Edit tour

Windows Analysis Report
Duq6x6p2Pd.exe

Overview

General Information

Sample name:	Duq6x6p2Pd.exe renamed because original name is a hash value
Original sample name:	37f802ced3decc7e6fe7d86cb36e4ab2.exe
Analysis ID:	1501607
MD5:	37f802ced3decc7e6fe7d86cb36e4ab2
SHA1:	8a6f8e3994b478b814b1c998be4bd3e30be5b2ca
SHA256:	7d98611283d499f433863f442985ffa41f5a83df0becca0f8f65ec60c1174bd5
Tags:	DCRatexe
Infos:

Detection

DCRat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected DCRat

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

AI detected suspicious sample

Creates processes via WMI

Drops PE files to the user root directory

Drops PE files with benign system names

Machine Learning detection for dropped file

Machine Learning detection for sample

Sigma detected: Files With System Process Name In Unsuspected Locations

Sigma detected: System File Execution Location Anomaly

Uses schtasks.exe or at.exe to add and modify task schedules

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Drops PE files to the user directory

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Schtasks From Env Var Folder

Uses 32bit PE files

Classification

Process Tree

System is w10x64

Duq6x6p2Pd.exe (PID: 7440 cmdline: "C:\Users\user\Desktop\Duq6x6p2Pd.exe" MD5: 37F802CED3DECC7E6FE7D86CB36E4AB2)

schtasks.exe (PID: 7496 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 13 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7512 cmdline: schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7528 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 8 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7544 cmdline: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 6 /tr "'C:\Users\Public\Desktop\JjUyoQCSby.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7560 cmdline: schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Users\Public\Desktop\JjUyoQCSby.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7576 cmdline: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Desktop\JjUyoQCSby.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7592 cmdline: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 10 /tr "'C:\Recovery\JjUyoQCSby.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7608 cmdline: schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Recovery\JjUyoQCSby.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7624 cmdline: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 9 /tr "'C:\Recovery\JjUyoQCSby.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7640 cmdline: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 11 /tr "'C:\Users\Default User\JjUyoQCSby.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7664 cmdline: schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Users\Default User\JjUyoQCSby.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7680 cmdline: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 8 /tr "'C:\Users\Default User\JjUyoQCSby.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7700 cmdline: schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 8 /tr "'C:\Recovery\SgrmBroker.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7728 cmdline: schtasks.exe /create /tn "SgrmBroker" /sc ONLOGON /tr "'C:\Recovery\SgrmBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7744 cmdline: schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 11 /tr "'C:\Recovery\SgrmBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7768 cmdline: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 7 /tr "'C:\Recovery\JjUyoQCSby.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7784 cmdline: schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Recovery\JjUyoQCSby.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7800 cmdline: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 14 /tr "'C:\Recovery\JjUyoQCSby.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7816 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 11 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7832 cmdline: schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7848 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 7 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7872 cmdline: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\microsoft office\JjUyoQCSby.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7888 cmdline: schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft office\JjUyoQCSby.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7916 cmdline: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\microsoft office\JjUyoQCSby.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 8032 cmdline: schtasks.exe /create /tn "servicess" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows portable devices\services.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 8052 cmdline: schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files (x86)\windows portable devices\services.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 8076 cmdline: schtasks.exe /create /tn "servicess" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows portable devices\services.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 8104 cmdline: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 9 /tr "'C:\Windows\Vss\JjUyoQCSby.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 8124 cmdline: schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Windows\Vss\JjUyoQCSby.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 8176 cmdline: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 11 /tr "'C:\Windows\Vss\JjUyoQCSby.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

services.exe (PID: 4900 cmdline: "C:\Program Files (x86)\windows portable devices\services.exe" MD5: 37F802CED3DECC7E6FE7D86CB36E4AB2)

JjUyoQCSby.exe (PID: 7864 cmdline: C:\Recovery\JjUyoQCSby.exe MD5: 37F802CED3DECC7E6FE7D86CB36E4AB2)

JjUyoQCSby.exe (PID: 7900 cmdline: "C:\Program Files (x86)\microsoft office\JjUyoQCSby.exe" MD5: 37F802CED3DECC7E6FE7D86CB36E4AB2)

SgrmBroker.exe (PID: 7936 cmdline: C:\Recovery\SgrmBroker.exe MD5: 37F802CED3DECC7E6FE7D86CB36E4AB2)

SgrmBroker.exe (PID: 7984 cmdline: C:\Recovery\SgrmBroker.exe MD5: 37F802CED3DECC7E6FE7D86CB36E4AB2)

StartMenuExperienceHost.exe (PID: 8060 cmdline: C:\Recovery\StartMenuExperienceHost.exe MD5: 37F802CED3DECC7E6FE7D86CB36E4AB2)

StartMenuExperienceHost.exe (PID: 8092 cmdline: C:\Recovery\StartMenuExperienceHost.exe MD5: 37F802CED3DECC7E6FE7D86CB36E4AB2)

services.exe (PID: 4320 cmdline: "C:\Program Files (x86)\windows portable devices\services.exe" MD5: 37F802CED3DECC7E6FE7D86CB36E4AB2)

services.exe (PID: 2800 cmdline: "C:\Program Files (x86)\windows portable devices\services.exe" MD5: 37F802CED3DECC7E6FE7D86CB36E4AB2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://axmahr.github.io/posts/asyncrat-detection/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"k\":\")\",\"B\":\".\",\"c\":\"!\",\"Y\":\"%\",\"M\":\"|\",\"v\":\"-\",\"I\":\";\",\"Q\":\">\",\"3\":\"_\",\"J\":\"~\",\"o\":\"&\",\"L\":\"(\",\"X\":\"<\",\"z\":\"`\",\"w\":\" \",\"N\":\"^\",\"h\":\",\",\"R\":\"#\",\"i\":\"$\",\"j\":\"*\",\"d\":\"@\"}", "PCRT": "{\"t\":\"^\",\"z\":\"#\",\"C\":\"%\",\"B\":\";\",\"U\":\"<\",\"V\":\"*\",\"0\":\"_\",\"8\":\"@\",\"F\":\" \",\"o\":\">\",\"G\":\"$\",\"d\":\"&\",\"Q\":\"`\",\"D\":\".\",\"Z\":\"!\",\"M\":\")\",\"N\":\"(\",\"K\":\",\",\"W\":\"-\",\"R\":\"~\",\"c\":\"|\"}", "TAG": "", "MUTEX": "DCR_MUTEX-yaCwbdvVK8u48vnJg8fa", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
0000001C.00000002.1771784503.000000000277C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000021.00000002.1780501594.0000000002C70000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.1690413959.0000000003026000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000026.00000002.1789341240.00000000030AD000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001C.00000002.1771784503.0000000002750000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000021.00000002.1780501594.0000000002C9D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000016.00000002.1765717373.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.1690413959.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000025.00000002.1768766144.00000000027A1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001B.00000002.1771961423.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000027.00000002.1789225216.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001F.00000002.1772404761.0000000002F41000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.1691528153.0000000012C51000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: Duq6x6p2Pd.exe PID: 7440	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: JjUyoQCSby.exe PID: 7864	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: SgrmBroker.exe PID: 7936	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: SgrmBroker.exe PID: 7984	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: StartMenuExperienceHost.exe PID: 8060	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: StartMenuExperienceHost.exe PID: 8092	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: services.exe PID: 4900	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: services.exe PID: 4320	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: services.exe PID: 2800	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Click to see the 17 entries

Sigma Signatures

System Summary

Sigma detected: Files With System Process Name In Unsuspected Locations

Source: File created

Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\Duq6x6p2Pd.exe, ProcessId: 7440, TargetFilename: C:\Program Files (x86)\windows portable devices\services.exe

Sigma detected: System File Execution Location Anomaly

Source: Process started

Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Program Files (x86)\windows portable devices\services.exe" , CommandLine: "C:\Program Files (x86)\windows portable devices\services.exe" , CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Windows Portable Devices\services.exe, NewProcessName: C:\Program Files (x86)\Windows Portable Devices\services.exe, OriginalFileName: C:\Program Files (x86)\Windows Portable Devices\services.exe, ParentCommandLine: "C:\Users\user\Desktop\Duq6x6p2Pd.exe", ParentImage: C:\Users\user\Desktop\Duq6x6p2Pd.exe, ParentProcessId: 7440, ParentProcessName: Duq6x6p2Pd.exe, ProcessCommandLine: "C:\Program Files (x86)\windows portable devices\services.exe" , ProcessId: 4900, ProcessName: services.exe

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 6 /tr "'C:\Users\Public\Desktop\JjUyoQCSby.exe'" /f, CommandLine: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 6 /tr "'C:\Users\Public\Desktop\JjUyoQCSby.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Duq6x6p2Pd.exe", ParentImage: C:\Users\user\Desktop\Duq6x6p2Pd.exe, ParentProcessId: 7440, ParentProcessName: Duq6x6p2Pd.exe, ProcessCommandLine: schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 6 /tr "'C:\Users\Public\Desktop\JjUyoQCSby.exe'" /f, ProcessId: 7544, ProcessName: schtasks.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: "C:\Program Files (x86)\windows portable devices\services.exe" , CommandLine: "C:\Program Files (x86)\windows portable devices\services.exe" , CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Windows Portable Devices\services.exe, NewProcessName: C:\Program Files (x86)\Windows Portable Devices\services.exe, OriginalFileName: C:\Program Files (x86)\Windows Portable Devices\services.exe, ParentCommandLine: "C:\Users\user\Desktop\Duq6x6p2Pd.exe", ParentImage: C:\Users\user\Desktop\Duq6x6p2Pd.exe, ParentProcessId: 7440, ParentProcessName: Duq6x6p2Pd.exe, ProcessCommandLine: "C:\Program Files (x86)\windows portable devices\services.exe" , ProcessId: 4900, ProcessName: services.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Duq6x6p2Pd.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Recovery\SgrmBroker.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Recovery\StartMenuExperienceHost.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984

Found malware configuration

Source: 00000000.00000002.1691528153.0000000012C51000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: DCRat {"SCRT": "{\"k\":\")\",\"B\":\".\",\"c\":\"!\",\"Y\":\"%\",\"M\":\"|\",\"v\":\"-\",\"I\":\";\",\"Q\":\">\",\"3\":\"_\",\"J\":\"~\",\"o\":\"&\",\"L\":\"(\",\"X\":\"<\",\"z\":\"`\",\"w\":\" \",\"N\":\"^\",\"h\":\",\",\"R\":\"#\",\"i\":\"$\",\"j\":\"*\",\"d\":\"@\"}", "PCRT": "{\"t\":\"^\",\"z\":\"#\",\"C\":\"%\",\"B\":\";\",\"U\":\"<\",\"V\":\"*\",\"0\":\"_\",\"8\":\"@\",\"F\":\" \",\"o\":\">\",\"G\":\"$\",\"d\":\"&\",\"Q\":\"`\",\"D\":\".\",\"Z\":\"!\",\"M\":\")\",\"N\":\"(\",\"K\":\",\",\"W\":\"-\",\"R\":\"~\",\"c\":\"|\"}", "TAG": "", "MUTEX": "DCR_MUTEX-yaCwbdvVK8u48vnJg8fa", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false}

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	ReversingLabs: Detection: 84%
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Virustotal: Detection: 80%	Perma Link
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	ReversingLabs: Detection: 84%
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Virustotal: Detection: 80%	Perma Link
Source: C:\Recovery\JjUyoQCSby.exe	ReversingLabs: Detection: 84%
Source: C:\Recovery\JjUyoQCSby.exe	Virustotal: Detection: 80%	Perma Link
Source: C:\Recovery\SgrmBroker.exe	ReversingLabs: Detection: 84%
Source: C:\Recovery\SgrmBroker.exe	Virustotal: Detection: 80%	Perma Link
Source: C:\Recovery\StartMenuExperienceHost.exe	ReversingLabs: Detection: 84%
Source: C:\Recovery\StartMenuExperienceHost.exe	Virustotal: Detection: 80%	Perma Link
Source: C:\Users\Default\JjUyoQCSby.exe	ReversingLabs: Detection: 84%
Source: C:\Users\Default\JjUyoQCSby.exe	Virustotal: Detection: 80%	Perma Link
Source: C:\Users\Public\Desktop\JjUyoQCSby.exe	ReversingLabs: Detection: 84%
Source: C:\Users\Public\Desktop\JjUyoQCSby.exe	Virustotal: Detection: 80%	Perma Link
Source: C:\Windows\Vss\JjUyoQCSby.exe	ReversingLabs: Detection: 84%
Source: C:\Windows\Vss\JjUyoQCSby.exe	Virustotal: Detection: 80%	Perma Link

Multi AV Scanner detection for submitted file

Source: Duq6x6p2Pd.exe	ReversingLabs: Detection: 84%
Source: Duq6x6p2Pd.exe	Virustotal: Detection: 80%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Recovery\SgrmBroker.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Joe Sandbox ML: detected
Source: C:\Recovery\StartMenuExperienceHost.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: Duq6x6p2Pd.exe

Joe Sandbox ML: detected

Source: Duq6x6p2Pd.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: Duq6x6p2Pd.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa

Source: Duq6x6p2Pd.exe, 00000000.00000002.1690413959.0000000003026000.00000004.00000800.00020000.00000000.sdmp

String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	File created: C:\Windows\Vss\JjUyoQCSby.exe	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	File created: C:\Windows\Vss\JjUyoQCSby.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	File created: C:\Windows\Vss\a010d8a77ca910	Jump to behavior

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Code function: 0_2_00007FFD9B6B35D5	0_2_00007FFD9B6B35D5
Source: C:\Recovery\JjUyoQCSby.exe	Code function: 22_2_00007FFD9B6E35D5	22_2_00007FFD9B6E35D5
Source: C:\Recovery\SgrmBroker.exe	Code function: 27_2_00007FFD9B6D35D5	27_2_00007FFD9B6D35D5
Source: C:\Recovery\SgrmBroker.exe	Code function: 28_2_00007FFD9B6E35D5	28_2_00007FFD9B6E35D5
Source: C:\Recovery\StartMenuExperienceHost.exe	Code function: 31_2_00007FFD9B6E35D5	31_2_00007FFD9B6E35D5
Source: C:\Recovery\StartMenuExperienceHost.exe	Code function: 33_2_00007FFD9B6B35D5	33_2_00007FFD9B6B35D5
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Code function: 37_2_00007FFD9B6B35D5	37_2_00007FFD9B6B35D5
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Code function: 38_2_00007FFD9B6C35D5	38_2_00007FFD9B6C35D5
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Code function: 39_2_00007FFD9B6E63A1	39_2_00007FFD9B6E63A1
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Code function: 39_2_00007FFD9B6E7798	39_2_00007FFD9B6E7798
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Code function: 39_2_00007FFD9B6E27F8	39_2_00007FFD9B6E27F8
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Code function: 39_2_00007FFD9B6E726D	39_2_00007FFD9B6E726D
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Code function: 39_2_00007FFD9B6E3D08	39_2_00007FFD9B6E3D08
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Code function: 39_2_00007FFD9B6E52ED	39_2_00007FFD9B6E52ED
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Code function: 39_2_00007FFD9B6E0B85	39_2_00007FFD9B6E0B85
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Code function: 39_2_00007FFD9B6E48BC	39_2_00007FFD9B6E48BC
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Code function: 39_2_00007FFD9B6E20ED	39_2_00007FFD9B6E20ED
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Code function: 39_2_00007FFD9B6D35D5	39_2_00007FFD9B6D35D5

Source: Duq6x6p2Pd.exe	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: JjUyoQCSby.exe.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: JjUyoQCSby.exe0.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: SgrmBroker.exe.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: JjUyoQCSby.exe1.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970

Source: Duq6x6p2Pd.exe, 00000000.00000002.1690337340.0000000002B10000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs Duq6x6p2Pd.exe
Source: Duq6x6p2Pd.exe, 00000000.00000000.1650874934.0000000000942000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs Duq6x6p2Pd.exe
Source: Duq6x6p2Pd.exe, 00000000.00000002.1693775932.000000001C3B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs Duq6x6p2Pd.exe
Source: Duq6x6p2Pd.exe, 00000000.00000002.1690413959.0000000002CB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename( vs Duq6x6p2Pd.exe
Source: Duq6x6p2Pd.exe	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs Duq6x6p2Pd.exe

Source: Duq6x6p2Pd.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: Duq6x6p2Pd.exe, asE6jHXvqpSMc1QyMo3.cs	Cryptographic APIs: 'CreateDecryptor'
Source: Duq6x6p2Pd.exe, asE6jHXvqpSMc1QyMo3.cs	Cryptographic APIs: 'CreateDecryptor'
Source: Duq6x6p2Pd.exe, YmLiQxSYEihNFsjAKgj.cs	Cryptographic APIs: 'TransformBlock'
Source: Duq6x6p2Pd.exe, YmLiQxSYEihNFsjAKgj.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@41/29@1/0

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

File created: C:\Program Files (x86)\microsoft office\JjUyoQCSby.exe

Jump to behavior

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

File created: C:\Users\Public\Desktop\JjUyoQCSby.exe

Jump to behavior

Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\79fb42ced564a49eb83254bf87c9479f18f9e5ef

Source: Duq6x6p2Pd.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Duq6x6p2Pd.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Duq6x6p2Pd.exe	ReversingLabs: Detection: 84%
Source: Duq6x6p2Pd.exe	Virustotal: Detection: 80%

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

File read: C:\Users\user\Desktop\Duq6x6p2Pd.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Duq6x6p2Pd.exe "C:\Users\user\Desktop\Duq6x6p2Pd.exe"
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 13 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 8 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 6 /tr "'C:\Users\Public\Desktop\JjUyoQCSby.exe'" /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Users\Public\Desktop\JjUyoQCSby.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Desktop\JjUyoQCSby.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 10 /tr "'C:\Recovery\JjUyoQCSby.exe'" /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Recovery\JjUyoQCSby.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 9 /tr "'C:\Recovery\JjUyoQCSby.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 11 /tr "'C:\Users\Default User\JjUyoQCSby.exe'" /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Users\Default User\JjUyoQCSby.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 8 /tr "'C:\Users\Default User\JjUyoQCSby.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 8 /tr "'C:\Recovery\SgrmBroker.exe'" /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SgrmBroker" /sc ONLOGON /tr "'C:\Recovery\SgrmBroker.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 11 /tr "'C:\Recovery\SgrmBroker.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 7 /tr "'C:\Recovery\JjUyoQCSby.exe'" /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Recovery\JjUyoQCSby.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 14 /tr "'C:\Recovery\JjUyoQCSby.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 11 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 7 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Recovery\JjUyoQCSby.exe C:\Recovery\JjUyoQCSby.exe
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\microsoft office\JjUyoQCSby.exe'" /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft office\JjUyoQCSby.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe "C:\Program Files (x86)\microsoft office\JjUyoQCSby.exe"
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\microsoft office\JjUyoQCSby.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Recovery\SgrmBroker.exe C:\Recovery\SgrmBroker.exe
Source: unknown	Process created: C:\Recovery\SgrmBroker.exe C:\Recovery\SgrmBroker.exe
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "servicess" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows portable devices\services.exe'" /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files (x86)\windows portable devices\services.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Recovery\StartMenuExperienceHost.exe C:\Recovery\StartMenuExperienceHost.exe
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "servicess" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows portable devices\services.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Recovery\StartMenuExperienceHost.exe C:\Recovery\StartMenuExperienceHost.exe
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 9 /tr "'C:\Windows\Vss\JjUyoQCSby.exe'" /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Windows\Vss\JjUyoQCSby.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 11 /tr "'C:\Windows\Vss\JjUyoQCSby.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Program Files (x86)\Windows Portable Devices\services.exe "C:\Program Files (x86)\windows portable devices\services.exe"
Source: unknown	Process created: C:\Program Files (x86)\Windows Portable Devices\services.exe "C:\Program Files (x86)\windows portable devices\services.exe"
Source: unknown	Process created: C:\Program Files (x86)\Windows Portable Devices\services.exe "C:\Program Files (x86)\windows portable devices\services.exe"
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process created: C:\Program Files (x86)\Windows Portable Devices\services.exe "C:\Program Files (x86)\windows portable devices\services.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: mscoree.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: apphelp.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: kernel.appcore.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: version.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: uxtheme.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: windows.storage.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: wldp.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: profapi.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: cryptsp.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: rsaenh.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: cryptbase.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: mscoree.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: kernel.appcore.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: version.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: uxtheme.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: windows.storage.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: wldp.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: profapi.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: cryptsp.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: rsaenh.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: cryptbase.dll
Source: C:\Recovery\StartMenuExperienceHost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Section loaded: sspicli.dll

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Duq6x6p2Pd.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Duq6x6p2Pd.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: Duq6x6p2Pd.exe, asE6jHXvqpSMc1QyMo3.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: Duq6x6p2Pd.exe, YUKcmRJQ5j3G1JiLB3X.cs	.Net Code: uareHj8glY System.AppDomain.Load(byte[])
Source: Duq6x6p2Pd.exe, YUKcmRJQ5j3G1JiLB3X.cs	.Net Code: uareHj8glY System.Reflection.Assembly.Load(byte[])
Source: Duq6x6p2Pd.exe, YUKcmRJQ5j3G1JiLB3X.cs	.Net Code: uareHj8glY

