dafe7eaca3ea06520dce7db709
Opcode Fuzzy Hash: ef261b35782aa0e8be0ee98e9ee4d4e9f19cddba7008f2ebf331eee9f893cc0f
Instruction Fuzzy Hash: 9F61A130A1AA5E8FDB59EFA4D865AFDBBB0FF09300F0501BAD019D71E6DA386941C741

Function 00007FFD9B873135 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6da148a7062966596e4aec075ce4ca0c9ef809fdc8b89df2388f6e5add33e095
Instruction ID: f010bf71551045af9fc0ae7f43536381bf0ec2349570a1f6db5050d50970ebc8
Opcode Fuzzy Hash: 6da148a7062966596e4aec075ce4ca0c9ef809fdc8b89df2388f6e5add33e095
Instruction Fuzzy Hash: 27519D30E1A60E8FEB64EB98C4A46FCBBF1FF59305F110079D009E72A5DA386A45DB01

Function 00007FFD9B872065 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b576a76c342766241da5eb921203dcf7b908c42ce68ea8e6f1576592b35b7f8d
Instruction ID: 0a9d4832091f7c49efdf89c1f5f2f5ed0c480802fb7bab3a8078c7e5ba9065dd
Opcode Fuzzy Hash: b576a76c342766241da5eb921203dcf7b908c42ce68ea8e6f1576592b35b7f8d
Instruction Fuzzy Hash: B5416831B1F64E0FE766DBB898A55B877E0EF8A314B0A40FBD00CC71A6DE18B9418351

Function 00007FFD9B87BEC9 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c07ef2a057bbf74ab68633cd55ff52c2d25b6f789f184664b8f7a616eddb37b2
Instruction ID: 1d52e54162973ffa042f7614d6500228c761f1749f67b9422beab19d1c7c5a0c
Opcode Fuzzy Hash: c07ef2a057bbf74ab68633cd55ff52c2d25b6f789f184664b8f7a616eddb37b2
Instruction Fuzzy Hash: 4B51F870E0A65E8FDB64DFA4C4A46EDBBF5EF09304F11017AD409E72A1DB386A44DB90

Function 00007FFD9B882B11 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B881000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B881000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b881000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 654c716b0a4c89cb8f183f167f910057f38f7de99aaebb91dd00fe54541c3227
Instruction ID: bcb414d588f78e8ecd394a44825ae15b3e1b312582e05f14c3ff97423875824a
Opcode Fuzzy Hash: 654c716b0a4c89cb8f183f167f910057f38f7de99aaebb91dd00fe54541c3227
Instruction Fuzzy Hash: 23418334A1AA4E8FEB61DFE4C8586E97BE1FF49310F0145BAD418D71A5DA38A644C701

Function 00007FFD9B8872C9 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e8e9903041d0a6fa323aff40ca6c36e1a33b27b138641ad9f717e95ddd724cc
Instruction ID: 36a094eda1d9c7b3dd7a909480965a90a99fd419d81ff3c14954c5a92f0f40ff
Opcode Fuzzy Hash: 2e8e9903041d0a6fa323aff40ca6c36e1a33b27b138641ad9f717e95ddd724cc
Instruction Fuzzy Hash: D241C034E0EA0E8FEB65DBA4C8256ED77F1FF18300F01017AE419D71A2DB3869449B52

Function 00007FFD9B8810C0 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B881000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B881000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b881000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4404db891accaa2544d12a2e05b8a85aa365b241aecb31f3c1636822e3364912
Instruction ID: 151ea8fbdff1a2a12af497855503fa3bd174b01735f3bede51677c6b9c13bb79
Opcode Fuzzy Hash: 4404db891accaa2544d12a2e05b8a85aa365b241aecb31f3c1636822e3364912
Instruction Fuzzy Hash: 8C418F34A0AA4E8FEB65EBA4C8686F977E1FF1D301F0105BAC41AD71A5DF396A44C701

Function 00007FFD9B882DF4 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B881000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B881000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b881000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bb726f6a14ee30f93f31d7b53db749c6eb12dc0ef5f309dea90e6963020bfbf
Instruction ID: 3dbd0e7702a122260459c7c7b8e68906f224abbb41debe1b921130b8ac7db234
Opcode Fuzzy Hash: 5bb726f6a14ee30f93f31d7b53db749c6eb12dc0ef5f309dea90e6963020bfbf
Instruction Fuzzy Hash: DF41A770E1991D8FDBA4EF98C8987ACB7B1FF59301F5141A6D00DE32A1DF345A858B40

Function 00007FFD9B887061 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c277d8ce719a7dcad4ff051d7993e1fe37e69d90abc1c2536a98ab5541eb7cd
Instruction ID: 5819f91f194f1918f34c15d4dbdcc6c4eae40c3363aada3ef0dd26c911902a9d
Opcode Fuzzy Hash: 5c277d8ce719a7dcad4ff051d7993e1fe37e69d90abc1c2536a98ab5541eb7cd
Instruction Fuzzy Hash: 9D218134A0AA4E8FEB69DF64C8656BE77B0FF19304F11057AD42DC31A6DE34A6408741

Function 00007FFD9B8871A5 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e42b149ae9661abea8c5a1f8579cb9c57480a2603ce5d130c78fc27d5779da5
Instruction ID: ce8cedbc06500519e14c650c5f0df99b5c190574626dff1c1e403b4ad6f98bb2
Opcode Fuzzy Hash: 6e42b149ae9661abea8c5a1f8579cb9c57480a2603ce5d130c78fc27d5779da5
Instruction Fuzzy Hash: AC21E439A0EA4E8BEB6ADFA488762B977B0FF19300F0104BAD42DC65E2DE356550C741

Function 00007FFD9B8876F1 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30f25ce1b2170cfabf55bbc4888a1194cb41f5a9b5c081d2e6793521f3a75c8b
Instruction ID: ea0bd2d88ed4fb6e14e2d0b1c50390f69916a3f8bb7234ee99b897f8955808e9
Opcode Fuzzy Hash: 30f25ce1b2170cfabf55bbc4888a1194cb41f5a9b5c081d2e6793521f3a75c8b
Instruction Fuzzy Hash: CB213D35A0A95E8FEBA1EBA8C8656F977F0FF19300F010576D42CD31A5DE38A6508641

Function 00007FFD9B886339 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b10503b304cfae6d1c22ee76562f4da0288699442e0b301dccd6bea2a71ea90c
Instruction ID: f5f146dee445ca5530d66d61d58bc93145f7dbe63d70d31374899a8036978998
Opcode Fuzzy Hash: b10503b304cfae6d1c22ee76562f4da0288699442e0b301dccd6bea2a71ea90c
Instruction Fuzzy Hash: D9219671E0EA4F8FEB65ABA488695B977E0FF19300F0505B6D42CC70A6DE386644D741

Function 00007FFD9B8733C1 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90ed9ba66ec8439c6a191310abfa7a8c2531c2d5261d44d882e906defddcb28a
Instruction ID: 33c099aedb5e97c0fa3ffce45adbe331b80a3fa88b6270dec835818e6e70e402
Opcode Fuzzy Hash: 90ed9ba66ec8439c6a191310abfa7a8c2531c2d5261d44d882e906defddcb28a
Instruction Fuzzy Hash: 1D216030A0A65E8FEB69EBA488A82B977E0FF18308F11047AD41DC71E5DF39A601D741

Function 00007FFD9B873445 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba865867094af920cb427a93a6fcf393bcc6d75e901881cce6d98d49e27f09b9
Instruction ID: d29161f0b5c683e2c5cd2786ef0be5f7685d5055efab573b573c6dad15a48428
Opcode Fuzzy Hash: ba865867094af920cb427a93a6fcf393bcc6d75e901881cce6d98d49e27f09b9
Instruction Fuzzy Hash: 5E216B30A0A64E8FEB69DFA4C4A56BD77A0FF19308F1104BED41DC31A1DB38A6519701

Function 00007FFD9B87A6D1 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e831a13c7e85e62c3986cea5bc94e2ccad362f07bb90215f2aa71ac367cbc47
Instruction ID: 76dd1241e78d8e750d9a5997d85944cdcfcb80ba01314f8bca895497f4d84573
Opcode Fuzzy Hash: 0e831a13c7e85e62c3986cea5bc94e2ccad362f07bb90215f2aa71ac367cbc47
Instruction Fuzzy Hash: 49214C30A0964D8FDB94EF58C8999AD3BF0FF18305F01456AE45DC72A5DA34A540CB80

Function 00007FFD9B87331F Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96646af1bd712792a4de4f559c5abc8cad2863d7b227b502431c40eca44560ca
Instruction ID: d5b1604367385a4c9ec534ca5887924e5792ca9992d12c1284307223b60efe34
Opcode Fuzzy Hash: 96646af1bd712792a4de4f559c5abc8cad2863d7b227b502431c40eca44560ca
Instruction Fuzzy Hash: 7721603094E7C98FD752DBB488685997FF0EF5B204B0944EBD089CB0A3DA289646D752

Function 00007FFD9B870A01 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a65d844a9ff0775596ceebe10e9f695be5a268f3c9a098eaa64feddde6e0a5a
Instruction ID: 2424099badeed41c18f0e022036167c5f2bc49c80d1dd6ee2c003f3d646aef1f
Opcode Fuzzy Hash: 7a65d844a9ff0775596ceebe10e9f695be5a268f3c9a098eaa64feddde6e0a5a
Instruction Fuzzy Hash: EB11B230E1A50E8FEB90EBA8C8A95BDB7E0FF58744F4105B6D419C70A6EE34A5409700

Function 00007FFD9B884969 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ede087b51e959725468d287c30a5bb5c6c2e1a1d8c2ddfe7d39adbea17c5463
Instruction ID: 153de7ae649ff8de9775cbac71bb74c2ccee41ccc4d273b8fd860abc5e67bbdf
Opcode Fuzzy Hash: 0ede087b51e959725468d287c30a5bb5c6c2e1a1d8c2ddfe7d39adbea17c5463
Instruction Fuzzy Hash: 0621C631A0DA4E8FDB69DF6488A52B97BA0FF19300F0505BFD419C71A2DA346550C781

Function 00007FFD9B87C443 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aef8dda3d9b84180fddd31c7c80089df0dc5c3a28c6fcc99a230ed3e39a4910
Instruction ID: 36bb765e34d78649cb380b85759f3590b4a54afe466b9a9eeabc22b86d82de59
Opcode Fuzzy Hash: 5aef8dda3d9b84180fddd31c7c80089df0dc5c3a28c6fcc99a230ed3e39a4910
Instruction Fuzzy Hash: 1211E370E1981D8EDBA4EBA888A5AFCB7B1FF58304F515139D00DE32A2CE3469419B80

Function 00007FFD9B871F19 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db8658a04b504720de753e5b10e17bf3a07c473129e53e154783dae0db5554a9
Instruction ID: 612c90a87697c5529a9df1496dd74222577e458b18f3d9168d795825a325e740
Opcode Fuzzy Hash: db8658a04b504720de753e5b10e17bf3a07c473129e53e154783dae0db5554a9
Instruction Fuzzy Hash: 8711C200A0F2C54EDB63A7B848B54656FA09F17228B1E46FFD0D8CB4F3CA0C594AD342

Function 00007FFD9B87EE8E Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c7b1b95b75f0f5a5436b569d04b1b4b3202d4a5e3377019c751c073de0591ba
Instruction ID: af93a68e35026c7998afc517365960b48b92877a2390603ce99901b3dee569c9
Opcode Fuzzy Hash: 2c7b1b95b75f0f5a5436b569d04b1b4b3202d4a5e3377019c751c073de0591ba
Instruction Fuzzy Hash: 30213C71F09A5D8FEBA8DB189CA57A9B6B5EF59301F0001FA900DD3691DE345A818F41

Function 00007FFD9B884A05 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c7d3af24d0d6c705e43b16404b5769a17508f9f604df67179c25aafe33426dd
Instruction ID: 3e360ce2a60606dc61c763b4ca1b5d92fedbf7a6426d2729065f10243a0fe6b9
Opcode Fuzzy Hash: 8c7d3af24d0d6c705e43b16404b5769a17508f9f604df67179c25aafe33426dd
Instruction Fuzzy Hash: 0411A231E09A4E8FDB98EFA884692B97BA0FF68300F0505BED41DC71A1DA35A640C741

Function 00007FFD9B887105 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfc90aa627d835bf30b7b24febe053ec08216eed209d55903b5bb1757b6607d4
Instruction ID: 72c8e267a0cd697e9f36d22b01374a87f287419095b524d9d4bc40dcd89dbb4d
Opcode Fuzzy Hash: cfc90aa627d835bf30b7b24febe053ec08216eed209d55903b5bb1757b6607d4
Instruction Fuzzy Hash: EE11B474A09A4E8FEBA9EF68846A2BD7BF0FF58301F0105BED41DC75A5DA356140C741

Function 00007FFD9B884F25 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec07e89652d0e3d0480afa32543a185a8ce497c675f9be47f3873586bbc88152
Instruction ID: ab5f991da1593239893ab488cae0620b66dfbbded69d81d8b8da92d2636e0801
Opcode Fuzzy Hash: ec07e89652d0e3d0480afa32543a185a8ce497c675f9be47f3873586bbc88152
Instruction Fuzzy Hash: AD11C872A0EE8D4FEB59DB6488752B87BA0FF19314F0A00BED42DC25A2DA756540C741

Function 00007FFD9B87116D Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 028f14486fd725b2380d50f25a7552892c51723521fc20e5a6cef113b96e0cad
Instruction ID: 423c1e8eaf1f95d3dbab5813fc09ad8c1d8986f89ab2ff33191ee2264b490922
Opcode Fuzzy Hash: 028f14486fd725b2380d50f25a7552892c51723521fc20e5a6cef113b96e0cad
Instruction Fuzzy Hash: EE11E630E2A64E4FEB69EBA4C8B96B97BE0FF19304F0114BED419CB5E2DE246540D710

Function 00007FFD9B88532D Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8f2c0e697ed72f806745166d6461166d944c2392466cb95d3f74e4ac4f517ca
Instruction ID: e4f4cc09b31c888aa2187769f4f0936eb8ced5ae350e3fe062154f6a9406edd7
Opcode Fuzzy Hash: e8f2c0e697ed72f806745166d6461166d944c2392466cb95d3f74e4ac4f517ca
Instruction Fuzzy Hash: 5911B270E19A4E8FEB65EB6888581EDBBF0FF5E300F46447AD019C70A6DE74A6409740