Source: Duq6x6p2Pd.exe, GOJYMTkEtD700eddlRm.cs	High entropy of concatenated method names: 'fxCSAc98o1gHuJ3g9JU', 'XA3nL49wtHtcVksL4MK', 'eWyMFd9uTaFMv9rvDp6', 'I6bgfr94o7YGb3N54Qm', 'LpttYH9JW7KtuXJIRle', 's7HMhK93ui1EAGd5jWf', 'eBv0yw9lAoacYmNVLo5'
Source: Duq6x6p2Pd.exe, mlum71y8j6r09VC4b4.cs	High entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'LuPwaQuj9ORyMmA9cXn', 'mm9d1hugU0qFXAGQN69', 'gQGvSWuW3NRxJqTbDrd', 'ejTEqQu61ZKKh0xGdht', 'qGPR7QuzY0hR1uYjiiG', 'pNPDj84K3Zv60skPiN9'
Source: Duq6x6p2Pd.exe, L0K3aP3KwGsE9Eqcc3X.cs	High entropy of concatenated method names: 'yJn3d6x5Co', 'I1tZter5Lc7QcZ4wous', 'i7ShXZr9wCrVPkIpDN1', 'smqDUCrd8uhju6YRI1O', 'Dwjwumr1TmyIhL6jhVo', 'DmAhIvrY2aNblQ97rxm', '_3Xh', 'YZ8', '_123', 'G9C'
Source: Duq6x6p2Pd.exe, FwwYcprd38XF9S85aHk.cs	High entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
Source: Duq6x6p2Pd.exe, eubPAirUAXIOkmwLXc8.cs	High entropy of concatenated method names: 'YKXjRx9hYE', 'vAYjxXBfGS', 'B59jK1PkUC', 'L5bjE7wD8K', 'VQMjyZr8YY', 'MXMIs1q6kRqC1LZ1tML', 'S6o8msqzGKrtk2VLjWP', 'JBstItqgDatTcoQdaAU', 'yxx2MhqWdx0CQYxoCE1', 'XKVpC5eKwdwUEBp8mnA'
Source: Duq6x6p2Pd.exe, t1p0ktJYqBl7M38LSlq.cs	High entropy of concatenated method names: 'T1yJ0JGT5j', 'tqEJtpLnVd', 'W4OJAri4X2', 'eNTnpeV0gomB2ZN9s7d', 'UB5BCUVvSEVODkkQZJb', 'Ol9UPFVdwwWBfdKQFnh', 'UyPEmUV1tt6PhxQEvqY', 'rnQ8piV5fbIb9DkvjhA', 'Dy8VqfV9kSo99vruOl2', 'dEiYJgVkPHV32sLlIhv'
Source: Duq6x6p2Pd.exe, pNCeI9dAwxjflGH1di.cs	High entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'MUDAyb8a1XsrUbpn5cj', 'rFsUxI8EyGst8fg3R6Y', 'Y2sSeq8jTyZADqyxwE7', 'cpd7b18gRoy1ddhUlSI', 'F60l2o8WqdVLypfDpdH', 'yKndtW86wOrgaPSaiEO'
Source: Duq6x6p2Pd.exe, BMs0UfermjID6PnDeGN.cs	High entropy of concatenated method names: 'YXuXuGVNXh', 'zicXf086xb', 'XjfXIkIakF', 's5gXPmyBTg', 'e2pXgcidM8', 'lA2XMZjuaO', 'F9iOwEOPPm9VrtGSrjY', 'T8gbo0OxwiLsvIJ77lA', 'FDJyHYOLFq6T9nHYDdq', 'SZ4N7wOpQv2u0Ce7Wj8'
Source: Duq6x6p2Pd.exe, GFU9T2Iyt8EGUx1J36.cs	High entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'R1rvvB4fkqdm0RpM0Jp', 'OC75S54Ggk4H1NQhRT9', 'uOPkQr4Ow2eeTMREGnJ', 'ClE7uh4s1DCahI56Ggu', 'yUa5sc4HsHu5okVLqya', 'jwkK3S4CvgGDIevNWMA'
Source: Duq6x6p2Pd.exe, asE6jHXvqpSMc1QyMo3.cs	High entropy of concatenated method names: 'PUxOgeieqrl8yFnn09y', 'bFAsctixDMPWykVlFOu', 'vAygxri78FO5hfIiRE9', 'ksHNN0iqaknQ8I4YMby', 'zLlLH06dAV', 'FbDWinipwfTBpF7cSqa', 'QtZ51hikyiPl1rPoYKc', 'Lc7u2niDLq8URFRCCiM', 'BTJnXEi0G4TGIag0Dq3', 'dotc3xivq7nybH54qdf'
Source: Duq6x6p2Pd.exe, mtOyHqLwSXlX7B2h1C.cs	High entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'sIhybyQ7r', 'jgURKqZOUYEtuc9Mhie', 'MnXsy7ZsHKJU54xOWGi', 'fWOJ9jZHNWHMW9xrjno', 'JlvJAkZCkj1ZGX9QUyk', 'WxmefWZbJPgU1bBd4Ac'
Source: Duq6x6p2Pd.exe, Biq2EOeO6rLySy4BD2l.cs	High entropy of concatenated method names: 'hmf4nyUkNn', 'urx4Bf4OQ2', 'E5B4R2TUhg', 'aqPMEMHBI7Vh4U9EmwJ', 'sdm4YjHhOuDy9d9hFSl', 'RM6yrZHI0LIqN88DGQI', 'ruq7HrHyP9sdxT4x4w1', 'XAm4D0rShv', 'hGb4Wvvgjw', 'oqY4ZG8vKT'
Source: Duq6x6p2Pd.exe, CQxhlLeajRfCM1l8AKv.cs	High entropy of concatenated method names: 'aBm3O1751crvY7e0TBp', 'SXFvqc79C8MVVtPa70X', 'laC0aJ7doY3pKgZ0RIp', 'lhM6HK71hFVnvLVTDV7', 'IWF', 'j72', 'KXbOZRyst9', 'U7DOq4y8O1', 'j4z', 'XhhOGXeuZm'
Source: Duq6x6p2Pd.exe, NUK9UTJ1HChUg9JW6o1.cs	High entropy of concatenated method names: 'umLX0WVrGd', 'oqwb4xGS2DusemRVWpK', 'fPrf58GQmGA2EmqPM6Q', 'ugmBUKGcmGlFO4nVhUD', 'NTIh1wGTQ4qbvv1n74u', 'n5ZMx5GFBV20a2QyIYY', 'r5MXGbGC05', 'G3mXCREjVd', 'AyZXw0AKXg', 'ja1XVk98tS'
Source: Duq6x6p2Pd.exe, CTBARl3grMPr9pJyX6M.cs	High entropy of concatenated method names: 'h8AJcZviJ8', 'rwoJjNdtnm', 'OR4MO8mV85k56dhmPPS', 'bagsg5mrZ6O1UIYGK8T', 'tphl4xmmDhPGiNOIHVf', 'HY4RVemhLUjdhjUJARi', 'YVAW7bmIlW7tm0npmAv', 'TsZ8ljmBOS6OfuWXqvt', 'frwCv2myQjlh90lv8hB', 'jcD5K0moqEDA7BCem5n'
Source: Duq6x6p2Pd.exe, CiaJbgrVDpPQhS8mMGr.cs	High entropy of concatenated method names: 'OLeUncNM2I', 'cgXUBCaP0B', 'wj4UR9NuQq', 'wHGUxODy44', 'jGfUKKpkOo', 'arRBtIedNexCBPjVffN', 'th4Z7Xe1gAZHBZbYVtg', 'mIZLrUe0dEFeisDwbIg', 'BEhm1CevjJmAMgq9SmQ', 'nKKL4xe5syyilRBrjs5'
Source: Duq6x6p2Pd.exe, CF6lIEeIngNVie2ZwJq.cs	High entropy of concatenated method names: '_5u9', 'aiwoDyVIX3', 'lJdOYNOjyr', 'f9QopgyGhE', 'jdfhrebgksEkq7xGVBK', 'I6bAeubWfbFsaTCYwBW', 'H86piRb62pBgUgARvn4', 'nx44UVbEaY4cOj5oS41', 'u43TEGbjZlVQBjWsuut', 'kLUqiWbzqYF2QxpYAbN'
Source: Duq6x6p2Pd.exe, SY5IjwJGJc0b4SAFO8w.cs	High entropy of concatenated method names: 'BUQez4MQyC', 'M5brYW9Ty0', 'vnUr3gy7ll', 'aYSrJvSQSg', 'dRXreNfFX4', 'sicrrbEhWr', 'jGQrkgggTF', 'k1CrSOyLba', 'RBNrXSfSr6', 'mMdr46cvfG'
Source: Duq6x6p2Pd.exe, Bw7rjd3QsuQGnxXGKni.cs	High entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'ijqWU5JJ8iAtudVnsRR', 'nqKXbRJ31RJHnG0pTKT', 'STrLVqJlI3BCJB6E8St', 'qPOhI1Jrl30u1rhtbaZ', 'OsmJQQJmHjC4j7bQyp4', 'e4o2laJVnA1oPvYbMB5'
Source: Duq6x6p2Pd.exe, kpn2Aq3kc9YjNRCAtqe.cs	High entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'wn4Fiiwib3NsDpPk8xR', 'mF4kwywMvFDNkF6K1fd', 'rnegnTwQaJYFWISsvtf', 'BpXuiDwcodobnF9jr7p', 'yTkcpGwSJTOwqCsZ0fL', 'AMSo4EwT7hCp0tW6pXa'
Source: Duq6x6p2Pd.exe, nRBElekm7fxaLVCkgv0.cs	High entropy of concatenated method names: 'AwvT7CoCfD', 'wi0T8GJWyu', 'HVSThrjYS6', 'fg7TafMfmK', 'FUiTpJhQ9B', 'iyWTdRUQ0f', 'Sap1Al5QsgrCBQroPsY', 'yYhdhH5i7QGOfMkN0pA', 'a2CmhM5MtkVbSewkSRo', 'zMHFBP5cvGnVJv4BJaQ'
Source: Duq6x6p2Pd.exe, BuLrv9SSQnkKPYNKl0L.cs	High entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
Source: Duq6x6p2Pd.exe, kwm1KIeCdYZmoMt0qo7.cs	High entropy of concatenated method names: 'QqhQDNWNFi', 'WJbQWgDpPQ', 'VS8QZmMGrS', 'dtQKZeCAGlq5gufL2qL', 'aG4GsGCt8gvGntvSZFs', 'dhtRGiCnWoxbBcj7sqt', 'pec39OCUfw0PemwdYMY', 'sw8QS1nnZE', 'CCsQX2YANE', 'gFuQ4DQggG'
Source: Duq6x6p2Pd.exe, fHqaye8ajhBjXWUPVq.cs	High entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'NutEdq8LQedBRMotgLi', 'EyZogn8P5bwFrObglYf', 'RAf1cF8pYBFRLfK8uJM', 'b3DlvF8kcUK6FGcNjDp', 'k1gAfg8D8MHIlOjMiAO', 'nFIr2r80ccofMZkA1aP'
Source: Duq6x6p2Pd.exe, OaA4beSIYBMv6AuduVS.cs	High entropy of concatenated method names: 'PJ1', 'jo3', 'Wm5FQBbEAs', 'o6cFOTlbtu', 'n0CFcnvryd', 'EC9', '_74a', '_8pl', '_27D', '_524'
Source: Duq6x6p2Pd.exe, lSfke23XfsqOgoGR92v.cs	High entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'sdrjBVwEHT6imEkCvT3', 'VHRS2nwj97j5pioikcs', 'KXYm4fwgRpOiiSnDgjR', 'l2JFBjwW4d2yhHcKWZj', 'V2rGt9w66hm51uXTcJh', 'CAaCZFwzOR2RQ0gnvkP'
Source: Duq6x6p2Pd.exe, YUKcmRJQ5j3G1JiLB3X.cs	High entropy of concatenated method names: 'PdOem1rRmJ', 'ooxenUkaKP', 'maMeBa7Ugn', 'kXqeR70eYZ', 'AexexxPSIV', 'tSFeKfG7CW', 'PtMeERxtAl', 'pCnDD7I7Q7ZuXD0e8ff', 'JccOr7Ib5qg0sd3E0Ov', 'kADWnqIX0btS6kEVPSp'
Source: Duq6x6p2Pd.exe, Clj2x4gwXrY2m2XwIm.cs	High entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'nSt5o34AWxWpQSSd7lc', 'nm23Vv4UJ6DkgLAPPuY', 'jLm2wM4ipIZTPM8qm8U', 'ahmHQK4Mv5kIWVoGfSv', 'n9ms4C4Q3Q2NuY96dsA', 'p7PwNj4cDuQukJ26Lnt'
Source: Duq6x6p2Pd.exe, F9g4uMSJ8YcNyPVcocs.cs	High entropy of concatenated method names: 'CJot4Va4ti', 'uZdtQmV5MJ', '_8r1', 'FQotOmEThn', 'I3OtcfRdx7', 'UW1tjGB84J', 'Dp7tUKCRG4', 'vv9athRoo0Xdl26u7D3', 'SIHGfHR29gKrBrwBUWR', 'kUCwHDRffZRRqMonNeA'
Source: Duq6x6p2Pd.exe, JygKTkkhY9eEl00LmYq.cs	High entropy of concatenated method names: 'LKK0rehXXb', 'tpT0kcyqyu', 'u8v0S95iJ4', 'mon0Xah19q', 'Cly04WTtvg', 'Ox70QTGN0f', 'e9t0O4GlSO', 'pXM0c0f3PC', 'Ciq0jSGlht', 'F3e0UimGMF'
Source: Duq6x6p2Pd.exe, pGOVIoXcBvgTXRn4U9O.cs	High entropy of concatenated method names: 'dWAKIjddZcmgD', 'U40KYFiypCYOwRrpJdy', 'GR847xioLwPsWfNIQ0p', 'GjksGIi2hbD2n0Mhb0q', 'z1fn4IifnfhAZuxhWW6', 'oHcjwFiGHbvVHGQR2UK', 'liOSI2iI1MX6NWbP9Al', 'dyDqRpiBCVab6X0W0P1', 'MNR4UliO9pwyMpARayJ', 'yxmnucisevDWBDaVhZc'
Source: Duq6x6p2Pd.exe, FoxPGmX0DJwh1fJKaZ7.cs	High entropy of concatenated method names: 'VgdLTAmpAM', 'gqDL0NdeXr', 'ceHLtdnE5H', 'rjRLAliiN0', 'cyhLNJZMM2', 'D5jL6UtHYG', 'lVTLF4pfgU', 'JX9Llp1woS', 'ihALLcjheR', 'tyNLmJwQyV'
Source: Duq6x6p2Pd.exe, UAeISG33Ok8ku0mrw7I.cs	High entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'TTHeUwwO498Hgbm2Eha', 'Jup1SXwstORmLoPvKa7', 'POgGdZwH0hvTXlFf0q9', 'sTiohEwCYylAGXX0k7d', 'EHc6u4wbabrONLQapXX', 'C2M3u8wX8WbxpGDCmwb'
Source: Duq6x6p2Pd.exe, OLqHjd92SbQZUOaLth.cs	High entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'AMbeUT8wXu6C4UhSWfS', 'HvZfi28JEA9uxmo5q9T', 'QSlam483tUg1diFvc0l', 'UA2kiM8lPbZosyx8YCT', 'QgItfN8ruE4InYP0Pdc', 'qKRtNv8m3aV1gD5v40H'
Source: Duq6x6p2Pd.exe, fVDLdEe86ndAm0rShv4.cs	High entropy of concatenated method names: '_269', '_5E7', 'fDwoy7N7eh', 'Mz8', 'OxaoH9Iwvo', 'g6wRByXTrupj9lZufWI', 'rAyS4MXFp2f8kXLFypn', 'W840aIXaWCFIEVTxYyK', 'DYeA93XE6qdtHsVe6FP', 'nMZ9IHXjc1HysFDyrcl'
Source: Duq6x6p2Pd.exe, QR9N7IrTc8I0EFcZvdj.cs	High entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'QmBvYN6lou', '_3il', 'pMjv3IicEx', 'bgovJXX4Nm', '_78N', 'z3K'
Source: Duq6x6p2Pd.exe, kN3GmNKCmm699mPnKR.cs	High entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'NPVKwcu1nuPYpwMSGTK', 'CctKC2u5XnPg5egc0fu', 'OQOGchu9Tw3yx1ASyGu', 'jhrHnAuYImVZPJLbQZ4', 'lXltWRuRr3GEHplnMUb', 'V8IRq4utIxw0cIX0mLJ'
Source: Duq6x6p2Pd.exe, W4Ori43cX2XRT9RFLLh.cs	High entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'Mh3WjJJObxh9oeAlwQk', 'BedlBkJsKFKqh4mLxOs', 'b6OxEqJHngPlgXS4tbl', 'cykV38JCA11W0UsLkmO', 'DArg1QJbZr8Y7aeTpiX', 'OKbdvkJXGNM18OXkUwM'
Source: Duq6x6p2Pd.exe, cQ7wZAegXuTW3aH3ZJ6.cs	High entropy of concatenated method names: 'oYo', '_1Z5', 'knbo2yqisq', 'qhCOrHD6yT', 'imwom3TYGu', 'EVtQ87XIIksQryvilRW', 'V5i3hpXBBR2WZAqnfkV', 'o6adRTXyIZU6JE1RCMl', 'KZkhMTXob1x6jMoNSQI', 'lcGxC7X2CHyj30JRd2v'
Source: Duq6x6p2Pd.exe, YmLiQxSYEihNFsjAKgj.cs	High entropy of concatenated method names: 'IpM0PGCy2O', 'MZI0geO8fL', 'pCr0M7XHfy', 'kYd09Swwiq', 'GKj0s65jbB', 'GW302Rv6wi', '_838', 'vVb', 'g24', '_9oL'
Source: Duq6x6p2Pd.exe, PAYYKTuVsN5x1UMEEr.cs	High entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'dl2Q7Z4mNWhPYxUvS6n', 'nxb2JX4VEry7TsY6xco', 'j37LUx4h7qvf4gSf5yI', 'ehRckX4IjE1earZDyvm', 'jOgeKs4BCx2ZngmCvFA', 'PvTuIS4ykSxBVLdFqUj'
Source: Duq6x6p2Pd.exe, t1ba9QJwD5k7AKrgFX1.cs	High entropy of concatenated method names: 'z2frvV1p0k', 'yqBrHl7M38', 'YrQfy1y7vRpFKO0at2R', 'nsIuq6yqb5qQkwHRLdD', 'Y9r9qhyb6hWKnhnhgWl', 'MhFJkayXvuNZbTejjDF', 'AcQHghyebEk1yx1OstF', 'GAhL40yxsqaxBGjhIlQ', 'un1s7HyLCYB5xhBTuJN', 'nK3bbYyP6fE6VH12pgf'
Source: Duq6x6p2Pd.exe, mPIo5Ukex9Airn8oBG8.cs	High entropy of concatenated method names: 'rEtsKT0bMeqPQgRuJ4w', 'LkUFNU0XNlqvVf6PEVy', 'dwA0Tg0HAlDZmxdUsCh', 'D3UQ1T0Cyu9I63wLVK2', 'eFuwTMLOkG', 'kPorZn0eZmAgGCjOrKc', 'QvtNTM0xMhCI1mqG6bf', 'SYu6VJ07v91PDvHheA2', 'vjSt2I0qWk0NvyT1VZ7', 'GqWI8w0Lo7YhHBc1jTx'
Source: Duq6x6p2Pd.exe, lXNRQ03ecSZW45LyKPc.cs	High entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'SmITwSwph1HeNlLO1lm', 'do9AvywkBw9o8par7V2', 'j4bEtlwD3GdNxkXqfSj', 's1poixw0AvH6UIZYUah', 'y2Tbn2wvPqamBDM1Vea', 'F6SIQiwdhsKXAo5dW15'
Source: Duq6x6p2Pd.exe, mxC6Rs39Qlivs2m3ayP.cs	High entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'H8mIBImHb3BnnN5MEnJ', 'dXwjBImCcPqD1GXD4sH', 'epnRwdmblnPxQXXW0ds', 'RiUkdmmXvSv0RkZtKck', 'GnWqZjm7JUDKe33ejCS', 'liyUvKmq0s9bti6nUKJ'
Source: Duq6x6p2Pd.exe, WMa7Ug3injXq70eYZ6e.cs	High entropy of concatenated method names: 'zwxJ3jflGH', 'YdiJJUMYCQ', 'pSNJeIbi9v', 'a7N0cCrTRkY5TTtyjn0', 'FalPjnrFJ3IGrcfZb6o', 'FAHJJkrcuw0Wv9IeGJ3', 'j91H4CrSmg6uMQEBHO3', 'oIyJUMraMyVvTkPSl44', 'pOnoQTrEA325oSWJJrD', 'MVJf82rjLjWiPwdhGLq'
Source: Duq6x6p2Pd.exe, gAnVyfez6vjUCnEYcaH.cs	High entropy of concatenated method names: 'MJnONwwYcp', 'b8XO6F9S85', 'WHkOFUr22o', 'KwM5427tNiB5W1c4QYq', 'xIybZV7n44kfbVRn21N', 'vlZfsK7Y9WXEM55Ee0T', 'b8X2SM7R857UCXXxBBC', 'YmoqKZ7AODgXlc89W64', 'B4g3R47UOQRbG1wZWvO', 'KngRit7ihbIbswReP1u'
Source: Duq6x6p2Pd.exe, wpkPefeHbUvZyFqAAW3.cs	High entropy of concatenated method names: 'jPF4fGZ87G', 'XPx4Ir9XVY', 'qHR4PgHhlt', 'Bhr4gDGiUJ', 'vTLsEdHvcADyghF3Sn0', 'CuF36DHdG1hU2LPdmNQ', 'dZ9LO5H1LMNK10SJKsG', 'Ki5HmKHDdvLmMXUrIGD', 'VbK8xtH0XkEVirkE9PK', 'NqK33NH5FjIGdUVI1EM'
Source: Duq6x6p2Pd.exe, rDKayHSAleg8KvBAqVM.cs	High entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
Source: Duq6x6p2Pd.exe, tJlYtxXWKTiZHSNeai.cs	High entropy of concatenated method names: 'CYtvxWKTi', 'SV7YjO0adtTc660dBT', 'AFY36Ak2uiQdb0cS02', 'a9aJMZDSGlHhpdD2hA', 'sw8p67vSFUbuDGdh2R', 'M5w1Ifdp2e9IPHxa8K', 'ilQJdoPK3', 'CWdexwTsa', 'k6orVElY1', 'Rqok98FBQ'
Source: Duq6x6p2Pd.exe, WNp3Z5eWupl2sEZsiU1.cs	High entropy of concatenated method names: 'XtM49Rt3Wm', 'Vpy4s0cp97', 'vur42FYqbS', 'iwyRauHixmu1aSjXkmc', 'Q2IkmBHMVEOcpkVqrdG', 'OFr7MRHQ0awwuqhMb1x', 'lYZQH7Hcifl17UA4aU2', 'EWGbhWHS3IOt2y2wsqZ', 'g0i9t7HTNqxsIwAscoo', 'w6BmvpHFx40j2vPpWDI'
Source: Duq6x6p2Pd.exe, O0B5j4S59NuQqTHGODy.cs	High entropy of concatenated method names: 'IGD', 'CV5', 'HUQtTOZbdf', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
Source: Duq6x6p2Pd.exe, S5b1N2JonolRiiXUEEH.cs	High entropy of concatenated method names: 'mSmrVjOR7q', 'qEjrbpVngr', 'Wx1roGELxZ', 'HmAr5xDo1O', 'DdKrTqPGJs', 'TRExqZoKmtGYOxnYtIy', 'OQQdiYoNM8OFnGwprBG', 'FmAbwRy6u5pbewUTWyk', 'NWh99pyz7W3gOsIfCHf', 'wySxWgoZQApncdliDV9'
Source: Duq6x6p2Pd.exe, nRqFPMJZ3OXCp4kEe4G.cs	High entropy of concatenated method names: 'naQedXoRvk', 'uIQe1dtx3b', 'QV2k4BBOhfkehLno7XZ', 'tWqUV1Bsuf6NMPXk0pY', 'tvlhKZBH5WyftBTRwSX', 'PvvOyaBCwhx00iq4dWM', 'avfSGgBbfrrrNrdBudy', 'bRR4pEBXUOEND6FLta8', 'AKkBR9B7ooxUNGpWqKn', 'O36xfwBq335ZuLMfIw1'
Source: Duq6x6p2Pd.exe, qm3nN8kQjMYwZLENnQj.cs	High entropy of concatenated method names: 'xV2TwR9UYS', 'mZ9TV9roQS', 'cg9HXy1af3il8RMrT9b', 'FAG4v11ESFkvsxQmiPE', 'poYobc1j52ZjEwfsLNd', 'zZ27Tp1gUoCIHcE2qj3', 'xqdVqH1Wwev1jiEFOlU', 'NDOlJ116xZrDAd4sT7E', 'zBdgOO1zFJ0aHqpApxg', 'b8iFnS5K7TKMlIJYrH7'
Source: Duq6x6p2Pd.exe, lVprTdS6YBuV5tF5XwG.cs	High entropy of concatenated method names: 'qqMAQbqgnA', 'hvrAOPVjWM', 'tQ1Acx2Cba', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'DJNAjQi4ol'
Source: Duq6x6p2Pd.exe, vYq6oorsNeUQ4QfyXbR.cs	High entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'F4UHD9OteW', 'iCnHWhZj3V', 'r8j', 'LS1', '_55S'
Source: Duq6x6p2Pd.exe, BIYEPckBISN2HJk0kbS.cs	High entropy of concatenated method names: 'b6m0YNtH12', 'mf0dsc5gQljSMZFS3ny', 'P0mHoQ5EgAWKaOOr9tL', 'FKIqHk5jJEnrBJIy7tV', 'TO9XAg5W1xcIBx5DSYE', 'hPcuKy56ASbYIY4t5fM', 'BCa48h5zNnQNwrgMsNQ'
Source: Duq6x6p2Pd.exe, AggUe8S071neQAa6dXF.cs	High entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
Source: Duq6x6p2Pd.exe, PQyCf538bW9Ty05nUgy.cs	High entropy of concatenated method names: '_589', 'YZ8', '_491', 'G9C', 'hpwyuEmcPP6Z8W7jBEv', 'UZydcqmSusZxtIS7TJF', 'WAGTqMmTcdmaXcxQqdC', 'NTe41rmFmYXoHkQbd2b', 'uZZBHZmagWol8RNYbwM', 'YXYdfSmEOAeFHHLAEfT'
Source: Duq6x6p2Pd.exe, NqaXaf3HppYBjPJeYrj.cs	High entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'nNqF9cJYFYY03XJyvi5', 'HCJ1a7JRfb317LwdTgf', 'ARYhcAJtjPI6TFdMHkk', 'aabsy9JnxgVdqx8AftK', 'l9hsIYJAX5sGPd2CD86', 'ucxoZRJUI7nb1RCD8ur'
Source: Duq6x6p2Pd.exe, tdhfmpe9RCW2rBxfLmq.cs	High entropy of concatenated method names: '_9YY', '_57I', 'w51', 'BU7oaTWH6x', '_168', 'RXtEbkXqHejxC7H605r', 'JJKQMoXeTlBk48JvcJg', 'cJD1BaXxJle8HUtWEsn', 'm0PvlwXL2g7KYB3QYs5', 'xH3aDXXPJgxOBo4SL5h'
Source: Duq6x6p2Pd.exe, iULGMZ3lgXTI8BralQB.cs	High entropy of concatenated method names: 'qZS3PMH2kX', 'nk75SRrZPwFkwpjB7QD', 'I7iyuIruPRnkOsxgZSf', 'jIB7NJrKRaa4snbLmPO', 'W3cUhkrNcrsyd8e2SrU', 'F8BxGbr4MEHHwDLQ8JM', 'hwlXWsr8poo730bovYT', 'W8ckvrrw6Rl8AtUuO70', 'Qqp3MpSn8G', 'LdUGhsrlUuBQR9bYtNO'
Source: Duq6x6p2Pd.exe, Opg83ja9ttJn6x5Co1.cs	High entropy of concatenated method names: '_88Z', 'YZ8', 'ffV', 'G9C', 'mbGysW8UAcVqOBW9Og7', 'ygkTOU8ivXV2Rk9awR1', 'CvBdqp8M2DRFxD8wL9V', 'yEder58QP8jDIerFeZb', 'tpTrka8cnhiX6RWEKK5', 'lqoxQD8S3tiePxvQ2VE'
Source: Duq6x6p2Pd.exe, EcNWEm32KA2oFbt2HaQ.cs	High entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'HsWgXNmDE8vfnJBV36R', 'dL8fN0m0yT6lb07MJ6m', 'TixUuMmvxwvhJ9KQbBb', 'ddPN1mmd6IehDAUqQQd', 'ug16gum1EVtmkPVQJZX', 'V30o3Om52DkoycMY5qR'
Source: Duq6x6p2Pd.exe, RB5gRwrAMghtfmcCDis.cs	High entropy of concatenated method names: 'faRvnbbWK2', 'MnHvBJ0owB', 'spbvR2nny4', 'AVrvx6MhFd', 'pLxvKR9Fry', 'cYghcnxOOxeCSNTjv6Q', 'CJd5PNxfmW2TTHJjZ1Z', 'Viy5SrxGP63p3c0g6Ar', 'TwGqaxxsmMKB2ZZ1EJQ', 'A5fy5axHVuAUyoBla5H'
Source: Duq6x6p2Pd.exe, xMbknJRc8IJqne5Z9K.cs	High entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'IvGbhoZWRLRMNRldF4E', 'Vo9HRKZ6ukVmeBKFwXM', 'JoJUTRZzYJ5YAby0UqM', 'U61HENuKleKqYF5PhZq', 'lAkW6tuNOKSlBaWneZ4', 'kC4C6JuZQKOJlX4cmav'
Source: Duq6x6p2Pd.exe, s81nnZrZElCs2YANEXF.cs	High entropy of concatenated method names: 'UjkUr87UOB', 'cxiUkmpQQu', 'd1XUS3rQxy', 'sGyvXke2X0YehBxOhj7', 'OgU1puefid9R81LsFki', 'AH7o2deyN9uEZyHx43l', 'crF0y9eo0v9clqGpMF4', 'hT9xHbeGde3JaSxlb8r', 'K6IbJgeO67ZDNedVwyQ', 'HEkyVPesZMPJeKx5Aua'
Source: Duq6x6p2Pd.exe, wrI1b2klikLqGIft1wa.cs	High entropy of concatenated method names: 'J5jTMhciBp', 'VmiT9YKrlr', 'Wk2TsmrHah', 'b5jOwG5R35vNlAnTBZs', 'JIp0D859j3WRvEBVr31', 'A7nvUu5YQnl9Ey5bAT3', 'LvnbJu5t6JflvGFknOk', 'kfSIfL5niWeca2J5FPs', 'm4pOtr5A6o2PmJlJgit', 'nr3b8W5Ufxrt8XYl3bN'
Source: Duq6x6p2Pd.exe, U1RJvB3WVbAXDl1GBNk.cs	High entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'owil7sJFew3JTaCdjHw', 'kW1QVDJaxHoJEmEjvCg', 'cPsSM5JEIC56jHgciwV', 'qKI0loJj3DHw0YUMqPE', 'kilXCvJgsG4PW6u5PXW', 'iCtwAaJW8tX4RSHuwAm'
Source: Duq6x6p2Pd.exe, BhrDGirQUJtu1LsMxwp.cs	High entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
Source: Duq6x6p2Pd.exe, un0r5A35sk8C5gaGVvf.cs	High entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'l3nVQ43dyZpUr0pq7hp', 'brYepe31rkC7NHDXooZ', 'ID1Phy35waHKqpmaQGa', 'aNRTmS39KfSTxe4TySJ', 'kYt1ko3YJ30Jm7X90BU', 'L59uUc3RQgYE5BvrbeL'
Source: Duq6x6p2Pd.exe, HyNOh9zqakKU7Dg4k8.cs	High entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'zQpUxuwuOy76PmKWLUI', 'kggirOw4pPtEuD9ZmiK', 'G5B5A2w8xG4tNYdnDtZ', 'FUejsfww5OVY9GMwhds', 'N7gocvwJuRW5yWHmURs', 'uElP7iw3B2U12BaPOkC'
Source: Duq6x6p2Pd.exe, FfKpoSJ6qEmpinSFoBr.cs	High entropy of concatenated method names: 'UdirdIvJMs', 'VbZr1D9rtj', 'FV1rzba9QD', 'wk7kYAKrgF', 'f1Rk3KmJj5', 'FPrkJoMIyk', 'Aqmket9iGJ', 'LTlkrc2blJ', 'gdBkkDs5b1', 'OoQoQyoEmRD0shhPtg1'
Source: Duq6x6p2Pd.exe, dFYqbSrcP9hH72HIFbP.cs	High entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
Source: Duq6x6p2Pd.exe, o3hLT83bBNgpPDut9Ys.cs	High entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'Q0TfhY37fwU5EmOZdSb', 'EyD0M73qppiMCd2wiyF', 'ITn6Ka3eaEkrdJG9NG1', 'TqDANU3xwyPIiWEr3m0', 'Obme173LOhpbaVGP5yC', 'DWq3Eo3PJDLOTrx2kQm'
Source: Duq6x6p2Pd.exe, OkNbUKSxqhPAREcU3Eo.cs	High entropy of concatenated method names: 'IPM6KNDVWG', 'EPQGrlApHBg7J2m3BTI', 'qosr8RAkeWti9vF6dqJ', 'IoEqNQAL7smGyHepdHL', 'tpqcIpAP1lfa3LZyDfY', '_1fi', 'DPON2OPv74', '_676', 'IG9', 'mdP'
Source: Duq6x6p2Pd.exe, G4qDSioUb5ssupy0W5.cs	High entropy of concatenated method names: 'q2kT4sdCD', 'Tek0sYu6M', 'fUItLvMd4', 'SQEAvuij6', 'xpbNvVUCq', 'r536H8RLt', 'kouFHkRlC', 'oouLJ7N39NXxdCOWtf8', 'LBwR3iNl45QT0rcPI00', 'H7ho6gNrKdXyNrksnL4'
Source: Duq6x6p2Pd.exe, cnrPp4nw2VehYT2ygB.cs	High entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'TrWfOaSTD', 'IOsXoSZdbxcYQfI8kxr', 'Tbcj3UZ11L6HS93QFtR', 'M8ZUxXZ5OrJWSJLL8vW', 'txDMQkZ9DilDJgmWOO6', 'iq5XCDZYhy1dMLfoa3f'
Source: Duq6x6p2Pd.exe, HZ0JJsJyEAEyLTCsGyI.cs	High entropy of concatenated method names: 'rcMS4ovu8w', 'b9dSQqf5iG', 'nL5WbefEsPkTXFd9hn9', 'O2ExBUfjZb7Y83VZG4m', 'KMTa3pfFwJntmQSGFGC', 'GEYM23fae8JStVGq5yb', 'lK9SZUTHCh', 'XXoh3wGKoYXShluGhSZ', 'ba9WZnGNooUcQNXXAnj', 'j8lfyKf6Kd3AbkYoRtn'
Source: Duq6x6p2Pd.exe, WenbBKebYlhIbkadY2b.cs	High entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'cQXkk1bInw4upaoMhSl', 'MMHAWpbByeke9oBk8hN', 'qQZGgpbypbQnt3phqNC', 'GX2ITmboUrw65NSqRmu'
Source: Duq6x6p2Pd.exe, fpogpie3Vi6pnXQ9FKC.cs	High entropy of concatenated method names: 'yB2XFOA7G8', 'PFhXlM5Wnm', 'oShXL21PhY', 'KhvXmSheTH', 'EYndq6GzwBJjOsEUrB3', 'TyaObFGWeoTJSXPOel1', 'gIrBu3G6PTmBOrPO6Nq', 'TEHuxVOKaL8ixHwND4L', 'CYaKniONHOqaW05I2ts', 'unlecKOZ73IaWmbybj8'
Source: Duq6x6p2Pd.exe, Ds9Xp33BCNUOxsBqr6Y.cs	High entropy of concatenated method names: 'kXW38UPVqg', 'KMExRcr7yBJD2LsbZyU', 'Nufx6Drq3rYWW2XsdN9', 'CV6RIvrbF1gIn3PeYrF', 'GE2efSrXBMAI66t3TXX', 'MMctTGredlNkcO22qRk', 'QLw', 'YZ8', 'cC5', 'G9C'
Source: Duq6x6p2Pd.exe, m3Txw93ArsZg4IRY56Q.cs	High entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'qFF7ek36VYDdFyGlRaa', 'YseXCy3zTgnpZwfNQ2M', 'iKdoTClKkbjFrlnE2yp', 'ilvtWQlNodXKJw73TxF', 'z3tZ0UlZBK96VioR3Wp', 'efW0HolufsNFuIpkaPD'
Source: Duq6x6p2Pd.exe, zIU2dBNEgDERiU17a6.cs	High entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'l5y608ZmtlA5EwJ6kWp', 'AD9engZVphLukBfjbBj', 'x34BmoZhQdGk5N63nZr', 'Ia1jYZZI17pc8VavI1v', 'LUtZWEZBcyiFGhrfCJi', 'km2OE5ZyfRihFlnGtYU'
Source: Duq6x6p2Pd.exe, UQAFBTkAJMmyt0FGvUU.cs	High entropy of concatenated method names: 'XmWTEIuOMF', 'BM1Tyk791w', 'zcVTiHR296', 'qgETuN5uSV', 'WAOTfa2Po9', 'NLkoXP5LMlqhVttXMLH', 'Oaro065eKTZkBnvU5LR', 'e1SOC15xxG7pIA9qde7', 'a5vM415Pm4rKAocetvr', 'VUSjm45pUaDNS5BduQf'
Source: Duq6x6p2Pd.exe, eZRLIXJJ9ZJSDPM536t.cs	High entropy of concatenated method names: 'cVlJMwtfHy', 'XrqJ9RUZJc', 'GKgJsUpnPK', 'YbZJ2ScYJf', 'ACsJ7DC6pu', 'CoTJ8y46UA', 'XEqCIShfW5bdXAxw2rq', 'w7rCf0hGpVDde4XVoyj', 'C3EAyghoLxClDrA2OKR', 'F1GGnkh2YRlS74ehN37'
Source: Duq6x6p2Pd.exe, eN4JbeJKCVrqj3FCTnI.cs	High entropy of concatenated method names: '_0023Nn', 'Dispose', 'm6kkBavaFc', 'DDSkR3kN4J', 'ueCkxVrqj3', 'BCTkKnIuDq', 'FgqkETRgeE', 'xFe3hJfl4JYGq6KPAix', 'NphdhSfrQxu2p7g9rPj', 'p41nCEfJE0GJly4DhZo'
Source: Duq6x6p2Pd.exe, DXteW5SbfkCquxys2Zb.cs	High entropy of concatenated method names: 'pTjtwc5hYa', 'pEttVfoDIb', 'nWqtbMwKAS', 'MD3toRj4Rp', 'J9kt5aEgrh', 'mkOYiwRgsL5AFMSZmwR', 'OWD4G5RWY4OqPXHko09', 'wIqyIkR6m85i3F6hIF3', 'SMxot7Rz0TjaTpoAXJP', 'Qkc67XtKXNYNShdEGh2'
Source: Duq6x6p2Pd.exe, E4IpMq2ppSn8G2tlH5.cs	High entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'yceryY8yJUFJPfLRlDx', 'q8SSS08oHCTTItFmKEV', 'XwKtGg82Nkq6Q2bKeeK', 'jhf2Ra8f3WGRp95oZJG', 'KNFyvC8GgYh1dNFfZT6', 'w3BVlJ8OaYIO2lBjgv8'
Source: Duq6x6p2Pd.exe, LgO4GKrGbF5QJl2ohFn.cs	High entropy of concatenated method names: '_7zt', 'IaIUCbyEnW', 'tywUwUmeso', 'nG8UVLjNgM', 'UURUbvXLhm', 'EqfUofZqwR', 'SbEU5U3nJZ', 'SoJgEIeblB9IyW0jWoM', 'p05D6eeXJJwxFLnMgl5', 'XPeJZseH5CtKZtPFXRT'
Source: Duq6x6p2Pd.exe, v8GAmWeTKoV8rM7rREL.cs	High entropy of concatenated method names: 'wcYQmT6qJ6', 'KInQnecA1E', 'WiofsdbGjnD9iF3wfCW', 'kwScEmbOm18ELFLVi2U', 'pWnadpb22N3oopF7iNk', 'w47k6hbfBBlXfMwuZue', 'R6vC4UbsBonftX6LriZ', 'cPL2OJbHDodKZtlI31j'
Source: Duq6x6p2Pd.exe, xYDbyH3qVUHaIjO94lR.cs	High entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'B5auir3K9OCMoHcXqbl', 'RUL4wq3NGUhHJA3MBl9', 'CV9nMK3ZpouqGthjAY0', 'dlxcnY3uNtl5EfyFfXM', 'PX94Ov34y3odJl6778W', 'KtEw3Y38RX0mj0XdiPc'
Source: Duq6x6p2Pd.exe, RcBXFCkpMGGPHiUqk2E.cs	High entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'YE705gMKpX', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
Source: Duq6x6p2Pd.exe, yQrNrXrkTBRTxWYywQi.cs	High entropy of concatenated method names: 'UkpjZVfKyx', 'WIoi94qGiPkEHdeR6IW', 'a1oWvWqO5DeQf3WiVTR', 'SWNy3jq2HbgM0TToUXG', 'dZ530XqfH6GDc429HyM', 'nuhOlJ230p', 'j5kOLiuqKu', 'lCiOm0KYXw', 'pPPOnkjQ5l', 'TpDOBl0XXr'
Source: Duq6x6p2Pd.exe, ygIEJkSsASAt9iS86Qs.cs	High entropy of concatenated method names: 'RX4FoI18kk', '_1kO', '_9v4', '_294', 'MeIF5bguHL', 'euj', 'VPTFTEj8RU', 'SuEF0VXYKl', 'o87', 'v7PFt0NGf4'
Source: Duq6x6p2Pd.exe, gbQ9gae2LnWws06APaV.cs	High entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'k7AOchGAH5', 'EY9oTKCAkK', 'erIOjyupLm', 'B1Qoxaokse', 'xtocW4X9Dn5WfObw34M', 'Cpv9CmXYiKGw0iJGGnJ', 'RMFKUgX1Lent2MrK0li'
Source: Duq6x6p2Pd.exe, ILJKAaJHEvrKRKkcXrb.cs	High entropy of concatenated method names: 'EcmeacNWEm', 't0SnseBuOgxYNMdODNc', 'lqRZMcB4qdDio6SnhwI', 'QEme7oBNjwcZjHpqNBx', 'IVvTUHBZn0hyFsjxOUY', 'ihQHcPB83IJuLRU1Mav', 'T0FaTtBw8x2Rbutkvhp', 'nPhA5hBJ4NNHQMCnDh5', 'Dv0gxfB3ilkgYeD9QYb', 'R1eBWhBlci9Jn0neVYI'
Source: Duq6x6p2Pd.exe, vrxkPfeqQVyVAqwSFOS.cs	High entropy of concatenated method names: 'O9h47H72HI', 'CbP48sjdF5', 'myS4hMCaha', 'b2U4aMrubP', 'ziA4pXIOkm', 'sKP0N1Cw3IplB98DtMs', 'lEVDuCCJbI8E4fqeNhx', 'UQXv6iC4qbDEvyXUmRU', 'M1XRrKC8Pbvv1CmoUr8', 'BpvbGXC3cru2QPaF6in'
Source: Duq6x6p2Pd.exe, QmBN6lSnouZMjIicEx3.cs	High entropy of concatenated method names: 'Pf8AFpA4G2ov2OifeR3', 'yqbnTTA8IXZrjwnrY95', 'N5J8nRAZ8DYPkgmuyOn', 'yOuLL4AuOJNl8NOgtYt', 'OE6ABalfHa', 'WM4', '_499', 'VGXARMEMDi', 'ng8Axs7pZg', 'wuNAKG6L35'
Source: Duq6x6p2Pd.exe, TEO8mW31osXT8u6KhUx.cs	High entropy of concatenated method names: 'b06JohmR6w', 'TrjJ5dsuQG', 'FxXJTGKnip', 'XFUR6fVmuWc0VRo26Zq', 'nNLf5dVlaoKtkwSekSe', 'ssapVrVrenA6jcp8Sxg', 'nKLgiOVVvyquypm9GEc', 'XlO2h9VhI36Jvf5p7sN', 'zQRxT2VIEBMiZ7x8R3Z', 'hX1OgcVBBntp9mfFC9S'
Source: Duq6x6p2Pd.exe, uMOhAyr88AjdJyHpJFb.cs	High entropy of concatenated method names: 'g2GHd7RASs', 'Id2HBH6bfx', 'ElxHR4VwtQ', 'm46HxiThkC', 'NnXHK7vvy6', 'JD1HExUUx3', 'ftpHygDtlB', 'uCqHiNMHd0', 'sy8Hurdfln', 'jDsHf8YhAj'
Source: Duq6x6p2Pd.exe, v80vSn30U6cMUX7mFrD.cs	High entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'NZXlXu3MivNOsC7W5Zi', 'nwBj0k3Q1lIl3yISw6D', 'xqF8sv3c8Rg9kZFRRRC', 'ksobi63SASynUfKiaAb', 'hYMeEV3THmqFBeCHxDc', 'nqitEO3FWovEJeYFqM9'
Source: Duq6x6p2Pd.exe, AoCsUZSLyJCo6YTicSL.cs	High entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'DnvA00Pi5G', 'vbPAtH0FrU', 'PG3AAUoHRJ', 'r5MANv3YR1', 'mKJA6w5plK', 'kqGAFPNQW1', 'uLrtXZn5S2outfA4uyg'
Source: Duq6x6p2Pd.exe, t2ZMcYtW8kM7QBRl6q.cs	High entropy of concatenated method names: 'GYCBh9BnB', 'p8tRSCi65', 'Wlsx5Mpsl', 'zK3aQiN9ex5oROLSiBe', 'f0O45mN14RXVrQOIuuG', 'FbOV15N5jWOAQ2aVrh0', 'afjdPANYNT9bySyqy1a', 'V8xYtWNRkdYaoEnUifa', 'HwcDTWNtF4DossZpKaN', 'E5He60Nn4YSipWqRTv0'
Source: Duq6x6p2Pd.exe, qRUZJc3CRKgUpnPK1bZ.cs	High entropy of concatenated method names: 'ITV3FsN5x1', 'Xoc9Rk3foauxrVemCCt', 'WYZGC93GNjPbWTmmUBR', 'tTEpAQ3ocqmL3u74SAK', 'wbWmwX32vQVv2fQgyu7', 'YW4j273OigFbIAeX1JO', 'kj097C3snyhK7kTCDpT', 'gmuEUR3HIH9nfP9jBxc', 'E0TNX33CE0cPpNwRqSG', 'f28'
Source: Duq6x6p2Pd.exe, uDEr8mJBA2hPDFp5AxG.cs	High entropy of concatenated method names: 'dbDkFEr8mA', 'KUSfTB2WixkcnkcAyDk', 'pdIA6j26OeW7Zuh8skN', 'Fynqml2jeEyiKZX0dkP', 'wHwqwE2gX2KnYDnPkvn', 'LmhX442zHV4AsSvrr4x', 'WuBYUcfK8RtILdrcjm6', 'IjHcCIfNKD5A44nMmh7', 'f1ORYafZ2Yf4OlShIXV', 'SFV4xAfuyq4cyWRaerF'
Source: Duq6x6p2Pd.exe, iC7GsFraY31Joy0jeud.cs	High entropy of concatenated method names: 'wwcD0IZ373', 'h83DAA7EsN', 'lCtDvUDbUd', 'IefDHh9S15', 'XKcDDpowuZ', 'z92DWfhs3X', 'dYEDZBF6dN', 'iUeDqRwKcc', 'rvcDGqKanB', 'sOeDCvg62g'
Source: Duq6x6p2Pd.exe, FKCJljeuJ5qJmg2AU1E.cs	High entropy of concatenated method names: 'sg9', 'Q0XoZsPxpE', 'QlhQdpxtRF', 'yPEoOUIdsD', 'JKOdalbQ7fnxvKjw5rF', 'ock2bpbcBE53n4VqfPJ', 'trx3jWbS4Eggblijq4S', 'FjAlwIbi1lCEPP8kSdO', 'FRbUltbMxNrnBbIZp3b', 'jQ2CiObTYjhZZnaC4xW'
Source: Duq6x6p2Pd.exe, w91PkUk1Ci5b7wD8KaQ.cs	High entropy of concatenated method names: 'G1L0NAwDco', 'uYm06BCHT6', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'zRJ0FkuCwE', '_5f9', 'A6Y'
Source: Duq6x6p2Pd.exe, g4Cicb3aEhWrcGQgggT.cs	High entropy of concatenated method names: 'rZhJC6USfk', 'dj0UcMVwn7tRbVnNQ14', 'KL7wKTVJshtUvnMiGeB', 'WBFl57V4QTpM8VT0bYB', 'I76By8V8YhfWXb42RWb', 'nug6fBV3tgIfKIcDjgN', '_5q7', 'YZ8', '_6kf', 'G9C'
Source: Duq6x6p2Pd.exe, H0vADe3UFoVnAZwJRKi.cs	High entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'KIsUSpJxebMVRF2mNWW', 'We3GFZJLUaP1i8505d3', 'hA11KlJPytHlkF2cSN4', 'wpfo2AJphNyEHfeIDWM', 'BJHpyEJkqCqhwwH9HwE', 'lfiChiJD6RJelMxEb3q'
Source: Duq6x6p2Pd.exe, sGrj8Hk7Ua0IuNTRmXY.cs	High entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
Source: Duq6x6p2Pd.exe, z66YAe362tV3kxvM8G3.cs	High entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'W8xbjcl1uWdj4k8IF5B', 'deVZB8l5dPy7Qrt4spK', 'IkKHDZl9gEsxAxvrNMk', 'SDJdUqlYnhqI5ITt5pH', 'X53VpnlRyjDc4uOoTyR', 'IMjWcVltLnEPTRe1Ch8'
Source: Duq6x6p2Pd.exe, CBhdqxeUOe1XL1JO0Tq.cs	High entropy of concatenated method names: '_223', 'BScGgSHf3CHs191D1NX', 'tmVGjQHGdQ499jmH2r2', 'fy8HqXHOc24kNJFDqTX', 'fq4MeFHsXIig6q2kPSe', 'PR9ss3HHWQ6UD9a52KM', 'bKZ19FHCK0YAW0V5QJN', 'U2jVrPHb1rlPo10qEEj', 'P6Vo3NHX1i7yh8YDVyb', 'dM5cvKH7ZKbHHv1LEYh'

Persistence and Installation Behavior

Creates processes via WMI

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Drops PE files with benign system names

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

File created: C:\Program Files (x86)\Windows Portable Devices\services.exe

Jump to dropped file

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	File created: C:\Windows\Vss\JjUyoQCSby.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	File created: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	File created: C:\Users\Default\JjUyoQCSby.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	File created: C:\Program Files (x86)\Windows Portable Devices\services.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	File created: C:\Users\Public\Desktop\JjUyoQCSby.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	File created: C:\Recovery\StartMenuExperienceHost.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	File created: C:\Recovery\JjUyoQCSby.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	File created: C:\Recovery\SgrmBroker.exe	Jump to dropped file

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

File created: C:\Users\Default\JjUyoQCSby.exe

Jump to dropped file

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

File created: C:\Windows\Vss\JjUyoQCSby.exe

Jump to dropped file

Boot Survival

Drops PE files to the user root directory

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

File created: C:\Users\Default\JjUyoQCSby.exe

Jump to dropped file

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 13 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /f

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\StartMenuExperienceHost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Memory allocated: 1170000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Memory allocated: 1AC40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Memory allocated: E70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Memory allocated: 1AC40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Memory allocated: 1090000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Memory allocated: 1AB70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Memory allocated: A90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Memory allocated: 1A740000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Recovery\StartMenuExperienceHost.exe	Memory allocated: 1040000 memory reserve \| memory write watch
Source: C:\Recovery\StartMenuExperienceHost.exe	Memory allocated: 1AF40000 memory reserve \| memory write watch
Source: C:\Recovery\StartMenuExperienceHost.exe	Memory allocated: FE0000 memory reserve \| memory write watch
Source: C:\Recovery\StartMenuExperienceHost.exe	Memory allocated: 1AC60000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Memory allocated: 27A0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Memory allocated: 1A7A0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Memory allocated: 11A0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Memory allocated: 1B0A0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Memory allocated: F30000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Memory allocated: 1AAA0000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Recovery\StartMenuExperienceHost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Recovery\StartMenuExperienceHost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Window / User API: threadDelayed 1197	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Window / User API: threadDelayed 846	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Window / User API: threadDelayed 360	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Window / User API: threadDelayed 372	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Window / User API: threadDelayed 368	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Window / User API: threadDelayed 362	Jump to behavior
Source: C:\Recovery\StartMenuExperienceHost.exe	Window / User API: threadDelayed 360
Source: C:\Recovery\StartMenuExperienceHost.exe	Window / User API: threadDelayed 380
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Window / User API: threadDelayed 737
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Window / User API: threadDelayed 369

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe TID: 7488	Thread sleep count: 1197 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe TID: 7488	Thread sleep count: 846 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe TID: 7464	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe TID: 8012	Thread sleep count: 200 > 30	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe TID: 8004	Thread sleep count: 360 > 30	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe TID: 7964	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe TID: 8144	Thread sleep count: 372 > 30	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe TID: 7968	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe TID: 7240	Thread sleep count: 368 > 30	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe TID: 8028	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe TID: 1312	Thread sleep count: 362 > 30	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe TID: 8132	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Recovery\StartMenuExperienceHost.exe TID: 4908	Thread sleep count: 360 > 30
Source: C:\Recovery\StartMenuExperienceHost.exe TID: 3068	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Recovery\StartMenuExperienceHost.exe TID: 4544	Thread sleep count: 380 > 30
Source: C:\Recovery\StartMenuExperienceHost.exe TID: 4460	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe TID: 1184	Thread sleep count: 737 > 30
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe TID: 6016	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe TID: 7328	Thread sleep count: 369 > 30
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe TID: 6100	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe TID: 7496	Thread sleep count: 274 > 30
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe TID: 7496	Thread sleep count: 197 > 30
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe TID: 5980	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\schtasks.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\schtasks.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\schtasks.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Source: C:\Windows\System32\schtasks.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\schtasks.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\schtasks.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Recovery\StartMenuExperienceHost.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Recovery\StartMenuExperienceHost.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Recovery\StartMenuExperienceHost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Recovery\StartMenuExperienceHost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Thread delayed: delay time: 922337203685477

Source: Duq6x6p2Pd.exe, 00000000.00000002.1693441082.000000001BE54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Duq6x6p2Pd.exe, 00000000.00000002.1693441082.000000001BE54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\l\Temp`Q

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Recovery\StartMenuExperienceHost.exe	Process token adjusted: Debug
Source: C:\Recovery\StartMenuExperienceHost.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

Process created: C:\Program Files (x86)\Windows Portable Devices\services.exe "C:\Program Files (x86)\windows portable devices\services.exe"

Jump to behavior

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe	Queries volume information: C:\Users\user\Desktop\Duq6x6p2Pd.exe VolumeInformation	Jump to behavior
Source: C:\Recovery\JjUyoQCSby.exe	Queries volume information: C:\Recovery\JjUyoQCSby.exe VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	Queries volume information: C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe VolumeInformation	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Queries volume information: C:\Recovery\SgrmBroker.exe VolumeInformation	Jump to behavior
Source: C:\Recovery\SgrmBroker.exe	Queries volume information: C:\Recovery\SgrmBroker.exe VolumeInformation	Jump to behavior
Source: C:\Recovery\StartMenuExperienceHost.exe	Queries volume information: C:\Recovery\StartMenuExperienceHost.exe VolumeInformation
Source: C:\Recovery\StartMenuExperienceHost.exe	Queries volume information: C:\Recovery\StartMenuExperienceHost.exe VolumeInformation
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Queries volume information: C:\Program Files (x86)\Windows Portable Devices\services.exe VolumeInformation
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Queries volume information: C:\Program Files (x86)\Windows Portable Devices\services.exe VolumeInformation
Source: C:\Program Files (x86)\Windows Portable Devices\services.exe	Queries volume information: C:\Program Files (x86)\Windows Portable Devices\services.exe VolumeInformation

Source: C:\Users\user\Desktop\Duq6x6p2Pd.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected DCRat

Source: Yara match	File source: 0000001C.00000002.1771784503.000000000277C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.1780501594.0000000002C70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1690413959.0000000003026000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.1789341240.00000000030AD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.1771784503.0000000002750000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.1780501594.0000000002C9D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.1765717373.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1690413959.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.1768766144.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.1771961423.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.1789225216.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.1772404761.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1691528153.0000000012C51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Duq6x6p2Pd.exe PID: 7440, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: JjUyoQCSby.exe PID: 7864, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SgrmBroker.exe PID: 7936, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SgrmBroker.exe PID: 7984, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: StartMenuExperienceHost.exe PID: 8060, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: StartMenuExperienceHost.exe PID: 8092, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: services.exe PID: 4900, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: services.exe PID: 4320, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: services.exe PID: 2800, type: MEMORYSTR

Remote Access Functionality

Yara detected DCRat

Source: Yara match	File source: 0000001C.00000002.1771784503.000000000277C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.1780501594.0000000002C70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1690413959.0000000003026000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.1789341240.00000000030AD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.1771784503.0000000002750000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.1780501594.0000000002C9D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.1765717373.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1690413959.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.1768766144.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.1771961423.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.1789225216.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.1772404761.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1691528153.0000000012C51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Duq6x6p2Pd.exe PID: 7440, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: JjUyoQCSby.exe PID: 7864, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SgrmBroker.exe PID: 7936, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SgrmBroker.exe PID: 7984, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: StartMenuExperienceHost.exe PID: 8060, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: StartMenuExperienceHost.exe PID: 8092, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: services.exe PID: 4900, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: services.exe PID: 4320, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: services.exe PID: 2800, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	121 Windows Management Instrumentation	1 Scheduled Task/Job	11 Process Injection	232 Masquerading	OS Credential Dumping	111 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Software Packing	Cached Domain Credentials	34 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Duq6x6p2Pd.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
Duq6x6p2Pd.exe	80%	Virustotal		Browse
Duq6x6p2Pd.exe	100%	Avira	HEUR/AGEN.1323984
Duq6x6p2Pd.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Recovery\SgrmBroker.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	100%	Avira	HEUR/AGEN.1323984
C:\Recovery\StartMenuExperienceHost.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Windows Portable Devices\services.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	100%	Avira	HEUR/AGEN.1323984
C:\Recovery\SgrmBroker.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	100%	Joe Sandbox ML
C:\Recovery\StartMenuExperienceHost.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Windows Portable Devices\services.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe	80%	Virustotal		Browse
C:\Program Files (x86)\Windows Portable Devices\services.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
C:\Program Files (x86)\Windows Portable Devices\services.exe	80%	Virustotal		Browse
C:\Recovery\JjUyoQCSby.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
C:\Recovery\JjUyoQCSby.exe	80%	Virustotal		Browse
C:\Recovery\SgrmBroker.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
C:\Recovery\SgrmBroker.exe	80%	Virustotal		Browse
C:\Recovery\StartMenuExperienceHost.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
C:\Recovery\StartMenuExperienceHost.exe	80%	Virustotal		Browse
C:\Users\Default\JjUyoQCSby.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
C:\Users\Default\JjUyoQCSby.exe	80%	Virustotal		Browse
C:\Users\Public\Desktop\JjUyoQCSby.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
C:\Users\Public\Desktop\JjUyoQCSby.exe	80%	Virustotal		Browse
C:\Windows\Vss\JjUyoQCSby.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
C:\Windows\Vss\JjUyoQCSby.exe	80%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
bg.microsoft.map.fastly.net	0%	Virustotal		Browse
18.31.95.13.in-addr.arpa	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	0%, Virustotal, Browse	unknown
18.31.95.13.in-addr.arpa	unknown	unknown	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Duq6x6p2Pd.exe, 00000000.00000002.1690413959.0000000003026000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501607
Start date and time:	2024-08-30 07:51:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Duq6x6p2Pd.exe renamed because original name is a hash value
Original Sample Name:	37f802ced3decc7e6fe7d86cb36e4ab2.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@41/29@1/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 55% Number of executed functions: 504 Number of non-executed functions: 10
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Excluded IPs from analysis (whitelisted): 20.114.59.183, 20.242.39.171, 20.166.126.56, 40.68.123.157
Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target Duq6x6p2Pd.exe, PID 7440 because it is empty
Execution Graph export aborted for target JjUyoQCSby.exe, PID 7864 because it is empty
Execution Graph export aborted for target SgrmBroker.exe, PID 7936 because it is empty
Execution Graph export aborted for target SgrmBroker.exe, PID 7984 because it is empty
Execution Graph export aborted for target StartMenuExperienceHost.exe, PID 8060 because it is empty
Execution Graph export aborted for target StartMenuExperienceHost.exe, PID 8092 because it is empty
Execution Graph export aborted for target services.exe, PID 2800 because it is empty
Execution Graph export aborted for target services.exe, PID 4320 because it is empty
Execution Graph export aborted for target services.exe, PID 4900 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
06:51:57	Task Scheduler	Run new task: JjUyoQCSby path: "C:\Recovery\JjUyoQCSby.exe"
06:51:57	Task Scheduler	Run new task: JjUyoQCSbyJ path: "C:\Recovery\JjUyoQCSby.exe"
06:51:57	Task Scheduler	Run new task: SgrmBroker path: "C:\Recovery\SgrmBroker.exe"
06:51:57	Task Scheduler	Run new task: SgrmBrokerS path: "C:\Recovery\SgrmBroker.exe"
06:51:57	Task Scheduler	Run new task: StartMenuExperienceHost path: "C:\Recovery\StartMenuExperienceHost.exe"
06:51:57	Task Scheduler	Run new task: StartMenuExperienceHostS path: "C:\Recovery\StartMenuExperienceHost.exe"
06:51:59	Task Scheduler	Run new task: services path: "C:\Program Files (x86)\windows portable devices\services.exe"
06:51:59	Task Scheduler	Run new task: servicess path: "C:\Program Files (x86)\windows portable devices\services.exe"

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bg.microsoft.map.fastly.net	https://whatslnc-com.cc/	Get hash	malicious	Unknown	Browse	199.232.214.172
	http://interface-git-main-uniswap.vercel.app/	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://main.d2xq42pztvbuiz.amplifyapp.com/	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://metamasskluginn.blogspot.cz/	Get hash	malicious	Unknown	Browse	199.232.214.172
	http://netflix-kyeav.vercel.app/	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	http://kfkkfd.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	199.232.210.172
	http://akbank-direktkredim.pages.dev/	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://djp.lkmh89074.dns-dynamic.net/	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://bafybeibiih2mlglsyxe5tdvx6zjg2fyh4tcpmhsfq6iptksuqk6zfotfla.ipfs.w3s.link/	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://bafkreieaf76taco73pudblwjxda6p5lpfwgzwehwwyx7fnmt2u22ocnxdy.ipfs.dweb.link/	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	914432
Entropy (8bit):	6.301391722625761
Encrypted:	false
SSDEEP:	12288:BiEtiV+P5i/7uAVIaMv1p2NtIHlGwtCBnAa0kvO4rHrv3z26deVVad:Bq+xijuAVNaHlGwtAneMO0v3SXW
MD5:	37F802CED3DECC7E6FE7D86CB36E4AB2
SHA1:	8A6F8E3994B478B814B1C998BE4BD3E30BE5B2CA
SHA-256:	7D98611283D499F433863F442985FFA41F5A83DF0BECCA0F8F65EC60C1174BD5
SHA-512:	11F5D0940DBE9064DA2440FD5CCB549276E4C35318CBCB5CB96E196A9793205470EF72BC30473CB8FEB0C1A166E90572562549D375EF2C63E1FEF187932842F9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 84% Antivirus: Virustotal, Detection: 80%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......n.... ........@.. .......................`............@................................. ...K.... .......................@....................................................... ............... ..H............text...t.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files (x86)\Microsoft Office\a010d8a77ca910

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with very long lines (457), with no line terminators
Category:	dropped
Size (bytes):	457
Entropy (8bit):	5.861559050090002
Encrypted:	false
SSDEEP:	12:mloYvBTPHXRweNoSm5oyQXgIXEhprO0SE2G2CtkSi:6lZzHXqeqSFy2Z2prOrfpCOSi
MD5:	F7B4EA9EF0A4D7AE50B9F7B85ADCAE67
SHA1:	EF6C662096DA149E5700B143AF1540DB1B50BF54
SHA-256:	6A0E9E85139BD6FA033534C81DEADE9EA8091B50C53B52EA7E951AAB6BEA8662
SHA-512:	BABDE315757759B222CF234CCBF6AD0F418BFB7E0B782711E9CCB713FC096E96F0DF7AAE4DB045B82B59E08CF4CD41E6E897DF96F0BF2E51E4427C475302A0E6
Malicious:	false
Preview:	fekMjr2U28is75fzWhptZAqUdhQkLE88w3HLtcckyfh49djvsK2uZkCfxQsCaRJxAk5DxUF4FE43dwUA8f2AMNiM1mYdtZJgVu4Zhf7YE7oVpICB5sE5ZJlwCsML6mLp4Xht25cche6OiNgsjWiAVOHMIIWyTwcbw9aRlTJAPlX5NWNzMdljEKUqQVktinJvCebjwOHQNhvt0L9w4hmzK2XmotBPtZbmcm3s5nC7WUWgZk0EVyzBATlJGz4DN1hxGJROSQ0Rfpdzg1NE3745kalIBumGs8texiZQTmvE7ifV0vmPl0KQ7lNqiIMiouig58C8b7vQLz7C4PSPHWe2ydhLUtrKZNaNA9Z1tnyoE3EHoLwSz7aSPprbb0osPk18ZuB40bgei0y5ZZhI6ZVcwI7UR7a29GYeBGs3J1cXa6tZ1wCBSfvzOZLQxrn2BnecbT3Sqo8E7

C:\Program Files (x86)\Windows Portable Devices\c5b4cb5e9653cc

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	98
Entropy (8bit):	5.423198048497779
Encrypted:	false
SSDEEP:	3:tx3dNG6BytpxCWDtQhNG9jjkryad+dhNn:tbNG60nxCCSsfRl
MD5:	F250A35B006F751E7660B455E41D6872
SHA1:	352616460BF701DD8B0197CEAD03AB5D50285128
SHA-256:	0EA4B878CDF1A64CEF6D5D781CA884DD224B5D4DD80DD5272C5C99545BE6C7DD
SHA-512:	D90DB4F91B7324A7EFDB82B19C5F2F2A0F11B002E69EF2F4FE023E09EB44E4D09B283F33403D51C462B4CC65785EAB0FB93BC999F69413C640595BE499776AFE
Malicious:	false
Preview:	cOjWwbR8h2tUogq2RXV2QNI8nDAH1ERXOig0YlPYGj6mKD57or8PjjzPGltsbKGclVFFA0dpH7vqRfxjIDdKGByptRux2g75cd

C:\Program Files (x86)\Windows Portable Devices\services.exe

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	914432
Entropy (8bit):	6.301391722625761
Encrypted:	false
SSDEEP:	12288:BiEtiV+P5i/7uAVIaMv1p2NtIHlGwtCBnAa0kvO4rHrv3z26deVVad:Bq+xijuAVNaHlGwtAneMO0v3SXW
MD5:	37F802CED3DECC7E6FE7D86CB36E4AB2
SHA1:	8A6F8E3994B478B814B1C998BE4BD3E30BE5B2CA
SHA-256:	7D98611283D499F433863F442985FFA41F5A83DF0BECCA0F8F65EC60C1174BD5
SHA-512:	11F5D0940DBE9064DA2440FD5CCB549276E4C35318CBCB5CB96E196A9793205470EF72BC30473CB8FEB0C1A166E90572562549D375EF2C63E1FEF187932842F9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 84% Antivirus: Virustotal, Detection: 80%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......n.... ........@.. .......................`............@................................. ...K.... .......................@....................................................... ............... ..H............text...t.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Windows Portable Devices\services.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Recovery\55b276f4edf653

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with very long lines (464), with no line terminators
Category:	dropped
Size (bytes):	464
Entropy (8bit):	5.874664316406212
Encrypted:	false
SSDEEP:	12:aBktE//rjq5DmBYH/E8t1ZKGSzzAAGBqAZAhZiVVcYO5csn:gktE//fqSYHroUAbsAhAVlhsn
MD5:	AAE5CE8326DD72D232470E88A8A589BE
SHA1:	0D7F0F5424844AD271AA807BC8431753A82F0C95
SHA-256:	D81A951007C14E1969E840079BA308C9D0EF1752563423F2F5755592A03AA346
SHA-512:	9BE5469B7F3028B9746AE948B4E6F86C25F447E4251F13F3C3F17C8E8E384B19069A960904E7E89EA7A0040AED1D237755932871E0AC71A020FC00B380604DB7
Malicious:	false
Preview:	GjFdPN3ArpFUYUccoETFAVcceSjGLFvftDx8vyRe0vbcIjUd90iXvycuGn87owzm4klUherzxzPO4AT57FGVhYt5lC2HzTzD6yii895fJsj6jN0GTD9iqdFg0qtfmj9e9LSFcu78KlMyywVXLvxwTRXctBrRPZ3jtF6X5uniGBXERQsEUWT0wNKsy0VaDptvrmFsz8caHOpS3SKdTn73FDxf5OiEZNfbSmXpK9OV33shh2zgq2GZrzpozjxlaXB4sOAQ4fSTZl9MUP8CZCYgGGtc6s0kMm5f1yyS2ilKjwAG0dUjkuMY9eymfhUMprHxqdUgbqK0aN6TGnldYQAbZhgW9LxUNZf2pMZXIxH4kV7vieg150xYrpXJ68gP2znBrEo3NOVlJF1Ejuyfp5YWlHK9zQaKQ2Cus5Ed0norfMPmyTjMJBj6bQZj3oD7yLUQDGVnqUoCRr0Z2iLg

C:\Recovery\91e168f4ec1147

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	76
Entropy (8bit):	5.246099020188092
Encrypted:	false
SSDEEP:	3:KjLTmXx5o/LymItg2C/v2fpuuevGR:KRLPIS2CmIzG
MD5:	A4A7FED7FDB5F1672E71C9C84C7AFCD6
SHA1:	047AD562AA90D7271560947683BA9A54EA2CA373
SHA-256:	16CA06AC8D594E64BA4EDD774688747C1EC191AFB91079E5C581DDE7D0D928ED
SHA-512:	629DF653CA45CBCFE572DDE6C8E4D905C015E301068E59228B1B8B821111531037489F05B750A4D0FC4C578FE709E79EF6ED03581CBBA467A7A7422CF4004DA2
Malicious:	false
Preview:	b8MqILAgZvEbWQ2jHjlfTdtWOM2JFMlvQLDWLzREnYHEybgZdlo1iju7Ozb5T0bNJTKKMfXSSh14

C:\Recovery\JjUyoQCSby.exe

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	914432
Entropy (8bit):	6.301391722625761
Encrypted:	false
SSDEEP:	12288:BiEtiV+P5i/7uAVIaMv1p2NtIHlGwtCBnAa0kvO4rHrv3z26deVVad:Bq+xijuAVNaHlGwtAneMO0v3SXW
MD5:	37F802CED3DECC7E6FE7D86CB36E4AB2
SHA1:	8A6F8E3994B478B814B1C998BE4BD3E30BE5B2CA
SHA-256:	7D98611283D499F433863F442985FFA41F5A83DF0BECCA0F8F65EC60C1174BD5
SHA-512:	11F5D0940DBE9064DA2440FD5CCB549276E4C35318CBCB5CB96E196A9793205470EF72BC30473CB8FEB0C1A166E90572562549D375EF2C63E1FEF187932842F9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 84% Antivirus: Virustotal, Detection: 80%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......n.... ........@.. .......................`............@................................. ...K.... .......................@....................................................... ............... ..H............text...t.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Recovery\JjUyoQCSby.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Recovery\SgrmBroker.exe

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	914432
Entropy (8bit):	6.301391722625761
Encrypted:	false
SSDEEP:	12288:BiEtiV+P5i/7uAVIaMv1p2NtIHlGwtCBnAa0kvO4rHrv3z26deVVad:Bq+xijuAVNaHlGwtAneMO0v3SXW
MD5:	37F802CED3DECC7E6FE7D86CB36E4AB2
SHA1:	8A6F8E3994B478B814B1C998BE4BD3E30BE5B2CA
SHA-256:	7D98611283D499F433863F442985FFA41F5A83DF0BECCA0F8F65EC60C1174BD5
SHA-512:	11F5D0940DBE9064DA2440FD5CCB549276E4C35318CBCB5CB96E196A9793205470EF72BC30473CB8FEB0C1A166E90572562549D375EF2C63E1FEF187932842F9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 84% Antivirus: Virustotal, Detection: 80%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......n.... ........@.. .......................`............@................................. ...K.... .......................@....................................................... ............... ..H............text...t.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Recovery\SgrmBroker.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Recovery\StartMenuExperienceHost.exe

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	914432
Entropy (8bit):	6.301391722625761
Encrypted:	false
SSDEEP:	12288:BiEtiV+P5i/7uAVIaMv1p2NtIHlGwtCBnAa0kvO4rHrv3z26deVVad:Bq+xijuAVNaHlGwtAneMO0v3SXW
MD5:	37F802CED3DECC7E6FE7D86CB36E4AB2
SHA1:	8A6F8E3994B478B814B1C998BE4BD3E30BE5B2CA
SHA-256:	7D98611283D499F433863F442985FFA41F5A83DF0BECCA0F8F65EC60C1174BD5
SHA-512:	11F5D0940DBE9064DA2440FD5CCB549276E4C35318CBCB5CB96E196A9793205470EF72BC30473CB8FEB0C1A166E90572562549D375EF2C63E1FEF187932842F9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 84% Antivirus: Virustotal, Detection: 80%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......n.... ........@.. .......................`............@................................. ...K.... .......................@....................................................... ............... ..H............text...t.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Recovery\StartMenuExperienceHost.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Recovery\a010d8a77ca910

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	227
Entropy (8bit):	5.745669278657275
Encrypted:	false
SSDEEP:	6:OyRSej3L6cTJkwSqzCa0FFp9uGAt6ZilqgvcBCgq:OyRSYL63nPa09sGO6Z5gkBCgq
MD5:	C9683F4ABEF245FFD24F242126724C13
SHA1:	02D0AB94480C6ABDE5C851AAFA6B02F31544A2B0
SHA-256:	32B2062266FBCFD7F9B7D41B0C40841A569561B6856F5C1F009913EC2D205A2D
SHA-512:	9BE01B84A6BFFB4C068D3D7B1835BE34F46D625FFF068A667BAC882AAB5439FEABCE0E6055C8474E3C1DA14AD3EF0E038A168AAB11E75F53B893432C370186F3
Malicious:	false
Preview:	qaGIWXVuw744fQVM7OWjBrzmjQpP0K7paFduGXA46wF7avCfVQsPLKM9ldjFsG3mAPdawlFkNbnOm2LyNJ4kbrdQ3eIny5Mz3c6LRmstLICug7WtSu1iMTLSvNhRccwRPxVK59hkaKZTptt5IZUDDnnjRoZDFaQsVufsmLxSNRIB41nCdlJDHtOlKv3Qkde93q74OAT6lBzwelpZBWjeRNlmg3i0SgsuwJI

C:\Users\Default\JjUyoQCSby.exe

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	914432
Entropy (8bit):	6.301391722625761
Encrypted:	false
SSDEEP:	12288:BiEtiV+P5i/7uAVIaMv1p2NtIHlGwtCBnAa0kvO4rHrv3z26deVVad:Bq+xijuAVNaHlGwtAneMO0v3SXW
MD5:	37F802CED3DECC7E6FE7D86CB36E4AB2
SHA1:	8A6F8E3994B478B814B1C998BE4BD3E30BE5B2CA
SHA-256:	7D98611283D499F433863F442985FFA41F5A83DF0BECCA0F8F65EC60C1174BD5
SHA-512:	11F5D0940DBE9064DA2440FD5CCB549276E4C35318CBCB5CB96E196A9793205470EF72BC30473CB8FEB0C1A166E90572562549D375EF2C63E1FEF187932842F9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 84% Antivirus: Virustotal, Detection: 80%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......n.... ........@.. .......................`............@................................. ...K.... .......................@....................................................... ............... ..H............text...t.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\Default\JjUyoQCSby.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\Default\a010d8a77ca910

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with very long lines (463), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.8721651499546255
Encrypted:	false
SSDEEP:	12:p4Edhha9kuOD1wrZoKUb9DlvwG6BF0TDiudU2:ayjh5+6NbNhwuDw2
MD5:	3ADDD72BEEF3AAC1A112E66E33D8EAC1
SHA1:	CE0ECED24E6A69748141829CD7776BA24F41337B
SHA-256:	6A9BB4CFF996371F8E6EB76B75C462098BE86AE03819B2BC814AE2610BDC7545
SHA-512:	96993C0FD59B25795D49A91E2A5AFAABD055CFF07D45A7B69253D1AB4B87B3DBF2B7163AE8A6A4F460F7ADC4D41285FD4473264D9ED3531B345BDB43A87463B7
Malicious:	false
Preview:	yexFlsdFhR2gbrJGLjkWzEbn14JLy0rPOeDUUXysYtqHd1g3QAqKmDmtDKNqiRRqknS7nzvyv27FYTKAXQ4xKgnK1TRKJHJGcAhzijQbP2YtFhVtAMTSWdgDAHFThloot1nXwUbx9diSI3EU8hK7x0u8edzbd74nNt9O387pufT35O4GCvV9br03Gp3SeAUCi4EY30b9keMSg0CPjsYsl4Mg3GHNEoLuLQUAJgNMUVY6eiWQmntvlmaoshfxsN56TcGQfCFCfMXQfPBUt1ka5ZIj0qRmBadGZcnBbGukiqPYOKIdfKD1meB3ThazudBFtR0DlA2nHA2OJuVpiyG0Wmd5aus4q40EpKp6TE2fRZtmmxtjLuR6XKsGy5n1R87MKyj9EYWd6kj720TnAIs5n3qebjIYbAOTchcxNufxYxAxlvN7m91IPBjQHFifQ8C5VPeVYfZQn5hz332

C:\Users\Public\Desktop\JjUyoQCSby.exe

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	914432
Entropy (8bit):	6.301391722625761
Encrypted:	false
SSDEEP:	12288:BiEtiV+P5i/7uAVIaMv1p2NtIHlGwtCBnAa0kvO4rHrv3z26deVVad:Bq+xijuAVNaHlGwtAneMO0v3SXW
MD5:	37F802CED3DECC7E6FE7D86CB36E4AB2
SHA1:	8A6F8E3994B478B814B1C998BE4BD3E30BE5B2CA
SHA-256:	7D98611283D499F433863F442985FFA41F5A83DF0BECCA0F8F65EC60C1174BD5
SHA-512:	11F5D0940DBE9064DA2440FD5CCB549276E4C35318CBCB5CB96E196A9793205470EF72BC30473CB8FEB0C1A166E90572562549D375EF2C63E1FEF187932842F9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 84% Antivirus: Virustotal, Detection: 80%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......n.... ........@.. .......................`............@................................. ...K.... .......................@....................................................... ............... ..H............text...t.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\Public\Desktop\JjUyoQCSby.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\Public\Desktop\a010d8a77ca910

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with very long lines (549), with no line terminators
Category:	dropped
Size (bytes):	549
Entropy (8bit):	5.874520214151873
Encrypted:	false
SSDEEP:	12:Yzbb4oFWLTT4MqRea0go9TNUWj35emWBSUOThWXeChnSfLJH6yC:YbJqf4DUa0XTRj4mnUEhWNnSzu
MD5:	70B1022B994034BA50E5ED409622B812
SHA1:	A9D08A77373205449126E2D559E0CAE223C0FF49
SHA-256:	B151F0A991542D4F4B0848AF548018AA68BA1949EE98F69B933B706010E32B77
SHA-512:	415FAED284A9B95C4B7834B4BA7D2D5DEC2B656C5632809CB6D13AD99172E382418B6EEFF299C01D3A16FD10184550BB7A8416A9ECC1503D0286FF5354BA9114
Malicious:	false
Preview:	AtZREI0ZHLl9vPWAkK9dXB6wnMwvM8x3nyGvgGJphaKJB3kJApUxJqK9xmo2VENIYsW7JleeAT560xvtlmvhn9t7nH84cQTdMBuThnAZL0w0uNI914RtSqfY8ZTCnkBt9ctzCbM7mVVwM3MZ98Ci9kKggWVIT8wlzC0SdT6arTH6UsMEM3DohduZRNSqFDnoju7JD36pBm0qdNMyJR5Z4HDVSbBQAQUnpdXjuCAS7Xn5nE6DAdgyINtcrm0m2ppvRMA90nEHQmcheHsOe7Qhtgfcu41ILYaSs1naE6MWZZhfvL8j3mH4YHBvqiP6w552LJzmeRKiv4HT8Aqi6ROjQg3k02ugqQkdepTlWVFlcjJeAswq1r9erWlpQOwlho1eTozTqELkMnGrXYkHFEo9QGwIDoVHjdEyroLV2d9xfZSDP4S2oogd92NN1rQCsEAsiSAsNOOmE0d1ys2JVdd57lyza7eLN7EbZje74joaZ3ZIYWZJyHqPlEu7dLRPuDZHwCcON5OwyCgELpaEiVXGQy0UzhdtRZqWeSWW4

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Duq6x6p2Pd.exe.log

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1740
Entropy (8bit):	5.36827240602657
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkhHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkhtpaqZ4x
MD5:	B28E0CCD25623D173B2EB29F3A99B9DD
SHA1:	070E4C4A7F903505259E41AFDF7873C31F90D591
SHA-256:	3A108902F93EF9E952D9E748207778718A2CBAEB0AB39C41BD37E9BB0B85BF3A
SHA-512:	17F5FBF18EE0058F928A4D7C53AA4B1191BA3110EDF8E853F145D720381FCEA650A3C997E3D56597150149771E14C529F1BDFDC4A2BBD3719336259C4DD8B342
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\JjUyoQCSby.exe.log

Download File

Process:	C:\Recovery\JjUyoQCSby.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SgrmBroker.exe.log

Download File

Process:	C:\Recovery\SgrmBroker.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\StartMenuExperienceHost.exe.log

Download File

Process:	C:\Recovery\StartMenuExperienceHost.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\services.exe.log

Download File

Process:	C:\Program Files (x86)\Windows Portable Devices\services.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Windows\Vss\JjUyoQCSby.exe

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	914432
Entropy (8bit):	6.301391722625761
Encrypted:	false
SSDEEP:	12288:BiEtiV+P5i/7uAVIaMv1p2NtIHlGwtCBnAa0kvO4rHrv3z26deVVad:Bq+xijuAVNaHlGwtAneMO0v3SXW
MD5:	37F802CED3DECC7E6FE7D86CB36E4AB2
SHA1:	8A6F8E3994B478B814B1C998BE4BD3E30BE5B2CA
SHA-256:	7D98611283D499F433863F442985FFA41F5A83DF0BECCA0F8F65EC60C1174BD5
SHA-512:	11F5D0940DBE9064DA2440FD5CCB549276E4C35318CBCB5CB96E196A9793205470EF72BC30473CB8FEB0C1A166E90572562549D375EF2C63E1FEF187932842F9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 84% Antivirus: Virustotal, Detection: 80%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......n.... ........@.. .......................`............@................................. ...K.... .......................@....................................................... ............... ..H............text...t.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Vss\JjUyoQCSby.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\Vss\a010d8a77ca910

Download File

Process:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
File Type:	ASCII text, with very long lines (600), with no line terminators
Category:	dropped
Size (bytes):	600
Entropy (8bit):	5.848912087692124
Encrypted:	false
SSDEEP:	12:tsNgCpuXH41hV3aGuXwNQk1AKl2fetEqOEY3us67qca58QTNqGI:tsd5hxGgWkiKlTO33us6qcGz8GI
MD5:	509F4B0186029B8B502C9F188FC92B9A
SHA1:	1945984B300E4D7E4684C7F487D7523C6101413C
SHA-256:	FE4875C15799895DE1AFAEA9A5CCD3BE2B18F0EF9D1567DAA4E42C755C23BBAB
SHA-512:	200FD509C7E2A93F359E0277E8E174D822D73EDD6B79922421ECE1628C56B8034BF9490366C68305373DFDEFBA1E6E0BA5C00ED07B23D840271035103F875BB6
Malicious:	false
Preview:	xJkXr5WkhaWtFqwlAzOye8kSGp7y3N1kTJ9s5jOgGaRhdOsgfgl84JGzjSRC8iqUjvZ6rEpalrrDqDy26aSXl3qKCJJnSMiiu78syvzb0KWMbCIfeYFiPTsqEO4h4CIYJJTtEFDLk1gbget9AnJ3HASaORnk0RgyC8DSsZbYU37YwRKkf4gR3OQJ03ewcdUSUsZhbaQlMuiOC3n7HDE6uP4xr3bz4o61ioEE1mJEn5EIpCG6PgpZYYiFxl0h8bqiyrpYzjFf39SzKwIoxekY8hcKG9RQwlGMOgT7WsHqaJfZFs4AdLue0SjRPfS0SzsR3FkocKSEX37yBDEXEQxl1mV66Bs1aRYlbNf9HQhS3pG6UuPLb4wBBHaRuorbbaoFfVXyhEPxsesLfYlLvgZffWjTwOPdiG1cAAb8XboXo8ThZOwVCgp4AIkIwDBTywPlnPKe7nyU2C1hDC4hb4bCb6b1aSMTZVi2sr3JERXYrUC7RDFtJe13UMKrySEpaf5he8yVIvdJhCVG4dkWMcJ5dohfhMUvNs8LZedSPtkXArWR1DwUsrc8V9DzbSy6as6yEJqZ9RHd1v5wRPodZACfQA0a

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.301391722625761
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	Duq6x6p2Pd.exe
File size:	914'432 bytes
MD5:	37f802ced3decc7e6fe7d86cb36e4ab2
SHA1:	8a6f8e3994b478b814b1c998be4bd3e30be5b2ca
SHA256:	7d98611283d499f433863f442985ffa41f5a83df0becca0f8f65ec60c1174bd5
SHA512:	11f5d0940dbe9064da2440fd5ccb549276e4c35318cbcb5cb96e196a9793205470ef72bc30473cb8feb0c1a166e90572562549d375ef2c63e1fef187932842f9
SSDEEP:	12288:BiEtiV+P5i/7uAVIaMv1p2NtIHlGwtCBnAa0kvO4rHrv3z26deVVad:Bq+xijuAVNaHlGwtAneMO0v3SXW
TLSH:	071518027E48CE41F419127BC3EF45488BB0E85166A6E32B7DBA376D16163A73C0D9DB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....rb.....................6......n.... ........@.. .......................`............@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4dd86e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6272A3D7 [Wed May 4 16:03:35 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xdd820	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xe2000	0x218	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xe4000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xdb874	0xdba00	196cffe7a14cdfb78e4cb403bc8e0610	False	0.5418404506972112	data	6.3410464159381785	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.sdata	0xde000	0x2fdf	0x3000	06cdca0d090e204bdda0fb6908e7afc2	False	0.3099772135416667	data	3.2430701891198876	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xe2000	0x218	0x400	94c65a7e8ddec7b9ad03ab9b2d370fa4	False	0.2626953125	data	1.8371269699553323	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xe4000	0xc	0x200	60bb9607120ecef2ddccaaa364702daa	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xe2058	0x1c0	ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970	English	United States	0.5223214285714286

Imports

DLL	Import
mscoree.dll	_CorExeMain

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 07:52:27.400209904 CEST	53	55276	162.159.36.2	192.168.2.4
Aug 30, 2024 07:52:27.851785898 CEST	64858	53	192.168.2.4	1.1.1.1
Aug 30, 2024 07:52:27.868954897 CEST	53	64858	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 30, 2024 07:52:27.851785898 CEST	192.168.2.4	1.1.1.1	0x181b	Standard query (0)	18.31.95.13.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 30, 2024 07:52:13.169461966 CEST	1.1.1.1	192.168.2.4	0x26c	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Aug 30, 2024 07:52:13.169461966 CEST	1.1.1.1	192.168.2.4	0x26c	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Aug 30, 2024 07:52:27.868954897 CEST	1.1.1.1	192.168.2.4	0x181b	Name error (3)	18.31.95.13.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

Target ID:	0
Start time:	01:51:54
Start date:	30/08/2024
Path:	C:\Users\user\Desktop\Duq6x6p2Pd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Duq6x6p2Pd.exe"
Imagebase:	0x860000
File size:	914'432 bytes
MD5 hash:	37F802CED3DECC7E6FE7D86CB36E4AB2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1690413959.0000000003026000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1690413959.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1691528153.0000000012C51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	01:51:55
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 13 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	01:51:55
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	01:51:55
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 8 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	01:51:55
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 6 /tr "'C:\Users\Public\Desktop\JjUyoQCSby.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	01:51:55
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Users\Public\Desktop\JjUyoQCSby.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	01:51:55
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Desktop\JjUyoQCSby.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	01:51:55
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 10 /tr "'C:\Recovery\JjUyoQCSby.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	01:51:55
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Recovery\JjUyoQCSby.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	01:51:55
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 9 /tr "'C:\Recovery\JjUyoQCSby.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	01:51:55
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 11 /tr "'C:\Users\Default User\JjUyoQCSby.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	01:51:55
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Users\Default User\JjUyoQCSby.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	01:51:55
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 8 /tr "'C:\Users\Default User\JjUyoQCSby.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	01:51:56
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 8 /tr "'C:\Recovery\SgrmBroker.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	01:51:56
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "SgrmBroker" /sc ONLOGON /tr "'C:\Recovery\SgrmBroker.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	01:51:56
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 11 /tr "'C:\Recovery\SgrmBroker.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	01:51:56
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 7 /tr "'C:\Recovery\JjUyoQCSby.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	01:51:56
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Recovery\JjUyoQCSby.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	01:51:56
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 14 /tr "'C:\Recovery\JjUyoQCSby.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 11 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 7 /tr "'C:\Recovery\StartMenuExperienceHost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Recovery\JjUyoQCSby.exe
Wow64 process (32bit):	false
Commandline:	C:\Recovery\JjUyoQCSby.exe
Imagebase:	0x860000
File size:	914'432 bytes
MD5 hash:	37F802CED3DECC7E6FE7D86CB36E4AB2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000016.00000002.1765717373.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 84%, ReversingLabs Detection: 80%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\microsoft office\JjUyoQCSby.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft office\JjUyoQCSby.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\microsoft office\JjUyoQCSby.exe"
Imagebase:	0x4a0000
File size:	914'432 bytes
MD5 hash:	37F802CED3DECC7E6FE7D86CB36E4AB2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 100%, Joe Sandbox ML Detection: 100%, Joe Sandbox ML Detection: 100%, Joe Sandbox ML Detection: 100%, Joe Sandbox ML Detection: 84%, ReversingLabs Detection: 80%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\microsoft office\JjUyoQCSby.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Recovery\SgrmBroker.exe
Wow64 process (32bit):	false
Commandline:	C:\Recovery\SgrmBroker.exe
Imagebase:	0x890000
File size:	914'432 bytes
MD5 hash:	37F802CED3DECC7E6FE7D86CB36E4AB2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001B.00000002.1771961423.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 84%, ReversingLabs Detection: 80%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Recovery\SgrmBroker.exe
Wow64 process (32bit):	false
Commandline:	C:\Recovery\SgrmBroker.exe
Imagebase:	0x560000
File size:	914'432 bytes
MD5 hash:	37F802CED3DECC7E6FE7D86CB36E4AB2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001C.00000002.1771784503.000000000277C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001C.00000002.1771784503.0000000002750000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "servicess" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows portable devices\services.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files (x86)\windows portable devices\services.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Recovery\StartMenuExperienceHost.exe
Wow64 process (32bit):	false
Commandline:	C:\Recovery\StartMenuExperienceHost.exe
Imagebase:	0xa40000
File size:	914'432 bytes
MD5 hash:	37F802CED3DECC7E6FE7D86CB36E4AB2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001F.00000002.1772404761.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 84%, ReversingLabs Detection: 80%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "servicess" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows portable devices\services.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Recovery\StartMenuExperienceHost.exe
Wow64 process (32bit):	false
Commandline:	C:\Recovery\StartMenuExperienceHost.exe
Imagebase:	0x9d0000
File size:	914'432 bytes
MD5 hash:	37F802CED3DECC7E6FE7D86CB36E4AB2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000021.00000002.1780501594.0000000002C70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000021.00000002.1780501594.0000000002C9D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 9 /tr "'C:\Windows\Vss\JjUyoQCSby.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSby" /sc ONLOGON /tr "'C:\Windows\Vss\JjUyoQCSby.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "JjUyoQCSbyJ" /sc MINUTE /mo 11 /tr "'C:\Windows\Vss\JjUyoQCSby.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	01:51:57
Start date:	30/08/2024
Path:	C:\Program Files (x86)\Windows Portable Devices\services.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows portable devices\services.exe"
Imagebase:	0x310000
File size:	914'432 bytes
MD5 hash:	37F802CED3DECC7E6FE7D86CB36E4AB2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000025.00000002.1768766144.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 84%, ReversingLabs Detection: 80%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	01:51:59
Start date:	30/08/2024
Path:	C:\Program Files (x86)\Windows Portable Devices\services.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows portable devices\services.exe"
Imagebase:	0xbb0000
File size:	914'432 bytes
MD5 hash:	37F802CED3DECC7E6FE7D86CB36E4AB2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000026.00000002.1789341240.00000000030AD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	01:51:59
Start date:	30/08/2024
Path:	C:\Program Files (x86)\Windows Portable Devices\services.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\windows portable devices\services.exe"
Imagebase:	0x640000
File size:	914'432 bytes
MD5 hash:	37F802CED3DECC7E6FE7D86CB36E4AB2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000027.00000002.1789225216.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Function 00007FFD9B6B35D5 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

N_H, xrefs: 00007FFD9B6B3760

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID: N_H
API String ID: 0-343878021
Opcode ID: 96f68cfdf3b34d4f4b3fe7b891762daadb701adc8dcbd88d7bdee42ac87af9db
Instruction ID: 71cc900dcb104cd415ca1c80708113af927eda8b70978a919e835ed05d9c7cfb
Opcode Fuzzy Hash: 96f68cfdf3b34d4f4b3fe7b891762daadb701adc8dcbd88d7bdee42ac87af9db
Instruction Fuzzy Hash: 8491D171A1D95D8FEB58DBA8C8257A97BF1EF69300F5001BED019CB2DADBB528018B41