Function 00007FFD9B88723D Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbcca17bfefc8026a421b84c775efba7b2b44294ab458fb6f86fc11d83ef327
Instruction ID: 42c9a0d5da5d1564f26fb7abd1fa0fd337f2ed2a31a17e4d93a94acb61a46fde
Opcode Fuzzy Hash: fcbcca17bfefc8026a421b84c775efba7b2b44294ab458fb6f86fc11d83ef327
Instruction Fuzzy Hash: 8311B634A0AA4E4FEBA9DF6484656B97BB1FF59300F0101BEE41AC71A2DE3565448741

Function 00007FFD9B885299 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e93f1275ae5094ad6140c22b526978dd98099be20d1851f921a7264918c344a9
Instruction ID: 3fada1d66986bc1d50948949159daf2780ec29d551c4ea51e35fa13548daf53e
Opcode Fuzzy Hash: e93f1275ae5094ad6140c22b526978dd98099be20d1851f921a7264918c344a9
Instruction Fuzzy Hash: CA119330A0AA8E8FEB55DB6488692FD7BF0FF19300F0104BED42DC71A2DE7596408741

Function 00007FFD9B88520D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25e0886028949e3ddcdfcc430915d935aa1aaa8cb35bc530e2517ba6f6cf51e7
Instruction ID: dde16fa70ed9297d885e0885fb4da9cb940ae2c9d563de92ca41d4f83500be48
Opcode Fuzzy Hash: 25e0886028949e3ddcdfcc430915d935aa1aaa8cb35bc530e2517ba6f6cf51e7
Instruction Fuzzy Hash: D8118230A09A4F8FEB59DB6488696F977B1FF19300F0105BED429C61A2DF34A540C741

Function 00007FFD9B87BE45 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca315764e2976b9d72ed0486ffc601fb2551983ff65cbbe6ae59d24d64949abf
Instruction ID: fd99bdc523465aef7e08e06b7d3dbf97df732b583063dd88111b333a9d363373
Opcode Fuzzy Hash: ca315764e2976b9d72ed0486ffc601fb2551983ff65cbbe6ae59d24d64949abf
Instruction Fuzzy Hash: 1F117C31A0AA4E8FEB55EF68C8B82BD7BA1FF18304F4104BAD419C31A2DA35A6509740

Function 00007FFD9B887781 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da1366573f8d528f1344296c650f7f9ce696a189c94b472304bda394d8266637
Instruction ID: 44f5b2da11119dc208a26d175c6a7b5f9a8180f7a824102b5fd945c2a6a47e12
Opcode Fuzzy Hash: da1366573f8d528f1344296c650f7f9ce696a189c94b472304bda394d8266637
Instruction Fuzzy Hash: 1F116135A0EA4E8FE751FBB4C8586A97BF4FF59301F0505B6D428C70A5DE38A280CB51

Function 00007FFD9B87CB80 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3be0ef90c2bceeaddeb890078b17bd27f6f5f7fc734a224b312534602a7db375
Instruction ID: 18ed2411864407c4fddddbab26e67628e1ec3e72a4edec15472fba0550baa303
Opcode Fuzzy Hash: 3be0ef90c2bceeaddeb890078b17bd27f6f5f7fc734a224b312534602a7db375
Instruction Fuzzy Hash: 7E114F30A0968E8FDB56EFA488685B97BB0FF19304F0604BBE41DC70A6DE395654CB51

Function 00007FFD9B88504D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9db8cb3941e7fec2da485cbf2f71864e1b0a7c7431aed4bf0ba243fd8437b2a
Instruction ID: 83b5f06df282dbc5de5f3afd3ce2fa88702c3f4742477d93df5d3c2e2d2dcb04
Opcode Fuzzy Hash: d9db8cb3941e7fec2da485cbf2f71864e1b0a7c7431aed4bf0ba243fd8437b2a
Instruction Fuzzy Hash: EE118270A09A4E8FEB59DF6488696FD7BF0FF18304F1105BED429C21A6DE346540C742

Function 00007FFD9B87B09C Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e40e7a4a421ec018f12d399f3bff8b91d2842e899f973fa33681c9b210004893
Instruction ID: 186bb7c7155f953b3b7c53621fa4678e1e979eae49eaa8d3fc36014d52da1b9d
Opcode Fuzzy Hash: e40e7a4a421ec018f12d399f3bff8b91d2842e899f973fa33681c9b210004893
Instruction Fuzzy Hash: 6A117030A1990E8EEB61FBB888E85FD7BE5FF58344F414576D429C30A6EE34A5449640

Function 00007FFD9B87C6A9 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b53a865b1c4f2e86369a394d05f3ccf1a54169b9e29199faaf27f540c7faab8
Instruction ID: 3319d73e3ef0a15f66ce7715e8eccc96e7fe06dedb73bfbef456216eb255771b
Opcode Fuzzy Hash: 3b53a865b1c4f2e86369a394d05f3ccf1a54169b9e29199faaf27f540c7faab8
Instruction Fuzzy Hash: 1D11A030A0E64E8FDB59DF64C4A91A93FA1FF19308F1104BFD419C70A2CA35A650CB41

Function 00007FFD9B885435 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3be310da2bfc878ff1d2e55caeb75aacaa616a0cafb2a943fb96152df8a69456
Instruction ID: c5d51049ca6c63e3a5b622cedfb0813d2dca89b32fe265382f174c2d0e4cec24
Opcode Fuzzy Hash: 3be310da2bfc878ff1d2e55caeb75aacaa616a0cafb2a943fb96152df8a69456
Instruction Fuzzy Hash: 53018070A5AA8E4FE761EFA4C8695E97BF0FF09301F0245B6D42CC71A6DE34E6448701

Function 00007FFD9B872DD1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d0ed872301a517d003718aeff2c7d841fdf1c32004678bdcd753cad9ee477a9
Instruction ID: 25aaa57eb073b28fba2443b8c2e55f0fec68e8fb6c57390822b1556e5688c3a8
Opcode Fuzzy Hash: 8d0ed872301a517d003718aeff2c7d841fdf1c32004678bdcd753cad9ee477a9
Instruction Fuzzy Hash: DF017131E1A64E8FE751EFA4C8A95A97BE0FF1A308F0605B6D40CC70A6EA34E5549700

Function 00007FFD9B887F29 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 508faa91421839392eabf631fa040597aa1158532e83af7831b14ce7d1a1a0bf
Instruction ID: c09def6f53da29d57a489644dabb789ad4626618551de19c233e0ee82d3a5f44
Opcode Fuzzy Hash: 508faa91421839392eabf631fa040597aa1158532e83af7831b14ce7d1a1a0bf
Instruction Fuzzy Hash: 3C018034A4AA8E4FDB56EB7488655BD3BB0FF19304F0104FED429C71E2DA35A654C741

Function 00007FFD9B8727AD Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b51c6ea2cb0342b7032c2e11e5963b8fc59e79e5a78be4dad5aaaed4e7c63388
Instruction ID: 6e9019c7d054b34671ea00ea98bbd098517942248ea7ae3a9529f30affadac05
Opcode Fuzzy Hash: b51c6ea2cb0342b7032c2e11e5963b8fc59e79e5a78be4dad5aaaed4e7c63388
Instruction Fuzzy Hash: 96017130E1F64E8FE761EFA488A95A97BE0FF1A344F4645B6D418C70B6EA34E1449701

Function 00007FFD9B887909 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25cee44e2762fd34121a7dbb7dfce6fe5163450814f8c3911bc3e6b313e89bfd
Instruction ID: 64d1658c5a95b7b808b4f9a246c3ff058ed4b0759d1ce6f48157bfed055356ef
Opcode Fuzzy Hash: 25cee44e2762fd34121a7dbb7dfce6fe5163450814f8c3911bc3e6b313e89bfd
Instruction Fuzzy Hash: 85018430A4E64A4FE752EB7488595A93BF1EF0A310F0649F6C418CB0B7DA38A544C751

Function 00007FFD9B872E49 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ed040efb0cc26201dc5dfd46a2af984c7aee231c2e118cf1aa39cccd0a5b40e
Instruction ID: 714973ca9b49f2ba4f85df7091d4353c04aac3f8cd81335b849ce9f71e3e9a68
Opcode Fuzzy Hash: 5ed040efb0cc26201dc5dfd46a2af984c7aee231c2e118cf1aa39cccd0a5b40e
Instruction Fuzzy Hash: 7101D431A0F68E4FE762EBB488A95A97BE0EF1B304F0604F2C04CC70B7DA38A5449301

Function 00007FFD9B871BCD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0528cec9f892ae8678a3380f2fd85d360daddf9917c10afd0eff9bc67ab9034
Instruction ID: fe22e1d8a0178a93548d1c0427b96d87efd75a7f1eeb7e45afe8ee56bd28f152
Opcode Fuzzy Hash: e0528cec9f892ae8678a3380f2fd85d360daddf9917c10afd0eff9bc67ab9034
Instruction Fuzzy Hash: 3301A230A0E64E8FEB55EF64C8656B93BA0FF59705F4514BAD408C34A1DA359950C740

Function 00007FFD9B8705D8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a57341297a56fbae364dfb8fdb85385cd97840cc2a95cbbd4d82d1c3e2a55e7b
Instruction ID: 4ecf74a4f9eca155bc3f004adc9513e41f900e0e3d6d8d54707252f4da793f90
Opcode Fuzzy Hash: a57341297a56fbae364dfb8fdb85385cd97840cc2a95cbbd4d82d1c3e2a55e7b
Instruction Fuzzy Hash: 90018430A0950E8FDB98EFA4C4A967977E1FF5C309F11047ED41EC35A4CA31A590D740

Function 00007FFD9B87AC19 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd038c3da9f05a792dbed1a7d1da6c1adfa9fbd95b80e13f512503302a8dd1e9
Instruction ID: 9d870d67aa02cb2d20b545ab5d839c8bbe6e877651ecda183b45eacc69718832
Opcode Fuzzy Hash: cd038c3da9f05a792dbed1a7d1da6c1adfa9fbd95b80e13f512503302a8dd1e9
Instruction Fuzzy Hash: 4F018430A1F68DAFE762EB7488AD5A97BE0EF5A304F0608F6D008C70B6DD38A5449701

Function 00007FFD9B870610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 185395c26736b22cce9021a0283755075e9f0629039c789dca80ba5ad0002693
Instruction ID: 30be5ebb15dbe6bf1bebf725f74135e79bed42ed5d18c6babd2013ff5c634831
Opcode Fuzzy Hash: 185395c26736b22cce9021a0283755075e9f0629039c789dca80ba5ad0002693
Instruction Fuzzy Hash: DE016230A1650E8ADB58EFA4C4A96B973A0FF1D309F51047ED41EC31E5DE35A550DA00

Function 00007FFD9B870608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c44dd61d95fbee9255028fb5e535cafbeae53adc4d6c26f2cd9fc590f6955a0a
Instruction ID: d41e137212512c60320540d0df9b37c89109638cc98e31a68e3fa11430a4a9d1
Opcode Fuzzy Hash: c44dd61d95fbee9255028fb5e535cafbeae53adc4d6c26f2cd9fc590f6955a0a
Instruction Fuzzy Hash: 98018130A1650E8BEB69EFA4C4A96B973E0FF1D308F51087EE41EC31E5DE35A254DA00

Function 00007FFD9B871180 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c2dfc7eda000d5e1992b583ba8ed078aadb504a466e031d16ef0d00b340e03e
Instruction ID: f829f7916ea10e8dd4f638135325a27a2627e23be8dd10c8a447a9be66f02924
Opcode Fuzzy Hash: 8c2dfc7eda000d5e1992b583ba8ed078aadb504a466e031d16ef0d00b340e03e
Instruction Fuzzy Hash: CDF0F930E2A54E89FBA4AB9488A46F977E4FF59308F01143AD41DC74E1DE341204D210

Function 00007FFD9B882F0E Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B881000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B881000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b881000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de15aeccea2564a6dec48d7741434ba6920daedd5198c5e6786c5e73fb9bbd74
Instruction ID: 904925fc0aee9b9f02a8ec3be7b5a68d8b0ead09aef6e57c8162e2887825fbfc
Opcode Fuzzy Hash: de15aeccea2564a6dec48d7741434ba6920daedd5198c5e6786c5e73fb9bbd74
Instruction Fuzzy Hash: 29F06930E0550E8BEB20EFD8C4985EDBBB2FF88315F10813AC008E3295DB7865458F40

Function 00007FFD9B8726C9 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd6558fcfe138f019b183ffc1c9d137b48da50be8b610b786afb4e949f5dfb81
Instruction ID: a4c017ddbdb4d7fab3cda92f4e63d5d76cb95db0116da939751aef13e10c4db7
Opcode Fuzzy Hash: dd6558fcfe138f019b183ffc1c9d137b48da50be8b610b786afb4e949f5dfb81
Instruction Fuzzy Hash: 36F0C23090F38D8FEB6A9FA488751A93BB0FF0A204F4615BBD419C60E2DA28A548C741

Function 00007FFD9B87273D Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ced70aa39b1c5cc081048845fee9cfa7462f1fab29382419778856abf614057
Instruction ID: 6a9771a481327ef74f6cf3f6022d7847730e66dcbe251c1c131c99e1ec41f889
Opcode Fuzzy Hash: 7ced70aa39b1c5cc081048845fee9cfa7462f1fab29382419778856abf614057
Instruction Fuzzy Hash: E0F0243090B38E8FEB699FA488652F93BA0FF1A704F4104BAD819C21E1DB38A540CA01

Function 00007FFD9B8879FF Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de98d39c607ac2eb3744f4f4ab6faea36ed4ede948de4b169b96cb917113e4b0
Instruction ID: 7133b927404cdd0f25824f108d6c8b48d69c5891aac79bdd6d67fc315e00eb0f
Opcode Fuzzy Hash: de98d39c607ac2eb3744f4f4ab6faea36ed4ede948de4b169b96cb917113e4b0
Instruction Fuzzy Hash: 1FF0EC35E0A50E8BDB28DF90D0A15FD76B5AB19321F25513ED026A22E0DA786B84CB54

Function 00007FFD9B87B3C9 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f0196c46023ba76529eb613d8e03905a565cbea5fc544d44f51432ae842391c
Instruction ID: cf5ee4ae5e9c12e0ad9d6020a998a02cc0c09a2b1cf889cde750bbce3d4ea68c
Opcode Fuzzy Hash: 2f0196c46023ba76529eb613d8e03905a565cbea5fc544d44f51432ae842391c
Instruction Fuzzy Hash: 64F04F30A1991D8FDBA4EB14C499BE9B3B1FF6C300F1181E6D40DE3165DE34AA829F40

Function 00007FFD9B881328 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B881000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B881000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b881000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11eb8f1cb026d60aed7518d424f524e95fb448f36af97d858248446a559192ec
Instruction ID: 8851c44a2f130e4670d00be37c062552505b845eb983f2e013591139c6e4db01
Opcode Fuzzy Hash: 11eb8f1cb026d60aed7518d424f524e95fb448f36af97d858248446a559192ec
Instruction Fuzzy Hash: F801CD31A08A5D8FDB68EF44C8946ED73B2FB58301F0145AAD41EE7291DF745A80DF40

Function 00007FFD9B87D94C Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a3d5667636a29e83ed4da61000e3249eb79a4dc77f0ab92625db0ec26d6f4d
Instruction ID: 8376a1e16f22f55c58c1c02cc3300f88be5e014f1cb137d4c67e12d394639f39
Opcode Fuzzy Hash: c6a3d5667636a29e83ed4da61000e3249eb79a4dc77f0ab92625db0ec26d6f4d
Instruction Fuzzy Hash: C6F014B1E0921E8FDB50DF94C4906EDB3F0FB58304F11007AD005E32A2EA78AA40DF50

Function 00007FFD9B870FDB Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 578f60184cd83b5c0ea9a9c2a04c86024b94b38b8e71f330a05f95a2ed331de4
Instruction ID: c0caab9e5bcadc143d0ff30df2b3b3a64dca173d02f4b255f637c9c9f6ae4430
Opcode Fuzzy Hash: 578f60184cd83b5c0ea9a9c2a04c86024b94b38b8e71f330a05f95a2ed331de4
Instruction Fuzzy Hash: 99F03930E1461D8BDB54EB94E8507EEB7B0FB88304F5140B2D00DE3291DE34AE418F80

Function 00007FFD9B8716E0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fe8a46c296d93708f61b05d60e40878e9e488cc7cac960711ac09eb02f71a12
Instruction ID: 6cb6e342c4bf65c75d3c59b321edab9fb7c80f461dec69eec78cf9bfbcc852ca
Opcode Fuzzy Hash: 0fe8a46c296d93708f61b05d60e40878e9e488cc7cac960711ac09eb02f71a12
Instruction Fuzzy Hash: 68E03020F0A80A4AE734B35884D563461D1DF59308FAA8174F01CC75F1DA2C9E81A280

Function 00007FFD9B88569B Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B884000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B884000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b884000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b64159adda5fcdf6f4a50075ef732a161dffa7a56fb3914f71912c94ef9665b
Instruction ID: 4808f67fc6afab616172a08afb7e09414f924979408df2bcd022b51d60752ef7
Opcode Fuzzy Hash: 9b64159adda5fcdf6f4a50075ef732a161dffa7a56fb3914f71912c94ef9665b
Instruction Fuzzy Hash: 46D0C972E5AA0D9FEBA0DB58849E2ECB7F1FF58304B41402AE40893152DF345502AB81

Function 00007FFD9B8705D3 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39b3d6baa8372725c46d7fad367b06ed21afb3601d86a504ee75983362e540f2
Instruction ID: 8d16f5cef3e918ab478f687b79d12d0f3c226dd194d9779d0b1430b105246ebc
Opcode Fuzzy Hash: 39b3d6baa8372725c46d7fad367b06ed21afb3601d86a504ee75983362e540f2
Instruction Fuzzy Hash:

Non-executed Functions

Function 00007FFD9B87EB19 Relevance: 5.1, Strings: 4, Instructions: 89COMMON

Download Yara Rule

Strings

", xrefs: 00007FFD9B87EB74
f, xrefs: 00007FFD9B87EC42
H, xrefs: 00007FFD9B87EBEE
', xrefs: 00007FFD9B87EB84

Memory Dump Source

Source File: 00000023.00000002.1780068238.00007FFD9B87A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B87A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b87a000_dllhost.jbxd

Similarity

API ID:
String ID: "$'$H$f
API String ID: 0-779256357
Opcode ID: 8d1c4efe606249b6afcf039ce459896c381116b3469d7398ceab69a1b03b7765
Instruction ID: f8b18f33c6f0f5fd2c756f1266a065361fd2bbe167b21971a9a8fd394473a148
Opcode Fuzzy Hash: 8d1c4efe606249b6afcf039ce459896c381116b3469d7398ceab69a1b03b7765
Instruction Fuzzy Hash: A241F670E0562D8FEBA8DF54C895BA9B7B6EF58305F4081EAD40DA7291CB385A819F40

Analysis Process: dllhost.exePID: 8080, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B87331F Relevance: 1.7, Strings: 1, Instructions: 478COMMON

Download Yara Rule

Strings

O_H, xrefs: 00007FFD9B873770

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID: O_H
API String ID: 0-364725170
Opcode ID: 3d0c27a0f73f2328783e42d9b8de24e4bb82d9f89f17d335ab614348511d993a
Instruction ID: 7c33370949d2e3d55247bb65f641ad4b2ca02fc5697803055191181e21cad739
Opcode Fuzzy Hash: 3d0c27a0f73f2328783e42d9b8de24e4bb82d9f89f17d335ab614348511d993a
Instruction Fuzzy Hash: 23F1F271A0DA4D8FEB59DBA8C8A47E97BE0FF5A304F4001BAD019C72E6DB746502C742

Function 00007FFD9B879D47 Relevance: 1.3, Instructions: 1347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88dd5b3c6eb7b464b12cdffb556e676e52af857e231d4f2c4ce43cf31922c034
Instruction ID: 5718ced2f0c8f53c945a2a1b1d84c340492c024671caaba6eae94cc5d8ade015
Opcode Fuzzy Hash: 88dd5b3c6eb7b464b12cdffb556e676e52af857e231d4f2c4ce43cf31922c034
Instruction Fuzzy Hash: A6A2AE30A0E78D9FDB56DB6488A95A93FF0FF1A304F0605EBD449CB0A3DA38A945D711

Function 00007FFD9B87AFA0 Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7d765750083abad816b6a9e12b089d31668699ce591ed1b093c41e342b3220f
Instruction ID: f88b217c273e0be4ae0930bc5e0d3732b54507c8d800257a4640a651dbeeab7f
Opcode Fuzzy Hash: f7d765750083abad816b6a9e12b089d31668699ce591ed1b093c41e342b3220f
Instruction Fuzzy Hash: 02D1A170A0AA4E8FEBA5EB64C8696B97BF1FF19300F0105BED42DC71A6DE346644C741

Function 00007FFD9B87A9AD Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 415383b14e015537303781b00f70353a60126202f2914e37e48e5d6b78c79d12
Instruction ID: 355d1c1f569af4ae4159e107e4d83326c54922f7ce4291716a6407e733f77ec5
Opcode Fuzzy Hash: 415383b14e015537303781b00f70353a60126202f2914e37e48e5d6b78c79d12
Instruction Fuzzy Hash: 98B1A230A0A64E9FD756EB64C8A96F97BF0FF1A304F0645BBD419C70A6DA38A644C701

Function 00007FFD9B87ECA5 Relevance: 3.9, Strings: 3, Instructions: 171COMMON

Download Yara Rule

Strings

{, xrefs: 00007FFD9B880210
,, xrefs: 00007FFD9B87ECAA
=, xrefs: 00007FFD9B8803AA

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID: ,$=${
API String ID: 0-4157551264
Opcode ID: de4197a63383e324a37e544bd6d5500c298f1390d39007d35e8461484d322c2d
Instruction ID: e61ee545af1398b8e9ec95527676090c62cd69c9f52ebc10b9012194f6d593c6
Opcode Fuzzy Hash: de4197a63383e324a37e544bd6d5500c298f1390d39007d35e8461484d322c2d
Instruction Fuzzy Hash: 7B710870E19A6D8FEBA8DF54C8A57A9B7B1EF58305F0001FAD00DA7291DB346A80CF41

Function 00007FFD9B87EFE4 Relevance: 3.9, Strings: 3, Instructions: 115COMMON

Download Yara Rule

Strings

9, xrefs: 00007FFD9B880555
-, xrefs: 00007FFD9B87F01A
+, xrefs: 00007FFD9B87EFED

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID: +$-$9
API String ID: 0-3239800188
Opcode ID: c199034dc3b8903025d1c604a3e6eb593094ea8058579ad052e73c4ca0f3b579
Instruction ID: 461cc6f06896f27aead3363a236b5258bf34166d3a712a0c75e156b030ca1eb8
Opcode Fuzzy Hash: c199034dc3b8903025d1c604a3e6eb593094ea8058579ad052e73c4ca0f3b579
Instruction Fuzzy Hash: 1D410770A18A2E8FDBA8DF58D8907E9B3B5FB49319F0101FAD41DE7291CB345A858F41

Function 00007FFD9B87CAF3 Relevance: 1.4, Strings: 1, Instructions: 145COMMON

Download Yara Rule

Strings

yO_^, xrefs: 00007FFD9B87CB01

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID: yO_^
API String ID: 0-4249208735
Opcode ID: 607ec1f0f6fcba336d342777dac5d8c1ae57b8f89741b879e4e7ab29e1a37d71
Instruction ID: 6c61d11d22755bffd976d6a016275449f8334af25c6ef817b9b273a9edf6ee31
Opcode Fuzzy Hash: 607ec1f0f6fcba336d342777dac5d8c1ae57b8f89741b879e4e7ab29e1a37d71
Instruction Fuzzy Hash: 9F41F721B0D2A64BE71B7BA8B8794F83B60DF46328B0901B7D05DCB0E3DD1C25869795

Function 00007FFD9B87CF50 Relevance: .6, Instructions: 594COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c92b666bfea74df1cebbd4b10f784175271b284b0608756433328d0db5dd92cf
Instruction ID: c16bf2830055646155f2420570c85ebd40f20ef52d09e7fb32b4f6c5998675aa
Opcode Fuzzy Hash: c92b666bfea74df1cebbd4b10f784175271b284b0608756433328d0db5dd92cf
Instruction Fuzzy Hash: 5961DB21A0FBCA4FE76297788C695A97FF0EF1A310B0905FBD4A8C70E7D924A9458351

Function 00007FFD9B87DA7C Relevance: .5, Instructions: 523COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7a6a70cdfeb4f30c8cd4a26ec2df693ab78ec13812e50accf046c82012c9d1f
Instruction ID: e03ae9d73109cfbf1e3ee6a6c21e6ae68702c2d18dd733534231f67d2a787248
Opcode Fuzzy Hash: c7a6a70cdfeb4f30c8cd4a26ec2df693ab78ec13812e50accf046c82012c9d1f
Instruction Fuzzy Hash: 56128F71E1964D8FDB69DB68C8A4BB8BBB1FF59304F0401BAD00DD72E6DA386941DB01

Function 00007FFD9B872BD0 Relevance: .4, Instructions: 385COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd6d88d448ef8e09ea01907acb2cd6a9e42a1f3d39c83d770ea3cdd20f56bdd8
Instruction ID: f49dd862ba61d74f0c0cd1a9fef5e2efb14551bee215876d942eb41773c62e91
Opcode Fuzzy Hash: bd6d88d448ef8e09ea01907acb2cd6a9e42a1f3d39c83d770ea3cdd20f56bdd8
Instruction Fuzzy Hash: 8BD1C531E0F64E8FE761EFB4C8A89E97BE0EF1A304F0505B6D458C70A6DE38A6449741

Function 00007FFD9B87ADD8 Relevance: .4, Instructions: 359COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbaec4b323747647415f4168a251825ac0b1fa379582e9cdb675738ea7344a5f
Instruction ID: 538e2838075938fd9d40b1ef7877dccd79ef32821a31018de276b74b0f413884
Opcode Fuzzy Hash: cbaec4b323747647415f4168a251825ac0b1fa379582e9cdb675738ea7344a5f
Instruction Fuzzy Hash: 75D11930E19A1E8FDB68DB98C464ABDB7B2FF59705F100179D41DE32A6CA386981CB41

Function 00007FFD9B87BCFC Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb64f6d5d75d49e456bf26564aa6bbdbe8849297586c077a54c9ad51243f7cf6
Instruction ID: de1a07db8c12ed2d53ff1ca08c0407f5083e90f1c64748e01018f6960472d505
Opcode Fuzzy Hash: cb64f6d5d75d49e456bf26564aa6bbdbe8849297586c077a54c9ad51243f7cf6
Instruction Fuzzy Hash: F5C13A30A0A64E8FEB65EFA4C8A86FD7BF5FF09304F11447AD409D71A1DA38A6449B41

Function 00007FFD9B872065 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c1dc5d8a5d19bbf11288365df8c892c6c258719b293f3f837e03ff3a09607a5
Instruction ID: 6269fee744b716c4445eb225d601a0347ac29fe04e19e25314a1613f0a61d502
Opcode Fuzzy Hash: 4c1dc5d8a5d19bbf11288365df8c892c6c258719b293f3f837e03ff3a09607a5
Instruction Fuzzy Hash: 31B1D131E1B64E8FEB64DFA488A07A8B7A0FF4A314F0501BAD04DD71A2DE386A45D741

Function 00007FFD9B8824F0 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4d68f9dcea852ddc0096d74c3db2bba7f882653e883c06f48d8e896024cb7d4
Instruction ID: 29252442222384faf3956661ae9b2bb5a39243d2b28c9a3842005844d2e54f43
Opcode Fuzzy Hash: a4d68f9dcea852ddc0096d74c3db2bba7f882653e883c06f48d8e896024cb7d4
Instruction Fuzzy Hash: 0DA19230A5A64E8FDB65DFA4C8655FA7BF0FF09304F02457AE819C31A6DB38A644CB41

Function 00007FFD9B871B05 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7638ad0e44cb45e120650acfc0e7d7a87d9ee79cc8b866acfe0c3644488612dc
Instruction ID: b4d3f6a8558754fc1e4666575da6f338db538f6ec891d0ff9e6284a3c5c7e699
Opcode Fuzzy Hash: 7638ad0e44cb45e120650acfc0e7d7a87d9ee79cc8b866acfe0c3644488612dc
Instruction Fuzzy Hash: DB913431A0EB8D8FDB68EF5888A45B97BE1FF99304F0501BED459C35A2DE34A905C741