Function 00007FFD9B6B1738 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7363a1dec95fc7b79fdd344a3504a23171b6389c387ed55626c6a1efc205a11
Instruction ID: 958be3311df1cf3e45dec7f3a70c8acda26bfc9a21f43e3cd8659d0fba530381
Opcode Fuzzy Hash: d7363a1dec95fc7b79fdd344a3504a23171b6389c387ed55626c6a1efc205a11
Instruction Fuzzy Hash: E081A031B1DA5D4FDB68DE5888715A977E2FF98300B15417AE46EC72A2DE34BD02CB80

Function 00007FFD9B6B1D7D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e1867a0a3d3fa9bc58f776b9412fc6791f9ae0f3402db15e5270283eecf2597
Instruction ID: e8dad7f92a5b158b8e467a144d1cb80b2a4224bc0c08c73db9d9f733e2a563bc
Opcode Fuzzy Hash: 6e1867a0a3d3fa9bc58f776b9412fc6791f9ae0f3402db15e5270283eecf2597
Instruction Fuzzy Hash: 9551D131B2DA594FDB58CE5888655BA77E2FF98300B15417ED46ECB296CE34ED02CB80

Function 00007FFD9B6B22C5 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d05521f6073e5c155b0172cc10d903b7b2697297ed95494fb34bd0ab54ab9a5f
Instruction ID: 991952f411a626fa508013b97640c9cf64a7b91fbf42e95d13c36851db614c9a
Opcode Fuzzy Hash: d05521f6073e5c155b0172cc10d903b7b2697297ed95494fb34bd0ab54ab9a5f
Instruction Fuzzy Hash: 56517131E0E52E8AEB749BD4D8216B9BBF0FF45300F1201B9D06D9A1E2DE387A458E41

Function 00007FFD9B6B3231 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1648eced62b53a61d711d6bf448c44911eeaf88efb1a217b32260b5b15891946
Instruction ID: 61088ff321f41a46496f23d6c66f044e0a9930758d369239d3e68f5d35c0c925
Opcode Fuzzy Hash: 1648eced62b53a61d711d6bf448c44911eeaf88efb1a217b32260b5b15891946
Instruction Fuzzy Hash: 31510671E1D66D8FEB64DB98C4A46EDBBF1EF58300F51017AD019EB2A1DE386A44CB10

Function 00007FFD9B6B2195 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbdde2c51d24ed80b1492e87fa0a35f50c04e512207f4d0aadd0d052a095dddf
Instruction ID: 8c2b46f0843cc70eaf15a3c178e03d75b117544013af4ad468e5331b97066044
Opcode Fuzzy Hash: fbdde2c51d24ed80b1492e87fa0a35f50c04e512207f4d0aadd0d052a095dddf
Instruction Fuzzy Hash: 9E418A31B0E69A0FE765D7B894651B97FE0EF86300B0505FBD06CCB1A6DE28B9418741

Function 00007FFD9B6B34D1 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b295d311b12adf084e7a9f52e5414790225de1d19d6cb2c84db2b5fd9c738743
Instruction ID: 14bc6dcefbe93ec0dccd8c0b2e7cbc9c159ee87bc91363023513ed8ffe4413a2
Opcode Fuzzy Hash: b295d311b12adf084e7a9f52e5414790225de1d19d6cb2c84db2b5fd9c738743
Instruction Fuzzy Hash: 3F314F71A0E65E8FDB69EF6488685B97BB0FF19300F1105BFD429CA1A2DA35A644CB40

Function 00007FFD9B6B122D Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1164ce88146c997852519970b518457e91e9b79386b6e5b5b949ee3a42a75d9
Instruction ID: 5fe7beb455dbaca4521cc011a1d28ad7b4a5f577decfb873f587dd2d6ed97134
Opcode Fuzzy Hash: c1164ce88146c997852519970b518457e91e9b79386b6e5b5b949ee3a42a75d9
Instruction Fuzzy Hash: B031F271A1EA5E4FEB69DB68C4652BA3BF0FF66300F0101BAD02ACA1E1DF3465448B00

Function 00007FFD9B6B3430 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39b518ac0fa0687cf17a4201054887282791f9f72d0c91612a2c08689d935805
Instruction ID: 1996b32eabb5e7bd9dbd5171e5b64d567a7b5ad11703e79ee2df23f799eb9028
Opcode Fuzzy Hash: 39b518ac0fa0687cf17a4201054887282791f9f72d0c91612a2c08689d935805
Instruction Fuzzy Hash: C9319F31A4E68D8FD753EFA488685A97FF0EF06310F0945EBD458CB0A2DA28A545CB11

Function 00007FFD9B6B0A01 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c68241af30969204072c3ebb67c431cfe79dfb7df44378f3363e7d27df3a9f35
Instruction ID: 0319ee1760a0b4f25d9834ad3eae97acbd151f06603032275e6277799ddfdbf7
Opcode Fuzzy Hash: c68241af30969204072c3ebb67c431cfe79dfb7df44378f3363e7d27df3a9f35
Instruction Fuzzy Hash: 0A21C475E1E51E4EE7A0EBA888692FD7BF0FF54700F414976D42DCA0A2EE34B6408B00

Function 00007FFD9B6B085D Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 324872ffd0cf18265adaff08151695f5e85ebff9653a53322b3698807838fc09
Instruction ID: 027104df53f7c7725bf3d68913fa3d9077d1f274033425aa945103e95c8d4c68
Opcode Fuzzy Hash: 324872ffd0cf18265adaff08151695f5e85ebff9653a53322b3698807838fc09
Instruction Fuzzy Hash: 53213721B0E55E9EEB61A7BC88694F83BE0EF01300F0640B2D059CE0A3DD24B2558680

Function 00007FFD9B6B0AA1 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d3004bd72ae5a433b56191e3aefba6ae53a64500596645445059cdb185a8059
Instruction ID: e3507b6e9800e336d9ecc1659d02f4ac437a890625dd006aa25de2e07710261a
Opcode Fuzzy Hash: 3d3004bd72ae5a433b56191e3aefba6ae53a64500596645445059cdb185a8059
Instruction Fuzzy Hash: 4B21C231A5E55E4FE761EBA984655F97BF0FF59700F4209B2D429CB0A6EE24F6008B00

Function 00007FFD9B6B289D Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f66e7c793c60e1e49c93666f307d07b4eb6f2657d582778bb90bd44f1428fbc9
Instruction ID: 91ed1424820d419735d5ec44e4f4fe776b2c4ba97f9547f0887d4079b7617140
Opcode Fuzzy Hash: f66e7c793c60e1e49c93666f307d07b4eb6f2657d582778bb90bd44f1428fbc9
Instruction Fuzzy Hash: 5E219230A1E55E8FE765ABA494695B93BF0EF15300F01447AD42CCA0E6DF38F544CB40

Function 00007FFD9B6B08E5 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9afe445961dfe475fcf707f01a71c3e4b8a8f7233309e15d8a774bbd4da8dcf3
Instruction ID: 5caa644ad3d57f56223b11aae0ee096d5a3597cfbd502a962a62725bf7556f93
Opcode Fuzzy Hash: 9afe445961dfe475fcf707f01a71c3e4b8a8f7233309e15d8a774bbd4da8dcf3
Instruction Fuzzy Hash: 2A11B631A4E51E8FFB71BAB584592B93FF0EF59700F124976D42DCA0A2DE34F6408A40

Function 00007FFD9B6B1CFD Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c99d700dfb92c213a9963494b88e3bcb73e86b8fa69f95dfa692b79680fea2e0
Instruction ID: 5e7149b20281b88f436629a0d0b4be17b1b3aea94fe2de71ecf2ffdac5938cb4
Opcode Fuzzy Hash: c99d700dfb92c213a9963494b88e3bcb73e86b8fa69f95dfa692b79680fea2e0
Instruction Fuzzy Hash: 3E11D670A1E65E8FEB659F6498252F937A0FF05300F11447AE41DCA1E1DB38B650CB40

Function 00007FFD9B6B0F2E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dbe618c1f6f10cc80dc8dfd17456d0c2fbb1386abcfd8ba2783170ccf9ea6e2
Instruction ID: df7b19261ac64a703f931d46fe4d871797063db861a1439757de5be4640a5c1d
Opcode Fuzzy Hash: 7dbe618c1f6f10cc80dc8dfd17456d0c2fbb1386abcfd8ba2783170ccf9ea6e2
Instruction Fuzzy Hash: 54114F31F1981D8BEB64EB58C864FEDB7B1FB58300F118265C419EB2A5DE347A458F80

Function 00007FFD9B6B282D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42e7fd8c092df248325dc8c89ecfe8f564d107b9afe01994a9c9a5dd4c811cea
Instruction ID: 2545e987f8a9077b55dba1a83a7094b28cfe711133acaffd23060a2a959153c8
Opcode Fuzzy Hash: 42e7fd8c092df248325dc8c89ecfe8f564d107b9afe01994a9c9a5dd4c811cea
Instruction Fuzzy Hash: D711E330A1E65E8BEB799FA494252F93BF0FF05301F01487AE42DCA1E1DB38B554CA40

Function 00007FFD9B6B05D8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 815af0a0bc5862b1b51570534b0de976f11cc99e5dd52bc4e10a1e9cbed39e41
Instruction ID: 4173e96015e5309f28051d4e8763c9a0a66ffd82fa176f064923b284133aafd7
Opcode Fuzzy Hash: 815af0a0bc5862b1b51570534b0de976f11cc99e5dd52bc4e10a1e9cbed39e41
Instruction Fuzzy Hash: 1F01BC30A1A91E9FDBA8EF64C0696B977F1EF58300F20087ED02EC61E5CA31B651CB40

Function 00007FFD9B6B2F39 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ab5e8060c6ae36b6a96be30c28a6bd3211faea081527c7c1137f5a0c1aa3edf
Instruction ID: aaec09bf2e7b82a75445dfd791033e91446a51c40cd9c4922f6843f7c73334a8
Opcode Fuzzy Hash: 0ab5e8060c6ae36b6a96be30c28a6bd3211faea081527c7c1137f5a0c1aa3edf
Instruction Fuzzy Hash: AA01B570A5E64D4FD762ABA488695A97FF0EF06300F0608F2D41CCB0F6DA24A5448700

Function 00007FFD9B6B0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50d9f9e62a50ea7e198fd9a334c04d9e6cfa204f62ce86d068bbf33e2f95ac56
Instruction ID: cbfdec178e3504994cb6ec70e50b33a433ff00b7976c07e233e3f5e333746797
Opcode Fuzzy Hash: 50d9f9e62a50ea7e198fd9a334c04d9e6cfa204f62ce86d068bbf33e2f95ac56
Instruction Fuzzy Hash: 80014F30A1990E8ADB69ABA4D4685B977E0FF19305F11047EE42ECA1E5DF35F554CA00

Function 00007FFD9B6B0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c423fcadd67db886cd66b12944b3fa6262f212557a3f72b91846b2ee6be37587
Instruction ID: be4cacf0c50f0dba3d257d5fc0a78a16a1d192a808fb1e25d9af1be573ffae0b
Opcode Fuzzy Hash: c423fcadd67db886cd66b12944b3fa6262f212557a3f72b91846b2ee6be37587
Instruction Fuzzy Hash: 8C016230A1951E8ADB59EFA4D4695BA7BF0FF18305F11087EE42EC61E5DF35B194CA00

Function 00007FFD9B6B1240 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcdb740ef9e88dae93083c822390c61b64a783b8b99b4ef75b03759b421f6b42
Instruction ID: 21afc560e6581cadf11f57402f04b4a98b3c6a77004c913a72e40bd9cf67d577
Opcode Fuzzy Hash: bcdb740ef9e88dae93083c822390c61b64a783b8b99b4ef75b03759b421f6b42
Instruction Fuzzy Hash: 1FF0A970E1E55E4AFB659A9884293BA77F0FF56311F00057AE429C60E1DF3426948A40

Function 00007FFD9B6B05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d10691ad045a7ad108492be410595e68251f0855e73eb5477c66b365e661829a
Instruction ID: e84160083a5654fe6db62255b03be54cf3e0a042839194441c1da495e518bba1
Opcode Fuzzy Hash: d10691ad045a7ad108492be410595e68251f0855e73eb5477c66b365e661829a
Instruction Fuzzy Hash: 33F0C230A1E65E9FDB68EF6494256FA37A0EF05304F51087AE81DC60E1CF35B660CB40

Function 00007FFD9B6B3555 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 500da16a2ab7d508419512607441615295569338dfcd863e91e4cab36492d4ee
Instruction ID: 3f7783450ffffc8e4a3fa5c228bc949f8a2968b7b12d2a24361e71b711254a3c
Opcode Fuzzy Hash: 500da16a2ab7d508419512607441615295569338dfcd863e91e4cab36492d4ee
Instruction Fuzzy Hash: F1F08671E0D69E8FDB659F6488285FD7BB0FF15300F41057ED428C61A1DB3465108B40

Function 00007FFD9B6B27B9 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1694203088.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b6b0000_Duq6x6p2Pd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 022aa8e454fd61a94af02088e339a6c6fd247b8542e08c75b9b2487888ba01a1
Instruction ID: 9b74f90d1ad97abdbb0bc7ac702d2d8bef9a8542ab7d002d56388f7ec3821320
Opcode Fuzzy Hash: 022aa8e454fd61a94af02088e339a6c6fd247b8542e08c75b9b2487888ba01a1
Instruction Fuzzy Hash: 66F0A43090E78D4FDB6A9F6488651AA3FB0BF16300F4504BAD419CA0E2DB28A554CB01

Analysis Process: JjUyoQCSby.exePID: 7864, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B6E35D5 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

K_H, xrefs: 00007FFD9B6E3760

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID: K_H
API String ID: 0-313846638
Opcode ID: ae35c1d793a677f71d62a4a2499f123208d92db58965f58322591a4eae24b6e1
Instruction ID: 7a485ed6189b49ff75e80c9e25301311303c3982ab8d36bee5273328bf48b63d
Opcode Fuzzy Hash: ae35c1d793a677f71d62a4a2499f123208d92db58965f58322591a4eae24b6e1
Instruction Fuzzy Hash: 6C91F371A1D94D8FEB55DB68C8647A97BE1FFA5300F9002BED01DDB2DADBB528018B40

Function 00007FFD9B6E085D Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

_, xrefs: 00007FFD9B6E0839

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 2b4b8c90430b6c1c626b11f347cf57dad5a137781cb1d6325a1b6d63771fcf7a
Instruction ID: ec47a0266a3a0317f4e6f436fa58d54116dfc34ab55aa0c02c7be9c7dd14c7cc
Opcode Fuzzy Hash: 2b4b8c90430b6c1c626b11f347cf57dad5a137781cb1d6325a1b6d63771fcf7a
Instruction Fuzzy Hash: 48213721B0E18E8EEB61A7B8C86A4EA37E0EF41300F1604B2D09DCE0A3DD24B565C380

Function 00007FFD9B6E1738 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e30a5e67682d3aa5d7161e86b612c8a96601130fdfd29a2f7637cf5a8b7f8b86
Instruction ID: e05dc14d448d1a282cf332c17771e11caf73e3f8ed0bc1893afd8a28042dd27d
Opcode Fuzzy Hash: e30a5e67682d3aa5d7161e86b612c8a96601130fdfd29a2f7637cf5a8b7f8b86
Instruction Fuzzy Hash: BB81BE31B09A4D4FDB69DE5888715A977E2FF98300B15417EE46ECB2A2DE34BD12C780

Function 00007FFD9B6E1D7D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dff716b6b3c8ceba75ba3278ac4894190de0db20c04569f1dbf930d2a8d1027c
Instruction ID: 3f08c41735df207e14c03e64e336dc09cba723dc6e340a4663c12fbc13b67e21
Opcode Fuzzy Hash: dff716b6b3c8ceba75ba3278ac4894190de0db20c04569f1dbf930d2a8d1027c
Instruction Fuzzy Hash: E151DE31B09A4A4FDB58CE5C88655BA77E2FF98300B15417EE46ECB296CE34ED128780

Function 00007FFD9B6E22C5 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fb163f1a2362a76da4036ef3c50d947538ae7ec3839ef18b5ba08d782a86302
Instruction ID: 96668e155d578762a634854de6490e2e07e3c5443b09b348734923fb10677e0a
Opcode Fuzzy Hash: 5fb163f1a2362a76da4036ef3c50d947538ae7ec3839ef18b5ba08d782a86302
Instruction Fuzzy Hash: C2518231E0A51E8EEB74DBD4C8217F9B3A2FF45300F1201B9D06D9A1E2DE787A658B41

Function 00007FFD9B6E3231 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86a8ab473cd9ec0a626fa308032e990ec1220c15072a5757f2e582238e30f89c
Instruction ID: cb61bfd9dec235ede73cf4282862403deb6e4cdb04577f9cad0fc049002265ba
Opcode Fuzzy Hash: 86a8ab473cd9ec0a626fa308032e990ec1220c15072a5757f2e582238e30f89c
Instruction Fuzzy Hash: 24514B70E0965D8FEB65DB98C4A4AEDBBF1FF58300F51017AD019EB2A1DE386A54CB10

Function 00007FFD9B6E2195 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78ad99218bc397b90a300f822b3e5fa248e8aa14f53a9cff918edb0382b7728b
Instruction ID: 90f0345cb9128bcaf17c231928701a51e66bc6e9cbdc7e21d051c843515605ff
Opcode Fuzzy Hash: 78ad99218bc397b90a300f822b3e5fa248e8aa14f53a9cff918edb0382b7728b
Instruction Fuzzy Hash: FE412631B0E68E4FE765DBB888651B97BE1EF46300B0541FBD46CCB1A6DE28A9518341

Function 00007FFD9B6E34D1 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73993abf6e6b5c779992610d59f980a2020c03db11988610cc5af965d382d915
Instruction ID: ea9038cb406e8d1b972723f76816d22fbc7c74ae25fd2d5416de146d51b91783
Opcode Fuzzy Hash: 73993abf6e6b5c779992610d59f980a2020c03db11988610cc5af965d382d915
Instruction Fuzzy Hash: 17316F70A0A64E8FDB6AEF64C4685B977B0FF19300F1109BED429CA2A1DB35A654C700

Function 00007FFD9B6E122D Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d8d02b694b86d59230c2a7246c5c389f726f2d6968da546081af15024ad0705
Instruction ID: eaf802612c002c2bac438ab58033bee7c636982ddc98b71d6bf2d2bd694e70b3
Opcode Fuzzy Hash: 6d8d02b694b86d59230c2a7246c5c389f726f2d6968da546081af15024ad0705
Instruction Fuzzy Hash: 4D31F771A0964E4FEB69DB68C8653B97BE0FF56300F0101BED42ACA1E5DF246554C700

Function 00007FFD9B6E3430 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82f026d216bf089916de4bd2a8b2f69447b77cce0dbca9416a234fa05d1310fb
Instruction ID: ae084c1768163db792342382733009da5ab5fe9ad4eea6547b6579ede72af864
Opcode Fuzzy Hash: 82f026d216bf089916de4bd2a8b2f69447b77cce0dbca9416a234fa05d1310fb
Instruction Fuzzy Hash: F7319F3190E68D8FD753EFA488685A97FF0EF06310F0941EBD458CB0A2DA28A555C721

Function 00007FFD9B6E0A01 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2c39413e62912f9266c44160c68693346e7e2877c7c0d65556b5db5fc4b5d4d
Instruction ID: 6bd73079eab4bc2765a8c19412d33be2e740f610c1b05e3f6b7b19ff34c5c1b1
Opcode Fuzzy Hash: f2c39413e62912f9266c44160c68693346e7e2877c7c0d65556b5db5fc4b5d4d
Instruction Fuzzy Hash: 4F21A171E1A54E8EE7A0EBA8886A1B977E0FF59700F414576D42DCA0E6EE34B6508740

Function 00007FFD9B6E0AA1 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14e8a150e279e824422c57de93bcf7f59a3361fac775145b8dd080eb53e00859
Instruction ID: 135cd4e9b568095d403f3c719eb45dfa04864f4de74064dc8a8be92094381103
Opcode Fuzzy Hash: 14e8a150e279e824422c57de93bcf7f59a3361fac775145b8dd080eb53e00859
Instruction Fuzzy Hash: 0421A431A5E54E8FE761EBA8C8665F977E0FF59700F4205B2D429CB0A7EE24B6508740

Function 00007FFD9B6E0B91 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e83b920f022001c4290f1faa571d226b41a2a5d27add2189a6605d29a31c9c74
Instruction ID: 2f3bcc120ec57a7f1a07ff1cd4cdd6363102bcbf45fd5615f03bcce34d21769b
Opcode Fuzzy Hash: e83b920f022001c4290f1faa571d226b41a2a5d27add2189a6605d29a31c9c74
Instruction Fuzzy Hash: B611B770A0A54E8BEB659FA4C4765F977A1FF15704F1205B9D42DCB0E2DE26B6208B00

Function 00007FFD9B6E289D Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b7bcb7f37ab955f634f224961c578d3daab993aedf497bccbe0679b64c0bfb7
Instruction ID: 6a8b60c1ba63b209f9f22fc0fb349e08a6eb3dc9d3039b7f4d2c470e85d5d680
Opcode Fuzzy Hash: 2b7bcb7f37ab955f634f224961c578d3daab993aedf497bccbe0679b64c0bfb7
Instruction Fuzzy Hash: 0E21C670A1A54E8FE765AFA488695BA77E1EF15300F0144B7D42CCA0E6DF38F564C740

Function 00007FFD9B6E08E5 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5a0efcce002a1e00be6f233ca64cc8a9b8d48daad2849253403028cc7c50491
Instruction ID: a3ec70c0ac2705e9f15478ee8e951df9b46a82d04478ecaef3624508fe9cb55b
Opcode Fuzzy Hash: c5a0efcce002a1e00be6f233ca64cc8a9b8d48daad2849253403028cc7c50491
Instruction Fuzzy Hash: B211E931A0E50E8FFB61AAB4845A1B937D0EF15700F124972D01CCA0A2DE34B660C740

Function 00007FFD9B6E1CFD Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f9c675781d6391f92fbf2076d1078716184b352f638fc7198d152a0cfe1660d
Instruction ID: 3dbcfdc2eacfe557c978fe2449bcfb047125c1c789748bd69e9d3710538dc66d
Opcode Fuzzy Hash: 9f9c675781d6391f92fbf2076d1078716184b352f638fc7198d152a0cfe1660d
Instruction Fuzzy Hash: 0911B670A0B64E8FEBA99F64C8292F937A0FF55300F11447AE42DCA1E1DB78B660D740

Function 00007FFD9B6E0F2E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a633511084ee227c4fd2c6187ba5fdefaec4211f5fc19dccb0805cc9792ad4e
Instruction ID: d337bb53b1913bbffc46514d4cc3d13365c40cbfd36a73092ebda970a5144ba6
Opcode Fuzzy Hash: 9a633511084ee227c4fd2c6187ba5fdefaec4211f5fc19dccb0805cc9792ad4e
Instruction Fuzzy Hash: 9A114F31E1980D8BEB64EB98C865FEDB3B1FB58300F118265C419EB2A5DE347A558F80

Function 00007FFD9B6E282D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ccc80afe1f79ecff0906c6705fc651bf5fdd34cb4bf3756759bc2b215b58d35
Instruction ID: 25473728c8b5529f431ef277cfff313d4fec0b127b600be135cf731e4c8f7b63
Opcode Fuzzy Hash: 8ccc80afe1f79ecff0906c6705fc651bf5fdd34cb4bf3756759bc2b215b58d35
Instruction Fuzzy Hash: D511A330A1A64E8BEB69AFA484652FA37A1FF05301F01487AE42DCA1E1DF39B564C740

Function 00007FFD9B6E2EC1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72b9accf809595be895e9507885789e45417b810f09400c0f20f859d6fb996ff
Instruction ID: 99eba290cc56fded581b282ec50505fe3cebb37a3053efad682a4a8be5cef134
Opcode Fuzzy Hash: 72b9accf809595be895e9507885789e45417b810f09400c0f20f859d6fb996ff
Instruction Fuzzy Hash: CB01D4B0A4A64E8FE761EBA488695B97BE1FF19300F0204B6D41CCB0B6EF34F1548700

Function 00007FFD9B6E0B15 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4b18b8b711ac33976301300cf711e7bffafbf1255f16abe2f9af7831f708bbc
Instruction ID: 2016fd0a5988de1be11133674a0cf3d8959e366fdfad78a7f6e83a3514a91215
Opcode Fuzzy Hash: c4b18b8b711ac33976301300cf711e7bffafbf1255f16abe2f9af7831f708bbc
Instruction Fuzzy Hash: 2E019630A1A54E8FE761EFA4C8695B97BE1FF55700F4605B6D428CB0B2DA34F5508700

Function 00007FFD9B6E05D8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 205fa4980224050de0d0ee7b0110aa010a5fd4231dcd7bfb4ee54dfaa39e2af0
Instruction ID: 594bd1d85b6069bd8daa3d390f7b2721c127adc8557cb1d2e14c5a36af8be57c
Opcode Fuzzy Hash: 205fa4980224050de0d0ee7b0110aa010a5fd4231dcd7bfb4ee54dfaa39e2af0
Instruction Fuzzy Hash: 2C017170A0A50E8FDB58EF64C0696BD77E1EF58304F21447DD42EC61E5CA35B6A1D740

Function 00007FFD9B6E2F39 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c57b4cab97f78369a1295ca230d53f27080c06e5a236839b5e82407ea129293c
Instruction ID: feb7e0a3e73f80cc4489edbdd7a61379fd615c2f875ac3bc9b9f8214c84a43eb
Opcode Fuzzy Hash: c57b4cab97f78369a1295ca230d53f27080c06e5a236839b5e82407ea129293c
Instruction Fuzzy Hash: 6A018870A5E64D4FD762ABB488695B97BE1EF45300F0605F7D41CCF0F6DA24B5548701

Function 00007FFD9B6E0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 796fd65e9c57dc19b2f2b3db7e00c9b25cda6027edc2b93c053b8fc0a77d27e5
Instruction ID: d6c48f9b6b8f5704059ff21ac24d7e8a61e58ab29d971c6c1137dca1ba68168f
Opcode Fuzzy Hash: 796fd65e9c57dc19b2f2b3db7e00c9b25cda6027edc2b93c053b8fc0a77d27e5
Instruction Fuzzy Hash: 8E014F30A1590E8ADB69ABA4C4685BA73A1FF19305F5104BEE42EC61E5DF35F554C700

Function 00007FFD9B6E0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 527a11eeed6aa594fbe960f67432046c25a11915a3c514b1c0f43233f5219139
Instruction ID: 0d276258db3398ac5f9042adc5a1c701bb39cb0fbecb9ba3a957b67d38268852
Opcode Fuzzy Hash: 527a11eeed6aa594fbe960f67432046c25a11915a3c514b1c0f43233f5219139
Instruction Fuzzy Hash: 2501D630A1950E8BEB59EFA4C0695BA77A1FF08304F10087EE42EC61E0DF35B194CB00

Function 00007FFD9B6E1240 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28193a2df6b98b3412d3004c73d57b9b38940ceec7a59dc0b7c54159361bb0dd
Instruction ID: 1d9eb62b70c13df72ad5a420c852166cab73d07cb1a73d73da65cc6525d0027e
Opcode Fuzzy Hash: 28193a2df6b98b3412d3004c73d57b9b38940ceec7a59dc0b7c54159361bb0dd
Instruction Fuzzy Hash: DCF0A470E1A64E4EFB699BA888297BA77E0FF56311F00057AE429C60E1DF2426A49740

Function 00007FFD9B6E05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de884269c61628b174e598e3e8b2a4f305869f070b491ab93ed8f3189fee2b3a
Instruction ID: 5c1e347f0ae5d9ada019617acfd090f8bb3acd5c8831461e1de037a1d91fd7a6
Opcode Fuzzy Hash: de884269c61628b174e598e3e8b2a4f305869f070b491ab93ed8f3189fee2b3a
Instruction Fuzzy Hash: 68F06230A0A64E8FDB68EF6494296FA77A0EF15304F51097AE82DC61E1DF35B6A0D740

Function 00007FFD9B6E3555 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f7c93c6d6c53365887036970f33334e2074f3633a094ac0b86008846347ea83
Instruction ID: 02344da2f7e577008de1b9a923615cdf2355b80a1252fcd32b4df1c4b68bbaa2
Opcode Fuzzy Hash: 7f7c93c6d6c53365887036970f33334e2074f3633a094ac0b86008846347ea83
Instruction Fuzzy Hash: 65F0A470E1A68E8FDB66DF6488281FE7BB0FF15300F41057ED428CB1A1DB34A6208740

Function 00007FFD9B6E27B9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d054d5d6023a7800862feea0e737567327a0a70dcfb51b646bbf08995aa3ef04
Instruction ID: e0c6aaebb005b3f8e08510248ec621cf3bb9763201ec239ec3701641f5a31f85
Opcode Fuzzy Hash: d054d5d6023a7800862feea0e737567327a0a70dcfb51b646bbf08995aa3ef04
Instruction Fuzzy Hash: 67F0683190E78D4FEB6A9F6488251BA3FB1FF16300F5504BBD469CA0E2DB38A554C751

Function 00007FFD9B6E0FAE Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1767151053.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_7ffd9b6e0000_JjUyoQCSby.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 204721c2fcc7d1d6bc2e4b513e17e152d76f4ccd510873f63780adb5c893747b
Instruction ID: ddce482098ac494c82bbf61c75fae29244c93907646aece9712947862c556535
Opcode Fuzzy Hash: 204721c2fcc7d1d6bc2e4b513e17e152d76f4ccd510873f63780adb5c893747b
Instruction Fuzzy Hash: 18B00902A8F00FC6EA71A1E002236BC00184F0AE48E62A435E4BE2C0A30C2832722722

Analysis Process: SgrmBroker.exePID: 7936, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B6D35D5 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

L_H, xrefs: 00007FFD9B6D3760

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID: L_H
API String ID: 0-402390507
Opcode ID: 3bff962dda8e7b0a86e5083c98adff89dbb97ee9646279920e6095e71943b70b
Instruction ID: 2669061b3b76f3f0f667c0b109bd222fd806841d430dd225655f06861f64b469
Opcode Fuzzy Hash: 3bff962dda8e7b0a86e5083c98adff89dbb97ee9646279920e6095e71943b70b
Instruction Fuzzy Hash: 0991C471A1998D8FEB54DB68C8657AC7BE1FF9A300F5001BED01DDB2DADBB528018B40

Function 00007FFD9B6D1738 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 706ffb06a28a734865a2eab966ec08537206c1d4a137ea781af8e8615b17e41e
Instruction ID: 698ccd58e0dcfff3fbfd83ab7dab72e321789ad4ba324f8efdd98ab8fdbb61cf
Opcode Fuzzy Hash: 706ffb06a28a734865a2eab966ec08537206c1d4a137ea781af8e8615b17e41e
Instruction Fuzzy Hash: 7281AD31B09A4D4BDB68DE5888715B977E2FFD8300B15467EE46EC72A2DE74BD028780

Function 00007FFD9B6D1D7D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f22ac3db1e824e5066aa3b73af60200e4c63fb1fb40e47707c7ff0e7988fb3d2
Instruction ID: fe94c57d45e627c9e81cdd7d261cbbd2b0786238dd7c4986246b9363f576053a
Opcode Fuzzy Hash: f22ac3db1e824e5066aa3b73af60200e4c63fb1fb40e47707c7ff0e7988fb3d2
Instruction Fuzzy Hash: 5451D131B09A894FDB58CE5C88655BA77E2FFD8300B15427ED46EC7296CE74ED028781

Function 00007FFD9B6D22C5 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14937f32bc02a53e84c8d5cd6f064f7813bbfc5d6da1f1ef229c02f8aea7a607
Instruction ID: ef178069bc90fd8888d709b5cca28f785b7268a535ab161cda7d350188a70c3c
Opcode Fuzzy Hash: 14937f32bc02a53e84c8d5cd6f064f7813bbfc5d6da1f1ef229c02f8aea7a607
Instruction Fuzzy Hash: 69517F31E0A55E8AEB74DBD4CC217B9B3A0FF85300F1203B9D46D9A1E2DE797A45CA41

Function 00007FFD9B6D3231 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0ca4ac75451812b97f049929e360c6bd95acf0397092ac41ab5f55edd4fe7a6
Instruction ID: 6ac82f5767ac062ab82e3256f856ec9213dff0f997aae93cdcd7b1dc32d4411d
Opcode Fuzzy Hash: c0ca4ac75451812b97f049929e360c6bd95acf0397092ac41ab5f55edd4fe7a6
Instruction Fuzzy Hash: 25512C70E0965D8FEB64DF94C8A46EDBBB1FF99300F550279D019EB2A1DE346A44CB10

Function 00007FFD9B6D2195 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14619c66ca65458f2b38dbb777469eaee77d8335f7822fbd64c7f7618f8587a7
Instruction ID: ce8d2bccdbb4c6e2f89ce9fc00efbf88833063cb71f5691d69eb8cf1af67d905
Opcode Fuzzy Hash: 14619c66ca65458f2b38dbb777469eaee77d8335f7822fbd64c7f7618f8587a7
Instruction Fuzzy Hash: 5B415931B0E68E0FE765D7B8C8651B97BE0EF86300B0542FBE46CC71A6DE28B9418341

Function 00007FFD9B6D34D1 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46e8187615e4d271bc2aab1a24e00f024e0a4060da6051055322d677f5d50f8a
Instruction ID: 0bb67d45a35c0dad0d0cbdc0926a45cebc6d0ea86e065f8d9fe5eccda0451473
Opcode Fuzzy Hash: 46e8187615e4d271bc2aab1a24e00f024e0a4060da6051055322d677f5d50f8a
Instruction Fuzzy Hash: CD317070A0A64E8FDB69EF64C8685BD7BA0FF59300F1105BED42ACB1E2DB35A644C740

Function 00007FFD9B6D122D Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6c599696c77882a4ae5982057c4000374c807e328a87c1cc92888e8bbb05a97
Instruction ID: 2032151fafd246a6bb88b7d6381de2755cdcb36f78598913e2edc2e33ab3ad89
Opcode Fuzzy Hash: e6c599696c77882a4ae5982057c4000374c807e328a87c1cc92888e8bbb05a97
Instruction Fuzzy Hash: B031E771A0AA4E4FEB69DB68C8656B97BE0FF96300F0102BED42DCA1E2DF657554C700

Function 00007FFD9B6D3430 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34e9fb2637eb87cb8a66936f18ffa3271f4fd3a1c4dc446a31f40b296be3e7fc
Instruction ID: 5766213a4aefb025a3fff5a0311183648b6e3321f60c965da34f06e29d82f0c3
Opcode Fuzzy Hash: 34e9fb2637eb87cb8a66936f18ffa3271f4fd3a1c4dc446a31f40b296be3e7fc
Instruction Fuzzy Hash: AC319A3190E68D8FD753EFA488685A97FF0EF4A310F0A45EBD498CB0A2DA28A545C711

Function 00007FFD9B6D0A01 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7186dbd5de77df63c3d53258679a6135ee997ffbefe70c533642730680dd1fe3
Instruction ID: d50cf4e508300f7a651c80c93edfd27b77da8420a158471e3e1f460e3e307586
Opcode Fuzzy Hash: 7186dbd5de77df63c3d53258679a6135ee997ffbefe70c533642730680dd1fe3
Instruction Fuzzy Hash: EA219271E1A50E5EE7A0ABA88C692B977E0FF99700F454676D42DCA0A6EE34B640C740

Function 00007FFD9B6D0AA1 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8133a3a1d8d2ee94f1ada3e7cf7849349f22bd505ca67c44f9c8ebfada83e5a2
Instruction ID: 50b5af67872f8e713fbb17b596b77cb4c8e9db2ec19aec51d71bb2b223bf0069
Opcode Fuzzy Hash: 8133a3a1d8d2ee94f1ada3e7cf7849349f22bd505ca67c44f9c8ebfada83e5a2
Instruction Fuzzy Hash: 7D219231A5E54E4FE761EBA888755F977E0FF99700F4606B2D429CB0A6EE24F540C740

Function 00007FFD9B6D085D Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c704315a326c20f98d575f5e3202c457518c22f139ae9f2e9d36a48ce3c90b33
Instruction ID: 4f2b59e75ef89ddb4acf89bfa4d90133018dbf0fa24d51d1d12940a6e526039d
Opcode Fuzzy Hash: c704315a326c20f98d575f5e3202c457518c22f139ae9f2e9d36a48ce3c90b33
Instruction Fuzzy Hash: 3E210761B0E58E9EEB61ABB88C798F837D0EF91304F1606B2D069CE0E7DD24B155C281

Function 00007FFD9B6D289D Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63045fbe6760f8475d5f8c7d3d1a528c668ce4ea058dda5b18ebd42bbbf7e5bc
Instruction ID: f887decf1b366d3ec354087302913208147eb8a51001719b20b45037c5808c90
Opcode Fuzzy Hash: 63045fbe6760f8475d5f8c7d3d1a528c668ce4ea058dda5b18ebd42bbbf7e5bc
Instruction Fuzzy Hash: 6D21A430B1A64E8FE765AFA4C8695B977A0EF99300F0145B6D42CCA0E6DF38F544C740

Function 00007FFD9B6D08E5 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e3e6f44b95de905f9ec32bf95602aa4212baa31991b08ff2e8f6bcfdefbeb8f
Instruction ID: 5157164734ea81151373946ebd948ddf8d82bf17b4bd94da08445dbb2fc4398e
Opcode Fuzzy Hash: 8e3e6f44b95de905f9ec32bf95602aa4212baa31991b08ff2e8f6bcfdefbeb8f
Instruction Fuzzy Hash: 17119631B4E50E8EFB61AAB488796B937D0EF99700F124676D42DCA0A2DE24B640C640

Function 00007FFD9B6D1CFD Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb25754f81d1c7bba487fba0dfeb29d497272c4f6130c40f810ac90f1ddd13f7
Instruction ID: 856982fc06ab19a8d503ff75ff5d1271d38e521334c8c306acaa56aac82efa02
Opcode Fuzzy Hash: cb25754f81d1c7bba487fba0dfeb29d497272c4f6130c40f810ac90f1ddd13f7
Instruction Fuzzy Hash: CE119670A0A64E8FEB659F648C256F93790FF95300F51457AE42DCA1E1DBB8B650C740