Function 00007FFD9B8705F0 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b0d8653b6625a4f6002088c255ce68cc551b435c6721f867fdde18c96f49d0a
Instruction ID: 2bca39df9d9fd9b6e30a489b659fb854febbfa90f2c9e81af8c179e58f3b8903
Opcode Fuzzy Hash: 2b0d8653b6625a4f6002088c255ce68cc551b435c6721f867fdde18c96f49d0a
Instruction Fuzzy Hash: 06911330B0DA4D8FDB58EF5888A45B937E1FF99308F1545BEE459C36A2DE34A902C741

Function 00007FFD9B882560 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd6f11c73a680a070dd0470fcaf8c14dfc179cdd33900e50047b51412ff26a94
Instruction ID: 4c3be9bb8b126efced390dc13ec2a61dc6d1a0288b15f72ca0c2f4a8528b0cba
Opcode Fuzzy Hash: fd6f11c73a680a070dd0470fcaf8c14dfc179cdd33900e50047b51412ff26a94
Instruction Fuzzy Hash: F7A1A030A5A64E8FDB65DFA4C8655FA3BF0FF09304F02457AE419C31A6DB38A644CB41

Function 00007FFD9B873000 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09cec4c6cc3585d766c35d90757bdc4e0bbfd841b70ed589ba7d955de02c0055
Instruction ID: 87fd538c3e85cb21e904706832e44382df2301a53f757e78159c9cd02992200f
Opcode Fuzzy Hash: 09cec4c6cc3585d766c35d90757bdc4e0bbfd841b70ed589ba7d955de02c0055
Instruction Fuzzy Hash: B6A19130E1A60E8FEB61EBA4C4A86FD7BF0FF49308F014576D409D71A5DA38A645DB01

Function 00007FFD9B87A668 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8522a319f5504d9f6b2f91b09d6be8865ebe640c571e5b0f95d3440220888f83
Instruction ID: 422be6216dd7bf3bd6d281f4776a9c6da04453e8ab1da4cac7cd025194ad066a
Opcode Fuzzy Hash: 8522a319f5504d9f6b2f91b09d6be8865ebe640c571e5b0f95d3440220888f83
Instruction Fuzzy Hash: 2891C330A1E68E9FDB65DF6488656FD7BF0FF19308F0205BAE408C71A2DA38A654D741

Function 00007FFD9B871678 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce96b7c28ee43a0db8fbbda80bee4dde63e3d6312b1c513561a95748cabd33f6
Instruction ID: fc4ab2550f9986299d3c80b8fe616b7704aebfd42f3b21affee42e2296d038f9
Opcode Fuzzy Hash: ce96b7c28ee43a0db8fbbda80bee4dde63e3d6312b1c513561a95748cabd33f6
Instruction Fuzzy Hash: 7571DF31B0DA4D8BDB58EF5C88A45A977E2FFD8344B1501BAE49DC36A2DE34A9028741

Function 00007FFD9B8862C0 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b888780d76262ada571eb0de10e023f8c71d3bc9076666ece8c0629461b01505
Instruction ID: 074959b6ab6c06fb1c5b79b880573c79bc0c69907283f8c368cc77004dd0a56c
Opcode Fuzzy Hash: b888780d76262ada571eb0de10e023f8c71d3bc9076666ece8c0629461b01505
Instruction Fuzzy Hash: 56A13F70E09A5E8FEBA4DB94C8697A977B1FF19300F0141BAD41DD32A2DB385A85CB41

Function 00007FFD9B882640 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c6b754f037ca3dfaa449d52d15ffee02a3e995ff64143805594f44738c2d949
Instruction ID: fe09fc17bb5dd5a90ee65402963553a291623159a36d0324bebe93ba5dc46d94
Opcode Fuzzy Hash: 4c6b754f037ca3dfaa449d52d15ffee02a3e995ff64143805594f44738c2d949
Instruction Fuzzy Hash: CF917B30A09A4E8FDB54EFA4C8695FE7BE0FF58304F01457AE42AD31A5DB38A645CB41

Function 00007FFD9B87C1E0 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 344ab3ab26d96d5ce870de7c94b2cc67dd2ba324e6f7471b21913640c7fd4746
Instruction ID: ec853727d7f58f15f2e91b28f9d796282cb522e2c69f9ffcb3a30d69dc87aea6
Opcode Fuzzy Hash: 344ab3ab26d96d5ce870de7c94b2cc67dd2ba324e6f7471b21913640c7fd4746
Instruction Fuzzy Hash: 1A914070E1D64D8FEBA4DBA888A97FD77B1FF59304F41007AD40DD32A2DA385A449B41

Function 00007FFD9B87AE60 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca1c6e458d373676a8888eb96dd89c57b3e6d57b538a7c2fc19ee73d4fbdfadf
Instruction ID: 376ad83a143c30f4eeee2c0df957c8128cd6dae462e9282156e988238f5a841a
Opcode Fuzzy Hash: ca1c6e458d373676a8888eb96dd89c57b3e6d57b538a7c2fc19ee73d4fbdfadf
Instruction Fuzzy Hash: 4981C430A1DA8E8FDB65EF6488296FA3BB0FF19305F05057AD818C71A6DB386554C741

Function 00007FFD9B87AE70 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4553f9159bdbeeb30f57d3943f6b07759efd21f5f239506bbda5dcbeb04d480
Instruction ID: 6a650989ad9a27258acf65df83bc7f6531ad814a85d1c86abbd5b831d04daf78
Opcode Fuzzy Hash: b4553f9159bdbeeb30f57d3943f6b07759efd21f5f239506bbda5dcbeb04d480
Instruction Fuzzy Hash: B181B230A1EA8E8FEB65EF6488296FA3BF0FF19304F01057AD819C71A6DB386554C741

Function 00007FFD9B87AE50 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 506a6b04b320f797aee93c804f5a879231c997f73ce662333185572f690a87d1
Instruction ID: 54c36616fdf2760c5e332d64b091f602183403c378c832dc72830dacde41d9c5
Opcode Fuzzy Hash: 506a6b04b320f797aee93c804f5a879231c997f73ce662333185572f690a87d1
Instruction Fuzzy Hash: 5E818B30A09A4E8FEBA5EB64C8696B97BF1FF1D300F0105BAD419C71A5DE38A644C741

Function 00007FFD9B87A6E8 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6944fcd12d7a1a3818f48c856a3ebcf44e9e47436deaa03f7e97f712ccd45f90
Instruction ID: 2092c2b556d705a52c29167916cb3e8868806f6121a25e0b7e0de8bcd5d339b6
Opcode Fuzzy Hash: 6944fcd12d7a1a3818f48c856a3ebcf44e9e47436deaa03f7e97f712ccd45f90
Instruction Fuzzy Hash: 7771B230A1A68D9FDB55DF6488656FD7BF0FF19304F0205BAE848C31A2DA38A654D741

Function 00007FFD9B872980 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be8efc734c226f583cd05a902b4a78f2334f7c2be6bfe2c2901137d36c2fda6d
Instruction ID: a03f7a535e9ab1ad83a65c3be939ba93f73130efc97c6f3b0d9a96b4dcdcafa7
Opcode Fuzzy Hash: be8efc734c226f583cd05a902b4a78f2334f7c2be6bfe2c2901137d36c2fda6d
Instruction Fuzzy Hash: 59719234A0AA4D8FEB65DB68C8686FD7BF0EF19310F1504BFC429C71A2DA38A544C741

Function 00007FFD9B87B09C Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d663373ab424c4ae8f212e7882282775201ebeb6f12883ad9d15750eaddf0254
Instruction ID: a1609095fcd3bd11c370ad9bb98147745a6d4f320543537ccd9d1e9446c63091
Opcode Fuzzy Hash: d663373ab424c4ae8f212e7882282775201ebeb6f12883ad9d15750eaddf0254
Instruction Fuzzy Hash: 3251B130A1E64E8FE761EB7488B96F97BE5FF09304F4245BAD418C70B6DA38A644D701

Function 00007FFD9B872FD0 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bece6db750f8bf63745289cc9e177f7b0369dcc6d2f49573e7ad676505d67fb7
Instruction ID: 640e172fb554a028c1343e0eebd6103d358f465f3b1e0cd945dc98eeb90eeb5f
Opcode Fuzzy Hash: bece6db750f8bf63745289cc9e177f7b0369dcc6d2f49573e7ad676505d67fb7
Instruction Fuzzy Hash: F4519730A1F34E8FE7659BB488A56E97BF0FF4A308F0505BAD448D70E2DA286745D702

Function 00007FFD9B872968 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c115e7b0eb03bbcb5bbdb409d48a79e01f5bdbf984f0189f3cd3b6f1b36fa572
Instruction ID: c140bc2807cae3c9e913abe39400bab449fbce790bc72e7d66b720621bb71ee1
Opcode Fuzzy Hash: c115e7b0eb03bbcb5bbdb409d48a79e01f5bdbf984f0189f3cd3b6f1b36fa572
Instruction Fuzzy Hash: 5C51D634A0E68E8FE766EB649C296FD3BB0EF0A314F0505BBD469C61E3DA385544C741

Function 00007FFD9B872D59 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fc407fc8890ae73d6abecb6c1e7441e1e429e5153d404aba93475261f88e7c2
Instruction ID: bf03e3524f5b964e079717e93ba5e0d0ac5cf697707ba14f95acfcd9ba64e780
Opcode Fuzzy Hash: 9fc407fc8890ae73d6abecb6c1e7441e1e429e5153d404aba93475261f88e7c2
Instruction Fuzzy Hash: FB518331E1F28E8FE7619FE488A56F97BF0FF1A304F0505B6D448C70E6DA28A6489741

Function 00007FFD9B8727AD Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50772961b26788ca6e8b2486222045cad4fb965399ffef2b54d6c993ffbea726
Instruction ID: 071ba88ceb68336fd561e695df17773aff10510775fae713a97fdefec27b744d
Opcode Fuzzy Hash: 50772961b26788ca6e8b2486222045cad4fb965399ffef2b54d6c993ffbea726
Instruction Fuzzy Hash: 2641D776B0D2668FD315BFB8F8A98D937A0EF45324B0545B7D0C8CB0A7ED2860469750

Function 00007FFD9B870500 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1d5f7d0c24f3586c423c5d139c5d4a6a678b8c3c7d225061928fd025ebe6136
Instruction ID: c3a8ab56d7bcd647d525865dde918be4014a0f962042f48a42ed9fe03698cc14
Opcode Fuzzy Hash: e1d5f7d0c24f3586c423c5d139c5d4a6a678b8c3c7d225061928fd025ebe6136
Instruction Fuzzy Hash: 35419530A1E64D8FE766EFA4C8685A93BF0FF1A304F0544B7D419C70A6DA38E554D701

Function 00007FFD9B87CF70 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d685de277ced59860795036f69a3ae6e9fbdfe81216fd41997e3db710c54f12
Instruction ID: e45ca06c5694cdf7fb8f15b400a6ada563bbc2a23d295149dd093f22b69d3617
Opcode Fuzzy Hash: 4d685de277ced59860795036f69a3ae6e9fbdfe81216fd41997e3db710c54f12
Instruction Fuzzy Hash: 1541C438A0AA4E8FEBA9DF6488652B97BB0FF19300F1105BED42DC65A2DE356644C741

Function 00007FFD9B871180 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8370cbc501857a84bfecdacbb88762a8a998383030fc93edb92644ea705ddde
Instruction ID: 69a692e2cfd41f7de7a24ece12da871a1d3eb15343e53005a4bee773857deeee
Opcode Fuzzy Hash: c8370cbc501857a84bfecdacbb88762a8a998383030fc93edb92644ea705ddde
Instruction Fuzzy Hash: 5A310630E2E64E4EEB68FBA488B46B977E0FF59308F01047ED419D75E1DE2465449741

Function 00007FFD9B8711D7 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17f0f6e1fceabd15d1e1a0480970ac731521c2aff13b6847827896a9b1a6c150
Instruction ID: 17eab5f0758a7dae95fd3c7477df61d9e530dadfadda60da8b8f616118f6cd52
Opcode Fuzzy Hash: 17f0f6e1fceabd15d1e1a0480970ac731521c2aff13b6847827896a9b1a6c150
Instruction Fuzzy Hash: DE31F031A1994E8FEF94FBA8C8A46FD77A1FF5D304F01007AD009D71A2DE25A944C780

Function 00007FFD9B87CB80 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b8bb397359897cb63b381401cc4737c6c4a5327e357c73a0cd8045097db64d6
Instruction ID: be1738ce301ef53e95a3244a416649acb3a87009a28e4521d5f9fe4c5f1f8d38
Opcode Fuzzy Hash: 7b8bb397359897cb63b381401cc4737c6c4a5327e357c73a0cd8045097db64d6
Instruction Fuzzy Hash: A7312635A0D3998FD317AB78A8785E93FB0EF46329B0904FBD049CB0E3DA285589C751

Function 00007FFD9B87CAE0 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45d1aa3b5ed500a1b2825d722a35a8f546a4d51108755079f172b3be6d48e724
Instruction ID: d74c9f01c8bbd5d5074232c00dd9027e0585d030369f4264450c0de286d581aa
Opcode Fuzzy Hash: 45d1aa3b5ed500a1b2825d722a35a8f546a4d51108755079f172b3be6d48e724
Instruction Fuzzy Hash: A841AF34A5AA4E8FDB56EF6488686BD7BF0FF09304F0104BED429C61A6DB38A644C701

Function 00007FFD9B8725DD Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0295a096235554b393564617a688478c94d514a6fd9456d4236409100c52885a
Instruction ID: 8c956bb51a5e18358a48e9bee8fb86f4c384d6ad2295f2ff50693c83e517b211
Opcode Fuzzy Hash: 0295a096235554b393564617a688478c94d514a6fd9456d4236409100c52885a
Instruction Fuzzy Hash: 2231913090F38E8FDB669FA488655A53FF0FF1B314F0545BBD458C60A6EA28A658D701

Function 00007FFD9B872DE8 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 685a5104ed0ebf2e175aee6a173b861975d7b950fb9f28ee14e4e31069f866d7
Instruction ID: b1bad2b2513f6e97b3ab21db2c74f5fa6e7297a9abc21d7436a07a84b6ec03d0
Opcode Fuzzy Hash: 685a5104ed0ebf2e175aee6a173b861975d7b950fb9f28ee14e4e31069f866d7
Instruction Fuzzy Hash: 43419331E4F28E8FEB619FE488A46F97BF0EF0A308F050576D458C71E6DA38A6449741