Function 00007FFD9B6D0F2E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbeaa513f022b921441fcbcbb961dcb90713baca77d0cbb2f3d9dd5cf2dca79d
Instruction ID: 8282a5e2b9ecec03b2cc99d32fa3014603bf46c594eff77daac49ed9d4eb0c24
Opcode Fuzzy Hash: dbeaa513f022b921441fcbcbb961dcb90713baca77d0cbb2f3d9dd5cf2dca79d
Instruction Fuzzy Hash: 31111F31E1980D8BEB64EB98CC65FEDB3B1FB94300F118265D419EB2A5DE347945CB84

Function 00007FFD9B6D282D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24f262cffc23c0a740d9b07ad39f3435179423296358287d3806397b0582bc55
Instruction ID: 50eddeedb9aea77ef10ea4041acc3d72d49376d353b65b3c42b0ceae21637798
Opcode Fuzzy Hash: 24f262cffc23c0a740d9b07ad39f3435179423296358287d3806397b0582bc55
Instruction Fuzzy Hash: C911A330B1A64E8BEB799FA4C8652F937A0FF85301F01497AE42DCA1E5DB39B554C640

Function 00007FFD9B6D05D8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c42da4956aad4ebd103723b926bde329a86cc15631b8cc153855a09389216393
Instruction ID: 8ce946cd690ba18efd098ae2a1220ee35213e04fdc2abb91d9e40995c14b5213
Opcode Fuzzy Hash: c42da4956aad4ebd103723b926bde329a86cc15631b8cc153855a09389216393
Instruction Fuzzy Hash: E801B130A0A50E8FEB58EF64C4686B977E1EF99300F20057DD02EC61E5CB71B641C740

Function 00007FFD9B6D2F39 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de989d44b24a0861bfd4a0cd56cd21cc2b29a17f4c608b5b280417a3ae235118
Instruction ID: d13513505ac110bafe9ed0c245e5980b08d9ae3b5336836f5157be690260043f
Opcode Fuzzy Hash: de989d44b24a0861bfd4a0cd56cd21cc2b29a17f4c608b5b280417a3ae235118
Instruction Fuzzy Hash: 8C018870A5E64D4FD762ABB4CC695A97BE0EF86300F0609F7D41CCB0F6DA24B5548701

Function 00007FFD9B6D0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d21799075537f4eaed51606a2a617bf9d585f032b6d0bb9565b4326c651fc7f
Instruction ID: b25ac83a0394b04b9f87d5e3d75bf2d090a846503c4ebc224f07fac51983f1ff
Opcode Fuzzy Hash: 0d21799075537f4eaed51606a2a617bf9d585f032b6d0bb9565b4326c651fc7f
Instruction Fuzzy Hash: CE01A230B1590E8BDB69EBA4C4685B973A0FF48305F10057EE42EC61E5CF35F144C640

Function 00007FFD9B6D0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f62e0c4691c46ac8d5ea019c7b67db0fadfe9fb70bc78b0370ce3ce0449ff3ca
Instruction ID: 5d536e52ffd7c603125ebd54c19139588b3130717c1630442e2b7b711d642f6d
Opcode Fuzzy Hash: f62e0c4691c46ac8d5ea019c7b67db0fadfe9fb70bc78b0370ce3ce0449ff3ca
Instruction Fuzzy Hash: BE018630A1950E8BDB69EFA4C4695BA77A0FF58305F11097EE42EC61E5DF35B194CA00

Function 00007FFD9B6D1240 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0a5d108a5b91202bb5ddd62b24d695275ee1494fdc95aa42463b2d2e3093c4b
Instruction ID: ca0eba9a896b80af00f37f8880fa500682a6ef0efa7c0108455e0514e3fbda1a
Opcode Fuzzy Hash: f0a5d108a5b91202bb5ddd62b24d695275ee1494fdc95aa42463b2d2e3093c4b
Instruction Fuzzy Hash: 0FF0A970E0A54E4AFB659B988C287BA77E0FF96311F00067AE42DC60E1DF652254C640

Function 00007FFD9B6D05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 870720875dc58e58ad3ccd57bb2f324200d64a452886982b512a0d1084c9776b
Instruction ID: e3be09c71acbf6231284e2ea9bb75228ddf7e5e7acdbdd82d5afbfbff9d07cb6
Opcode Fuzzy Hash: 870720875dc58e58ad3ccd57bb2f324200d64a452886982b512a0d1084c9776b
Instruction Fuzzy Hash: B1F0C230A0A64E8FEB68EF6488256FA37A0EF45304F510A7AE82DC60E1CF75B650C740

Function 00007FFD9B6D3555 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2057d5c1befb774dae1ba5f02d660f3dcd90cc384e0907a6154520d2d1c9d467
Instruction ID: bf172478af006e654475c9e5994695beb340e401fcaeccbe775d4bb0072b8439
Opcode Fuzzy Hash: 2057d5c1befb774dae1ba5f02d660f3dcd90cc384e0907a6154520d2d1c9d467
Instruction Fuzzy Hash: F1F0A470E1A68E8FDB65DF688C282FE7BA0FF55300F4106BED428CB1A1DB34A6108741

Function 00007FFD9B6D27B9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.1780701730.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ffd9b6d0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98a02a178d2710a86a2686e1b132729052f2d35bcb0d9b2677880d76c7650ab2
Instruction ID: 5160c7e9bb36fbbbfb9bb1ba22f06a285d69f09e4214680690f9135e66149d44
Opcode Fuzzy Hash: 98a02a178d2710a86a2686e1b132729052f2d35bcb0d9b2677880d76c7650ab2
Instruction Fuzzy Hash: 54F0443190E78D4FEB6A9F64C8251AA3FA0BF56300F4505BAD459CA1E2DB28A554C711

Analysis Process: SgrmBroker.exePID: 7984, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B6E35D5 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

K_H, xrefs: 00007FFD9B6E3760

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID: K_H
API String ID: 0-313846638
Opcode ID: 359fe5fa715fa64d7a2294dc05bc49a4651adb319c9b7c73f86832287673e6fb
Instruction ID: bec0d604647f03a82c3dfbdb722f4a7b8623397a36242de061a8313e4725797d
Opcode Fuzzy Hash: 359fe5fa715fa64d7a2294dc05bc49a4651adb319c9b7c73f86832287673e6fb
Instruction Fuzzy Hash: A191D471A1D94D4FEB55DB68C8647A97BE1FFA6300F5002BED01DDB2DADBB428018B41

Function 00007FFD9B6ECD7D Relevance: 2.7, Strings: 2, Instructions: 232COMMON

Download Yara Rule

Strings

%{v, xrefs: 00007FFD9B6ECE3E
;wK, xrefs: 00007FFD9B6ECD7F

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID: %{v$;wK
API String ID: 0-1018670380
Opcode ID: a39f22cf240981edd12066b0e5c83a5eb1556163505aa4a413bc4e4e42c6e8b2
Instruction ID: 421c8a251e835a4fd854a0f24776e8481d3ac01ef206323df6981b8e9d30edc8
Opcode Fuzzy Hash: a39f22cf240981edd12066b0e5c83a5eb1556163505aa4a413bc4e4e42c6e8b2
Instruction Fuzzy Hash: BF613623B0C66A4AD318BBBCB8214EA7B60EF81374B0406B7D5ADCE0D7DE14745987D0

Function 00007FFD9B6F1339 Relevance: 2.6, Strings: 2, Instructions: 150COMMON

Download Yara Rule

Strings

, xrefs: 00007FFD9B6F13BB
/, xrefs: 00007FFD9B6F18C3

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID: $/
API String ID: 0-2637513485
Opcode ID: 1097177dc982242acd7c690c33d25428724d5a0c820b935a186706d93ca80b3f
Instruction ID: 1adafacb637f1bca93af145cf2d4c422eaf3bd524d07acd0d424254aa436cfcd
Opcode Fuzzy Hash: 1097177dc982242acd7c690c33d25428724d5a0c820b935a186706d93ca80b3f
Instruction Fuzzy Hash: C651FC31E0961D8FEB65DB94C8646E97BF1BF59340F0101BAD42DDB2A5DB386A84CB40

Function 00007FFD9B6E085D Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

_, xrefs: 00007FFD9B6E0839

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 2b4b8c90430b6c1c626b11f347cf57dad5a137781cb1d6325a1b6d63771fcf7a
Instruction ID: ec47a0266a3a0317f4e6f436fa58d54116dfc34ab55aa0c02c7be9c7dd14c7cc
Opcode Fuzzy Hash: 2b4b8c90430b6c1c626b11f347cf57dad5a137781cb1d6325a1b6d63771fcf7a
Instruction Fuzzy Hash: 48213721B0E18E8EEB61A7B8C86A4EA37E0EF41300F1604B2D09DCE0A3DD24B565C380

Function 00007FFD9B6F393D Relevance: .5, Instructions: 454COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 077a421a9b7765cf22c5af8daceb46be2fe525767357a361fd8cb9be0f0e84b6
Instruction ID: 022e9020673c01bd536efc63a48e11af60ae79f75365077c0eeec3eb1ff2ef50
Opcode Fuzzy Hash: 077a421a9b7765cf22c5af8daceb46be2fe525767357a361fd8cb9be0f0e84b6
Instruction Fuzzy Hash: 40117261B0E68E8EE762976888655A97FE0EF06300F0604BBD4A8CB1A3DA24B6049701

Function 00007FFD9B6E1738 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e30a5e67682d3aa5d7161e86b612c8a96601130fdfd29a2f7637cf5a8b7f8b86
Instruction ID: e05dc14d448d1a282cf332c17771e11caf73e3f8ed0bc1893afd8a28042dd27d
Opcode Fuzzy Hash: e30a5e67682d3aa5d7161e86b612c8a96601130fdfd29a2f7637cf5a8b7f8b86
Instruction Fuzzy Hash: BB81BE31B09A4D4FDB69DE5888715A977E2FF98300B15417EE46ECB2A2DE34BD12C780

Function 00007FFD9B6F4175 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6017dbdb24f53f5807fcf68e9142004a7e9b507d3fbe57957295a092aca7012
Instruction ID: 501b1a82328f4eb25ede94e54eca90db6f2b15882018641d426b702cf9a6abc2
Opcode Fuzzy Hash: c6017dbdb24f53f5807fcf68e9142004a7e9b507d3fbe57957295a092aca7012
Instruction Fuzzy Hash: A091CB71E1A51D8EEBA4EB98C8557ECBAF1FF58300F1141BAD01DE7291DA346A848F00

Function 00007FFD9B6F7951 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d161bf49727a07f9ac2316a80146933a0033022a4e4502b7e8217ab4b8b5581
Instruction ID: 3033d37fd1ebd8ecf038b2e95e5bd042664ee42ff4ff294ba90ed21ad6fe29fa
Opcode Fuzzy Hash: 2d161bf49727a07f9ac2316a80146933a0033022a4e4502b7e8217ab4b8b5581
Instruction Fuzzy Hash: 8F615170B1A54E8FEB61EBA8C8696BD7BE0FF19300F0205B6D429CB1A5DE34B6548741

Function 00007FFD9B6F3FFA Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7e0ec7b1aa8c6705849e576492b5d2468349d37522c5587eacfc72121929d0
Instruction ID: ee94e5d08cf6fa66fc987d46874c70f74933f6657f1fd7d6952be643e655611e
Opcode Fuzzy Hash: 7d7e0ec7b1aa8c6705849e576492b5d2468349d37522c5587eacfc72121929d0
Instruction Fuzzy Hash: 69514B6770D5594FE720BBADF8A99EA7FA0EF81371B0501BBD558CE0A3EE106045C790

Function 00007FFD9B6E1D7D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dff716b6b3c8ceba75ba3278ac4894190de0db20c04569f1dbf930d2a8d1027c
Instruction ID: 3f08c41735df207e14c03e64e336dc09cba723dc6e340a4663c12fbc13b67e21
Opcode Fuzzy Hash: dff716b6b3c8ceba75ba3278ac4894190de0db20c04569f1dbf930d2a8d1027c
Instruction Fuzzy Hash: E151DE31B09A4A4FDB58CE5C88655BA77E2FF98300B15417EE46ECB296CE34ED128780

Function 00007FFD9B6EC309 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c548ea4373cc1533aff44be00e0e768a63e6e81c2fabf1015ae0a5a4169f5185
Instruction ID: 2f2b63205e1427755e8488ca947a41c9fe6b8042a6d54361c314c6037be69e6f
Opcode Fuzzy Hash: c548ea4373cc1533aff44be00e0e768a63e6e81c2fabf1015ae0a5a4169f5185
Instruction Fuzzy Hash: 8F613B71E0A64E8FEB64DFA8C4646FD7BB0FF58300F11013AD429EB2A5DB3869508B50

Function 00007FFD9B6E22C5 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 606ee23149f03cb4f63fc617693c65b8abf3a7b14c6b6223bdce8ca599d0d774
Instruction ID: 4c56769e30dba719196b28860bf3d52b0e85c29e6d6668837e933a1ee4ad3702
Opcode Fuzzy Hash: 606ee23149f03cb4f63fc617693c65b8abf3a7b14c6b6223bdce8ca599d0d774
Instruction Fuzzy Hash: 1A518231E0A51E8EEB74DBD4C8217F9B3A2FF45300F1201B9D06D9A1E2DE787A658B41

Function 00007FFD9B6E3231 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6058002bbf350a4a8d62153491661141b154f5f30c905e9f5666554db42a0bd
Instruction ID: d3dc07375265bc51ad8b18a0529a8cdf8afb92682903443df49e0fe6bdeda483
Opcode Fuzzy Hash: f6058002bbf350a4a8d62153491661141b154f5f30c905e9f5666554db42a0bd
Instruction Fuzzy Hash: A4514B70E0965D8FEB65DB98C4A4AEDBBF1FF58300F51017AD019EB2A1DE386A54CB10

Function 00007FFD9B6E2195 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bb855cb4d6ff4de8f7aeaa90567de7d14ee64850d703b546bd0a0e5a2eb7df5
Instruction ID: a4a836401ce1d80621a5d7442c38a06759b48771c48f1c472117088df30dbf5c
Opcode Fuzzy Hash: 2bb855cb4d6ff4de8f7aeaa90567de7d14ee64850d703b546bd0a0e5a2eb7df5
Instruction Fuzzy Hash: 6C412631B0E68E4FE765DBB888651B97BE1EF46300B0541FBD46CCB1A6DE28A9518341

Function 00007FFD9B6F6708 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d63e1487c080a37dedf9931ec67d94f251d136841d6aa3152786abae93b5f99d
Instruction ID: 8e05e474e6ea5bd2747a84540739dbf9452a7065026f9aa35c034fadcdd96d81
Opcode Fuzzy Hash: d63e1487c080a37dedf9931ec67d94f251d136841d6aa3152786abae93b5f99d
Instruction Fuzzy Hash: 93414D70F0961D8AEBB8EB94C8657B97AA1FF45300F1141B9D02DD62E1DF387A84CB01

Function 00007FFD9B6F2F70 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10e2559ceb91964dae618813e768c46da016f6ac4657ae5dd5566241030d186f
Instruction ID: b8facca2f1e74f2f66a4dd1281198c8d11e4ec7f0e2ee46ccd4b4ac6752e07a0
Opcode Fuzzy Hash: 10e2559ceb91964dae618813e768c46da016f6ac4657ae5dd5566241030d186f
Instruction Fuzzy Hash: EB419A70E1951E8EEBA4EB98C855BECB7B1FF58300F1141BAD41DE7291DE746A848F40

Function 00007FFD9B6EB4FB Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eac6e6aa81f94962368265bf9550a8790affa50e06fbfacfc3d9c5cc9ad98e66
Instruction ID: 1dd13ae08673ddacbaee7615f405c7207652eed2bd1e2f20d4a10af19d087e6a
Opcode Fuzzy Hash: eac6e6aa81f94962368265bf9550a8790affa50e06fbfacfc3d9c5cc9ad98e66
Instruction Fuzzy Hash: 2441F861F1E94E5FE751AFA888A81BD77E0FF95310F4A45B2D02DCB0E6DE28B6148740

Function 00007FFD9B6EC7C4 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa602d021107a3705506656720954220a83b587a7b70d7e7db3dedf9db5b8ad7
Instruction ID: e356280940f24bbf047b8a308f3765dd3c550de24fd4600f626210df9767e097
Opcode Fuzzy Hash: fa602d021107a3705506656720954220a83b587a7b70d7e7db3dedf9db5b8ad7
Instruction Fuzzy Hash: 8F311731E0991D9FEFA4EBA894A56BCB7F1FF98300F510039D01DEB292DE3469518B40

Function 00007FFD9B6E34D1 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73993abf6e6b5c779992610d59f980a2020c03db11988610cc5af965d382d915
Instruction ID: ea9038cb406e8d1b972723f76816d22fbc7c74ae25fd2d5416de146d51b91783
Opcode Fuzzy Hash: 73993abf6e6b5c779992610d59f980a2020c03db11988610cc5af965d382d915
Instruction Fuzzy Hash: 17316F70A0A64E8FDB6AEF64C4685B977B0FF19300F1109BED429CA2A1DB35A654C700

Function 00007FFD9B6F5255 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2feabd283c79caa439e51dd119930879f439b1189cad773b8f0e7d10e06aea9
Instruction ID: db43a74c218527643019b9b3cbd736bce8fed426ef60e5b6ec510e02455886e4
Opcode Fuzzy Hash: b2feabd283c79caa439e51dd119930879f439b1189cad773b8f0e7d10e06aea9
Instruction Fuzzy Hash: 1731C171B0AA4E8FEB59DF6484655B93BE1FF55300F1101BED42ECA5A6DE35BA00C740

Function 00007FFD9B6ECEFB Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b54acb36b9a944b48d3467c3314144d35ce13913b98e02d11ecabf4b6607b10
Instruction ID: 83990d81d26e3110f4c1e49e09c4e489a783a8d116f694e95b9415b42de8f05f
Opcode Fuzzy Hash: 1b54acb36b9a944b48d3467c3314144d35ce13913b98e02d11ecabf4b6607b10
Instruction Fuzzy Hash: 6C31CF22B0E65E4AEB667BACA4214FD7BA0AF51324F4505B7D42C8D0E6CE28356083A1

Function 00007FFD9B6E122D Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3adf90f18e1a189b316b28320e2a971ad505496c350390d92f0cbe0d418b53a
Instruction ID: 01ebfa2c35126bb30649ccc3392a6fcf4cc1fafb480dd466d96503adb31d5965
Opcode Fuzzy Hash: c3adf90f18e1a189b316b28320e2a971ad505496c350390d92f0cbe0d418b53a
Instruction Fuzzy Hash: 3931F771A0964E4FEB69DB68C8653B97BE0FF5A300F0105BED42ACA1E5DF246554C700

Function 00007FFD9B6EC857 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36dbe58cf766bcff735b247979aafcc9a3802745866b572f43f7cd5f1e20c1d1
Instruction ID: a46dc07af2c56903e3b6e70cbe53af099c5345d0c0b194d0fa9649a42a4dd726
Opcode Fuzzy Hash: 36dbe58cf766bcff735b247979aafcc9a3802745866b572f43f7cd5f1e20c1d1
Instruction Fuzzy Hash: 98212B31E0991D8FEFA4EBA894A56ECBBF1EF99300F51003AD01DDB292DE346951CB50

Function 00007FFD9B6E3430 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82f026d216bf089916de4bd2a8b2f69447b77cce0dbca9416a234fa05d1310fb
Instruction ID: ae084c1768163db792342382733009da5ab5fe9ad4eea6547b6579ede72af864
Opcode Fuzzy Hash: 82f026d216bf089916de4bd2a8b2f69447b77cce0dbca9416a234fa05d1310fb
Instruction Fuzzy Hash: F7319F3190E68D8FD753EFA488685A97FF0EF06310F0941EBD458CB0A2DA28A555C721

Function 00007FFD9B6F4D35 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 700b5888018af6345e3f721924a4e4e83e15b331423135cc59b81e20af5d2678
Instruction ID: ac78a8d931037f60bdcdb6f8c938e7540d42374659554259cede846c27232f74
Opcode Fuzzy Hash: 700b5888018af6345e3f721924a4e4e83e15b331423135cc59b81e20af5d2678
Instruction Fuzzy Hash: DB21A071B0A90E8FEBA9EFA8C4651BD3BA0FF58301F11057EE42DCA5A5CB34B5408740

Function 00007FFD9B6F2E41 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d39a9967e3b962cb2eda9d007ae9d79d7063ca0ac544dce871f3c214ac873228
Instruction ID: 0a4b38960e05d8a1dc9e7f7057f3ea1870b634f44f587a9b8b5928d448a10c09
Opcode Fuzzy Hash: d39a9967e3b962cb2eda9d007ae9d79d7063ca0ac544dce871f3c214ac873228
Instruction Fuzzy Hash: EE218030A1A55E8FEB51EBE8C8585EDBBF1FF49300F5104B6E428DB1A6DE34A5508B40

Function 00007FFD9B6F2A31 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75b4f7422d603d19d597fe9bd94395f603d773da8fd2f541b37e1e8bbc55f46a
Instruction ID: c20fb855821b9b3e529f1ceaaab028cd0f55c07e01c11c19d3b0b39f397a9bfd
Opcode Fuzzy Hash: 75b4f7422d603d19d597fe9bd94395f603d773da8fd2f541b37e1e8bbc55f46a
Instruction Fuzzy Hash: C5219E70B0A64E8FDB68DF98C4615FD3BA0FF59300F51117AF41AC71A5CA34B6508B41

Function 00007FFD9B6F5409 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c0b8d089f7cc654bfce0710e9bc5ee502d334daaaa2dc908b4a8274977f59aa
Instruction ID: f2318af87b55d6b12cb57d8311d8ca848b3d9aa55df0c5ad61d26a0d07820c65
Opcode Fuzzy Hash: 0c0b8d089f7cc654bfce0710e9bc5ee502d334daaaa2dc908b4a8274977f59aa
Instruction Fuzzy Hash: 5D31B171F0E64E8FEB95DF68886A6BD7BA0FF55301F0105BAD429C60E6DA34A940C741

Function 00007FFD9B6F4C99 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24f78ed1ff725eb940b179fd08030b01087174c28457ec836b56fd41a4b861cf
Instruction ID: d3eb0667e455744160f9e322cea0674babee406565a69dca0727d4bb115a7a33
Opcode Fuzzy Hash: 24f78ed1ff725eb940b179fd08030b01087174c28457ec836b56fd41a4b861cf
Instruction Fuzzy Hash: A231AD31B0E64E8FEB69DFA884652BD7BA0FF55300F0105BEE429CB4A6DA34A540C740

Function 00007FFD9B6F7341 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88ddc6ed9fd71288e32c6eea6f3dc0ba74b00fcfc40b3c4cbfb42ef61c163248
Instruction ID: 458e8f0cbf998fa6a51f6beda8ec672a14adda1a521a02a624c9db12546a9b37
Opcode Fuzzy Hash: 88ddc6ed9fd71288e32c6eea6f3dc0ba74b00fcfc40b3c4cbfb42ef61c163248
Instruction Fuzzy Hash: 2221BF71B0964E8FEB64DF6884656FD3BA0FF58301F10057AE829C71A6CA34B2508740

Function 00007FFD9B6E0A01 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39c66e261deeb54a94f29dca647e3c1745d3187caa8ce8035d61235db297b575
Instruction ID: 8e829c740048c329e26f6a021ed949541ab35623fd9f5376431dc6d8892532d5
Opcode Fuzzy Hash: 39c66e261deeb54a94f29dca647e3c1745d3187caa8ce8035d61235db297b575
Instruction Fuzzy Hash: 3F21A171E1A54E8EE7A0EBA8886A1B977E0FF55700F414576D42DCA0E6EE34B6508740

Function 00007FFD9B6F4DD5 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 634111e9ff455b922e330ef991743076422e7c7f963bfc1ac40446a41f27b981
Instruction ID: 1bcdba18a19237473ade6629ff1df37ff0980d96998eeafbaf96e764c49799c6
Opcode Fuzzy Hash: 634111e9ff455b922e330ef991743076422e7c7f963bfc1ac40446a41f27b981
Instruction Fuzzy Hash: B7217171B0A64E8FEBA5DFA4C4695B97BA0FF18301F11057EE42DCA5A5DB35B6408700

Function 00007FFD9B6F52ED Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e67d9009ddd4e7f4c593ee0f19983166f2ca6b05d5925f9cc162e087cacb66c4
Instruction ID: 8ea63c0bd157bd7a8b1b080a9c5a18a3059df608111333d032afa9dc4403228b
Opcode Fuzzy Hash: e67d9009ddd4e7f4c593ee0f19983166f2ca6b05d5925f9cc162e087cacb66c4
Instruction Fuzzy Hash: 0D21B671B0E54E8BEB65DB5888296BD7BD0FF15304F15057AD42DCA0E2EE75B9008701

Function 00007FFD9B6F30E2 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1571e43ac5d9f6c162ce2c850c6cca82b626a49b8e3aba4699aa21d2f19021fe
Instruction ID: 91688ce155ae8d760180dfebdbda76c60ff1ac64e4cc5203575b2d24d946a236
Opcode Fuzzy Hash: 1571e43ac5d9f6c162ce2c850c6cca82b626a49b8e3aba4699aa21d2f19021fe
Instruction Fuzzy Hash: 5331B770E1961D9FEB64EBA8C8A5BADB7B1FF14300F5041A9D41CA7296CF3479808F41

Function 00007FFD9B6E0AA1 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73b85886e6b22481b7ce3c13dd61e1e9e45c746d9b0d3eea327a09a7c85aec03
Instruction ID: 152e6ffe4c464eebef134a29bf06017d188dc9af0792a1b3194f4360e5dc92a7
Opcode Fuzzy Hash: 73b85886e6b22481b7ce3c13dd61e1e9e45c746d9b0d3eea327a09a7c85aec03
Instruction Fuzzy Hash: A821A131A5E54F8FE7A1EBA8C8665F977E0FF59700F4205B2D429CB0A7EE24B6508740

Function 00007FFD9B6F537D Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb2ad6b68cd20d439fa21717cd3875d32257aba0b8c0fdd75c7e4f28f83c9a7a
Instruction ID: 2e4e9d8fa932f9f0146c30aac08e311cb18593c327eb01ffeb3e59f070358f51
Opcode Fuzzy Hash: cb2ad6b68cd20d439fa21717cd3875d32257aba0b8c0fdd75c7e4f28f83c9a7a
Instruction Fuzzy Hash: A9218272B0A54E8BEB65EB6888696FD7BE0FF15300F01047AD42DCA1E6EE7479408641

Function 00007FFD9B6F6669 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c09f1380dd1d03c8f83e7e115fc9e5f1ade16b147a320da45e706041fd482b0
Instruction ID: 7d05a9c0ecf5972a9a106bfdc88554208332b9d5daa7faa305758702175a580a
Opcode Fuzzy Hash: 5c09f1380dd1d03c8f83e7e115fc9e5f1ade16b147a320da45e706041fd482b0
Instruction Fuzzy Hash: 55215670B0E54E8FEB65EBA488696B97FE0FF16300F0505B6D428CB0A2DE34B554C741

Function 00007FFD9B6F553D Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 350a050e851648db4b3cedd69053c22aa95298cc08a92d2110c0c6bee9a16231
Instruction ID: e2f7dec42b2f6c54de90bd3d4c7b04232a211565040ad915ccb515b1c0c0fa9b
Opcode Fuzzy Hash: 350a050e851648db4b3cedd69053c22aa95298cc08a92d2110c0c6bee9a16231
Instruction Fuzzy Hash: 19218070B0D54E8FEB68EB68C86A6BD7BE1FF15301F41047AE42DCA5E6DE34B9408641

Function 00007FFD9B6ECA89 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23e280a7cc01a03b47479b576e51b6ac46c927ab1f2b5dea082795da4642b841
Instruction ID: f993e2bb126a5bef34cd8df70b49668211d725186941824ad8a9043fb4b6db5d
Opcode Fuzzy Hash: 23e280a7cc01a03b47479b576e51b6ac46c927ab1f2b5dea082795da4642b841
Instruction Fuzzy Hash: B8217430A0A68E8FDB65EF68C8655BD7BB1FF15300F1544BAE429CA0E6DA35B560C740

Function 00007FFD9B6E0B91 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e83b920f022001c4290f1faa571d226b41a2a5d27add2189a6605d29a31c9c74
Instruction ID: 2f3bcc120ec57a7f1a07ff1cd4cdd6363102bcbf45fd5615f03bcce34d21769b
Opcode Fuzzy Hash: e83b920f022001c4290f1faa571d226b41a2a5d27add2189a6605d29a31c9c74
Instruction Fuzzy Hash: B611B770A0A54E8BEB659FA4C4765F977A1FF15704F1205B9D42DCB0E2DE26B6208B00

Function 00007FFD9B6E289D Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b7bcb7f37ab955f634f224961c578d3daab993aedf497bccbe0679b64c0bfb7
Instruction ID: 6a8b60c1ba63b209f9f22fc0fb349e08a6eb3dc9d3039b7f4d2c470e85d5d680
Opcode Fuzzy Hash: 2b7bcb7f37ab955f634f224961c578d3daab993aedf497bccbe0679b64c0bfb7
Instruction Fuzzy Hash: 0E21C670A1A54E8FE765AFA488695BA77E1EF15300F0144B7D42CCA0E6DF38F564C740

Function 00007FFD9B6F81D9 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d435226b1c912c00a618669f143950d2be7efbf93374e70c5131e436f198f38
Instruction ID: f41b6d7ed97bf608f968a5f58c5c735cc591f6dfbc7edf05e02ec0c16e09fd19
Opcode Fuzzy Hash: 6d435226b1c912c00a618669f143950d2be7efbf93374e70c5131e436f198f38
Instruction Fuzzy Hash: 4B21C270B4EA4E8FDB65DB64C9655BD7BA0FF05300F1105FAD42DCA0E6DA24B6008740

Function 00007FFD9B6E08E5 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5a0efcce002a1e00be6f233ca64cc8a9b8d48daad2849253403028cc7c50491
Instruction ID: a3ec70c0ac2705e9f15478ee8e951df9b46a82d04478ecaef3624508fe9cb55b
Opcode Fuzzy Hash: c5a0efcce002a1e00be6f233ca64cc8a9b8d48daad2849253403028cc7c50491
Instruction Fuzzy Hash: B211E931A0E50E8FFB61AAB4845A1B937D0EF15700F124972D01CCA0A2DE34B660C740

Function 00007FFD9B6E1CFD Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f9c675781d6391f92fbf2076d1078716184b352f638fc7198d152a0cfe1660d
Instruction ID: 3dbcfdc2eacfe557c978fe2449bcfb047125c1c789748bd69e9d3710538dc66d
Opcode Fuzzy Hash: 9f9c675781d6391f92fbf2076d1078716184b352f638fc7198d152a0cfe1660d
Instruction Fuzzy Hash: 0911B670A0B64E8FEBA99F64C8292F937A0FF55300F11447AE42DCA1E1DB78B660D740

Function 00007FFD9B6F73E5 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a58c335523cfa9d9b6e5aec85830d2bf2f0795e50366f932b267f849ebb71902
Instruction ID: af4b14eb701135447d9f763c34612eae6099eb4a9c5d82043c22d5577f84822d
Opcode Fuzzy Hash: a58c335523cfa9d9b6e5aec85830d2bf2f0795e50366f932b267f849ebb71902
Instruction Fuzzy Hash: 2011A271E09A4E8FDB99EF6884692B97FE0FF58301F1105BED82DC71A1DA34A550C741

Function 00007FFD9B6F7485 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf1793b5f9720e7c733a104bd95c145ed852546d65b8ebc9204c0fc4fea5346e
Instruction ID: 711b7d78e0a1095c3effaafcd819520930421b02b9f10a1fe90b24c4e2713bde
Opcode Fuzzy Hash: cf1793b5f9720e7c733a104bd95c145ed852546d65b8ebc9204c0fc4fea5346e
Instruction Fuzzy Hash: 6B11D072F0EA4E4BEB699A6488B51B83FE1FF15300F0600BED469CA4F2DE257540C601

Function 00007FFD9B6ECF60 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55d0e46a5fc5b3ebbc184e2a59d22ec3a90e6d3d527d822adfbe2ec4d5410068
Instruction ID: 1b8af6a08fdab871eaa722ada82f56fea81a33665918f3f7571ae2aad4f74232
Opcode Fuzzy Hash: 55d0e46a5fc5b3ebbc184e2a59d22ec3a90e6d3d527d822adfbe2ec4d5410068
Instruction Fuzzy Hash: A3116370A0A68E8FEB56AB6888655B97BB0FF16300F0104BAD42DCF0E2DE346660C750

Function 00007FFD9B6E0F2E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e06a89a83f4e43cd6da9fa135354bfd3f746d8f03acc1c6c7157662040aed78f
Instruction ID: 77c8849c2e52cfa1ee44a8ab18601f92e90606e997a4f206800a3b233378b0f1
Opcode Fuzzy Hash: e06a89a83f4e43cd6da9fa135354bfd3f746d8f03acc1c6c7157662040aed78f
Instruction Fuzzy Hash: A0115131F1980D8BEB64EB98C865FEDB3B1FB54300F118265C419EB2A5DE347A558F80

Function 00007FFD9B6ECED7 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b98b27c84450f26d8ca1a517d7d63dcf2d50cc2504a9d07a2be34f33481768ee
Instruction ID: a8af89689c8154b6962eae67ce1f85afffb0ce1fbbacc48dda20aa1bbc2feb39
Opcode Fuzzy Hash: b98b27c84450f26d8ca1a517d7d63dcf2d50cc2504a9d07a2be34f33481768ee
Instruction Fuzzy Hash: 9711B631A0A78E4EEB55AFA898255EA7BB0FF42210F0505B7D86DCE0E2DA346524C750

Function 00007FFD9B6F55C9 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc1eef8a7d64530c65f739f6aa1bd66c82f994d58a146e1850e86e72b51ff270
Instruction ID: 63e3b8c1480ecfd01b35331efae3722833d53e3548cb7b00f987600822b8c99e
Opcode Fuzzy Hash: cc1eef8a7d64530c65f739f6aa1bd66c82f994d58a146e1850e86e72b51ff270
Instruction Fuzzy Hash: DD118170A1A64E8FEB55EBA488692B97BE0FF15300F0504BBD429CB1F2DA3569408B41

Function 00007FFD9B6E282D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ccc80afe1f79ecff0906c6705fc651bf5fdd34cb4bf3756759bc2b215b58d35
Instruction ID: 25473728c8b5529f431ef277cfff313d4fec0b127b600be135cf731e4c8f7b63
Opcode Fuzzy Hash: 8ccc80afe1f79ecff0906c6705fc651bf5fdd34cb4bf3756759bc2b215b58d35
Instruction Fuzzy Hash: D511A330A1A64E8BEB69AFA484652FA37A1FF05301F01487AE42DCA1E1DF39B564C740

Function 00007FFD9B6F12B1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 386db75e961e7e8515b94f69a83e33e2cce4111bbc51f11f010770decfc788a5
Instruction ID: e8c3365754bd7273969de9f169d5fb302cc428a2caa3669d0720ee1445d41749
Opcode Fuzzy Hash: 386db75e961e7e8515b94f69a83e33e2cce4111bbc51f11f010770decfc788a5
Instruction Fuzzy Hash: DE118270B0964E8FDB55EFA4C4692BD7BE0FF19300F0104BAD429C71A1DB35A640C700

Function 00007FFD9B6F751D Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e5e3dd0225a7261fadfafb8d23681ccce04447fa247df651ba6f73cbca5b825
Instruction ID: d4f9da2be9ce2119fc965b691d4ddb60896bf3eefee9764444139700381f07bb
Opcode Fuzzy Hash: 1e5e3dd0225a7261fadfafb8d23681ccce04447fa247df651ba6f73cbca5b825
Instruction Fuzzy Hash: E911BF70A0A64E4FEB68EF5888696B97BA1FF59300F4101BAD429CB1E2DE35A640C740

Function 00007FFD9B6EC285 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c4f4f41f71d77cff12cf7cf5baf4322cb3b2d97929dc090f206f7df05ee2003
Instruction ID: 04ab6522d44ce7c3803f26c780066b1606a2a045ce4cd0f78f4c0b0dca84ab7d
Opcode Fuzzy Hash: 1c4f4f41f71d77cff12cf7cf5baf4322cb3b2d97929dc090f206f7df05ee2003
Instruction Fuzzy Hash: 71118E70A09A4E8FDB95EFA8C8696BD7BF0FF19300F0104BAD429CB1A5DB35A650C700

Function 00007FFD9B6EB53D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73f74d37202fd26eb678dcf79c0c34d5e28368d2c8f821c07487fe00d0eb792a
Instruction ID: ec81b87776798f1f574200d7f9bd0999cfd024f52b5e2dd97bf939e91d610afc
Opcode Fuzzy Hash: 73f74d37202fd26eb678dcf79c0c34d5e28368d2c8f821c07487fe00d0eb792a
Instruction Fuzzy Hash: 0F11C861E1E54F4EE761AFE858A41FD7BA0FF85300F4A0576E56CCA0E2EE2876148300

Function 00007FFD9B6F7D8A Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6bd41a2b376a00d089782dd54341d62ecf0495633933f340739ed5ab6a3771e
Instruction ID: 45e2f5847fe2c2b311bdca2cb054b92db2ef05adb00252d3df405e85f0a109d4
Opcode Fuzzy Hash: b6bd41a2b376a00d089782dd54341d62ecf0495633933f340739ed5ab6a3771e
Instruction Fuzzy Hash: 09110D70F0911E8AEB64DFD4C4A57FDBBB1AF44310F15103AD41AAA2A1CB787A84CB55

Function 00007FFD9B6E2EC1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72b9accf809595be895e9507885789e45417b810f09400c0f20f859d6fb996ff
Instruction ID: 99eba290cc56fded581b282ec50505fe3cebb37a3053efad682a4a8be5cef134
Opcode Fuzzy Hash: 72b9accf809595be895e9507885789e45417b810f09400c0f20f859d6fb996ff
Instruction Fuzzy Hash: CB01D4B0A4A64E8FE761EBA488695B97BE1FF19300F0204B6D41CCB0B6EF34F1548700

Function 00007FFD9B6E0B15 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4b18b8b711ac33976301300cf711e7bffafbf1255f16abe2f9af7831f708bbc
Instruction ID: 2016fd0a5988de1be11133674a0cf3d8959e366fdfad78a7f6e83a3514a91215
Opcode Fuzzy Hash: c4b18b8b711ac33976301300cf711e7bffafbf1255f16abe2f9af7831f708bbc
Instruction Fuzzy Hash: 2E019630A1A54E8FE761EFA4C8695B97BE1FF55700F4605B6D428CB0B2DA34F5508700

Function 00007FFD9B6F79D1 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73d50a364156f627006441836ffa9909ce99084835f2ea734f576a1b36803e09
Instruction ID: 3061267bdbde275dee910e4aff1d40f1f93c309358bb1723403348d248062f02
Opcode Fuzzy Hash: 73d50a364156f627006441836ffa9909ce99084835f2ea734f576a1b36803e09
Instruction Fuzzy Hash: D701A231F0E68E4AEF619AA8D8252FD3BA1FF49310F020572D518DA0A2DA28B7108711