Function 00007FFD9B87CF60 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8631abe0546cd3bd49b00dfb0499a10c0a867deabe7ab7f06d031e66ebeed47b
Instruction ID: 5f7f61f06b1cd34eb3991652367a914494ac9fd5867411267f822fe8cbf89c90
Opcode Fuzzy Hash: 8631abe0546cd3bd49b00dfb0499a10c0a867deabe7ab7f06d031e66ebeed47b
Instruction Fuzzy Hash: CB214932F0D51E8BDF58AB5CE8646FD77A0EF58324F00013BD959D3182DE24690687D0

Function 00007FFD9B872E59 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab1b74db9cb42df3e54a2537cea2190820733637b140d21324cff1be8735f0f0
Instruction ID: cafd38e433c2df1ac9a7f9497d6cf0eae53a5485bb5d60af9063d37094b29a5a
Opcode Fuzzy Hash: ab1b74db9cb42df3e54a2537cea2190820733637b140d21324cff1be8735f0f0
Instruction Fuzzy Hash: BF21E131E0F24F8AEB619FE488A46FE77E0EF0A304F050536D414C31E6DE38A344A681

Function 00007FFD9B870A01 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47c1c81419a9dbe022295c2ccb769f79fcd0ed52842851e5d43d48004d5d58e9
Instruction ID: f4f22325c54309023224f1d4c4a31d23be11767cba19a65750d03bfe4ad7fc98
Opcode Fuzzy Hash: 47c1c81419a9dbe022295c2ccb769f79fcd0ed52842851e5d43d48004d5d58e9
Instruction Fuzzy Hash: C111BF31E2A50E8FEB90EBA8C8A95FDB7E0FF58744F4105B6D41DC70A6EE34A6409700

Function 00007FFD9B87C443 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a88eb5dd31558d8637a1328f0deb343c2d2a8294ffbdcbb7edeb620aa66773cf
Instruction ID: 659339eaffc13be323ceb15469590e00a1969a26c0af0206db0a39b60b1a8cb2
Opcode Fuzzy Hash: a88eb5dd31558d8637a1328f0deb343c2d2a8294ffbdcbb7edeb620aa66773cf
Instruction Fuzzy Hash: F911C570F1981D8EDBA4EBA888A5AFCB7B1FF59305F515139D00DE32A6CE3469419B80

Function 00007FFD9B871F19 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db8658a04b504720de753e5b10e17bf3a07c473129e53e154783dae0db5554a9
Instruction ID: 612c90a87697c5529a9df1496dd74222577e458b18f3d9168d795825a325e740
Opcode Fuzzy Hash: db8658a04b504720de753e5b10e17bf3a07c473129e53e154783dae0db5554a9
Instruction Fuzzy Hash: 8711C200A0F2C54EDB63A7B848B54656FA09F17228B1E46FFD0D8CB4F3CA0C594AD342

Function 00007FFD9B87EE8E Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c7b1b95b75f0f5a5436b569d04b1b4b3202d4a5e3377019c751c073de0591ba
Instruction ID: af93a68e35026c7998afc517365960b48b92877a2390603ce99901b3dee569c9
Opcode Fuzzy Hash: 2c7b1b95b75f0f5a5436b569d04b1b4b3202d4a5e3377019c751c073de0591ba
Instruction Fuzzy Hash: 30213C71F09A5D8FEBA8DB189CA57A9B6B5EF59301F0001FA900DD3691DE345A818F41

Function 00007FFD9B872668 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39f3376f613f010322685c099e55a120af114728dc79606a8b29a32d6963be00
Instruction ID: 844deb54915493184e0c5f5a775ad957388a83692c688f312741bdebc55839bf
Opcode Fuzzy Hash: 39f3376f613f010322685c099e55a120af114728dc79606a8b29a32d6963be00
Instruction Fuzzy Hash: 0C11E73091F68D8FEBA6DFA488651A93BE0FF1A304F4104BBD418C70E6DB38A554D701

Function 00007FFD9B873148 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e8a6193a0b4076cee198d15bd606d866110721261e472ebcab53f684bd3b69
Instruction ID: f9ae648c5610539cd26c0b71c723a5cb00c392c6d8734a72dc105ab6f859d103
Opcode Fuzzy Hash: c1e8a6193a0b4076cee198d15bd606d866110721261e472ebcab53f684bd3b69
Instruction Fuzzy Hash: A8215030E2A50E9AEB64DFA4C4A06EDB7F1EF49308F410539D409E3291DA386B05DB12

Function 00007FFD9B8704F8 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 370073d60d72316eae9704ca71ef1aeb2201aca4a463f88f6e2156b32cfae496
Instruction ID: 0254241428da0913affbd3c2adcc1248c59962c1dc7012dfe7eaf7ee855b0e5a
Opcode Fuzzy Hash: 370073d60d72316eae9704ca71ef1aeb2201aca4a463f88f6e2156b32cfae496
Instruction Fuzzy Hash: 6A11D630A1F68E8FEB65DFA488651B93BE0FF1A308F4104BBD418C61E5DA38A554D701

Function 00007FFD9B870F65 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 064069ad676962a6f1c065686a298869e9f7e0731968609d907793901c7f3a58
Instruction ID: 887cc51b264764cc4c288d6fc404c6ab06fe8481a21994a7762d5d1a112c0c5f
Opcode Fuzzy Hash: 064069ad676962a6f1c065686a298869e9f7e0731968609d907793901c7f3a58
Instruction Fuzzy Hash: 3611BF31E0551D8FEB54EB98C894BEEB7B1FB94315F1042B6C01DE32A0DE346A468F80

Function 00007FFD9B8705D8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a57341297a56fbae364dfb8fdb85385cd97840cc2a95cbbd4d82d1c3e2a55e7b
Instruction ID: 4ecf74a4f9eca155bc3f004adc9513e41f900e0e3d6d8d54707252f4da793f90
Opcode Fuzzy Hash: a57341297a56fbae364dfb8fdb85385cd97840cc2a95cbbd4d82d1c3e2a55e7b
Instruction Fuzzy Hash: 90018430A0950E8FDB98EFA4C4A967977E1FF5C309F11047ED41EC35A4CA31A590D740

Function 00007FFD9B870610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24b6bf7002643c5ab270d72cea49289383f73112d12c5700bb677015fc02bbd4
Instruction ID: 30be5ebb15dbe6bf1bebf725f74135e79bed42ed5d18c6babd2013ff5c634831
Opcode Fuzzy Hash: 24b6bf7002643c5ab270d72cea49289383f73112d12c5700bb677015fc02bbd4
Instruction Fuzzy Hash: DE016230A1650E8ADB58EFA4C4A96B973A0FF1D309F51047ED41EC31E5DE35A550DA00

Function 00007FFD9B870608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63226d8b907b0e4470132517dc09c374a489dc84099ba3e05e94b57adc8a1bf4
Instruction ID: d41e137212512c60320540d0df9b37c89109638cc98e31a68e3fa11430a4a9d1
Opcode Fuzzy Hash: 63226d8b907b0e4470132517dc09c374a489dc84099ba3e05e94b57adc8a1bf4
Instruction Fuzzy Hash: 98018130A1650E8BEB69EFA4C4A96B973E0FF1D308F51087EE41EC31E5DE35A254DA00

Function 00007FFD9B87273D Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 096f056b1d53d8e86d6c6ada703beda3b97458feffd9196feb8af97cc9ab73b4
Instruction ID: 6a9771a481327ef74f6cf3f6022d7847730e66dcbe251c1c131c99e1ec41f889
Opcode Fuzzy Hash: 096f056b1d53d8e86d6c6ada703beda3b97458feffd9196feb8af97cc9ab73b4
Instruction Fuzzy Hash: E0F0243090B38E8FEB699FA488652F93BA0FF1A704F4104BAD819C21E1DB38A540CA01

Function 00007FFD9B87B3C9 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50b97c79fdf7519f83284b983f05b5cccfe4d50e549bf127b8ba1501a0922500
Instruction ID: 5c668a4e8ef1f041332836680133820334b58bd794909da60aee6c735d18ea2f
Opcode Fuzzy Hash: 50b97c79fdf7519f83284b983f05b5cccfe4d50e549bf127b8ba1501a0922500
Instruction Fuzzy Hash: 9AF01970A1991D8FDBA4EB148495BA9B3B1FF6C300F1081A6D40DE3165DE34AA829B40

Function 00007FFD9B87D94C Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a3d5667636a29e83ed4da61000e3249eb79a4dc77f0ab92625db0ec26d6f4d
Instruction ID: 8376a1e16f22f55c58c1c02cc3300f88be5e014f1cb137d4c67e12d394639f39
Opcode Fuzzy Hash: c6a3d5667636a29e83ed4da61000e3249eb79a4dc77f0ab92625db0ec26d6f4d
Instruction Fuzzy Hash: C6F014B1E0921E8FDB50DF94C4906EDB3F0FB58304F11007AD005E32A2EA78AA40DF50

Function 00007FFD9B8726D8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b16dfabb0060b987af32a359abb13aa9b5c58d9b2d0c270f49f6c755d6aaee5e
Instruction ID: 0631d16c41e1dd51c360b865b8e50632ab30c6d2824c7b0e17da3a108bf419ff
Opcode Fuzzy Hash: b16dfabb0060b987af32a359abb13aa9b5c58d9b2d0c270f49f6c755d6aaee5e
Instruction Fuzzy Hash: 47F08230A0A64ECADB69DF6484696B936E0FF09308F4108BDE42DC20E5DF79A254CA40

Function 00007FFD9B870FDB Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66a03a3d3492e6262f69845500448a5ebde7de0b7700fa069adc95944d1a229f
Instruction ID: 8c1ca24e5a4dd6a461763cc9adac5a860340682147aa07a3e6f79b585db3cc68
Opcode Fuzzy Hash: 66a03a3d3492e6262f69845500448a5ebde7de0b7700fa069adc95944d1a229f
Instruction Fuzzy Hash: A5F0C931E1461D8BDB54EBA4E8947EEB7B1FB88308F5144B6D01DE7295EE34AE418F80

Function 00007FFD9B8716E0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fe8a46c296d93708f61b05d60e40878e9e488cc7cac960711ac09eb02f71a12
Instruction ID: 6cb6e342c4bf65c75d3c59b321edab9fb7c80f461dec69eec78cf9bfbcc852ca
Opcode Fuzzy Hash: 0fe8a46c296d93708f61b05d60e40878e9e488cc7cac960711ac09eb02f71a12
Instruction Fuzzy Hash: 68E03020F0A80A4AE734B35884D563461D1DF59308FAA8174F01CC75F1DA2C9E81A280

Function 00007FFD9B8728FA Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1bd3d83956ea67e626fa835fd0791652c477c7f2a2129c89dc529c46189d1e9
Instruction ID: a7ae81eaf4b4e60d4310ade2b1ff06cd5a3c9d7320de9bc49c4b4590abe0476d
Opcode Fuzzy Hash: c1bd3d83956ea67e626fa835fd0791652c477c7f2a2129c89dc529c46189d1e9
Instruction Fuzzy Hash: E6E0922250953989D70AEFBCB5E5DC93791FF0162830846B2C0948F057ED24A04B8240

Non-executed Functions

Function 00007FFD9B87EB19 Relevance: 5.1, Strings: 4, Instructions: 89COMMON

Download Yara Rule

Strings

H, xrefs: 00007FFD9B87EBEE
f, xrefs: 00007FFD9B87EC42
", xrefs: 00007FFD9B87EB74
', xrefs: 00007FFD9B87EB84

Memory Dump Source

Source File: 00000025.00000002.1773214114.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b870000_dllhost.jbxd

Similarity

API ID:
String ID: "$'$H$f
API String ID: 0-779256357
Opcode ID: ec4c012a37d2681c2b9485a16ee4671b93ff240611ec4b2df405044d830664b0
Instruction ID: f8b18f33c6f0f5fd2c756f1266a065361fd2bbe167b21971a9a8fd394473a148
Opcode Fuzzy Hash: ec4c012a37d2681c2b9485a16ee4671b93ff240611ec4b2df405044d830664b0
Instruction Fuzzy Hash: A241F670E0562D8FEBA8DF54C895BA9B7B6EF58305F4081EAD40DA7291CB385A819F40

Analysis Process: hVZrtkHODdjkrqRpmkkd.exePID: 8108, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B8A34C5 Relevance: 1.5, Strings: 1, Instructions: 294COMMON

Download Yara Rule

Strings

L_H, xrefs: 00007FFD9B8A3770

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID: L_H
API String ID: 0-402390507
Opcode ID: 5425ade776e078fd3f4b3f226724aadd5a1a881bfabaf1683980e3d4330f024c
Instruction ID: 4bc39836ca2f90b9c7423c62c0e7d1d21627f359e4adfb3eeb6d71a7bc85a668
Opcode Fuzzy Hash: 5425ade776e078fd3f4b3f226724aadd5a1a881bfabaf1683980e3d4330f024c
Instruction Fuzzy Hash: 72A1C171A09A4E8FEB98DBA8D8257AD7BE1FF59354F4001BAD00DC32DADBB52801C741

Function 00007FFD9B8B1378 Relevance: 2.5, Strings: 2, Instructions: 27COMMON

Download Yara Rule

Strings

&, xrefs: 00007FFD9B8B180E
/, xrefs: 00007FFD9B8B1B74

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID: &$/
API String ID: 0-2578988991
Opcode ID: 55e82eb89d2273faa7ecb6e11ba568108ec7dabef4061e2b9820db6946dce1f2
Instruction ID: 8c93f58ce7934ba7e2807c8c362b61fcbfb01292fabbc41f8afbaba565a06407
Opcode Fuzzy Hash: 55e82eb89d2273faa7ecb6e11ba568108ec7dabef4061e2b9820db6946dce1f2
Instruction Fuzzy Hash: D0F03030A0922DCBEB28EF90C864AED73B2FB55301F010229D0099F2A4DB785A04DF41

Function 00007FFD9B8B7975 Relevance: 1.4, Strings: 1, Instructions: 199COMMON

Download Yara Rule

Strings

H, xrefs: 00007FFD9B8B7B14

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: c7d6d70c0122f9148ae8df868426e7f0b21bc33601857dc8ab68188d8342f73a
Instruction ID: a0401bcc8fb8648f2f8ac3cf74e35f3a49995a014f9bc423cbc6d9397f4d8e24
Opcode Fuzzy Hash: c7d6d70c0122f9148ae8df868426e7f0b21bc33601857dc8ab68188d8342f73a
Instruction Fuzzy Hash: 22811974E0922E8FEB68DFA4C4657FDBBB1AF08311F11107AD009A62D1CB385A85CF50

Function 00007FFD9B8ACAF3 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

yL_^, xrefs: 00007FFD9B8ACB01

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID: yL_^
API String ID: 0-4278417862
Opcode ID: fb812fad9b53c0ba6b195360d229d24a1b7125a08abd54fc46dd6393807a6695
Instruction ID: 8159bcd8cf3a0c8cdc140b208b685f88f6a4534c6c075b2292c1a1e8ce03ec99
Opcode Fuzzy Hash: fb812fad9b53c0ba6b195360d229d24a1b7125a08abd54fc46dd6393807a6695
Instruction Fuzzy Hash: 0031F832B0D66B8BEB5A7BACBC294FC3754EF19324F050577D01DCA0E3DD29258286A1

Function 00007FFD9B8B1328 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

/, xrefs: 00007FFD9B8B1B74

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 11eb8f1cb026d60aed7518d424f524e95fb448f36af97d858248446a559192ec
Instruction ID: 2f9fe83a383bf5dc169bad52b3083688b13191351f835fbffc18f7c841c7b561
Opcode Fuzzy Hash: 11eb8f1cb026d60aed7518d424f524e95fb448f36af97d858248446a559192ec
Instruction Fuzzy Hash: 4401CD31A0466D8FDB68EF54C894AFD73B2FB58301F0145AAD40DE7291DB745A80DF40

Function 00007FFD9B8B3568 Relevance: .5, Instructions: 528COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 818f6b6c245497476888619cd45bd59d66e3b6072cd2ef151dd1f7a31db6359f
Instruction ID: faa9fb188a4b61c0659ac1e51a988d48c0d5b4ee1ed6979e45f2c96ed632bc5f
Opcode Fuzzy Hash: 818f6b6c245497476888619cd45bd59d66e3b6072cd2ef151dd1f7a31db6359f
Instruction Fuzzy Hash: EA410C22E0F7E64FE72697B89C755A47FE0EF17214B0900FBD098CB0E3D914A9058781

Function 00007FFD9B8B35F8 Relevance: .5, Instructions: 452COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7568839ccb7468fc9cc5fd5a9a2923b299c2df62ea4c6c1c898176ce57bd9f45
Instruction ID: 8f6df66a898cc82597a7a0d488e8dd88dd92413ba77ee8a1af844dedc0cd5829
Opcode Fuzzy Hash: 7568839ccb7468fc9cc5fd5a9a2923b299c2df62ea4c6c1c898176ce57bd9f45
Instruction Fuzzy Hash: 0F118121A0F3DA4EE76397B44C695A97FB0EF07214F0A05FFC498CB0E3E9186A448742

Function 00007FFD9B8ADB99 Relevance: .4, Instructions: 421COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32527b316dc617a5b42e4fdd4bdac25a1dff02f3fd8ef2f9cc0fe716835f87e8
Instruction ID: 567040383a983798e909c0764f04e4aac9b8c1eb89f6c33346417f38519805f4
Opcode Fuzzy Hash: 32527b316dc617a5b42e4fdd4bdac25a1dff02f3fd8ef2f9cc0fe716835f87e8
Instruction Fuzzy Hash: D4E15B71E1965D8FEBA8DB98D864BB8B7B1FF58300F4041BAD01DD32E6DA386941CB50

Function 00007FFD9B8A1678 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc88c9656795082fe5c4ce185aa22a88031985b49ed117e83a9a20e639e4d4d9
Instruction ID: 2298509344a600c757401e269d25334aa3e380280c1cf348a0b2de4b80ab5ac7
Opcode Fuzzy Hash: cc88c9656795082fe5c4ce185aa22a88031985b49ed117e83a9a20e639e4d4d9
Instruction Fuzzy Hash: 6881C131B0DA4D4BDB58EF5C88615A977E2FF99300B15457EE49EC3292DE34AD02C781

Function 00007FFD9B8A0F5B Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78987a381d82410ee0eb14a591b8562cc27123f73434280a2c14b03f949cacce
Instruction ID: 26db4e3c3ace76d63c492ebdb8a7ba7f5678a5c4148ed8c41a735928c527c5fc
Opcode Fuzzy Hash: 78987a381d82410ee0eb14a591b8562cc27123f73434280a2c14b03f949cacce
Instruction Fuzzy Hash: 20910872E1994D4FE768EB68C825BAC73A1EF58710F0102FAD01DD71E6DE386A498B50

Function 00007FFD9B8AC2B9 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24b93aefcc4a673201d20303b94fa670957900c51b5a0097704bc240b499fbfa
Instruction ID: c8ae9fc687823dc781b88850376f112d206cbc100c2c34690821e05fbe42469f
Opcode Fuzzy Hash: 24b93aefcc4a673201d20303b94fa670957900c51b5a0097704bc240b499fbfa
Instruction Fuzzy Hash: 0E61FC70E0951D8FDBA4EBA8C8697FDB7B5EF59300F41407AD00DE7292DE3869408B54

Function 00007FFD9B8B63C5 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69e4a15d6ac2446eb5bc83b2df88f3b080d3b1ee5df824f419855550d7c6047b
Instruction ID: 2d852084bbe1235ffb29537764fad415b415c87daf2037c60c9322c0b4b9bd12
Opcode Fuzzy Hash: 69e4a15d6ac2446eb5bc83b2df88f3b080d3b1ee5df824f419855550d7c6047b
Instruction Fuzzy Hash: BD711E70E0962D8FEBB8DBA4C8657A9B6B1FF58300F5141BAD40DD22A1DF349A85CF41

Function 00007FFD9B8A1C4D Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d3d5525986cc43e2919be96323e7b9b4fe292014a3d072bfc953646aedb5efc
Instruction ID: c8d1c3942a841182cc304f3982a5b35302c027f3d908e6412d4e44dbe739b7ca
Opcode Fuzzy Hash: 4d3d5525986cc43e2919be96323e7b9b4fe292014a3d072bfc953646aedb5efc
Instruction Fuzzy Hash: 7251F131B09A8D8FCB58DF4888A45BA77E2FF99300B15457EE45EC7292DE34E802C781

Function 00007FFD9B8B3CFA Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcaa4d431b4c7fb4ea66d71bade0e95f645088a79d41b59aec5f84585aaffa58
Instruction ID: ce80d0c5db3fc4b5d71503d6b46913b4a620be120477ce3bcb7cad168aaa0a85
Opcode Fuzzy Hash: fcaa4d431b4c7fb4ea66d71bade0e95f645088a79d41b59aec5f84585aaffa58
Instruction Fuzzy Hash: B041393770E9765EE311B7ADFC664E9BBA0EF813B7B140173D108C6052EA24944987D1

Function 00007FFD9B8B2C4B Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 881bbe3aca1798c12e85455ea6f300bf258b492e517f159677f9fc5da411c4fb
Instruction ID: 228dacc01fbcff7487e86dc41233f9c3a482c0039b3a7fb5749935cf1ff86010
Opcode Fuzzy Hash: 881bbe3aca1798c12e85455ea6f300bf258b492e517f159677f9fc5da411c4fb
Instruction Fuzzy Hash: 6C61A570E1965D8EDBA4EBA8D8697ECB7B1FF58300F1041AAD00DE3291DB746A818F40

Function 00007FFD9B8A3135 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bcd241f41085d853322119de728b0f80e8b38231fb252ebab63adcfa8d0272c
Instruction ID: fcd90c71328965f47ad61a61571db7ead2dac289294f8126bc164cb222ba8dcd
Opcode Fuzzy Hash: 6bcd241f41085d853322119de728b0f80e8b38231fb252ebab63adcfa8d0272c
Instruction Fuzzy Hash: 7D514B70E0A61E8FEB64DBA8C4646EDBBF1FF59301F114179D009E72A5DB386A44CB60

Function 00007FFD9B8A2065 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc2db17e774dd1c21b8a20711014f5cae89dd8622d913f083c2bb4c022322d20
Instruction ID: cf3b6aa0e885eb4f9aec20a640080545951725880bc7b29b5fd710e7b081104b
Opcode Fuzzy Hash: bc2db17e774dd1c21b8a20711014f5cae89dd8622d913f083c2bb4c022322d20
Instruction Fuzzy Hash: A8414831B0E68E4FE766DFB898655B97BE0EF8A310B0640FBD00CC71A6DE18B9418351

Function 00007FFD9B8ABEC9 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4834e5a91a4c2b1124b3d9b2e8449d01e0bd019bac75e05a852a443441e4f0b7
Instruction ID: 2aaa1e31f8bfd266eff679c7f139a68f467a64f839ce589a4852cc683333e56a
Opcode Fuzzy Hash: 4834e5a91a4c2b1124b3d9b2e8449d01e0bd019bac75e05a852a443441e4f0b7
Instruction Fuzzy Hash: BD51D770E0A65E8FDB68DFA4D8646EDB7B5FF09300F15053AD409E72A1DB386A44CB60

Function 00007FFD9B8B72C9 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e00f207cdf4981433c7209bafa891f9832e334872b1f1065339b1b966875407d
Instruction ID: 5daed2f1c00218c5c2385c4eb390bf650d65d868ae97da47654b65b4b20781d0
Opcode Fuzzy Hash: e00f207cdf4981433c7209bafa891f9832e334872b1f1065339b1b966875407d
Instruction Fuzzy Hash: F241BC35E0E76E8FEB659BA4C8256ED76F1FF1C300F01417AE409D32A2DA3869448F91

Function 00007FFD9B8B7061 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 230583676fd5d0cb92173a882621b54425c1b7699f9f600ef4cb0122e42f69ad
Instruction ID: f7acbbcc4a2905d0d982fa21224e7128006f7b8d56c4a964372cee27f7af0109
Opcode Fuzzy Hash: 230583676fd5d0cb92173a882621b54425c1b7699f9f600ef4cb0122e42f69ad
Instruction Fuzzy Hash: 6B214C34A0A65E8FEFA8DF6888655BE77A0FF29300F11057BD41DC21A6DE34A6418B81

Function 00007FFD9B8B2DFB Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b844fd327cf3b203c30e5318719ab999e85dab3f726dd85a6ff4303e50a2209
Instruction ID: 3d6dc080a81838e885ad7b737dbc9af8b991134d34e9a92d661284650de6a075
Opcode Fuzzy Hash: 5b844fd327cf3b203c30e5318719ab999e85dab3f726dd85a6ff4303e50a2209
Instruction Fuzzy Hash: C731A770E1992D8EDBA4EF68D8587ACB7B5FF59300F5041AAD00DE32A1DF345A818F50

Function 00007FFD9B8B71A5 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cafb1af0cb08574308a8859fb47bec0c184c46b6732053db562457e35f25830
Instruction ID: 1248b2b3c5d6d6aae81a27244a2f160e12b3ae3dad548997412fe6e15747aea2
Opcode Fuzzy Hash: 6cafb1af0cb08574308a8859fb47bec0c184c46b6732053db562457e35f25830
Instruction Fuzzy Hash: CC21F835A0EB4E4BEB69DF7488762BD37A0FF19300F11047ED41EC25A2DA35A554CB91

Function 00007FFD9B8B76F1 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45ab313867ce8a3a6973817d3963d922a75b1fc72a38873f328f3af5f6d8c2f
Instruction ID: 86d2e6f692b6d368327bd7e14612b0bcd875f91c53628e2e3cd70fda15751592
Opcode Fuzzy Hash: d45ab313867ce8a3a6973817d3963d922a75b1fc72a38873f328f3af5f6d8c2f
Instruction Fuzzy Hash: 38216234E4E66E8EEB61ABB8C8256FE77E0FF1D300F010476D40CD21A5DE38A6508B91

Function 00007FFD9B8B6339 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c38e92c522d2ea84cbd0dc458d65165127bab05110cd6e19fbf366106bfef32
Instruction ID: bf08fa299722b6d7b98e6c03332fe441c77a205db0f2b92cc2ed2c6e11e1a13d
Opcode Fuzzy Hash: 7c38e92c522d2ea84cbd0dc458d65165127bab05110cd6e19fbf366106bfef32
Instruction Fuzzy Hash: 8D217171A0E65E8FEB65ABB488696B9B7E0FF1D300F0505B6D41CC20A6DE38A640CB41

Function 00007FFD9B8A33C1 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de88593e33405fef31656847dfd9490ac3750c5d1d1b9fa3f559542156bd7963
Instruction ID: 0c44ece6e11c1a62bc409493aa4b4404abe75e28e692de8760396e07c18accab
Opcode Fuzzy Hash: de88593e33405fef31656847dfd9490ac3750c5d1d1b9fa3f559542156bd7963
Instruction Fuzzy Hash: 89214930A0A61E8FEB65EBA488692BE77E0FF18304F01087AD42DC21E5DF39A640C750

Function 00007FFD9B8A3445 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ed2dbcdb770df4c86315176e7f5ec182c07036ed5673d8c618e6b6d32ea0923
Instruction ID: 2fdd6f4e5bcdccc458c47462ee341c5bc553e773ea87fd284693e6774f0c0a22
Opcode Fuzzy Hash: 9ed2dbcdb770df4c86315176e7f5ec182c07036ed5673d8c618e6b6d32ea0923
Instruction Fuzzy Hash: BE213930E0A64E8FEB69EFA4C8656BD77A4FF29304F1104BED41EC21A1DB39A650C750

Function 00007FFD9B8AA6D1 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e269c7e0bad4e0ea8ee68b215668cf5ab71ec3e9eaa2e53983bb4f6a024224d
Instruction ID: b060d9684615c99c958baef75663d2ccc033d832f29835c7650fa25f198eb187
Opcode Fuzzy Hash: 2e269c7e0bad4e0ea8ee68b215668cf5ab71ec3e9eaa2e53983bb4f6a024224d
Instruction Fuzzy Hash: FF214C30A0964D8FDB95EF58C8999AA3BF0FF1C305F01456AE459C72A5DB34E540CB80

Function 00007FFD9B8A331F Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11de1b7b90c5f8e5c4626c1cd6fd7201c0d37de6aca1e4ffb513c0d48791d7d2
Instruction ID: 0ba30232c18c6b6998697534eac44332eb0a438bad8adda94955d66a5c01ea8f
Opcode Fuzzy Hash: 11de1b7b90c5f8e5c4626c1cd6fd7201c0d37de6aca1e4ffb513c0d48791d7d2
Instruction Fuzzy Hash: 2A21833094E7C98FD753ABB488685997FF0EF5B304B0A44EBD049CB0B3DA289545C761