Function 00007FFD9B6F824D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c8d84f9c6bfadcc22fb60cb464b41a922b209b1e6eb007c4b51719eee711ce3
Instruction ID: 11a2495b0b906318983dc46da1c1212efa80f07fb8c80aae57d4aa902c0b0020
Opcode Fuzzy Hash: 7c8d84f9c6bfadcc22fb60cb464b41a922b209b1e6eb007c4b51719eee711ce3
Instruction Fuzzy Hash: BE018070A4964E8FDBA99B64C4695B97BA0FF15300F0104FAD419CA0E2DB35B550C740

Function 00007FFD9B6F7A61 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a035ecc409d56b5d57066bacbdc6338b228d6af444c5ad1e4ff753e02c6cf14
Instruction ID: 65cb1e5b6107f7168dae12aede2b3161ece211b36b0cba8016746a91f90ee20c
Opcode Fuzzy Hash: 5a035ecc409d56b5d57066bacbdc6338b228d6af444c5ad1e4ff753e02c6cf14
Instruction Fuzzy Hash: ECF08131A0E54E9FE7619BB4C8586FA7FF4FF16301F060976E428C60A1EA38A3458750

Function 00007FFD9B6EB0D9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8626e8d736b8757e6f7405830af26feba6f2307b867aeee6430fe3cc3a4ffed
Instruction ID: 8d9252ac1a6b6489ba448d2541c2de814b95b22234648a843909c1cd6a0ed2a8
Opcode Fuzzy Hash: a8626e8d736b8757e6f7405830af26feba6f2307b867aeee6430fe3cc3a4ffed
Instruction Fuzzy Hash: F4017971A1E64E4FE752AB6488996E97BE0EF56310F0644F6D418CB0A2DA24B5648701

Function 00007FFD9B6F7BE9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45d965742d204ba25fc99db613ac730171a0ac76bf097c5957ef3749b370dea4
Instruction ID: b75cdf4fa22b79f0ef75d15d0a933760e5caca55006d361f9b41e00616e27ee4
Opcode Fuzzy Hash: 45d965742d204ba25fc99db613ac730171a0ac76bf097c5957ef3749b370dea4
Instruction Fuzzy Hash: B2018F30A5E64E9FE752AB7488695B97BE0EF0A300F0209F7D018CB0A6DA38B584D711

Function 00007FFD9B6E05D8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 205fa4980224050de0d0ee7b0110aa010a5fd4231dcd7bfb4ee54dfaa39e2af0
Instruction ID: 594bd1d85b6069bd8daa3d390f7b2721c127adc8557cb1d2e14c5a36af8be57c
Opcode Fuzzy Hash: 205fa4980224050de0d0ee7b0110aa010a5fd4231dcd7bfb4ee54dfaa39e2af0
Instruction Fuzzy Hash: 2C017170A0A50E8FDB58EF64C0696BD77E1EF58304F21447DD42EC61E5CA35B6A1D740

Function 00007FFD9B6E2F39 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c57b4cab97f78369a1295ca230d53f27080c06e5a236839b5e82407ea129293c
Instruction ID: feb7e0a3e73f80cc4489edbdd7a61379fd615c2f875ac3bc9b9f8214c84a43eb
Opcode Fuzzy Hash: c57b4cab97f78369a1295ca230d53f27080c06e5a236839b5e82407ea129293c
Instruction Fuzzy Hash: 6A018870A5E64D4FD762ABB488695B97BE1EF45300F0605F7D41CCF0F6DA24B5548701

Function 00007FFD9B6EB7CE Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a57d096dcb62e807024c0a5abd14509136d3a486d331aea8d053828657279fe
Instruction ID: 28673cbd59d599f41d150725c7a971b237906234d12a128ec8cdc694d3d4e955
Opcode Fuzzy Hash: 8a57d096dcb62e807024c0a5abd14509136d3a486d331aea8d053828657279fe
Instruction Fuzzy Hash: CC110970E1A51E8EEBA4EB98C8657EDB6B1FF58700F5101B5D01DDA2A1DF342A90CF40

Function 00007FFD9B6F27F8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3f1bb923e6fe3de39d0a2b8725f7726e92dca0546a5030911fac07012d6f7b9
Instruction ID: ad565d06c241a981c45a1424764014db06514a270e43d2b596d7e62e34f1f568
Opcode Fuzzy Hash: c3f1bb923e6fe3de39d0a2b8725f7726e92dca0546a5030911fac07012d6f7b9
Instruction Fuzzy Hash: 5B01A270A5550D8FDB69EBB4C4245BA7BA4FF05300F51097AF42AC60E1DE34B654CA40

Function 00007FFD9B6E0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 796fd65e9c57dc19b2f2b3db7e00c9b25cda6027edc2b93c053b8fc0a77d27e5
Instruction ID: d6c48f9b6b8f5704059ff21ac24d7e8a61e58ab29d971c6c1137dca1ba68168f
Opcode Fuzzy Hash: 796fd65e9c57dc19b2f2b3db7e00c9b25cda6027edc2b93c053b8fc0a77d27e5
Instruction Fuzzy Hash: 8E014F30A1590E8ADB69ABA4C4685BA73A1FF19305F5104BEE42EC61E5DF35F554C700

Function 00007FFD9B6E0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 527a11eeed6aa594fbe960f67432046c25a11915a3c514b1c0f43233f5219139
Instruction ID: 0d276258db3398ac5f9042adc5a1c701bb39cb0fbecb9ba3a957b67d38268852
Opcode Fuzzy Hash: 527a11eeed6aa594fbe960f67432046c25a11915a3c514b1c0f43233f5219139
Instruction Fuzzy Hash: 2501D630A1950E8BEB59EFA4C0695BA77A1FF08304F10087EE42EC61E0DF35B194CB00

Function 00007FFD9B6E1240 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28193a2df6b98b3412d3004c73d57b9b38940ceec7a59dc0b7c54159361bb0dd
Instruction ID: 1d9eb62b70c13df72ad5a420c852166cab73d07cb1a73d73da65cc6525d0027e
Opcode Fuzzy Hash: 28193a2df6b98b3412d3004c73d57b9b38940ceec7a59dc0b7c54159361bb0dd
Instruction Fuzzy Hash: DCF0A470E1A64E4EFB699BA888297BA77E0FF56311F00057AE429C60E1DF2426A49740

Function 00007FFD9B6EDA85 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889f8dc18bf554b86b22b642c05b1c9b56ec5e2b555d0463634da8ac52d3bd01
Instruction ID: 7902018b99c5ab8359a4c54a7fd22baceede1812208791f4a3ecebff2a7653fa
Opcode Fuzzy Hash: 889f8dc18bf554b86b22b642c05b1c9b56ec5e2b555d0463634da8ac52d3bd01
Instruction Fuzzy Hash: EF01C830A1D90D8BDB64DB98C4A0AED77F1EF58311F51013AD02AEA2A5DA357A518B00

Function 00007FFD9B6E05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de884269c61628b174e598e3e8b2a4f305869f070b491ab93ed8f3189fee2b3a
Instruction ID: 5c1e347f0ae5d9ada019617acfd090f8bb3acd5c8831461e1de037a1d91fd7a6
Opcode Fuzzy Hash: de884269c61628b174e598e3e8b2a4f305869f070b491ab93ed8f3189fee2b3a
Instruction Fuzzy Hash: 68F06230A0A64E8FDB68EF6494296FA77A0EF15304F51097AE82DC61E1DF35B6A0D740

Function 00007FFD9B6E3555 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f7c93c6d6c53365887036970f33334e2074f3633a094ac0b86008846347ea83
Instruction ID: 02344da2f7e577008de1b9a923615cdf2355b80a1252fcd32b4df1c4b68bbaa2
Opcode Fuzzy Hash: 7f7c93c6d6c53365887036970f33334e2074f3633a094ac0b86008846347ea83
Instruction Fuzzy Hash: 65F0A470E1A68E8FDB66DF6488281FE7BB0FF15300F41057ED428CB1A1DB34A6208740

Function 00007FFD9B6F7E00 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2926cd4f2c0c5f2dd1c2e20c591cb30ec76164fee90b56adf2eef6397faa7010
Instruction ID: a4345e6d2bca9189a12c8690f01aa70a568ef0aa1328acadeb70de473eb8103f
Opcode Fuzzy Hash: 2926cd4f2c0c5f2dd1c2e20c591cb30ec76164fee90b56adf2eef6397faa7010
Instruction Fuzzy Hash: 15012134F0910E8AEB64DED4C4A56FC7BF1AB54310F15003AD41AEB1A1CA3CBA84CB44

Function 00007FFD9B6E27B9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6e0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d054d5d6023a7800862feea0e737567327a0a70dcfb51b646bbf08995aa3ef04
Instruction ID: e0c6aaebb005b3f8e08510248ec621cf3bb9763201ec239ec3701641f5a31f85
Opcode Fuzzy Hash: d054d5d6023a7800862feea0e737567327a0a70dcfb51b646bbf08995aa3ef04
Instruction Fuzzy Hash: 67F0683190E78D4FEB6A9F6488251BA3FB1FF16300F5504BBD469CA0E2DB38A554C751

Function 00007FFD9B6EBEAD Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 283804217948333f8ff2fcb3565c08923a248f845159e52b147ba38823be971e
Instruction ID: 30b3bf50b1a14af129ace84e97e4770597205202f906d1202f47b4cbe5c96609
Opcode Fuzzy Hash: 283804217948333f8ff2fcb3565c08923a248f845159e52b147ba38823be971e
Instruction Fuzzy Hash: 15010C70E0651E8FEB64DF94C8547EDB6F1FB44301F148275D018AA295DB386A94CF94

Function 00007FFD9B6F12D0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 316e61ee8fc328ed26ae4fa376a6822c13a99a0fd842faf918e46ac7122dc111
Instruction ID: cd03ee95e7f3886b6c4b6af1810470dd85a24c4f11c58276645fd905034b4c88
Opcode Fuzzy Hash: 316e61ee8fc328ed26ae4fa376a6822c13a99a0fd842faf918e46ac7122dc111
Instruction Fuzzy Hash: CFF05E30F15A0E8EEB94EFA888282FE76E4FF18301F41053AE82DC61A0DB3066908740

Function 00007FFD9B6EBF2C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6eb000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfdcbf864c4bd15d4db78eaac36c0dfe7c0a5b65dc77e5e10b4232c2e14a97ac
Instruction ID: 2570aa9fbe2abed498ae6534918ef4a788e6bb89a77e27fb606acef635c8ee76
Opcode Fuzzy Hash: bfdcbf864c4bd15d4db78eaac36c0dfe7c0a5b65dc77e5e10b4232c2e14a97ac
Instruction Fuzzy Hash: 3FE01230D1E51E9EDBA0E750C8B1AF9B765AF56300F5942F1D51DCA1B6CD34BA848B40

Function 00007FFD9B6F59CB Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f256019f065eb47b2b2e68c6411fb5055e23d0681f5a36a576cf88d74a6c63ae
Instruction ID: bee7f0502d149ccdfad788735fdac24cc7c9ee987fb82f79f5ad15da1276475e
Opcode Fuzzy Hash: f256019f065eb47b2b2e68c6411fb5055e23d0681f5a36a576cf88d74a6c63ae
Instruction Fuzzy Hash: 67D0C975E1AB1A8FDBA4EA5884DF298BFE1FF54300740006AE428CA561DF247912A701

Non-executed Functions

Function 00007FFD9B6F15A9 Relevance: 8.8, Strings: 7, Instructions: 100COMMON

Download Yara Rule

Strings

[, xrefs: 00007FFD9B6F1731
!, xrefs: 00007FFD9B6F1A9D
}, xrefs: 00007FFD9B6F15E0
", xrefs: 00007FFD9B6F1930
", xrefs: 00007FFD9B6F1923
#, xrefs: 00007FFD9B6F152C
/, xrefs: 00007FFD9B6F18C3

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID: !$"$"$#$/$[$}
API String ID: 0-2194321067
Opcode ID: 47b758add011749f1fd82a170b3ed0c7acdd9e95a25c5775821b226f801d7c5b
Instruction ID: 94eb4fa374f196f0bdacea546626b02654fa51ecef7130062264e6aba4c96bb6
Opcode Fuzzy Hash: 47b758add011749f1fd82a170b3ed0c7acdd9e95a25c5775821b226f801d7c5b
Instruction Fuzzy Hash: 6541CD70E0522E8FEB68DF94C5A47FD7BB1AF54301F1145BAD46DAA290DB386A84DF00

Function 00007FFD9B6F068E Relevance: 5.0, Strings: 4, Instructions: 46COMMON

Download Yara Rule

Strings

[, xrefs: 00007FFD9B6F06A2
0, xrefs: 00007FFD9B6F0455
b, xrefs: 00007FFD9B6F06AF
F, xrefs: 00007FFD9B6F04C7

Memory Dump Source

Source File: 0000001C.00000002.1780393906.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ffd9b6f0000_SgrmBroker.jbxd

Similarity

API ID:
String ID: 0$F$[$b
API String ID: 0-1668057103
Opcode ID: 5e7d0b3d67754f939391071519a3ad47a03583031819be69bbdc693db2f4676c
Instruction ID: ebf51dc6c0bac3aa0d3224e0317bf248fc7c0e1703cfecb195aac04367b343b4
Opcode Fuzzy Hash: 5e7d0b3d67754f939391071519a3ad47a03583031819be69bbdc693db2f4676c
Instruction Fuzzy Hash: 5F11BA74E1562E8FEB68DF54C8A57BAB6B1AF45301F4101B9D05DAB291CB786A90CF00

Analysis Process: StartMenuExperienceHost.exePID: 8060, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B6E35D5 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

K_H, xrefs: 00007FFD9B6E3760

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID: K_H
API String ID: 0-313846638
Opcode ID: 87ac8b90b39a379373760d03017e0013074f11250dce3d45d99d583706ff7518
Instruction ID: 1662344f7a8b5f3b2804c4eaf8bb90631ebc17ed1ecac7474983025f0111b7cb
Opcode Fuzzy Hash: 87ac8b90b39a379373760d03017e0013074f11250dce3d45d99d583706ff7518
Instruction Fuzzy Hash: 5191C271A1994D8FEB55EB68C8647A87BE1FFA5310F5002BDD019DB2DADBA428018B41

Function 00007FFD9B6ECD7D Relevance: 2.7, Strings: 2, Instructions: 232COMMON

Download Yara Rule

Strings

;wK, xrefs: 00007FFD9B6ECD7F
%{v, xrefs: 00007FFD9B6ECE3E

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID: %{v$;wK
API String ID: 0-1018670380
Opcode ID: a39f22cf240981edd12066b0e5c83a5eb1556163505aa4a413bc4e4e42c6e8b2
Instruction ID: 421c8a251e835a4fd854a0f24776e8481d3ac01ef206323df6981b8e9d30edc8
Opcode Fuzzy Hash: a39f22cf240981edd12066b0e5c83a5eb1556163505aa4a413bc4e4e42c6e8b2
Instruction Fuzzy Hash: BF613623B0C66A4AD318BBBCB8214EA7B60EF81374B0406B7D5ADCE0D7DE14745987D0

Function 00007FFD9B6F1339 Relevance: 2.6, Strings: 2, Instructions: 150COMMON

Download Yara Rule

Strings

/, xrefs: 00007FFD9B6F18C3
, xrefs: 00007FFD9B6F13BB

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID: $/
API String ID: 0-2637513485
Opcode ID: 1097177dc982242acd7c690c33d25428724d5a0c820b935a186706d93ca80b3f
Instruction ID: 1adafacb637f1bca93af145cf2d4c422eaf3bd524d07acd0d424254aa436cfcd
Opcode Fuzzy Hash: 1097177dc982242acd7c690c33d25428724d5a0c820b935a186706d93ca80b3f
Instruction Fuzzy Hash: C651FC31E0961D8FEB65DB94C8646E97BF1BF59340F0101BAD42DDB2A5DB386A84CB40

Function 00007FFD9B6E085D Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

_, xrefs: 00007FFD9B6E0839

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 2b4b8c90430b6c1c626b11f347cf57dad5a137781cb1d6325a1b6d63771fcf7a
Instruction ID: ec47a0266a3a0317f4e6f436fa58d54116dfc34ab55aa0c02c7be9c7dd14c7cc
Opcode Fuzzy Hash: 2b4b8c90430b6c1c626b11f347cf57dad5a137781cb1d6325a1b6d63771fcf7a
Instruction Fuzzy Hash: 48213721B0E18E8EEB61A7B8C86A4EA37E0EF41300F1604B2D09DCE0A3DD24B565C380

Function 00007FFD9B6F393D Relevance: .5, Instructions: 454COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 077a421a9b7765cf22c5af8daceb46be2fe525767357a361fd8cb9be0f0e84b6
Instruction ID: 022e9020673c01bd536efc63a48e11af60ae79f75365077c0eeec3eb1ff2ef50
Opcode Fuzzy Hash: 077a421a9b7765cf22c5af8daceb46be2fe525767357a361fd8cb9be0f0e84b6
Instruction Fuzzy Hash: 40117261B0E68E8EE762976888655A97FE0EF06300F0604BBD4A8CB1A3DA24B6049701

Function 00007FFD9B6E1738 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e30a5e67682d3aa5d7161e86b612c8a96601130fdfd29a2f7637cf5a8b7f8b86
Instruction ID: e05dc14d448d1a282cf332c17771e11caf73e3f8ed0bc1893afd8a28042dd27d
Opcode Fuzzy Hash: e30a5e67682d3aa5d7161e86b612c8a96601130fdfd29a2f7637cf5a8b7f8b86
Instruction Fuzzy Hash: BB81BE31B09A4D4FDB69DE5888715A977E2FF98300B15417EE46ECB2A2DE34BD12C780

Function 00007FFD9B6F4175 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b1ed6de9f5058f7617341750118dc2a2ea815a256a4aee7ba7056c62a3f7b38
Instruction ID: ecb18b1ef71147f61925312b55620874e76adf1a9916ba53c7e516d0b1f7e375
Opcode Fuzzy Hash: 1b1ed6de9f5058f7617341750118dc2a2ea815a256a4aee7ba7056c62a3f7b38
Instruction Fuzzy Hash: 6F91CB71E1A51D8EEBA4EB98C8557ECBAF1FF58300F1141BAD01DE7291DA346A848F00

Function 00007FFD9B6F7951 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d161bf49727a07f9ac2316a80146933a0033022a4e4502b7e8217ab4b8b5581
Instruction ID: 3033d37fd1ebd8ecf038b2e95e5bd042664ee42ff4ff294ba90ed21ad6fe29fa
Opcode Fuzzy Hash: 2d161bf49727a07f9ac2316a80146933a0033022a4e4502b7e8217ab4b8b5581
Instruction Fuzzy Hash: 8F615170B1A54E8FEB61EBA8C8696BD7BE0FF19300F0205B6D429CB1A5DE34B6548741

Function 00007FFD9B6F3FFA Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7e0ec7b1aa8c6705849e576492b5d2468349d37522c5587eacfc72121929d0
Instruction ID: ee94e5d08cf6fa66fc987d46874c70f74933f6657f1fd7d6952be643e655611e
Opcode Fuzzy Hash: 7d7e0ec7b1aa8c6705849e576492b5d2468349d37522c5587eacfc72121929d0
Instruction Fuzzy Hash: 69514B6770D5594FE720BBADF8A99EA7FA0EF81371B0501BBD558CE0A3EE106045C790

Function 00007FFD9B6E1D7D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dff716b6b3c8ceba75ba3278ac4894190de0db20c04569f1dbf930d2a8d1027c
Instruction ID: 3f08c41735df207e14c03e64e336dc09cba723dc6e340a4663c12fbc13b67e21
Opcode Fuzzy Hash: dff716b6b3c8ceba75ba3278ac4894190de0db20c04569f1dbf930d2a8d1027c
Instruction Fuzzy Hash: E151DE31B09A4A4FDB58CE5C88655BA77E2FF98300B15417EE46ECB296CE34ED128780

Function 00007FFD9B6F585D Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ba0bed883ee04ed85a8875046fa6d63eec8d59fd4f38ed1faef68cc390bbea1
Instruction ID: e5fa9e4550e3bfaea160bc6965fd1e51bb6ec92f3fc6696657a548945523a05a
Opcode Fuzzy Hash: 6ba0bed883ee04ed85a8875046fa6d63eec8d59fd4f38ed1faef68cc390bbea1
Instruction Fuzzy Hash: 20515170E0995D8FEBA4EFA8D4A96AC7BF1FF58300F10007AD01DD7296DE3469418B40

Function 00007FFD9B6EC309 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c548ea4373cc1533aff44be00e0e768a63e6e81c2fabf1015ae0a5a4169f5185
Instruction ID: 2f2b63205e1427755e8488ca947a41c9fe6b8042a6d54361c314c6037be69e6f
Opcode Fuzzy Hash: c548ea4373cc1533aff44be00e0e768a63e6e81c2fabf1015ae0a5a4169f5185
Instruction Fuzzy Hash: 8F613B71E0A64E8FEB64DFA8C4646FD7BB0FF58300F11013AD429EB2A5DB3869508B50

Function 00007FFD9B6E22C5 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3174eabc902116a3a0d16f8cbcf68ee0324c0ca56b07537de12a2bbc3d5bb413
Instruction ID: 05bbded74af271363c6ac8f9dee2ff51e86b928abb9d532cb50da2d517186e25
Opcode Fuzzy Hash: 3174eabc902116a3a0d16f8cbcf68ee0324c0ca56b07537de12a2bbc3d5bb413
Instruction Fuzzy Hash: ED518231E0A51E8EEB74DBD4C8217F9B3A2FF45300F1201B9D06D9A1E2DE787A658B41

Function 00007FFD9B6E3231 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f337fe74f608f83000745b40596d4d75e78b8f759ec78a943c8d782cf94e49f
Instruction ID: daac592672283fc09111b91aa72a0c336357dc89d511b78f212d82378fe69a61
Opcode Fuzzy Hash: 1f337fe74f608f83000745b40596d4d75e78b8f759ec78a943c8d782cf94e49f
Instruction Fuzzy Hash: 3F514C70E0965D8FEB65DB98C4A4AEDBBF1FF58300F51017AD019EB2A1DE386A54CB10

Function 00007FFD9B6E2195 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba09cc3d872511165265991d97dac34582643f2df2697e8b3cf3bea028a2476c
Instruction ID: 14a7055fe0942bb04f44772d7941c60988cc45c4c7317d2fc69d247f6cf84f88
Opcode Fuzzy Hash: ba09cc3d872511165265991d97dac34582643f2df2697e8b3cf3bea028a2476c
Instruction Fuzzy Hash: 41412631B0E68E4FE765DBB888651B97BE1EF46300B0541FBD46CCB1A6DE28A9518341

Function 00007FFD9B6F6708 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d63e1487c080a37dedf9931ec67d94f251d136841d6aa3152786abae93b5f99d
Instruction ID: 8e05e474e6ea5bd2747a84540739dbf9452a7065026f9aa35c034fadcdd96d81
Opcode Fuzzy Hash: d63e1487c080a37dedf9931ec67d94f251d136841d6aa3152786abae93b5f99d
Instruction Fuzzy Hash: 93414D70F0961D8AEBB8EB94C8657B97AA1FF45300F1141B9D02DD62E1DF387A84CB01

Function 00007FFD9B6F2F70 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10e2559ceb91964dae618813e768c46da016f6ac4657ae5dd5566241030d186f
Instruction ID: b8facca2f1e74f2f66a4dd1281198c8d11e4ec7f0e2ee46ccd4b4ac6752e07a0
Opcode Fuzzy Hash: 10e2559ceb91964dae618813e768c46da016f6ac4657ae5dd5566241030d186f
Instruction Fuzzy Hash: EB419A70E1951E8EEBA4EB98C855BECB7B1FF58300F1141BAD41DE7291DE746A848F40

Function 00007FFD9B6EB4FB Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf009b1c1d95c0d6b627ec7320dde6c771e78aaeccbae21310c9a904256fa919
Instruction ID: 8a160c894d3cee4d60920f9f8d0d69c732b2d431210cd2975908c56f84ed108a
Opcode Fuzzy Hash: cf009b1c1d95c0d6b627ec7320dde6c771e78aaeccbae21310c9a904256fa919
Instruction Fuzzy Hash: C3411861F1E94E5FE751AFA888A81BD77E0FF95300F4A45B2D12DCB0E6DE28B6148700

Function 00007FFD9B6E12D9 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aedd9f45330adb490298ec3cc23c126537943877d7d0311756e582564b6a257
Instruction ID: 79cd6b4d5c60a0a8136b13c7ad7cc05cb5b735516daa2d3b634290fb0dde7d4a
Opcode Fuzzy Hash: 9aedd9f45330adb490298ec3cc23c126537943877d7d0311756e582564b6a257
Instruction Fuzzy Hash: 8531A271A0994E8FEF68EFA8C8656F977A0FF59310F01007AE02AD71E1CE2579648740

Function 00007FFD9B6EC7C4 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa602d021107a3705506656720954220a83b587a7b70d7e7db3dedf9db5b8ad7
Instruction ID: e356280940f24bbf047b8a308f3765dd3c550de24fd4600f626210df9767e097
Opcode Fuzzy Hash: fa602d021107a3705506656720954220a83b587a7b70d7e7db3dedf9db5b8ad7
Instruction Fuzzy Hash: 8F311731E0991D9FEFA4EBA894A56BCB7F1FF98300F510039D01DEB292DE3469518B40

Function 00007FFD9B6E34D1 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73993abf6e6b5c779992610d59f980a2020c03db11988610cc5af965d382d915
Instruction ID: ea9038cb406e8d1b972723f76816d22fbc7c74ae25fd2d5416de146d51b91783
Opcode Fuzzy Hash: 73993abf6e6b5c779992610d59f980a2020c03db11988610cc5af965d382d915
Instruction Fuzzy Hash: 17316F70A0A64E8FDB6AEF64C4685B977B0FF19300F1109BED429CA2A1DB35A654C700

Function 00007FFD9B6F5255 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2feabd283c79caa439e51dd119930879f439b1189cad773b8f0e7d10e06aea9
Instruction ID: db43a74c218527643019b9b3cbd736bce8fed426ef60e5b6ec510e02455886e4
Opcode Fuzzy Hash: b2feabd283c79caa439e51dd119930879f439b1189cad773b8f0e7d10e06aea9
Instruction Fuzzy Hash: 1731C171B0AA4E8FEB59DF6484655B93BE1FF55300F1101BED42ECA5A6DE35BA00C740

Function 00007FFD9B6ECEFB Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b54acb36b9a944b48d3467c3314144d35ce13913b98e02d11ecabf4b6607b10
Instruction ID: 83990d81d26e3110f4c1e49e09c4e489a783a8d116f694e95b9415b42de8f05f
Opcode Fuzzy Hash: 1b54acb36b9a944b48d3467c3314144d35ce13913b98e02d11ecabf4b6607b10
Instruction Fuzzy Hash: 6C31CF22B0E65E4AEB667BACA4214FD7BA0AF51324F4505B7D42C8D0E6CE28356083A1

Function 00007FFD9B6E122D Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a82462a3da07e82ff6de0ef22a96ea11bf09f5afb63221829d8c5e1163e25f4c
Instruction ID: c25027a56d9038b8f73efb1acb4ee46081c87e0cf0171bff19ba542e9c46ac36
Opcode Fuzzy Hash: a82462a3da07e82ff6de0ef22a96ea11bf09f5afb63221829d8c5e1163e25f4c
Instruction Fuzzy Hash: 8F31F571A0A64E4FEB69DB68C8693B97BE0FF5A310F0101BED42ACA1E5DF246564C700

Function 00007FFD9B6EC857 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36dbe58cf766bcff735b247979aafcc9a3802745866b572f43f7cd5f1e20c1d1
Instruction ID: a46dc07af2c56903e3b6e70cbe53af099c5345d0c0b194d0fa9649a42a4dd726
Opcode Fuzzy Hash: 36dbe58cf766bcff735b247979aafcc9a3802745866b572f43f7cd5f1e20c1d1
Instruction Fuzzy Hash: 98212B31E0991D8FEFA4EBA894A56ECBBF1EF99300F51003AD01DDB292DE346951CB50

Function 00007FFD9B6E3430 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82f026d216bf089916de4bd2a8b2f69447b77cce0dbca9416a234fa05d1310fb
Instruction ID: ae084c1768163db792342382733009da5ab5fe9ad4eea6547b6579ede72af864
Opcode Fuzzy Hash: 82f026d216bf089916de4bd2a8b2f69447b77cce0dbca9416a234fa05d1310fb
Instruction Fuzzy Hash: F7319F3190E68D8FD753EFA488685A97FF0EF06310F0941EBD458CB0A2DA28A555C721

Function 00007FFD9B6F4D35 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 700b5888018af6345e3f721924a4e4e83e15b331423135cc59b81e20af5d2678
Instruction ID: ac78a8d931037f60bdcdb6f8c938e7540d42374659554259cede846c27232f74
Opcode Fuzzy Hash: 700b5888018af6345e3f721924a4e4e83e15b331423135cc59b81e20af5d2678
Instruction Fuzzy Hash: DB21A071B0A90E8FEBA9EFA8C4651BD3BA0FF58301F11057EE42DCA5A5CB34B5408740

Function 00007FFD9B6F2E41 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c16dd7dd53a539054a4c9b39666beb1cef7853f7a38c124e7984cf3d5e7aa83
Instruction ID: 7199859f0f066c5d5ed057330d2a96b2399f3d01c680e57638e5f70bc2023326
Opcode Fuzzy Hash: 7c16dd7dd53a539054a4c9b39666beb1cef7853f7a38c124e7984cf3d5e7aa83
Instruction Fuzzy Hash: F8218030A1A55E8FEB51EBE8C8585EDBBF1FF49300F5104B6E428DB1A6DE34A5508B40

Function 00007FFD9B6F2A31 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75b4f7422d603d19d597fe9bd94395f603d773da8fd2f541b37e1e8bbc55f46a
Instruction ID: c20fb855821b9b3e529f1ceaaab028cd0f55c07e01c11c19d3b0b39f397a9bfd
Opcode Fuzzy Hash: 75b4f7422d603d19d597fe9bd94395f603d773da8fd2f541b37e1e8bbc55f46a
Instruction Fuzzy Hash: C5219E70B0A64E8FDB68DF98C4615FD3BA0FF59300F51117AF41AC71A5CA34B6508B41

Function 00007FFD9B6F5409 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c0b8d089f7cc654bfce0710e9bc5ee502d334daaaa2dc908b4a8274977f59aa
Instruction ID: f2318af87b55d6b12cb57d8311d8ca848b3d9aa55df0c5ad61d26a0d07820c65
Opcode Fuzzy Hash: 0c0b8d089f7cc654bfce0710e9bc5ee502d334daaaa2dc908b4a8274977f59aa
Instruction Fuzzy Hash: 5D31B171F0E64E8FEB95DF68886A6BD7BA0FF55301F0105BAD429C60E6DA34A940C741

Function 00007FFD9B6F4C99 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24f78ed1ff725eb940b179fd08030b01087174c28457ec836b56fd41a4b861cf
Instruction ID: d3eb0667e455744160f9e322cea0674babee406565a69dca0727d4bb115a7a33
Opcode Fuzzy Hash: 24f78ed1ff725eb940b179fd08030b01087174c28457ec836b56fd41a4b861cf
Instruction Fuzzy Hash: A231AD31B0E64E8FEB69DFA884652BD7BA0FF55300F0105BEE429CB4A6DA34A540C740

Function 00007FFD9B6F7341 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88ddc6ed9fd71288e32c6eea6f3dc0ba74b00fcfc40b3c4cbfb42ef61c163248
Instruction ID: 458e8f0cbf998fa6a51f6beda8ec672a14adda1a521a02a624c9db12546a9b37
Opcode Fuzzy Hash: 88ddc6ed9fd71288e32c6eea6f3dc0ba74b00fcfc40b3c4cbfb42ef61c163248
Instruction Fuzzy Hash: 2221BF71B0964E8FEB64DF6884656FD3BA0FF58301F10057AE829C71A6CA34B2508740

Function 00007FFD9B6E0A01 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c119ab4faeea9280fa4ab2859579038b190beb62eaf700464d36cfc1c901030
Instruction ID: 5bbaff69ac7e880c3ae49ce3b62185d4df79f93a2fc91877c9222117c25cf326
Opcode Fuzzy Hash: 5c119ab4faeea9280fa4ab2859579038b190beb62eaf700464d36cfc1c901030
Instruction Fuzzy Hash: 8521A171E1A54E8EE7A0EBA8886A1B977E0FF55700F414576D42DCA0E6EE34B6508740

Function 00007FFD9B6F4DD5 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 634111e9ff455b922e330ef991743076422e7c7f963bfc1ac40446a41f27b981
Instruction ID: 1bcdba18a19237473ade6629ff1df37ff0980d96998eeafbaf96e764c49799c6
Opcode Fuzzy Hash: 634111e9ff455b922e330ef991743076422e7c7f963bfc1ac40446a41f27b981
Instruction Fuzzy Hash: B7217171B0A64E8FEBA5DFA4C4695B97BA0FF18301F11057EE42DCA5A5DB35B6408700

Function 00007FFD9B6F52ED Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e67d9009ddd4e7f4c593ee0f19983166f2ca6b05d5925f9cc162e087cacb66c4
Instruction ID: 8ea63c0bd157bd7a8b1b080a9c5a18a3059df608111333d032afa9dc4403228b
Opcode Fuzzy Hash: e67d9009ddd4e7f4c593ee0f19983166f2ca6b05d5925f9cc162e087cacb66c4
Instruction Fuzzy Hash: 0D21B671B0E54E8BEB65DB5888296BD7BD0FF15304F15057AD42DCA0E2EE75B9008701

Function 00007FFD9B6F30E2 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1571e43ac5d9f6c162ce2c850c6cca82b626a49b8e3aba4699aa21d2f19021fe
Instruction ID: 91688ce155ae8d760180dfebdbda76c60ff1ac64e4cc5203575b2d24d946a236
Opcode Fuzzy Hash: 1571e43ac5d9f6c162ce2c850c6cca82b626a49b8e3aba4699aa21d2f19021fe
Instruction Fuzzy Hash: 5331B770E1961D9FEB64EBA8C8A5BADB7B1FF14300F5041A9D41CA7296CF3479808F41

Function 00007FFD9B6E0AA1 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12f5c45b42fd1fe90cdc7026e548969b6237110e7edcdd67d3fe0d38ce762e4e
Instruction ID: 789c32f3082e5b3a46722a5c54152600d6c1a0b565759dadc9757a79df04c9e1
Opcode Fuzzy Hash: 12f5c45b42fd1fe90cdc7026e548969b6237110e7edcdd67d3fe0d38ce762e4e
Instruction Fuzzy Hash: C321D431A1E54E8FE761EBA8C8665F977E0FF55700F4205B2D428CB0A7EE24B6108700

Function 00007FFD9B6F537D Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb2ad6b68cd20d439fa21717cd3875d32257aba0b8c0fdd75c7e4f28f83c9a7a
Instruction ID: 2e4e9d8fa932f9f0146c30aac08e311cb18593c327eb01ffeb3e59f070358f51
Opcode Fuzzy Hash: cb2ad6b68cd20d439fa21717cd3875d32257aba0b8c0fdd75c7e4f28f83c9a7a
Instruction Fuzzy Hash: A9218272B0A54E8BEB65EB6888696FD7BE0FF15300F01047AD42DCA1E6EE7479408641

Function 00007FFD9B6F6669 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c09f1380dd1d03c8f83e7e115fc9e5f1ade16b147a320da45e706041fd482b0
Instruction ID: 7d05a9c0ecf5972a9a106bfdc88554208332b9d5daa7faa305758702175a580a
Opcode Fuzzy Hash: 5c09f1380dd1d03c8f83e7e115fc9e5f1ade16b147a320da45e706041fd482b0
Instruction Fuzzy Hash: 55215670B0E54E8FEB65EBA488696B97FE0FF16300F0505B6D428CB0A2DE34B554C741

Function 00007FFD9B6F553D Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 350a050e851648db4b3cedd69053c22aa95298cc08a92d2110c0c6bee9a16231
Instruction ID: e2f7dec42b2f6c54de90bd3d4c7b04232a211565040ad915ccb515b1c0c0fa9b
Opcode Fuzzy Hash: 350a050e851648db4b3cedd69053c22aa95298cc08a92d2110c0c6bee9a16231
Instruction Fuzzy Hash: 19218070B0D54E8FEB68EB68C86A6BD7BE1FF15301F41047AE42DCA5E6DE34B9408641

Function 00007FFD9B6ECA89 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23e280a7cc01a03b47479b576e51b6ac46c927ab1f2b5dea082795da4642b841
Instruction ID: f993e2bb126a5bef34cd8df70b49668211d725186941824ad8a9043fb4b6db5d
Opcode Fuzzy Hash: 23e280a7cc01a03b47479b576e51b6ac46c927ab1f2b5dea082795da4642b841
Instruction Fuzzy Hash: B8217430A0A68E8FDB65EF68C8655BD7BB1FF15300F1544BAE429CA0E6DA35B560C740

Function 00007FFD9B6E289D Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b7bcb7f37ab955f634f224961c578d3daab993aedf497bccbe0679b64c0bfb7
Instruction ID: 6a8b60c1ba63b209f9f22fc0fb349e08a6eb3dc9d3039b7f4d2c470e85d5d680
Opcode Fuzzy Hash: 2b7bcb7f37ab955f634f224961c578d3daab993aedf497bccbe0679b64c0bfb7
Instruction Fuzzy Hash: 0E21C670A1A54E8FE765AFA488695BA77E1EF15300F0144B7D42CCA0E6DF38F564C740

Function 00007FFD9B6F81D9 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d435226b1c912c00a618669f143950d2be7efbf93374e70c5131e436f198f38
Instruction ID: f41b6d7ed97bf608f968a5f58c5c735cc591f6dfbc7edf05e02ec0c16e09fd19
Opcode Fuzzy Hash: 6d435226b1c912c00a618669f143950d2be7efbf93374e70c5131e436f198f38
Instruction Fuzzy Hash: 4B21C270B4EA4E8FDB65DB64C9655BD7BA0FF05300F1105FAD42DCA0E6DA24B6008740

Function 00007FFD9B6E08E5 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5a0efcce002a1e00be6f233ca64cc8a9b8d48daad2849253403028cc7c50491
Instruction ID: a3ec70c0ac2705e9f15478ee8e951df9b46a82d04478ecaef3624508fe9cb55b
Opcode Fuzzy Hash: c5a0efcce002a1e00be6f233ca64cc8a9b8d48daad2849253403028cc7c50491
Instruction Fuzzy Hash: B211E931A0E50E8FFB61AAB4845A1B937D0EF15700F124972D01CCA0A2DE34B660C740

Function 00007FFD9B6E1CFD Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f9c675781d6391f92fbf2076d1078716184b352f638fc7198d152a0cfe1660d
Instruction ID: 3dbcfdc2eacfe557c978fe2449bcfb047125c1c789748bd69e9d3710538dc66d
Opcode Fuzzy Hash: 9f9c675781d6391f92fbf2076d1078716184b352f638fc7198d152a0cfe1660d
Instruction Fuzzy Hash: 0911B670A0B64E8FEBA99F64C8292F937A0FF55300F11447AE42DCA1E1DB78B660D740

Function 00007FFD9B6F73E5 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a58c335523cfa9d9b6e5aec85830d2bf2f0795e50366f932b267f849ebb71902
Instruction ID: af4b14eb701135447d9f763c34612eae6099eb4a9c5d82043c22d5577f84822d
Opcode Fuzzy Hash: a58c335523cfa9d9b6e5aec85830d2bf2f0795e50366f932b267f849ebb71902
Instruction Fuzzy Hash: 2011A271E09A4E8FDB99EF6884692B97FE0FF58301F1105BED82DC71A1DA34A550C741

Function 00007FFD9B6F7485 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf1793b5f9720e7c733a104bd95c145ed852546d65b8ebc9204c0fc4fea5346e
Instruction ID: 711b7d78e0a1095c3effaafcd819520930421b02b9f10a1fe90b24c4e2713bde
Opcode Fuzzy Hash: cf1793b5f9720e7c733a104bd95c145ed852546d65b8ebc9204c0fc4fea5346e
Instruction Fuzzy Hash: 6B11D072F0EA4E4BEB699A6488B51B83FE1FF15300F0600BED469CA4F2DE257540C601

Function 00007FFD9B6ECF60 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55d0e46a5fc5b3ebbc184e2a59d22ec3a90e6d3d527d822adfbe2ec4d5410068
Instruction ID: 1b8af6a08fdab871eaa722ada82f56fea81a33665918f3f7571ae2aad4f74232
Opcode Fuzzy Hash: 55d0e46a5fc5b3ebbc184e2a59d22ec3a90e6d3d527d822adfbe2ec4d5410068
Instruction Fuzzy Hash: A3116370A0A68E8FEB56AB6888655B97BB0FF16300F0104BAD42DCF0E2DE346660C750

Function 00007FFD9B6E0F2E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3467a4c2093cdaa00569907cc394ed495e3ad46f52be25854575880b9cb531f4
Instruction ID: 51b94f19ac5538cb4d5ed0dd5858673f9dc806d3f5b50ab243a72de6f0b8b085
Opcode Fuzzy Hash: 3467a4c2093cdaa00569907cc394ed495e3ad46f52be25854575880b9cb531f4
Instruction Fuzzy Hash: 37115131F1980D8BEB64EB98C865FEDB3B1FB54300F118265C419EB2A5DE347A558F80

Function 00007FFD9B6ECED7 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b98b27c84450f26d8ca1a517d7d63dcf2d50cc2504a9d07a2be34f33481768ee
Instruction ID: a8af89689c8154b6962eae67ce1f85afffb0ce1fbbacc48dda20aa1bbc2feb39
Opcode Fuzzy Hash: b98b27c84450f26d8ca1a517d7d63dcf2d50cc2504a9d07a2be34f33481768ee
Instruction Fuzzy Hash: 9711B631A0A78E4EEB55AFA898255EA7BB0FF42210F0505B7D86DCE0E2DA346524C750

Function 00007FFD9B6F55C9 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc1eef8a7d64530c65f739f6aa1bd66c82f994d58a146e1850e86e72b51ff270
Instruction ID: 63e3b8c1480ecfd01b35331efae3722833d53e3548cb7b00f987600822b8c99e
Opcode Fuzzy Hash: cc1eef8a7d64530c65f739f6aa1bd66c82f994d58a146e1850e86e72b51ff270
Instruction Fuzzy Hash: DD118170A1A64E8FEB55EBA488692B97BE0FF15300F0504BBD429CB1F2DA3569408B41

Function 00007FFD9B6E282D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ccc80afe1f79ecff0906c6705fc651bf5fdd34cb4bf3756759bc2b215b58d35
Instruction ID: 25473728c8b5529f431ef277cfff313d4fec0b127b600be135cf731e4c8f7b63
Opcode Fuzzy Hash: 8ccc80afe1f79ecff0906c6705fc651bf5fdd34cb4bf3756759bc2b215b58d35
Instruction Fuzzy Hash: D511A330A1A64E8BEB69AFA484652FA37A1FF05301F01487AE42DCA1E1DF39B564C740

Function 00007FFD9B6F12B1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 386db75e961e7e8515b94f69a83e33e2cce4111bbc51f11f010770decfc788a5
Instruction ID: e8c3365754bd7273969de9f169d5fb302cc428a2caa3669d0720ee1445d41749
Opcode Fuzzy Hash: 386db75e961e7e8515b94f69a83e33e2cce4111bbc51f11f010770decfc788a5
Instruction Fuzzy Hash: DE118270B0964E8FDB55EFA4C4692BD7BE0FF19300F0104BAD429C71A1DB35A640C700

Function 00007FFD9B6F751D Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e5e3dd0225a7261fadfafb8d23681ccce04447fa247df651ba6f73cbca5b825
Instruction ID: d4f9da2be9ce2119fc965b691d4ddb60896bf3eefee9764444139700381f07bb
Opcode Fuzzy Hash: 1e5e3dd0225a7261fadfafb8d23681ccce04447fa247df651ba6f73cbca5b825
Instruction Fuzzy Hash: E911BF70A0A64E4FEB68EF5888696B97BA1FF59300F4101BAD429CB1E2DE35A640C740

Function 00007FFD9B6EC285 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c4f4f41f71d77cff12cf7cf5baf4322cb3b2d97929dc090f206f7df05ee2003
Instruction ID: 04ab6522d44ce7c3803f26c780066b1606a2a045ce4cd0f78f4c0b0dca84ab7d
Opcode Fuzzy Hash: 1c4f4f41f71d77cff12cf7cf5baf4322cb3b2d97929dc090f206f7df05ee2003
Instruction Fuzzy Hash: 71118E70A09A4E8FDB95EFA8C8696BD7BF0FF19300F0104BAD429CB1A5DB35A650C700

Function 00007FFD9B6EB53D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b7fcd19f67702f37655810be22d2f9b32f05a27b7e0ed5bc3cf44c7f9d4f584
Instruction ID: b20edfcf079557c7fdaa242035776d00df93874ec83942c351ed949fe0d65d23
Opcode Fuzzy Hash: 9b7fcd19f67702f37655810be22d2f9b32f05a27b7e0ed5bc3cf44c7f9d4f584
Instruction Fuzzy Hash: 4711C861E1E54F4EE761AFE858A81FD7BA0FF85300F4A0576E56CCA0E2EE2876148300

Function 00007FFD9B6E2EBA Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc04c653d3015f7eb5f148b39e705c8c22b4b33b7313f22e2bc4c62ee6384ed6
Instruction ID: 52ffea6dba04fd2ae5074b07931d3e9ddcd6d6b832d92c754097c4bb1f35b489
Opcode Fuzzy Hash: fc04c653d3015f7eb5f148b39e705c8c22b4b33b7313f22e2bc4c62ee6384ed6
Instruction Fuzzy Hash: 8E019670A4E64D8FE761EBB484695B97BF1FF06300F0644B6D41CCB0A6EA34B5548701

Function 00007FFD9B6F7D8A Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6bd41a2b376a00d089782dd54341d62ecf0495633933f340739ed5ab6a3771e
Instruction ID: 45e2f5847fe2c2b311bdca2cb054b92db2ef05adb00252d3df405e85f0a109d4
Opcode Fuzzy Hash: b6bd41a2b376a00d089782dd54341d62ecf0495633933f340739ed5ab6a3771e
Instruction Fuzzy Hash: 09110D70F0911E8AEB64DFD4C4A57FDBBB1AF44310F15103AD41AAA2A1CB787A84CB55

Function 00007FFD9B6F79D1 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73d50a364156f627006441836ffa9909ce99084835f2ea734f576a1b36803e09
Instruction ID: 3061267bdbde275dee910e4aff1d40f1f93c309358bb1723403348d248062f02
Opcode Fuzzy Hash: 73d50a364156f627006441836ffa9909ce99084835f2ea734f576a1b36803e09
Instruction Fuzzy Hash: D701A231F0E68E4AEF619AA8D8252FD3BA1FF49310F020572D518DA0A2DA28B7108711

Function 00007FFD9B6F824D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c8d84f9c6bfadcc22fb60cb464b41a922b209b1e6eb007c4b51719eee711ce3
Instruction ID: 11a2495b0b906318983dc46da1c1212efa80f07fb8c80aae57d4aa902c0b0020
Opcode Fuzzy Hash: 7c8d84f9c6bfadcc22fb60cb464b41a922b209b1e6eb007c4b51719eee711ce3
Instruction Fuzzy Hash: BE018070A4964E8FDBA99B64C4695B97BA0FF15300F0104FAD419CA0E2DB35B550C740

Function 00007FFD9B6F7A61 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a035ecc409d56b5d57066bacbdc6338b228d6af444c5ad1e4ff753e02c6cf14
Instruction ID: 65cb1e5b6107f7168dae12aede2b3161ece211b36b0cba8016746a91f90ee20c
Opcode Fuzzy Hash: 5a035ecc409d56b5d57066bacbdc6338b228d6af444c5ad1e4ff753e02c6cf14
Instruction Fuzzy Hash: ECF08131A0E54E9FE7619BB4C8586FA7FF4FF16301F060976E428C60A1EA38A3458750

Function 00007FFD9B6EB0D9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8626e8d736b8757e6f7405830af26feba6f2307b867aeee6430fe3cc3a4ffed
Instruction ID: 8d9252ac1a6b6489ba448d2541c2de814b95b22234648a843909c1cd6a0ed2a8
Opcode Fuzzy Hash: a8626e8d736b8757e6f7405830af26feba6f2307b867aeee6430fe3cc3a4ffed
Instruction Fuzzy Hash: F4017971A1E64E4FE752AB6488996E97BE0EF56310F0644F6D418CB0A2DA24B5648701

Function 00007FFD9B6F7BE9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45d965742d204ba25fc99db613ac730171a0ac76bf097c5957ef3749b370dea4
Instruction ID: b75cdf4fa22b79f0ef75d15d0a933760e5caca55006d361f9b41e00616e27ee4
Opcode Fuzzy Hash: 45d965742d204ba25fc99db613ac730171a0ac76bf097c5957ef3749b370dea4
Instruction Fuzzy Hash: B2018F30A5E64E9FE752AB7488695B97BE0EF0A300F0209F7D018CB0A6DA38B584D711

Function 00007FFD9B6E05D8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 205fa4980224050de0d0ee7b0110aa010a5fd4231dcd7bfb4ee54dfaa39e2af0
Instruction ID: 594bd1d85b6069bd8daa3d390f7b2721c127adc8557cb1d2e14c5a36af8be57c
Opcode Fuzzy Hash: 205fa4980224050de0d0ee7b0110aa010a5fd4231dcd7bfb4ee54dfaa39e2af0
Instruction Fuzzy Hash: 2C017170A0A50E8FDB58EF64C0696BD77E1EF58304F21447DD42EC61E5CA35B6A1D740

Function 00007FFD9B6E2F39 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c57b4cab97f78369a1295ca230d53f27080c06e5a236839b5e82407ea129293c
Instruction ID: feb7e0a3e73f80cc4489edbdd7a61379fd615c2f875ac3bc9b9f8214c84a43eb
Opcode Fuzzy Hash: c57b4cab97f78369a1295ca230d53f27080c06e5a236839b5e82407ea129293c
Instruction Fuzzy Hash: 6A018870A5E64D4FD762ABB488695B97BE1EF45300F0605F7D41CCF0F6DA24B5548701

Function 00007FFD9B6EB7CE Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ca3e51e2152c22745d6c38cbba6100acfd96e1f950a934c2c93631d7ea5e17d
Instruction ID: bd29ad444148ea43e5037dcbea80260167f3dacd25da2a8eddd0f59d4b127a4f
Opcode Fuzzy Hash: 1ca3e51e2152c22745d6c38cbba6100acfd96e1f950a934c2c93631d7ea5e17d
Instruction Fuzzy Hash: DE110970E1A51E8EEBA4EB98C8657EDB6B1FF58700F5101B5D01DDA2A1DF342A90CF40

Function 00007FFD9B6F27F8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3f1bb923e6fe3de39d0a2b8725f7726e92dca0546a5030911fac07012d6f7b9
Instruction ID: ad565d06c241a981c45a1424764014db06514a270e43d2b596d7e62e34f1f568
Opcode Fuzzy Hash: c3f1bb923e6fe3de39d0a2b8725f7726e92dca0546a5030911fac07012d6f7b9
Instruction Fuzzy Hash: 5B01A270A5550D8FDB69EBB4C4245BA7BA4FF05300F51097AF42AC60E1DE34B654CA40

Function 00007FFD9B6E0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 796fd65e9c57dc19b2f2b3db7e00c9b25cda6027edc2b93c053b8fc0a77d27e5
Instruction ID: d6c48f9b6b8f5704059ff21ac24d7e8a61e58ab29d971c6c1137dca1ba68168f
Opcode Fuzzy Hash: 796fd65e9c57dc19b2f2b3db7e00c9b25cda6027edc2b93c053b8fc0a77d27e5
Instruction Fuzzy Hash: 8E014F30A1590E8ADB69ABA4C4685BA73A1FF19305F5104BEE42EC61E5DF35F554C700

Function 00007FFD9B6E0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 527a11eeed6aa594fbe960f67432046c25a11915a3c514b1c0f43233f5219139
Instruction ID: 0d276258db3398ac5f9042adc5a1c701bb39cb0fbecb9ba3a957b67d38268852
Opcode Fuzzy Hash: 527a11eeed6aa594fbe960f67432046c25a11915a3c514b1c0f43233f5219139
Instruction Fuzzy Hash: 2501D630A1950E8BEB59EFA4C0695BA77A1FF08304F10087EE42EC61E0DF35B194CB00

Function 00007FFD9B6E1240 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28193a2df6b98b3412d3004c73d57b9b38940ceec7a59dc0b7c54159361bb0dd
Instruction ID: 1d9eb62b70c13df72ad5a420c852166cab73d07cb1a73d73da65cc6525d0027e
Opcode Fuzzy Hash: 28193a2df6b98b3412d3004c73d57b9b38940ceec7a59dc0b7c54159361bb0dd
Instruction Fuzzy Hash: DCF0A470E1A64E4EFB699BA888297BA77E0FF56311F00057AE429C60E1DF2426A49740

Function 00007FFD9B6EDA85 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889f8dc18bf554b86b22b642c05b1c9b56ec5e2b555d0463634da8ac52d3bd01
Instruction ID: 7902018b99c5ab8359a4c54a7fd22baceede1812208791f4a3ecebff2a7653fa
Opcode Fuzzy Hash: 889f8dc18bf554b86b22b642c05b1c9b56ec5e2b555d0463634da8ac52d3bd01
Instruction Fuzzy Hash: EF01C830A1D90D8BDB64DB98C4A0AED77F1EF58311F51013AD02AEA2A5DA357A518B00

Function 00007FFD9B6E05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de884269c61628b174e598e3e8b2a4f305869f070b491ab93ed8f3189fee2b3a
Instruction ID: 5c1e347f0ae5d9ada019617acfd090f8bb3acd5c8831461e1de037a1d91fd7a6
Opcode Fuzzy Hash: de884269c61628b174e598e3e8b2a4f305869f070b491ab93ed8f3189fee2b3a
Instruction Fuzzy Hash: 68F06230A0A64E8FDB68EF6494296FA77A0EF15304F51097AE82DC61E1DF35B6A0D740

Function 00007FFD9B6E23AA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b834a66cea2e8838f8e7a27b9442c1e66e0d6b4dfc5dcefdcabc92c5830eb815
Instruction ID: 91d54c8c7b0aea34061f6d788c1a0dcef4fe3c1a2a042f3fcf9b58452861752c
Opcode Fuzzy Hash: b834a66cea2e8838f8e7a27b9442c1e66e0d6b4dfc5dcefdcabc92c5830eb815
Instruction Fuzzy Hash: C401CC31A0A51ECAEBB4DB80C9657F8B3A5EB51300F1141B9C05EDA1A1DE783E998B01

Function 00007FFD9B6E3555 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f7c93c6d6c53365887036970f33334e2074f3633a094ac0b86008846347ea83
Instruction ID: 02344da2f7e577008de1b9a923615cdf2355b80a1252fcd32b4df1c4b68bbaa2
Opcode Fuzzy Hash: 7f7c93c6d6c53365887036970f33334e2074f3633a094ac0b86008846347ea83
Instruction Fuzzy Hash: 65F0A470E1A68E8FDB66DF6488281FE7BB0FF15300F41057ED428CB1A1DB34A6208740

Function 00007FFD9B6F7E00 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2926cd4f2c0c5f2dd1c2e20c591cb30ec76164fee90b56adf2eef6397faa7010
Instruction ID: a4345e6d2bca9189a12c8690f01aa70a568ef0aa1328acadeb70de473eb8103f
Opcode Fuzzy Hash: 2926cd4f2c0c5f2dd1c2e20c591cb30ec76164fee90b56adf2eef6397faa7010
Instruction Fuzzy Hash: 15012134F0910E8AEB64DED4C4A56FC7BF1AB54310F15003AD41AEB1A1CA3CBA84CB44

Function 00007FFD9B6E27B9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6e0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d054d5d6023a7800862feea0e737567327a0a70dcfb51b646bbf08995aa3ef04
Instruction ID: e0c6aaebb005b3f8e08510248ec621cf3bb9763201ec239ec3701641f5a31f85
Opcode Fuzzy Hash: d054d5d6023a7800862feea0e737567327a0a70dcfb51b646bbf08995aa3ef04
Instruction Fuzzy Hash: 67F0683190E78D4FEB6A9F6488251BA3FB1FF16300F5504BBD469CA0E2DB38A554C751

Function 00007FFD9B6EBEAD Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 283804217948333f8ff2fcb3565c08923a248f845159e52b147ba38823be971e
Instruction ID: 30b3bf50b1a14af129ace84e97e4770597205202f906d1202f47b4cbe5c96609
Opcode Fuzzy Hash: 283804217948333f8ff2fcb3565c08923a248f845159e52b147ba38823be971e
Instruction Fuzzy Hash: 15010C70E0651E8FEB64DF94C8547EDB6F1FB44301F148275D018AA295DB386A94CF94

Function 00007FFD9B6F12D0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 316e61ee8fc328ed26ae4fa376a6822c13a99a0fd842faf918e46ac7122dc111
Instruction ID: cd03ee95e7f3886b6c4b6af1810470dd85a24c4f11c58276645fd905034b4c88
Opcode Fuzzy Hash: 316e61ee8fc328ed26ae4fa376a6822c13a99a0fd842faf918e46ac7122dc111
Instruction Fuzzy Hash: CFF05E30F15A0E8EEB94EFA888282FE76E4FF18301F41053AE82DC61A0DB3066908740

Function 00007FFD9B6EBF2C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6EB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6EB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6eb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfdcbf864c4bd15d4db78eaac36c0dfe7c0a5b65dc77e5e10b4232c2e14a97ac
Instruction ID: 2570aa9fbe2abed498ae6534918ef4a788e6bb89a77e27fb606acef635c8ee76
Opcode Fuzzy Hash: bfdcbf864c4bd15d4db78eaac36c0dfe7c0a5b65dc77e5e10b4232c2e14a97ac
Instruction Fuzzy Hash: 3FE01230D1E51E9EDBA0E750C8B1AF9B765AF56300F5942F1D51DCA1B6CD34BA848B40

Non-executed Functions

Function 00007FFD9B6F15A9 Relevance: 8.8, Strings: 7, Instructions: 100COMMON

Download Yara Rule

Strings

[, xrefs: 00007FFD9B6F1731
#, xrefs: 00007FFD9B6F152C
", xrefs: 00007FFD9B6F1923
!, xrefs: 00007FFD9B6F1A9D
", xrefs: 00007FFD9B6F1930
/, xrefs: 00007FFD9B6F18C3
}, xrefs: 00007FFD9B6F15E0

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID: !$"$"$#$/$[$}
API String ID: 0-2194321067
Opcode ID: 47b758add011749f1fd82a170b3ed0c7acdd9e95a25c5775821b226f801d7c5b
Instruction ID: 94eb4fa374f196f0bdacea546626b02654fa51ecef7130062264e6aba4c96bb6
Opcode Fuzzy Hash: 47b758add011749f1fd82a170b3ed0c7acdd9e95a25c5775821b226f801d7c5b
Instruction Fuzzy Hash: 6541CD70E0522E8FEB68DF94C5A47FD7BB1AF54301F1145BAD46DAA290DB386A84DF00

Function 00007FFD9B6F068E Relevance: 5.0, Strings: 4, Instructions: 46COMMON

Download Yara Rule

Strings

F, xrefs: 00007FFD9B6F04C7
[, xrefs: 00007FFD9B6F06A2
b, xrefs: 00007FFD9B6F06AF
0, xrefs: 00007FFD9B6F0455

Memory Dump Source

Source File: 0000001F.00000002.1779847811.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b6f0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID: 0$F$[$b
API String ID: 0-1668057103
Opcode ID: 5e7d0b3d67754f939391071519a3ad47a03583031819be69bbdc693db2f4676c
Instruction ID: ebf51dc6c0bac3aa0d3224e0317bf248fc7c0e1703cfecb195aac04367b343b4
Opcode Fuzzy Hash: 5e7d0b3d67754f939391071519a3ad47a03583031819be69bbdc693db2f4676c
Instruction Fuzzy Hash: 5F11BA74E1562E8FEB68DF54C8A57BAB6B1AF45301F4101B9D05DAB291CB786A90CF00

Analysis Process: StartMenuExperienceHost.exePID: 8092, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B6B35D5 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

N_H, xrefs: 00007FFD9B6B3760

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID: N_H
API String ID: 0-343878021
Opcode ID: b1cd61f15af81a2ab1dc9148754fd851b31f10821fda219c4aaf0ebf57b1d437
Instruction ID: 5f17e7eb6dde5d3d1cf9c0874579f0dfed901e1b4c60e8a857f31c5135f4949e
Opcode Fuzzy Hash: b1cd61f15af81a2ab1dc9148754fd851b31f10821fda219c4aaf0ebf57b1d437
Instruction Fuzzy Hash: D191C171A1D95D8FEB58DB68C8657A87BF1EF69300F5001BED019CB2DADBB528018B41

Function 00007FFD9B6BCD7D Relevance: 2.7, Strings: 2, Instructions: 231COMMON

Download Yara Rule

Strings

%{v, xrefs: 00007FFD9B6BCE3E
;wN, xrefs: 00007FFD9B6BCD7F

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID: %{v$;wN
API String ID: 0-1289574819
Opcode ID: 4002f8267543d6a4351c1e85c0956369d39148a4f7f38e4efd078e3fdb77cd54
Instruction ID: 7d190866e1f18b29b37877fe7eecaf29360f74a28098487ac4c85c98f2319d93
Opcode Fuzzy Hash: 4002f8267543d6a4351c1e85c0956369d39148a4f7f38e4efd078e3fdb77cd54
Instruction Fuzzy Hash: 63610E23B0C63A8AD7247BBCB8215EA7B60EF81275B0441B7DA9DCE097DE14754A86D0

Function 00007FFD9B6C1339 Relevance: 2.6, Strings: 2, Instructions: 150COMMON

Download Yara Rule

Strings

/, xrefs: 00007FFD9B6C18C3
, xrefs: 00007FFD9B6C13BB

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID: $/
API String ID: 0-2637513485
Opcode ID: 8e126073c834456b15a06c8464e8e13cad07b017d5506d1c8ea728f79f1bdc3c
Instruction ID: 02ce8038277a0ce374c014a7bb77b629e0320c55d7eaa30f1836d3fd948ee550
Opcode Fuzzy Hash: 8e126073c834456b15a06c8464e8e13cad07b017d5506d1c8ea728f79f1bdc3c
Instruction Fuzzy Hash: 50510B30E0A61D8FEB65EF94C8646F977B1BF09304F0101BAD51DDB2A1DB38AA84CB40

Function 00007FFD9B6C393D Relevance: .5, Instructions: 454COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b7461aaebb208107dea0c7d1b960d316044e0270a1229986e64953bf46f9bec
Instruction ID: 5067aca172a65d1a211b2cf762f3bf90b3e2f6a6863120e8023d2ae2cb7967cc
Opcode Fuzzy Hash: 6b7461aaebb208107dea0c7d1b960d316044e0270a1229986e64953bf46f9bec
Instruction Fuzzy Hash: ED117561A0E6894EE752B76888655B97BF0EF06300F0604BBD4A8CB1A3D93475048701

Function 00007FFD9B6B1738 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e77b5da90ec79a2835c7e9b3f1b70ea82c2ff6c9ea2705a30354bd6128ce17a
Instruction ID: 958be3311df1cf3e45dec7f3a70c8acda26bfc9a21f43e3cd8659d0fba530381
Opcode Fuzzy Hash: 3e77b5da90ec79a2835c7e9b3f1b70ea82c2ff6c9ea2705a30354bd6128ce17a
Instruction Fuzzy Hash: E081A031B1DA5D4FDB68DE5888715A977E2FF98300B15417AE46EC72A2DE34BD02CB80

Function 00007FFD9B6C4175 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0d63a9c18bf08f04a5a4ecee21e84d868f003cc058fa2a13aff9effbc060add
Instruction ID: 79fae6cb151648fa3973a416b03f8dd3e418be576f36f3164663c6ff965322c9
Opcode Fuzzy Hash: e0d63a9c18bf08f04a5a4ecee21e84d868f003cc058fa2a13aff9effbc060add
Instruction Fuzzy Hash: 3091C970E1A61D8EEBA4FB98C8557FCB6F1FF58300F5141BAD11DE7291DA346A848B40

Function 00007FFD9B6C61E9 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a37546a00cae07319acb4407bcb89b1c1b8fad306ccf53277447bef1b99ec40
Instruction ID: ba1614120acdb0bc065e6eb9fdfdc5d43ae4b1b81e2ea55b2a38061b8ea44491
Opcode Fuzzy Hash: 4a37546a00cae07319acb4407bcb89b1c1b8fad306ccf53277447bef1b99ec40
Instruction Fuzzy Hash: 1A51E331B0994D4FDB68FF68D4649B97BE1FFA9300B0505BAD05ECB1A6CE29B941C780

Function 00007FFD9B6C3FFA Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 767bded69215c921775cbe66a3f27b0ba5eb088f37ac485e1ce5f57a376d76a8
Instruction ID: 6a400ba420f856b230f6360aee015588d59aa1a9befbf8d3ef691cc4ff0b00aa
Opcode Fuzzy Hash: 767bded69215c921775cbe66a3f27b0ba5eb088f37ac485e1ce5f57a376d76a8
Instruction Fuzzy Hash: F6515A67709A594BE321F7ACF8655FA7BA0EF80371B45047BD298CE063DE107049C790

Function 00007FFD9B6B1D7D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aa66eae5e1d629cf4e0685871ea9cd09404d589d48394a955a2b142400c5f05
Instruction ID: e8dad7f92a5b158b8e467a144d1cb80b2a4224bc0c08c73db9d9f733e2a563bc
Opcode Fuzzy Hash: 2aa66eae5e1d629cf4e0685871ea9cd09404d589d48394a955a2b142400c5f05
Instruction Fuzzy Hash: 9551D131B2DA594FDB58CE5888655BA77E2FF98300B15417ED46ECB296CE34ED02CB80

Function 00007FFD9B6BC309 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3850e8a3c6e0c5dd18232888af0037cc4f70304e3f266173cd22336c13dab9f
Instruction ID: 7f6c3ed15fb40fb3c860c7085286ae0b1a60ba99c74934b45c42c03a0b2444a3
Opcode Fuzzy Hash: d3850e8a3c6e0c5dd18232888af0037cc4f70304e3f266173cd22336c13dab9f
Instruction Fuzzy Hash: 5E610771E0E61E8FEB64DFA8C4646ED77B0FF58300F55403AD429EA2A5DA386A448F50

Function 00007FFD9B6B22C5 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 528b97489140cff5a904349b05ccca84585a17b357f25ef66e41d8b218855c10
Instruction ID: 5787af60a1d9a2b8c277760b42b417be1d0271722ad8aabccfaa7df8844c8a3b
Opcode Fuzzy Hash: 528b97489140cff5a904349b05ccca84585a17b357f25ef66e41d8b218855c10
Instruction Fuzzy Hash: 2C517131E0E52E8AEB749BD4D8216B9BBF0FF45300F1201B9D06D9A1E2DE387A458E41

Function 00007FFD9B6B3231 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dada559a0bff7bea0420232ab56bfdbaa4a3e42433635fb04f435c16527628be
Instruction ID: b301e09702f3c526930f3aed72f277e985a9bf882bbda5c0c8f5bb3dda668ae4
Opcode Fuzzy Hash: dada559a0bff7bea0420232ab56bfdbaa4a3e42433635fb04f435c16527628be
Instruction Fuzzy Hash: 3F510671E1D66D8FEB64DB98C4A46EDBBB1EF58300F51017AD019EB2A1DE386A44CB10

Function 00007FFD9B6C79D1 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ef335d9d4952fecc7e77cb29eb83383b7366ef73bb72adb68c58e722438115
Instruction ID: 3a00063f92fe2418ffbc7b4a6b788b527aa8251cca5a303b6d2f9f4379e5e81b
Opcode Fuzzy Hash: e0ef335d9d4952fecc7e77cb29eb83383b7366ef73bb72adb68c58e722438115
Instruction Fuzzy Hash: 27514030A0A64E8FEB61FFA4C8696B97BF0FF19300F0105B6D52DDB1A2DA34A6548751

Function 00007FFD9B6B2195 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70274e7299a0b25cafe58d0fd5ff9f5915bd941dbde13dd813260827961aa3d4
Instruction ID: dddc07dcc390de5ea8d5a21caf2c0b43ad1319a6f2c3bcd7336422f6bbb89124
Opcode Fuzzy Hash: 70274e7299a0b25cafe58d0fd5ff9f5915bd941dbde13dd813260827961aa3d4
Instruction Fuzzy Hash: 5F418A31B0E69A0FE765D7B894651B97FE0EF86300B0505FBD06CCB1A6DE28B9418741

Function 00007FFD9B6C6708 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1548f900584671e9890ca89a82fb6cbc9c5304923992717177a28cb376a3c6ab
Instruction ID: 5de7797dd67da74af1a731818d53aaa8ff16341753df722dac2e05ae619025d0
Opcode Fuzzy Hash: 1548f900584671e9890ca89a82fb6cbc9c5304923992717177a28cb376a3c6ab
Instruction Fuzzy Hash: 8B415E70E0A61D8AEBB8FB54C8657B9B6A1FF55300F1141B9D02DD72E5CF386A84CB05

Function 00007FFD9B6C2F70 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3656964a14a71704b202876604f717657104df0a2dd8925d6bcbaedd82b91f26
Instruction ID: 8e09ec6ae05af6ca75fcd1f23646ab9d58c108d546a37a3a7f493f90290e4d8c
Opcode Fuzzy Hash: 3656964a14a71704b202876604f717657104df0a2dd8925d6bcbaedd82b91f26
Instruction Fuzzy Hash: 25419870E1952E8EEBA4EB98C855BECB7B1FB58300F0141B9D51DE7291DE346A848F40

Function 00007FFD9B6BB4FB Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1d6458240f4deb6532e9e41d6f4d60a7148c019d1ca5d4acc8422698910f7c6
Instruction ID: 32b15031a6d8d5eccdd84bcd29fc9f013e369e0f7ca9e3635e92e96d3855f545
Opcode Fuzzy Hash: b1d6458240f4deb6532e9e41d6f4d60a7148c019d1ca5d4acc8422698910f7c6
Instruction Fuzzy Hash: 0941F762F1E95E5FE761AFA888685BD77F0FF95300F4944B6D12DCA0E2EE24B5008B41

Function 00007FFD9B6C7951 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c88831ea1a775a92784154094b47d1956e02394048c6062734a552ed4201bd8
Instruction ID: 84dfe046bd38c32b9d1b6b4b8a6b406ff727d646617ccb3cf06e2a8441074598
Opcode Fuzzy Hash: 9c88831ea1a775a92784154094b47d1956e02394048c6062734a552ed4201bd8
Instruction Fuzzy Hash: BE316030A1E54E8FEB61FFA8C8695B97BF1FF19300F0145B2D629DB0A6DA34B6448741

Function 00007FFD9B6BC7C4 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a88d0a6c23fdad75435f5a9130bf6c9e0cb44b84bfe6a748c08e90f10b890e07
Instruction ID: 3bbe424650babb318ac81dc251c69f56b9fc436424e8a5bac4f6947a0c6f8cd9
Opcode Fuzzy Hash: a88d0a6c23fdad75435f5a9130bf6c9e0cb44b84bfe6a748c08e90f10b890e07
Instruction Fuzzy Hash: 7531E935E1D92D9FEFA4EBA894A56ACB7F1FF58300F510079D01DD7292DE247A418B40

Function 00007FFD9B6B34D1 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b295d311b12adf084e7a9f52e5414790225de1d19d6cb2c84db2b5fd9c738743
Instruction ID: 14bc6dcefbe93ec0dccd8c0b2e7cbc9c159ee87bc91363023513ed8ffe4413a2
Opcode Fuzzy Hash: b295d311b12adf084e7a9f52e5414790225de1d19d6cb2c84db2b5fd9c738743
Instruction Fuzzy Hash: 3F314F71A0E65E8FDB69EF6488685B97BB0FF19300F1105BFD429CA1A2DA35A644CB40

Function 00007FFD9B6C5255 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56622f7bdea3bc4e885dfd05242a2e7f8a83b8c91424803c9bcc5cc49bf587d6
Instruction ID: 83b32ca34f499da1bf62204b915864ab35123cf9e6c3183561aaebb71c5d5e68
Opcode Fuzzy Hash: 56622f7bdea3bc4e885dfd05242a2e7f8a83b8c91424803c9bcc5cc49bf587d6
Instruction Fuzzy Hash: 5231B271A0AA4E8FEB59FF5488665B977E1FF54300F5100BED42ECA5A6CA39B650C700

Function 00007FFD9B6C63A1 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c73fe380366b72a9727c7fe4e3d64a6e077afb76a41e9c0e6fe09fed4cfd9f2
Instruction ID: d8e62dce46737f6df161c1edf435dd55f7f82d0fdffe1a54ddd60100a39973a3
Opcode Fuzzy Hash: 0c73fe380366b72a9727c7fe4e3d64a6e077afb76a41e9c0e6fe09fed4cfd9f2
Instruction Fuzzy Hash: DB316A71A0954E8FEB95FBA8C4685F97BA0FF28300F0404BAE42ED71A2DA25A640C744

Function 00007FFD9B6B122D Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3ab9e8acff13adf6f021f1300014cb0d63b637992d2f5d8097a6d97475f73a4
Instruction ID: fa06c9d1db01c29ea238f128fdbed742cf58fc9a5bff11fc05e13b252a91c716
Opcode Fuzzy Hash: c3ab9e8acff13adf6f021f1300014cb0d63b637992d2f5d8097a6d97475f73a4
Instruction Fuzzy Hash: D831D271A1EA5E5FEB69DB68C4652B97BF0FF56300F0101BAD029CA1E5DF3465548B00

Function 00007FFD9B6BC857 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0ab7e22cb6c6fe5e013bf82eab0a98ca4560fabce14c44ef59157bbe03d5395
Instruction ID: c21c769fef6782d31a2d0eebf97d48341894cdf49b051c54fe035995654cca90
Opcode Fuzzy Hash: b0ab7e22cb6c6fe5e013bf82eab0a98ca4560fabce14c44ef59157bbe03d5395
Instruction Fuzzy Hash: 5B21EC31E1D92D8FEFA4EBA898656ACB7B1FF59300F55103AD01DDB292DE2469418B40

Function 00007FFD9B6B3430 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39b518ac0fa0687cf17a4201054887282791f9f72d0c91612a2c08689d935805
Instruction ID: 1996b32eabb5e7bd9dbd5171e5b64d567a7b5ad11703e79ee2df23f799eb9028
Opcode Fuzzy Hash: 39b518ac0fa0687cf17a4201054887282791f9f72d0c91612a2c08689d935805
Instruction Fuzzy Hash: C9319F31A4E68D8FD753EFA488685A97FF0EF06310F0945EBD458CB0A2DA28A545CB11

Function 00007FFD9B6C4D35 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77f1cca1afe53cb4b759ce8c09f6cfd2ba15ad11ad67b079896a0b981aa7522d
Instruction ID: f3673b0f719b2dc9d5c175ae0046e0057b48378cd7fa14a398418b46b7ba67aa
Opcode Fuzzy Hash: 77f1cca1afe53cb4b759ce8c09f6cfd2ba15ad11ad67b079896a0b981aa7522d
Instruction Fuzzy Hash: 0D21A071A0A90E9FEBA9FFA884651BD77A0FF18301F11057EE42DCA1A5CB34B5408740

Function 00007FFD9B6C2E41 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e4da3608e9c170e6b814c5e746c4254e4b9fc0c10d3ebfcae643a9d6f6278bb
Instruction ID: 1ed1befd37cf1839fbab7a753461e747a70aa099141e73530b18a878061646f1
Opcode Fuzzy Hash: 5e4da3608e9c170e6b814c5e746c4254e4b9fc0c10d3ebfcae643a9d6f6278bb
Instruction Fuzzy Hash: AC217E30A1955E8FEB61FBE8D8585FDBBF0FF49300F4104B6D428DB1A6DA34A5408B40

Function 00007FFD9B6C2A31 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19a273d2e595ffa41618ddffacdd8bf75f94ac27eceb019ff59e7dacac070aa3
Instruction ID: 89900e35ee0ac0b70c25c1cd3c33510087acaa06629a4db792461a270bd23732
Opcode Fuzzy Hash: 19a273d2e595ffa41618ddffacdd8bf75f94ac27eceb019ff59e7dacac070aa3
Instruction Fuzzy Hash: 47216D70A0A64E8FDB68FF98C4615FD7BA0FF59300F12517AE91E871A5CA34B6508B81

Function 00007FFD9B6C5409 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5089361c0ee48416faabbcc8de1649f50643e01abc0d14d828a3bb15d190bcdc
Instruction ID: a67209bc26a179d6566df3e56349923e856359ca0359e82bf9258bd2d5c0cdba
Opcode Fuzzy Hash: 5089361c0ee48416faabbcc8de1649f50643e01abc0d14d828a3bb15d190bcdc
Instruction Fuzzy Hash: F231CF31A0A64E8FEB95FF64882A6BD3BA0FF15301F01417AD42DC60E6DA34A540C741