Function 00007FFD9B8A0A01 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 448d9c0c6fbc95eed0f42b924aab5a2955b5d0e6f4ec227c16a0f5c235314eeb
Instruction ID: e8f0ab63eab3870b637ab77ebc1ac5e1b1643c26dae3100761fefcf36a539fe3
Opcode Fuzzy Hash: 448d9c0c6fbc95eed0f42b924aab5a2955b5d0e6f4ec227c16a0f5c235314eeb
Instruction Fuzzy Hash: 6D11B230E1A90E4FE790EBA888595BD77E1FF58740F4146B6D01CC70A6EE34B6448710

Function 00007FFD9B8B2721 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c88d264bbf7711af9c61a2e5afa06f4773e2b7a67bf323cf199134ab17f8c7c7
Instruction ID: 3990b45cad863bb12eb03822b7626e33d69402de7f9f3e115555e351cd5ccab0
Opcode Fuzzy Hash: c88d264bbf7711af9c61a2e5afa06f4773e2b7a67bf323cf199134ab17f8c7c7
Instruction Fuzzy Hash: 0611AF30A0A24E8FDB58DFA4D4A55E93BE0FF5C304F01027EE409C7291CA34A550CB85

Function 00007FFD9B8B4969 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e556af7849c2404b08eb451cbbd224b479b4096f31491bc6d89d3de64ac6271c
Instruction ID: 7ec99211cf0879834f9bb2b38157709f6164f1bd9b59adf327240b309520e24a
Opcode Fuzzy Hash: e556af7849c2404b08eb451cbbd224b479b4096f31491bc6d89d3de64ac6271c
Instruction Fuzzy Hash: B9219330A0E65E8FEB59DF7884A62B93BA0FF29300F1505BFD419C71A6DA34A554CB81

Function 00007FFD9B8AC443 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ea72ab4a983dc0b2708d33a2e3547657b5c7d20678a2af05b8f1fb773a53eef
Instruction ID: a17d551ee1c520dd32b7d86f58bac8d9bac5d949530dec440f87692416ab0b5c
Opcode Fuzzy Hash: 6ea72ab4a983dc0b2708d33a2e3547657b5c7d20678a2af05b8f1fb773a53eef
Instruction Fuzzy Hash: 1511C570E1981D8EDFA8EBA89865AFCB7B5FF58300F515139D00DE32A6CE3469418B50

Function 00007FFD9B8A1F19 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5602c1e76c2f192fd1c2a3a6eac4a9d53374bcfd34395a769c1bcca59a04fdc3
Instruction ID: 94e5c65e183ed74395bdc5fdba2596830fc81cc2acaf9707faced7f758f4ab4d
Opcode Fuzzy Hash: 5602c1e76c2f192fd1c2a3a6eac4a9d53374bcfd34395a769c1bcca59a04fdc3
Instruction Fuzzy Hash: 4D117011A4F6C65EDB63A7B848744656FA55F07224B1E86FFD0D8CB0E3DA0C594AC322

Function 00007FFD9B8AEE8E Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2ee4bdeff5cf47744973a452e502cec4c4bbad80a72fcdab17bd543e65b3054
Instruction ID: 17e5d445047703a26eb37ca3ecf3234880e280b84c09bb1d5ad53e13f10e4cb6
Opcode Fuzzy Hash: d2ee4bdeff5cf47744973a452e502cec4c4bbad80a72fcdab17bd543e65b3054
Instruction Fuzzy Hash: 73216D71F05A5D8FEBA8DF589C657A9B6B1EF59301F0001FA900DD3691DE305A818F01

Function 00007FFD9B8B4A05 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0332c6f22416a1ebaa166d416115670c328ee06829248e0288164ee9efe5efd5
Instruction ID: 516cc98d7d9709e7a2c07590cca8ab0cc9f4f5a939e3ddf71270b65226d41b73
Opcode Fuzzy Hash: 0332c6f22416a1ebaa166d416115670c328ee06829248e0288164ee9efe5efd5
Instruction Fuzzy Hash: F311A230A0965E8FEB98EF68846A2B97BA0FF68300F1505BED41DC31A1DA356540CB81

Function 00007FFD9B8B7105 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d165bd91f39eb321a3cf12cf21205dfd43abada2fc90a8059524b5f575d6024
Instruction ID: f023d68d75f7c94709b9dbd1df6d33323fb1844fd39e190776bc3aa887b1f4be
Opcode Fuzzy Hash: 5d165bd91f39eb321a3cf12cf21205dfd43abada2fc90a8059524b5f575d6024
Instruction Fuzzy Hash: B311E430A0964E8FEB98EF7884692BD7BE0FF18300F0005BED40DC71A2DA35A140CB80

Function 00007FFD9B8B2927 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27b9d2cba9ffc9378492b075d11b84b00d37c41d3d6dd7dffa330b61bcd950e1
Instruction ID: cb9c5e9b1ee6e632fdeb1a0509fff1fe9697e14cee41c651d2a36f2bfab72b4b
Opcode Fuzzy Hash: 27b9d2cba9ffc9378492b075d11b84b00d37c41d3d6dd7dffa330b61bcd950e1
Instruction Fuzzy Hash: 5B11AF3094E6CE4FD71A9BB098356A97FA0EF0A314F1A04FBC44DCB0E3DA296645C752

Function 00007FFD9B8B4F25 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9777914f961306c4c9c9ec7ff56745a47c161f4564cbbd084dd288a6613dc4a1
Instruction ID: 0dd9f3e84d61f7f94dd838b445e4fb5860e37f7f726b44dc00d53dbc4ccb7057
Opcode Fuzzy Hash: 9777914f961306c4c9c9ec7ff56745a47c161f4564cbbd084dd288a6613dc4a1
Instruction Fuzzy Hash: A011C871A0EA8D4FEB59DB7484762B87BA0FF19314F0A04BED01DC36B2DA656540CB41

Function 00007FFD9B8A116D Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c23fbd815b5407ed33b29d50275fcf3514ac38278373b477644579f3a553c523
Instruction ID: 254aab51c11070245d382ed0237e9b60d148756704baa0175b42a795e3ee8b14
Opcode Fuzzy Hash: c23fbd815b5407ed33b29d50275fcf3514ac38278373b477644579f3a553c523
Instruction Fuzzy Hash: 3111B670A0E64E4EEB65EBA4C8696B97FE0FF1A304F01157ED41AC61E2EE256544C710

Function 00007FFD9B8B2B11 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2940da279178d52d300a107a17ae15eec2d589e00f1cb7f69ca898d8cb3dc24
Instruction ID: 4b730573133261ecbb48d7cbb6e42c3585b8053d0a22d97ec84eb0bdc020f730
Opcode Fuzzy Hash: b2940da279178d52d300a107a17ae15eec2d589e00f1cb7f69ca898d8cb3dc24
Instruction Fuzzy Hash: D411A530A1A55E8EEB92EFB888585F97FE0FF09301F0105BAD418C7066DE34A2418B41

Function 00007FFD9B8ACB80 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a8860f3ccfab78171d72eedea6d70bd1d149b6de16e635b19bd2855cd8daffe
Instruction ID: 7af4d16136465b8612661b88a10cff01f1762df37c997a6dc2d4db1247d18a1f
Opcode Fuzzy Hash: 8a8860f3ccfab78171d72eedea6d70bd1d149b6de16e635b19bd2855cd8daffe
Instruction Fuzzy Hash: 24116D30A0A65E8EEB56AF6488685B97BA0FF09304F0108BBD419C71E6DE356585CB61

Function 00007FFD9B8B723D Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6dc149f7d2d5d7c7fb2e9c587997ad48f58ea90e0d077d166394c99535c4c5b
Instruction ID: 86fed90ea1025ae9d6950d737befa96131c1b6f78013e8b1a3bcdb7a81908276
Opcode Fuzzy Hash: e6dc149f7d2d5d7c7fb2e9c587997ad48f58ea90e0d077d166394c99535c4c5b
Instruction Fuzzy Hash: 7711C834A0A64F4FEBA9DF64C4656B97BA0FF59300F0101BEE41EC21E2DE356550CB81

Function 00007FFD9B8B5299 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 506b4fe3fd9235af415f2b9d62f5aad1d2d53b83aa9d3ad1745e500578cfdae5
Instruction ID: b65d8b18e8249b4d28150234b0a2c3eb219d67bfc58082d6de120f5aefa1565a
Opcode Fuzzy Hash: 506b4fe3fd9235af415f2b9d62f5aad1d2d53b83aa9d3ad1745e500578cfdae5
Instruction Fuzzy Hash: 1E119331A0A68E8FEB59EB6488792FD7BE0FF19300F0504BED41DC75E2DA7596408B41

Function 00007FFD9B8B520D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fdd44055a1b63ce59afa76a49c058468d139c1ad0edc60ef377940492adc0aa
Instruction ID: 9309181cbae3d0004600564381fd77fe6a307dba51de55754815a7c11b4ec9f1
Opcode Fuzzy Hash: 2fdd44055a1b63ce59afa76a49c058468d139c1ad0edc60ef377940492adc0aa
Instruction Fuzzy Hash: 81119430A0A65E4FEB59DB7488796F97BE1FF19300F0105BED41DC61E2DE24A640CB81

Function 00007FFD9B8ABE45 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80df4b0bdfae35c341379f5793841db77ae29d18cab0b0676a66128c43d5f73a
Instruction ID: d8188de8a50b4b24343c79925993de3a22d123af69fd068523f95350c3437059
Opcode Fuzzy Hash: 80df4b0bdfae35c341379f5793841db77ae29d18cab0b0676a66128c43d5f73a
Instruction Fuzzy Hash: 33118E30A0AA4E8FEB55EFA8C8682BD7BE0FF18301F4105BED419C61A2DB35A650C740

Function 00007FFD9B8B7781 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c70355f95d7a21a26235c43ea83eb5a30786361c2f06e9ed7296aadec87a677
Instruction ID: b68702dd1e28ac8b8095b1d676c59cce05ca4077080ed7f1c6927977b9663d9c
Opcode Fuzzy Hash: 6c70355f95d7a21a26235c43ea83eb5a30786361c2f06e9ed7296aadec87a677
Instruction Fuzzy Hash: 5C116134A1E65E8FE751EBB8C8586A97BF4FF19301F0505B6D418C70A5DE38A2848B91

Function 00007FFD9B8AB09A Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69a7e67a79a4f7814acbddb1f089186eaca529e8ba3724c3c3a3a8bd58710a34
Instruction ID: 7a89d008587421f8bd11dab9ab432ff2f4b01a3e2a277ae7b5841bc7aa5fb736
Opcode Fuzzy Hash: 69a7e67a79a4f7814acbddb1f089186eaca529e8ba3724c3c3a3a8bd58710a34
Instruction Fuzzy Hash: F8117030A1990E4EEB61FBB888985BD7BE5FF5D340F42457AD428D31A6EE34A6448710

Function 00007FFD9B8B504D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84751bebe1f3e625932aea73040d1104a5ddc431c0dc317bdfdd1645fb17aeb2
Instruction ID: f6ba9184cbb453cbb918da54bd185a9a0697aa8953d43d4365c96fc7408e6f21
Opcode Fuzzy Hash: 84751bebe1f3e625932aea73040d1104a5ddc431c0dc317bdfdd1645fb17aeb2
Instruction Fuzzy Hash: 71116D70A0A65E8FEB59EB7888796FD7BF0FF18304F0105BED419C21A6DA3465418B81

Function 00007FFD9B8AC6A9 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 896532f139be251aa813d03b016db30bb6d9cfc6bf21fb18639a553c3b0dfd91
Instruction ID: 29a4f56219b7f5f56e9a6eafbab76790b4fd39f8e5a12eb20b96c24d25f8f439
Opcode Fuzzy Hash: 896532f139be251aa813d03b016db30bb6d9cfc6bf21fb18639a553c3b0dfd91
Instruction Fuzzy Hash: 1E11AC30A0E68E8FDB59DF64C8691B93FA1FF59304F1204BFD419C61A2CA39A650CB51

Function 00007FFD9B8B25B1 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85553f0b80c0e6544f21551e4b2206ffa08be384c35da4fcfdc25f481151a281
Instruction ID: cf82a1b229f5808010d0dcd8483a5dcf907b0ce8cb8967e6ff73e5fc298a0d71
Opcode Fuzzy Hash: 85553f0b80c0e6544f21551e4b2206ffa08be384c35da4fcfdc25f481151a281
Instruction Fuzzy Hash: D001B130A1A20D8FDB599FB4C464AFA3BA0EF19304F0205BEE40AC60E2DA35A650CB41

Function 00007FFD9B8A2DD1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 962b904ee9fe476cc279613278248a3d3ddb2b74e58fbc7d64095723da883e0e
Instruction ID: d4db58c7ccfc17902360d4db759c5a5d920044707bc556f4d11f2a9ed2ea167e
Opcode Fuzzy Hash: 962b904ee9fe476cc279613278248a3d3ddb2b74e58fbc7d64095723da883e0e
Instruction Fuzzy Hash: E3018430E1E64E8FE761EFA4C8695A97BE0FF19304F0645B6D40CC70A6EB34E6948710

Function 00007FFD9B8B2F0E Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0095d2b9e680d26723d2290c8197edc831e5b9b8842469f0d2e867d015562fc1
Instruction ID: f84a6d726b78a2695d2bad8c24adac7bdf9eaa8c8ec87d3396789d1dcab399b5
Opcode Fuzzy Hash: 0095d2b9e680d26723d2290c8197edc831e5b9b8842469f0d2e867d015562fc1
Instruction Fuzzy Hash: FE114574E1561E8BEB20DFE8D8542EDBBF1FF88310F14412AC408E7292DB78A9098F50

Function 00007FFD9B8B7F29 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7e1392d84a6b886fe773e5d524bf0bade4a5068232b0c0f3c8b7d3ae61a43c9
Instruction ID: f9ec3eefbe4c2e74279caccb54da50e962d8f076fed1b4a674526598785ef536
Opcode Fuzzy Hash: e7e1392d84a6b886fe773e5d524bf0bade4a5068232b0c0f3c8b7d3ae61a43c9
Instruction Fuzzy Hash: D1018034A4A78E4FDB56AF7488655BD3BA0FF19304F0204FED419C72E2DA25A654CB81

Function 00007FFD9B8AAF80 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5dd815bba7dbbdbc3a8250d373b3ecc776829024a61d754ae55f840481e3a06
Instruction ID: e9318a4f97dd58259332a9cf1afe126c4f2b408f0e07dd457bf0d0f41e7ce9f5
Opcode Fuzzy Hash: a5dd815bba7dbbdbc3a8250d373b3ecc776829024a61d754ae55f840481e3a06
Instruction Fuzzy Hash: C0018831A0A90D8AEB99DFA888692B977D4FF19304F11047ED01EC61E5DF357550CA11

Function 00007FFD9B8A27AD Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a741fb6cc301d38ed81e36d7b521c833ce8c7c979120ac76a44e40f18850e185
Instruction ID: 5997cd7ac1271758a8ea49105494702addc25d9ab7f88cd3dad3b09a2a9806df
Opcode Fuzzy Hash: a741fb6cc301d38ed81e36d7b521c833ce8c7c979120ac76a44e40f18850e185
Instruction Fuzzy Hash: 60017130A5E64E8FE761EFA488585A97BE0FF19300F0245B6D408C71A6EA38E6448711

Function 00007FFD9B8B10C0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 507a4f44de25b15d3f244b4de45a0ce13c1011a5b6b0472f0e53d6ed4016016a
Instruction ID: 4fa5be35a95488d85ee7a13da457f344feca071cbcb46ee611545ea0a14fd83a
Opcode Fuzzy Hash: 507a4f44de25b15d3f244b4de45a0ce13c1011a5b6b0472f0e53d6ed4016016a
Instruction Fuzzy Hash: D1012C30E2991E8EEB94EFA4C4696BE77E0FF18305F11047AD42ED61A5DE35A650CB40

Function 00007FFD9B8B7909 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e07c3d09d3d8a109ebe701b11e7d222e6c854952e8bb8c2d9b30ed7b2d68f377
Instruction ID: 59867d0d5a450918f29a865ec3e1c5079bdd3b0cefd779458b40958bc5c1d40c
Opcode Fuzzy Hash: e07c3d09d3d8a109ebe701b11e7d222e6c854952e8bb8c2d9b30ed7b2d68f377
Instruction Fuzzy Hash: D7018430A4E74A4FE752E77484595A93BE1EF0A310F0649F6C408C70B7DA28A544CB41

Function 00007FFD9B8A1BCD Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd31f5ca6d466caa6632ed0ed8531cb51000561ae8f280cf8c0d7fe2082a7f08
Instruction ID: 1dc766cea5e38acf1385e79e7196a615995370499e8b95323987178ecd9efb39
Opcode Fuzzy Hash: bd31f5ca6d466caa6632ed0ed8531cb51000561ae8f280cf8c0d7fe2082a7f08
Instruction Fuzzy Hash: A701D630A0F64E8FEB55EF24C8656B93BA1FF5A301F45057ED40CC61A2DB399950C750

Function 00007FFD9B8A2E49 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 595e794e5667d7271c45b47d43d4a01d77a1be92fd67df9fa2132df7d3dac749
Instruction ID: 9b167f4eb906c9e2aa1f04bee1d4f567535d98b2940263970d8502d2f11bb2d0
Opcode Fuzzy Hash: 595e794e5667d7271c45b47d43d4a01d77a1be92fd67df9fa2132df7d3dac749
Instruction Fuzzy Hash: 2B018430A5E68E4FE762EBB489695A97BE0EF5A300F4604F6D40CC70B7DA28A5948711

Function 00007FFD9B8A05D8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc317a98c80e001b00c1f0f9fd106eb58d1794db363a1c3a80884b260527f604
Instruction ID: 0a48217a45d833310ed4b66e26a6b201cef42e48b8d61b9fdcbc664fa9fedc37
Opcode Fuzzy Hash: bc317a98c80e001b00c1f0f9fd106eb58d1794db363a1c3a80884b260527f604
Instruction Fuzzy Hash: 2A014B30A0990E8FEB98FF64C4696BA77E2FF5D305F21447ED40EC21A4DA35A691CB50

Function 00007FFD9B8AAC19 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47fe79990bebe31a54738c6c44f8c357aa45251d680316c1f59bd9cc8411e68e
Instruction ID: 86f672924376e3b90f33ba93b82df2090d2f345415ce9b957d3108531e5bfffb
Opcode Fuzzy Hash: 47fe79990bebe31a54738c6c44f8c357aa45251d680316c1f59bd9cc8411e68e
Instruction Fuzzy Hash: 10018830A4E64D9FE761EB7488695A97BE0EF19300F0608F6D008C74B6DE38A5448711

Function 00007FFD9B8A0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e52d492059fc1f15b40bbd5a3287f54035fa3ae17e86451610b442885c9a5195
Instruction ID: c5a8c22f290befa0533cdba44e14b7eb0e9da7423ebaa39fcbc6aa80ee2ebb1f
Opcode Fuzzy Hash: e52d492059fc1f15b40bbd5a3287f54035fa3ae17e86451610b442885c9a5195
Instruction Fuzzy Hash: C4018130A1A90ECAEB68EFA4C4686B973E0FF1D305F11087ED41EC21E5DE35B650CA50

Function 00007FFD9B8A0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a622afbe84bf3e699f00441afa290f1ef7dc20394452730f86e45298119c5f5c
Instruction ID: 5f74dc0ff5b2dc5407d2dfc61fd3e81d56818422bb1367d1929215d7070cd0d5
Opcode Fuzzy Hash: a622afbe84bf3e699f00441afa290f1ef7dc20394452730f86e45298119c5f5c
Instruction Fuzzy Hash: 77016D30A1950E8AEB69EFA4C4696B972E0FF18304F11087EE41EC21E5DE39B654CA10

Function 00007FFD9B8AAFD1 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a05a8e97a37f7a9c6c6c9d2ebcd7845ce7dafeb3fe5fe31fdbac67ebc422118
Instruction ID: b72ed2ae8a9bb1000ae86b6b374074527583fbf7b3512fe9ce87dfb585e34192
Opcode Fuzzy Hash: 6a05a8e97a37f7a9c6c6c9d2ebcd7845ce7dafeb3fe5fe31fdbac67ebc422118
Instruction Fuzzy Hash: 1A01F931A0E64EC9FBAD6FB85C381F93794AF09304F0501BEE45DC61E2EF6871548601

Function 00007FFD9B8A1180 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbf47f367c1d7c7982451f58de95c0efebfd6aaad94823d373faaf57116f9d32
Instruction ID: b4970d2a63e7273843069426be7739935555c6cc90bada30c3e7b1377b40d552
Opcode Fuzzy Hash: dbf47f367c1d7c7982451f58de95c0efebfd6aaad94823d373faaf57116f9d32
Instruction Fuzzy Hash: 8BF0A470E1A54E89FBA4ABA498686F97BE4FF5A304F01143EE41EC21E1EE245214C610

Function 00007FFD9B8AC725 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e39a424461dba05abd8cbe5051f51ac8824031f38f17f9dfe0b2fb09fb9a375
Instruction ID: dfc3253f170b2e9bd3f1982b6e18e6c6fae1cdac04640f7f3b7279e3e1310ac2
Opcode Fuzzy Hash: 2e39a424461dba05abd8cbe5051f51ac8824031f38f17f9dfe0b2fb09fb9a375
Instruction Fuzzy Hash: 61F0CD31A0E68D8FEBA59F684C391E53BD4EF59304F0604BED458C51E1EB2465108701

Function 00007FFD9B8A26C9 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 563be68e56f3b88e2ba2e93a3e8fb1e5ad1064291a9a480ec89694593dfe18fa
Instruction ID: 3f0ba21fc659b2a3ce552344d126011aed7dbd8ea6256c4cd780c77248c984e3
Opcode Fuzzy Hash: 563be68e56f3b88e2ba2e93a3e8fb1e5ad1064291a9a480ec89694593dfe18fa
Instruction Fuzzy Hash: 59F0C83090F78D8FDB6A9F6088355A93BB0BF09200F0605BBD409C61E3DA28A648C741

Function 00007FFD9B8A273D Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 554990a6bbb40049be142b9e4d463f890d0853a735ca8a8c5cc4ef70679af52d
Instruction ID: 7c64c862289ef19e0c58f9ee316292ba14cf1c9f16f90019c4c122eec9e5afe4
Opcode Fuzzy Hash: 554990a6bbb40049be142b9e4d463f890d0853a735ca8a8c5cc4ef70679af52d
Instruction Fuzzy Hash: 3BF0B43090F78E8FEB799FA488252F97BA0FF09700F4105BAE819C51E5DB38A650CB41

Function 00007FFD9B8B79FF Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de98d39c607ac2eb3744f4f4ab6faea36ed4ede948de4b169b96cb917113e4b0
Instruction ID: 2618f890b0f0bb27b2a8a1a114b8911fff0b8d8e2d20d80f8044a3e3f9052b33
Opcode Fuzzy Hash: de98d39c607ac2eb3744f4f4ab6faea36ed4ede948de4b169b96cb917113e4b0
Instruction Fuzzy Hash: 49F03C35E0A21E8BDB68CFA0D0A05FD76B5AB08321F25513EC016A22E0CA386784CF94

Function 00007FFD9B8AB3C9 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d58574abb7f767940b2a7567c3b9e2d803477ff818640d22d07dbe2f273a3ed
Instruction ID: 2c14e2240ab238ffc4bdf698b494929ccc99741edc610a504be06088e1fa32e9
Opcode Fuzzy Hash: 0d58574abb7f767940b2a7567c3b9e2d803477ff818640d22d07dbe2f273a3ed
Instruction Fuzzy Hash: 80F0FF70A1992D9FDBA5EB14C455BE9B3B1FF6C300F1181E6D40DD3165DE34AA828F40

Function 00007FFD9B8AD94C Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a3d5667636a29e83ed4da61000e3249eb79a4dc77f0ab92625db0ec26d6f4d
Instruction ID: ea018c744fbf5092ebcf5d979ae819be75a9768351e5cff9cbd387dede5db369
Opcode Fuzzy Hash: c6a3d5667636a29e83ed4da61000e3249eb79a4dc77f0ab92625db0ec26d6f4d
Instruction Fuzzy Hash: E2F0E7B1E0521E8FDF54DF95C8506FDB7F1AB58311F11057AE405E32A2EA78AA04CF64

Function 00007FFD9B8A0FDB Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 487e9ce59c993ba82092c2c9a1db686ab2276043e046119e6a8a5f62a03d9bf2
Instruction ID: 825d7e03369ccc875045e67f4c56d1b250a5a5b40b08ac6012af79abab607f52
Opcode Fuzzy Hash: 487e9ce59c993ba82092c2c9a1db686ab2276043e046119e6a8a5f62a03d9bf2
Instruction Fuzzy Hash: A9F03931E1061D8BDB54EB98E8107EEB7B0FB48304F4140B2D10CE3295DE34AE418F90

Function 00007FFD9B8A16E0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fe8a46c296d93708f61b05d60e40878e9e488cc7cac960711ac09eb02f71a12
Instruction ID: 44f609c277306717eb325cecf8c725b5f5aca35b5ec4124e37adde3f4bd37e52
Opcode Fuzzy Hash: 0fe8a46c296d93708f61b05d60e40878e9e488cc7cac960711ac09eb02f71a12
Instruction Fuzzy Hash: 3BE06D20F0A88A4AEB34B398809463461D19F4A304FBA8675F01CCA1F1EB2CEE82C310

Function 00007FFD9B8B569B Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8b1000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de28bad2204bd186bce7c5bbbacd2ad57f1fd2519fe1914aa54f8c22c50d62a3
Instruction ID: 82e5e4b8fe2176ceb4bd58d0c713400e4a375d75511df48ef01d4cb9e0c112d1
Opcode Fuzzy Hash: de28bad2204bd186bce7c5bbbacd2ad57f1fd2519fe1914aa54f8c22c50d62a3
Instruction Fuzzy Hash: 80D0C972E5AA1D9FEBA0DB6884DE2ECB7F1FF59304B41412AE40893152DF3014129B40

Function 00007FFD9B8A05D3 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8a0000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f565e131ce32ce36d5ac2507e896677e4ad0e3b9cec7d75cfa652a1b902955f6
Instruction ID: eaacfaec10e4d67cdbbbc693f8c49ca440c6f8f52ed316c179427d583787d073
Opcode Fuzzy Hash: f565e131ce32ce36d5ac2507e896677e4ad0e3b9cec7d75cfa652a1b902955f6
Instruction Fuzzy Hash:

Non-executed Functions

Function 00007FFD9B8AEB19 Relevance: 5.1, Strings: 4, Instructions: 89COMMON

Download Yara Rule

Strings

', xrefs: 00007FFD9B8AEB84
", xrefs: 00007FFD9B8AEB74
f, xrefs: 00007FFD9B8AEC42
H, xrefs: 00007FFD9B8AEBEE

Memory Dump Source

Source File: 00000027.00000002.1777349142.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b8aa000_hVZrtkHODdjkrqRpmkkd.jbxd

Similarity

API ID:
String ID: "$'$H$f
API String ID: 0-779256357
Opcode ID: e4dead151e577b6d9eda1f6fbd7c07447640bfc45a04c859b7b19d5abf55e167
Instruction ID: 7bd0d0d3c9aff0f5b0a875175fdcc71eaeb10dfc618393ff3b1df52ea7e2a699
Opcode Fuzzy Hash: e4dead151e577b6d9eda1f6fbd7c07447640bfc45a04c859b7b19d5abf55e167
Instruction Fuzzy Hash: EF41F670E0562D8FEBA8DF54C895BADB7B2EF58301F5085EAD40DA3691CB385A81CF50

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report WiJVUxlOHs.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DCRat

Yara Signatures

Memory Dumps

Sigma Signatures

System Summary

Persistence and Installation Behavior

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Reference Assemblies\Microsoft\13a54417f66e9d

C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe

C:\Program Files\Reference Assemblies\Microsoft\hVZrtkHODdjkrqRpmkkd.exe:Zone.Identifier

C:\Program Files\Windows Media Player\13a54417f66e9d

C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe

C:\Program Files\Windows Media Player\hVZrtkHODdjkrqRpmkkd.exe:Zone.Identifier

C:\Program Files\Windows NT\13a54417f66e9d

C:\Program Files\Windows NT\TableTextService\en-US\13a54417f66e9d

C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe

C:\Program Files\Windows NT\TableTextService\en-US\hVZrtkHODdjkrqRpmkkd.exe:Zone.Identifier

C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe

C:\Program Files\Windows NT\hVZrtkHODdjkrqRpmkkd.exe:Zone.Identifier

C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe

C:\Program Files\Windows Portable Devices\backgroundTaskHost.exe:Zone.Identifier

C:\Program Files\Windows Portable Devices\eddb19405b7ce1

C:\Program Files\Windows Sidebar\13a54417f66e9d

C:\Program Files\Windows Sidebar\hVZrtkHODdjkrqRpmkkd.exe

Windows Analysis Report
WiJVUxlOHs.exe