Function 00007FFD9B6C4C99 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35880df512c58cd77dfd814f0bff3fc317b2d932899c170b36b9f63f6a256d09
Instruction ID: 3a89d0e273f7f7de5f0fe8384597ef6d10fbd376c6312158867d772d3b74230d
Opcode Fuzzy Hash: 35880df512c58cd77dfd814f0bff3fc317b2d932899c170b36b9f63f6a256d09
Instruction Fuzzy Hash: 87318D31A0A64E8FEB65FBA888652BD7BA0FF15300F0105BED429CA0A2DA35A540C740

Function 00007FFD9B6C7341 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d8b8a68f5c580d99086cb08b5cecc7529e45c19162b9a7a41d9d8d1d49f3466
Instruction ID: 7cd27ed5bc265e380f22d5fd67490870c3d4b20591de359fc5f41ce2f6a4f316
Opcode Fuzzy Hash: 7d8b8a68f5c580d99086cb08b5cecc7529e45c19162b9a7a41d9d8d1d49f3466
Instruction Fuzzy Hash: DB218F70A0964E8FEBA4FFA884655BD77A0FF14301F11057AE82DCB1E6DA34B5408740

Function 00007FFD9B6B0A01 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 627ca76870128d5463ab9415bf687161b8a4a2b8a155ba2e4bffb1fd89441154
Instruction ID: be401d634d586764af20647005c2146dc06beb294e1845b8dde1e813bbaa17f5
Opcode Fuzzy Hash: 627ca76870128d5463ab9415bf687161b8a4a2b8a155ba2e4bffb1fd89441154
Instruction Fuzzy Hash: DC21C475E1E51E4EE7A0EBA888692FD7BF0FF54700F414976D42DCA0A2EE34B6408B00

Function 00007FFD9B6B085D Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 324872ffd0cf18265adaff08151695f5e85ebff9653a53322b3698807838fc09
Instruction ID: 027104df53f7c7725bf3d68913fa3d9077d1f274033425aa945103e95c8d4c68
Opcode Fuzzy Hash: 324872ffd0cf18265adaff08151695f5e85ebff9653a53322b3698807838fc09
Instruction Fuzzy Hash: 53213721B0E55E9EEB61A7BC88694F83BE0EF01300F0640B2D059CE0A3DD24B2558680

Function 00007FFD9B6C4DD5 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c928ccd8cd35a416d6305dfe902a3b76d6b6081ac32503700758728d72c2b414
Instruction ID: f2e9d41021035fdb837ba34a375d766abf2db1248a07adf3aa3cfe134597076f
Opcode Fuzzy Hash: c928ccd8cd35a416d6305dfe902a3b76d6b6081ac32503700758728d72c2b414
Instruction Fuzzy Hash: 01216F71A0A64E8FEBA5FFA484695B977A0FF18301F11047EE52DCA1A1DB35B6408741

Function 00007FFD9B6C52ED Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d094146891670855d0ccf1a999a69837a3c505351046bfe55b79e6d954c9707e
Instruction ID: f8c6ef6226796ef579cd3fbcaf91e792de78f579a45098efbea0fcecd53bd99f
Opcode Fuzzy Hash: d094146891670855d0ccf1a999a69837a3c505351046bfe55b79e6d954c9707e
Instruction Fuzzy Hash: F021B471A0E64E8BEB65FE648C2A6BD77E0FF15304F45047AD42DCA0E2EE69B500C701

Function 00007FFD9B6C30E2 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a95595ecdc208e292713055c08c50fa4b90870d3ca6a99264c77a516d589bda1
Instruction ID: eef01bc6c0e7d2193e13d7a333ed04fae2fdf161a60b7380ef76b43f65626d3c
Opcode Fuzzy Hash: a95595ecdc208e292713055c08c50fa4b90870d3ca6a99264c77a516d589bda1
Instruction Fuzzy Hash: 03319370E1961D9FEB64EBA8C8A5BADB7B1FF18300F5041A9D41CA7296CF3479818F41

Function 00007FFD9B6B0AA1 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4afed1ab04c4f50b60f7ce688948fdd321bf3f12aa33556c11a3ca5cc2baf34b
Instruction ID: a9f38d9f2c3bfd2d85ccae8aa1ed45eca1ed75837517a784fc079b530c376608
Opcode Fuzzy Hash: 4afed1ab04c4f50b60f7ce688948fdd321bf3f12aa33556c11a3ca5cc2baf34b
Instruction Fuzzy Hash: C021C231A5E51E4FE761EBA984655F97BF0FF59700F4209B2D429CB0A6EE24F5008B00

Function 00007FFD9B6C537D Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b06a05ff49618703159e3d5f4da9f25deca0f215b4f6e0a63909f5f47bb94027
Instruction ID: d66c2f0f6d3e4284b416d81ff895109cf1540b841b70f9163109950df97822b3
Opcode Fuzzy Hash: b06a05ff49618703159e3d5f4da9f25deca0f215b4f6e0a63909f5f47bb94027
Instruction Fuzzy Hash: 63218071A0A94E8BEB69FA648C6A6FD77E0FF15300F01057AD42DCA1E6EE7475408641

Function 00007FFD9B6C6669 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f41ed38b048aedd205e8f986d26de0d24cd41473b40e8feb648513bde5d9ca55
Instruction ID: 56a96cf47ba501fb4e3e4476545159800c43d8fe6b80cce0720ef73958a3d93f
Opcode Fuzzy Hash: f41ed38b048aedd205e8f986d26de0d24cd41473b40e8feb648513bde5d9ca55
Instruction Fuzzy Hash: E6215670A0E54E8FEB65FBA4C8695B97BE0FF26300F0505B6E529CB0A2DE34B5448746

Function 00007FFD9B6C553D Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1884d046a5df34cf03c593b8b9a389ca74dc3236f0e72b4c4bca035d23887de
Instruction ID: 950272080c1933d572b5711dcfc0ebc72897f47ebddaef2158cd0d5b6948a93e
Opcode Fuzzy Hash: f1884d046a5df34cf03c593b8b9a389ca74dc3236f0e72b4c4bca035d23887de
Instruction Fuzzy Hash: 58219170A0954E8FEB68FB68C86A6BD77E1FF14300F41057AE42DCA1E6DE34B9408741

Function 00007FFD9B6BCA89 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 973790f053aeb8e86f0ef062e236ff1f68a9bda09e9a82f3a4acc1baa91adb11
Instruction ID: 0ad6b18c09d1b54f4504193e7751b60f99d6dd169c76c08b139c48378a4b9c36
Opcode Fuzzy Hash: 973790f053aeb8e86f0ef062e236ff1f68a9bda09e9a82f3a4acc1baa91adb11
Instruction Fuzzy Hash: A4217430A0E69E8FDB65DF64C8651BA7BB1FF15300F1545BAE429CA0E6DA35B610CB40

Function 00007FFD9B6B289D Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f66e7c793c60e1e49c93666f307d07b4eb6f2657d582778bb90bd44f1428fbc9
Instruction ID: 91ed1424820d419735d5ec44e4f4fe776b2c4ba97f9547f0887d4079b7617140
Opcode Fuzzy Hash: f66e7c793c60e1e49c93666f307d07b4eb6f2657d582778bb90bd44f1428fbc9
Instruction Fuzzy Hash: 5E219230A1E55E8FE765ABA494695B93BF0EF15300F01447AD42CCA0E6DF38F544CB40

Function 00007FFD9B6C81D9 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe7a211e71e6c89ebc0674b9a22455ded87c33eea12fa3d8d99ea794d3d38183
Instruction ID: cdbfb3100a25f6f2890bedbe7d62ffb3eb71787fce3cdadebbf8fe54e9c27fe6
Opcode Fuzzy Hash: fe7a211e71e6c89ebc0674b9a22455ded87c33eea12fa3d8d99ea794d3d38183
Instruction Fuzzy Hash: EB21C270A4A64E4FDB75FF64C8295B97BA0FF06300F0514BAD52ECB4E2DA28BA008740

Function 00007FFD9B6B08E5 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9afe445961dfe475fcf707f01a71c3e4b8a8f7233309e15d8a774bbd4da8dcf3
Instruction ID: 5caa644ad3d57f56223b11aae0ee096d5a3597cfbd502a962a62725bf7556f93
Opcode Fuzzy Hash: 9afe445961dfe475fcf707f01a71c3e4b8a8f7233309e15d8a774bbd4da8dcf3
Instruction Fuzzy Hash: 2A11B631A4E51E8FFB71BAB584592B93FF0EF59700F124976D42DCA0A2DE34F6408A40

Function 00007FFD9B6C7485 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dc4044260b01f543e8e592bb9a6ca64f1a2afd308ae63be980f0c27827dcf2a
Instruction ID: e739cc9e09fb5c73bdce1190395182b759ea52408b9e1f413f565707e4be84b8
Opcode Fuzzy Hash: 8dc4044260b01f543e8e592bb9a6ca64f1a2afd308ae63be980f0c27827dcf2a
Instruction Fuzzy Hash: 4311E171A0EA4E4BEB65BF6488A55B83FA0FF15300F0640BAD569CA5F2DE256940C701

Function 00007FFD9B6B1CFD Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c99d700dfb92c213a9963494b88e3bcb73e86b8fa69f95dfa692b79680fea2e0
Instruction ID: 5e7149b20281b88f436629a0d0b4be17b1b3aea94fe2de71ecf2ffdac5938cb4
Opcode Fuzzy Hash: c99d700dfb92c213a9963494b88e3bcb73e86b8fa69f95dfa692b79680fea2e0
Instruction Fuzzy Hash: 3E11D670A1E65E8FEB659F6498252F937A0FF05300F11447AE41DCA1E1DB38B650CB40

Function 00007FFD9B6C73E5 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c02ebd51ddad6aae4b3fa2f2b50db76f31f4063bf8621d2f45e8f243fc5443c
Instruction ID: 0b49f1826a20f444f13193ea8c9f43c2c6e46d128df01bcc20ff25b76d801ddb
Opcode Fuzzy Hash: 9c02ebd51ddad6aae4b3fa2f2b50db76f31f4063bf8621d2f45e8f243fc5443c
Instruction Fuzzy Hash: 3211A271A09A4E8FDB98FF6884696B97BE0FF58301F1145BED42DC71A1DA34A540C741

Function 00007FFD9B6B0F2E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5209e7f7f927b7baf56827211ec86ea441fc3aa0534f069dd5452d784ed8906a
Instruction ID: 294c15f8cd364cb0d1bb5eb9fa31a0bfd59da76c1396c07ae3d22d6b48b51b29
Opcode Fuzzy Hash: 5209e7f7f927b7baf56827211ec86ea441fc3aa0534f069dd5452d784ed8906a
Instruction Fuzzy Hash: EF114F31B1981D8BEB64EB58C864FEDB7B1FB58300F118265C419EB2A5DE3479458F80

Function 00007FFD9B6BCF60 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80db056c9b52caf68b6a4413fe8786d24284bb0e859bdbff168839c030806260
Instruction ID: 5f5b47f171e5c94e503a4fe9308128162bc89b1994a309fdaf8ab37abd4f1946
Opcode Fuzzy Hash: 80db056c9b52caf68b6a4413fe8786d24284bb0e859bdbff168839c030806260
Instruction Fuzzy Hash: AC116370A0E65E8FEB56AF68C8655B97BB0FF15300F0104FBD42DCA0E6DA346650CB50

Function 00007FFD9B6C55C9 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29759dd6e8b649072686b1f86b0fb1764ad4688ce93c85c0f2afa89a9486b2e4
Instruction ID: c92228c69124eb05da07d3292204c0dc9fbedf8fa9840c6d3118e06c38153e68
Opcode Fuzzy Hash: 29759dd6e8b649072686b1f86b0fb1764ad4688ce93c85c0f2afa89a9486b2e4
Instruction Fuzzy Hash: 88118171A1A64E8FEB55FB6488695B97BF0FF15300F4504BBD429CB1F2DA3565408B01

Function 00007FFD9B6BCED7 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4561b7e2195e6dc273685778fea47a31fd53a573bf18bf61c328c3a9b4dcafe
Instruction ID: 28dc38389a31067abdd155cea27fd67cf22da2080a425ce367f7626fefaa6203
Opcode Fuzzy Hash: d4561b7e2195e6dc273685778fea47a31fd53a573bf18bf61c328c3a9b4dcafe
Instruction Fuzzy Hash: 3011C831A0E79E4FEB55AFA898251EA7B70FF46310F0100F7E96CCA0E2DA346614CB50

Function 00007FFD9B6B282D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42e7fd8c092df248325dc8c89ecfe8f564d107b9afe01994a9c9a5dd4c811cea
Instruction ID: 2545e987f8a9077b55dba1a83a7094b28cfe711133acaffd23060a2a959153c8
Opcode Fuzzy Hash: 42e7fd8c092df248325dc8c89ecfe8f564d107b9afe01994a9c9a5dd4c811cea
Instruction Fuzzy Hash: D711E330A1E65E8BEB799FA494252F93BF0FF05301F01487AE42DCA1E1DB38B554CA40

Function 00007FFD9B6C12B1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a10fe7509b6a81f359262c9cd18b53474dd088af71095d954cb0fbfdbf5465a7
Instruction ID: ec649af9c05380df9700f8f3b8a48d398688be50d9018c7f86d97521f6d607cf
Opcode Fuzzy Hash: a10fe7509b6a81f359262c9cd18b53474dd088af71095d954cb0fbfdbf5465a7
Instruction Fuzzy Hash: 2D118E70A0964E8FEB55FF64C8696BD7BE0FF19300F1104BAE429CB1A1DB34A680C700

Function 00007FFD9B6C751D Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0aa6639e5f95a3f612c1e4820109ff7a47ca620abe074aa5f8af37c69cbf373
Instruction ID: c8d062f135fce327e2058e09dfa7fc30ae51b8c4012e337f9439855fe4f48d3f
Opcode Fuzzy Hash: d0aa6639e5f95a3f612c1e4820109ff7a47ca620abe074aa5f8af37c69cbf373
Instruction Fuzzy Hash: B411B270A4A64E4FEB68FF5484695B97BA1FF54300F4101BAD429CB1E2DE35A9408741

Function 00007FFD9B6BC285 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a996424a05e947de8db5ff9dff6d92d94b8cafacbd42751040b6fcc0ea88a4cd
Instruction ID: f52a5c88b2a307f47b5317a5ee6a6e745eb66b1dd61ebf8ac245a94854880bc2
Opcode Fuzzy Hash: a996424a05e947de8db5ff9dff6d92d94b8cafacbd42751040b6fcc0ea88a4cd
Instruction Fuzzy Hash: 51117070A1DA5E8FDB55EBA8C4691B97BB0FF19300F4104BAD429C61A1DA34A640CB00

Function 00007FFD9B6BB53D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 365861d07a1c7d8fea3134648e7e423c65e95f20c1acedd4a124ded2f0dc2253
Instruction ID: 90b161a30c19b6840b6b829a57bc5403b649350cd2dec10978391c2cf18231f9
Opcode Fuzzy Hash: 365861d07a1c7d8fea3134648e7e423c65e95f20c1acedd4a124ded2f0dc2253
Instruction Fuzzy Hash: A511E962E1E55E0AE761AFE85C345FD7BB0FF85300F4A0476D52CCA0E2EE2876004A01

Function 00007FFD9B6C7D8A Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6bd41a2b376a00d089782dd54341d62ecf0495633933f340739ed5ab6a3771e
Instruction ID: da8efe9259e9d14098ff341ceb7ef956de3972a285248802ccd1a8e9d5fa49fa
Opcode Fuzzy Hash: b6bd41a2b376a00d089782dd54341d62ecf0495633933f340739ed5ab6a3771e
Instruction Fuzzy Hash: 3011EA71E0A11E8AEB64FED0C4647FDB6B0AB58310F151039D51AAA2A1CB787A84CB55

Function 00007FFD9B6B2EC1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d08d8f2b815e699ba4f1ee37b41198492d68e880604a1a080c4b946b26d7b370
Instruction ID: 8d2a70c12d57cb473020972216934c4cfad24e3e33efd1abfe2b9618c82f9fa9
Opcode Fuzzy Hash: d08d8f2b815e699ba4f1ee37b41198492d68e880604a1a080c4b946b26d7b370
Instruction Fuzzy Hash: B9019EB0A5E65E8FE761EBA488695A97BF0EF19300F0205B6D418CB0A2EA24E1448A00

Function 00007FFD9B6C824D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9743daa5ce09dafacf94614b433b0e8aacb7f1094951099c063f0ccec558855
Instruction ID: 5383c1c726d1e87789ff53edd42433a4128429d029fe5eedbae94763ec5324fb
Opcode Fuzzy Hash: f9743daa5ce09dafacf94614b433b0e8aacb7f1094951099c063f0ccec558855
Instruction Fuzzy Hash: 8A019270A4964E8FDBA9FF64C4695FA77A0FF15300F0104BAD41AC60E2DB39B550C780

Function 00007FFD9B6C7A61 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d323b787a9c0d241ec369b720aa1da62f588ad457289a74f7df811d25b890ea
Instruction ID: 5eb8919f23859e00bfd99886df40725457ad03d3400f6382aea3898b77c73536
Opcode Fuzzy Hash: 2d323b787a9c0d241ec369b720aa1da62f588ad457289a74f7df811d25b890ea
Instruction Fuzzy Hash: 24F0D13090E54E4FE761BFF488582BA3BF0FF16301F0409B6E52CC60A1EA38A3418740

Function 00007FFD9B6C7BE9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da59880b8d60c5bf5621d84c89c9354eaa113db82b53a6f911307d79e4005d2f
Instruction ID: 4142220896ac8b6d69369e5477c12f06dc77600cf9d224bfcc63027fefd382a6
Opcode Fuzzy Hash: da59880b8d60c5bf5621d84c89c9354eaa113db82b53a6f911307d79e4005d2f
Instruction Fuzzy Hash: 89018F30A5E64E8FE752BB7488695BA7BE0EF0A300F0209F7D019CB0B6DA38B544D711

Function 00007FFD9B6B05D8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 815af0a0bc5862b1b51570534b0de976f11cc99e5dd52bc4e10a1e9cbed39e41
Instruction ID: 4173e96015e5309f28051d4e8763c9a0a66ffd82fa176f064923b284133aafd7
Opcode Fuzzy Hash: 815af0a0bc5862b1b51570534b0de976f11cc99e5dd52bc4e10a1e9cbed39e41
Instruction Fuzzy Hash: 1F01BC30A1A91E9FDBA8EF64C0696B977F1EF58300F20087ED02EC61E5CA31B651CB40

Function 00007FFD9B6BB0D9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba6f1ca3c72ddfe57d36a67f9a4f43cdc089c2b04487eb3fb6a4cc070a99efb0
Instruction ID: c22864c14c155d783ffcbe12276b4a068e314376d7d6df90274fc50725355467
Opcode Fuzzy Hash: ba6f1ca3c72ddfe57d36a67f9a4f43cdc089c2b04487eb3fb6a4cc070a99efb0
Instruction Fuzzy Hash: A301B931E0E65D4FE762EB6488596B97BF0EF5A300F0644F2D418CB0B6DA24F5548700

Function 00007FFD9B6B2F39 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ab5e8060c6ae36b6a96be30c28a6bd3211faea081527c7c1137f5a0c1aa3edf
Instruction ID: aaec09bf2e7b82a75445dfd791033e91446a51c40cd9c4922f6843f7c73334a8
Opcode Fuzzy Hash: 0ab5e8060c6ae36b6a96be30c28a6bd3211faea081527c7c1137f5a0c1aa3edf
Instruction Fuzzy Hash: AA01B570A5E64D4FD762ABA488695A97FF0EF06300F0608F2D41CCB0F6DA24A5448700

Function 00007FFD9B6BB7CE Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6531b2b955b30d9d2fb4dccb51027d80dafc98d8a48670f4952f72d5209bd567
Instruction ID: e647e86b68fb46a3592e5aa366d8f283bfaea9c27e02160fc8c8365299a04b87
Opcode Fuzzy Hash: 6531b2b955b30d9d2fb4dccb51027d80dafc98d8a48670f4952f72d5209bd567
Instruction Fuzzy Hash: E5110970E1A52E9EEBA1EB98D8657EDBAF1FB58300F5001B5D01DD62A1DF342A81CF40

Function 00007FFD9B6C27F8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5ab2459d284ea63fbd7fbc1bd5c65a95bf9f8821324771e9f3e4aa5968d1ed7
Instruction ID: e1f47be707feabe1c91ffbe2a3f1887e99b09434c442c852a236a37a4d6fff48
Opcode Fuzzy Hash: e5ab2459d284ea63fbd7fbc1bd5c65a95bf9f8821324771e9f3e4aa5968d1ed7
Instruction Fuzzy Hash: 0401AD70A5A50E8FDB69FBB4C4685BA77A4FF09300F11087AE82AC70E1DE31B254C640

Function 00007FFD9B6B0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50d9f9e62a50ea7e198fd9a334c04d9e6cfa204f62ce86d068bbf33e2f95ac56
Instruction ID: cbfdec178e3504994cb6ec70e50b33a433ff00b7976c07e233e3f5e333746797
Opcode Fuzzy Hash: 50d9f9e62a50ea7e198fd9a334c04d9e6cfa204f62ce86d068bbf33e2f95ac56
Instruction Fuzzy Hash: 80014F30A1990E8ADB69ABA4D4685B977E0FF19305F11047EE42ECA1E5DF35F554CA00

Function 00007FFD9B6B0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c423fcadd67db886cd66b12944b3fa6262f212557a3f72b91846b2ee6be37587
Instruction ID: be4cacf0c50f0dba3d257d5fc0a78a16a1d192a808fb1e25d9af1be573ffae0b
Opcode Fuzzy Hash: c423fcadd67db886cd66b12944b3fa6262f212557a3f72b91846b2ee6be37587
Instruction Fuzzy Hash: 8C016230A1951E8ADB59EFA4D4695BA7BF0FF18305F11087EE42EC61E5DF35B194CA00

Function 00007FFD9B6B1240 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcdb740ef9e88dae93083c822390c61b64a783b8b99b4ef75b03759b421f6b42
Instruction ID: 21afc560e6581cadf11f57402f04b4a98b3c6a77004c913a72e40bd9cf67d577
Opcode Fuzzy Hash: bcdb740ef9e88dae93083c822390c61b64a783b8b99b4ef75b03759b421f6b42
Instruction Fuzzy Hash: 1FF0A970E1E55E4AFB659A9884293BA77F0FF56311F00057AE429C60E1DF3426948A40

Function 00007FFD9B6BDA85 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889f8dc18bf554b86b22b642c05b1c9b56ec5e2b555d0463634da8ac52d3bd01
Instruction ID: 7224234ee4da2798ed21c533b908e3f591007b26b200d7bfe38d541964cbe4ce
Opcode Fuzzy Hash: 889f8dc18bf554b86b22b642c05b1c9b56ec5e2b555d0463634da8ac52d3bd01
Instruction Fuzzy Hash: 7001C430A1D91DCBEB64EB94C4A0AEDB7F1EF58311F51013AD01AEA2A5DA357A42CB00

Function 00007FFD9B6B05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d10691ad045a7ad108492be410595e68251f0855e73eb5477c66b365e661829a
Instruction ID: e84160083a5654fe6db62255b03be54cf3e0a042839194441c1da495e518bba1
Opcode Fuzzy Hash: d10691ad045a7ad108492be410595e68251f0855e73eb5477c66b365e661829a
Instruction Fuzzy Hash: 33F0C230A1E65E9FDB68EF6494256FA37A0EF05304F51087AE81DC60E1CF35B660CB40

Function 00007FFD9B6B3555 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 500da16a2ab7d508419512607441615295569338dfcd863e91e4cab36492d4ee
Instruction ID: 3f7783450ffffc8e4a3fa5c228bc949f8a2968b7b12d2a24361e71b711254a3c
Opcode Fuzzy Hash: 500da16a2ab7d508419512607441615295569338dfcd863e91e4cab36492d4ee
Instruction Fuzzy Hash: F1F08671E0D69E8FDB659F6488285FD7BB0FF15300F41057ED428C61A1DB3465108B40

Function 00007FFD9B6C7E00 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2926cd4f2c0c5f2dd1c2e20c591cb30ec76164fee90b56adf2eef6397faa7010
Instruction ID: 09910f785c5746ba59b6156fb5d3718c847802c16695dfff2bb17b167d81a1f5
Opcode Fuzzy Hash: 2926cd4f2c0c5f2dd1c2e20c591cb30ec76164fee90b56adf2eef6397faa7010
Instruction Fuzzy Hash: B6011E35E0911E8ADB64EED0C4646FC77B5EB58310F150039C41AEB1A1CA38BA84CB55

Function 00007FFD9B6BBEAD Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc685c827c73f8f5a1eee5053b34654d79f3ee3c63051e9c063a07916360d784
Instruction ID: 1645dba5c012854eda1278c4e2e69253c405102ae8f0d85138445e55dcb5a12f
Opcode Fuzzy Hash: bc685c827c73f8f5a1eee5053b34654d79f3ee3c63051e9c063a07916360d784
Instruction Fuzzy Hash: 07010870E0952ECFEB64DF94C8547EEB6F0FB48301F1482B6D018A6295DB386A84CF94

Function 00007FFD9B6B27B9 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6b0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 022aa8e454fd61a94af02088e339a6c6fd247b8542e08c75b9b2487888ba01a1
Instruction ID: 9b74f90d1ad97abdbb0bc7ac702d2d8bef9a8542ab7d002d56388f7ec3821320
Opcode Fuzzy Hash: 022aa8e454fd61a94af02088e339a6c6fd247b8542e08c75b9b2487888ba01a1
Instruction Fuzzy Hash: 66F0A43090E78D4FDB6A9F6488651AA3FB0BF16300F4504BAD419CA0E2DB28A554CB01

Function 00007FFD9B6C12D0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 744b37ae296935b92304d584455e9c0691c0df4834d36935e740ee363edd6d78
Instruction ID: 5c7e7ce625567928d61b0360b99525ba1f2099afbf5918ed8c54c7123ca7e369
Opcode Fuzzy Hash: 744b37ae296935b92304d584455e9c0691c0df4834d36935e740ee363edd6d78
Instruction Fuzzy Hash: 90F05430A1551E8EEB54FF6488182FE76E0FF14305F41053AE82DC61A0DB3466508640

Function 00007FFD9B6BBF2C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6bb000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e859c560bc3bfa46d72b4f66ca1e66e717e321e04ca9f186c9f79b2d257fddf4
Instruction ID: 04aeb46ebbc5dfbe8cd6a71f0d949f20c6b5fbd946b54814091dcf754b948d53
Opcode Fuzzy Hash: e859c560bc3bfa46d72b4f66ca1e66e717e321e04ca9f186c9f79b2d257fddf4
Instruction Fuzzy Hash: D9E0EC3091E51E9ADBA1A7908861AE9B6B4AF56300F5942F1D51D8A1B6CD24BA818F40

Function 00007FFD9B6C59CB Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4814915d58cb994c2b6d799df409c12eddfcb3736b70e1066eb43048622c904
Instruction ID: d9ccf934fd170426228a46e975ba8c0baa383fed35f5576bfd8e8e6176d68a37
Opcode Fuzzy Hash: d4814915d58cb994c2b6d799df409c12eddfcb3736b70e1066eb43048622c904
Instruction Fuzzy Hash: D5D0C775D1AA1A4FD754EB5844DF298BBF1FF543007400056E518D6151DF2475115741

Non-executed Functions

Function 00007FFD9B6C15A9 Relevance: 8.8, Strings: 7, Instructions: 100COMMON

Download Yara Rule

Strings

}, xrefs: 00007FFD9B6C15E0
!, xrefs: 00007FFD9B6C1A9D
/, xrefs: 00007FFD9B6C18C3
#, xrefs: 00007FFD9B6C152C
", xrefs: 00007FFD9B6C1930
", xrefs: 00007FFD9B6C1923
[, xrefs: 00007FFD9B6C1731

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID: !$"$"$#$/$[$}
API String ID: 0-2194321067
Opcode ID: 47b758add011749f1fd82a170b3ed0c7acdd9e95a25c5775821b226f801d7c5b
Instruction ID: 407606cbdf5bb79fea867ed64a1236185c24e12ed1a0eb37570f530c73241c78
Opcode Fuzzy Hash: 47b758add011749f1fd82a170b3ed0c7acdd9e95a25c5775821b226f801d7c5b
Instruction Fuzzy Hash: 5B41C070E0922E8FEB68EF94C4A47FD77B1AF54301F1145BAD55EAA290DB346A84DF00

Function 00007FFD9B6C068E Relevance: 5.0, Strings: 4, Instructions: 46COMMON

Download Yara Rule

Strings

F, xrefs: 00007FFD9B6C04C7
0, xrefs: 00007FFD9B6C0455
[, xrefs: 00007FFD9B6C06A2
b, xrefs: 00007FFD9B6C06AF

Memory Dump Source

Source File: 00000021.00000002.1782005921.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b6c0000_StartMenuExperienceHost.jbxd

Similarity

API ID:
String ID: 0$F$[$b
API String ID: 0-1668057103
Opcode ID: 5e7d0b3d67754f939391071519a3ad47a03583031819be69bbdc693db2f4676c
Instruction ID: 9772b8e7bb71208d23270b9e3d9070363f9ed17de7e899f3055506a198c23b98
Opcode Fuzzy Hash: 5e7d0b3d67754f939391071519a3ad47a03583031819be69bbdc693db2f4676c
Instruction Fuzzy Hash: 0111EA70E0962E8FEB68DF54C8657BAB6B1AF48301F4001F9D05DAB291CB782A81CF00

Analysis Process: services.exePID: 4900, Parent PID: 7440COMMON

Executed Functions

Function 00007FFD9B6B35D5 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

N_H, xrefs: 00007FFD9B6B3760

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID: N_H
API String ID: 0-343878021
Opcode ID: f1038d12e902af4b49e30fa2b930536278c9433f94a25e1347073b4fe86482ab
Instruction ID: d6d663f09c27b3e66b3364d9b26a63c1777f52275ee496191ab3b472b72a18fa
Opcode Fuzzy Hash: f1038d12e902af4b49e30fa2b930536278c9433f94a25e1347073b4fe86482ab
Instruction Fuzzy Hash: 5D91E072E1D95D8FEB58DB68C8247A97BF1EF5A310F4501BED019CB2DADBB428018B40

Function 00007FFD9B6BCD7D Relevance: 2.7, Strings: 2, Instructions: 231COMMON

Download Yara Rule

Strings

;wN, xrefs: 00007FFD9B6BCD7F
%{v, xrefs: 00007FFD9B6BCE3E

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID: %{v$;wN
API String ID: 0-1289574819
Opcode ID: 4002f8267543d6a4351c1e85c0956369d39148a4f7f38e4efd078e3fdb77cd54
Instruction ID: 7d190866e1f18b29b37877fe7eecaf29360f74a28098487ac4c85c98f2319d93
Opcode Fuzzy Hash: 4002f8267543d6a4351c1e85c0956369d39148a4f7f38e4efd078e3fdb77cd54
Instruction Fuzzy Hash: 63610E23B0C63A8AD7247BBCB8215EA7B60EF81275B0441B7DA9DCE097DE14754A86D0

Function 00007FFD9B6C1339 Relevance: 2.6, Strings: 2, Instructions: 150COMMON

Download Yara Rule

Strings

, xrefs: 00007FFD9B6C13BB
/, xrefs: 00007FFD9B6C18C3

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID: $/
API String ID: 0-2637513485
Opcode ID: 8e126073c834456b15a06c8464e8e13cad07b017d5506d1c8ea728f79f1bdc3c
Instruction ID: 02ce8038277a0ce374c014a7bb77b629e0320c55d7eaa30f1836d3fd948ee550
Opcode Fuzzy Hash: 8e126073c834456b15a06c8464e8e13cad07b017d5506d1c8ea728f79f1bdc3c
Instruction Fuzzy Hash: 50510B30E0A61D8FEB65EF94C8646F977B1BF09304F0101BAD51DDB2A1DB38AA84CB40

Function 00007FFD9B6C393D Relevance: .5, Instructions: 454COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b7461aaebb208107dea0c7d1b960d316044e0270a1229986e64953bf46f9bec
Instruction ID: 5067aca172a65d1a211b2cf762f3bf90b3e2f6a6863120e8023d2ae2cb7967cc
Opcode Fuzzy Hash: 6b7461aaebb208107dea0c7d1b960d316044e0270a1229986e64953bf46f9bec
Instruction Fuzzy Hash: ED117561A0E6894EE752B76888655B97BF0EF06300F0604BBD4A8CB1A3D93475048701

Function 00007FFD9B6B1738 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e77b5da90ec79a2835c7e9b3f1b70ea82c2ff6c9ea2705a30354bd6128ce17a
Instruction ID: 958be3311df1cf3e45dec7f3a70c8acda26bfc9a21f43e3cd8659d0fba530381
Opcode Fuzzy Hash: 3e77b5da90ec79a2835c7e9b3f1b70ea82c2ff6c9ea2705a30354bd6128ce17a
Instruction Fuzzy Hash: E081A031B1DA5D4FDB68DE5888715A977E2FF98300B15417AE46EC72A2DE34BD02CB80

Function 00007FFD9B6C4175 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbc37e78ea06f7c1caa050e54a91b29055a3e1de63c0c1ad4c93b45a79b86895
Instruction ID: f4d5d8411e229562a9693d9584e3d0dd9ea37d72528d61ccfcebd40520de0ac3
Opcode Fuzzy Hash: fbc37e78ea06f7c1caa050e54a91b29055a3e1de63c0c1ad4c93b45a79b86895
Instruction Fuzzy Hash: 0C91C970E1A61D8EEBA4FB98C8657FCB6F1FF58300F5141BAD11DE7291DA346A848B40

Function 00007FFD9B6B1D7D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aa66eae5e1d629cf4e0685871ea9cd09404d589d48394a955a2b142400c5f05
Instruction ID: e8dad7f92a5b158b8e467a144d1cb80b2a4224bc0c08c73db9d9f733e2a563bc
Opcode Fuzzy Hash: 2aa66eae5e1d629cf4e0685871ea9cd09404d589d48394a955a2b142400c5f05
Instruction Fuzzy Hash: 9551D131B2DA594FDB58CE5888655BA77E2FF98300B15417ED46ECB296CE34ED02CB80

Function 00007FFD9B6C3FFA Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 767bded69215c921775cbe66a3f27b0ba5eb088f37ac485e1ce5f57a376d76a8
Instruction ID: 6a400ba420f856b230f6360aee015588d59aa1a9befbf8d3ef691cc4ff0b00aa
Opcode Fuzzy Hash: 767bded69215c921775cbe66a3f27b0ba5eb088f37ac485e1ce5f57a376d76a8
Instruction Fuzzy Hash: F6515A67709A594BE321F7ACF8655FA7BA0EF80371B45047BD298CE063DE107049C790

Function 00007FFD9B6C585D Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 649819b1d6ba69dca93524971cd80a6d5d21c8deaf356711035a652093de9703
Instruction ID: 320c2902c2a2f20260a399a60c8a65ac5a22b2d725386c4905b172a1b87e1805
Opcode Fuzzy Hash: 649819b1d6ba69dca93524971cd80a6d5d21c8deaf356711035a652093de9703
Instruction Fuzzy Hash: E3512D70E1A95D8FEBA4EBA8D86A6BDB7F1EF58300F00017AD01DD7295DE3469418B40

Function 00007FFD9B6BC309 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3850e8a3c6e0c5dd18232888af0037cc4f70304e3f266173cd22336c13dab9f
Instruction ID: 7f6c3ed15fb40fb3c860c7085286ae0b1a60ba99c74934b45c42c03a0b2444a3
Opcode Fuzzy Hash: d3850e8a3c6e0c5dd18232888af0037cc4f70304e3f266173cd22336c13dab9f
Instruction Fuzzy Hash: 5E610771E0E61E8FEB64DFA8C4646ED77B0FF58300F55403AD429EA2A5DA386A448F50

Function 00007FFD9B6B22C5 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b566e89600ed5761efd5593e378ca3598fe928cc226b7ab76b33d07143673b6
Instruction ID: 1f1b7c721611ed57a94d47a363d463a57bc6b30416ada9e9825fad0382a46012
Opcode Fuzzy Hash: 4b566e89600ed5761efd5593e378ca3598fe928cc226b7ab76b33d07143673b6
Instruction Fuzzy Hash: 89517131E0E52E8AEB749BD4D8216B9BBF0FF45300F1201B9D06D9A1E2DE387A458E41

Function 00007FFD9B6B3231 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95e1db573332f5c4b95833f70830744bdf017b800491d14a5c6688c5e0e2f981
Instruction ID: 4775cb349a412ea8ad0460cb6fef0a38f07ce22d6b1992aff83088cc1716240e
Opcode Fuzzy Hash: 95e1db573332f5c4b95833f70830744bdf017b800491d14a5c6688c5e0e2f981
Instruction Fuzzy Hash: 64511771E1D66D8FEB64DB94C4A46EDBBB1EF58310F51013AD019EB2A1DE386A44CB00

Function 00007FFD9B6C79D1 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ef335d9d4952fecc7e77cb29eb83383b7366ef73bb72adb68c58e722438115
Instruction ID: 3a00063f92fe2418ffbc7b4a6b788b527aa8251cca5a303b6d2f9f4379e5e81b
Opcode Fuzzy Hash: e0ef335d9d4952fecc7e77cb29eb83383b7366ef73bb72adb68c58e722438115
Instruction Fuzzy Hash: 27514030A0A64E8FEB61FFA4C8696B97BF0FF19300F0105B6D52DDB1A2DA34A6548751

Function 00007FFD9B6C2CED Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99335df6d2f401bb79707449742a3ec56095cab139e0dd810395b97ad1eda731
Instruction ID: 477bea2c81d2f5ecc05c207adb662521a78878d96341a997640f18b449923ecb
Opcode Fuzzy Hash: 99335df6d2f401bb79707449742a3ec56095cab139e0dd810395b97ad1eda731
Instruction Fuzzy Hash: F8515D70A1951E8FEBA4EBD4D865AFDB7B1FF58300F010579E419DB2A6CA3479408B40

Function 00007FFD9B6B2195 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a27a68288c712bde1808991b63e4b30d1baba5fd72b09534388e261e6e168101
Instruction ID: 4007f59ede29939f63fd8c0647c591356260e76120a60ddc419a3c27187c5689
Opcode Fuzzy Hash: a27a68288c712bde1808991b63e4b30d1baba5fd72b09534388e261e6e168101
Instruction Fuzzy Hash: 4C418831B0E69E0FE765DBB894651B97FE0EF8A300B0505FBD06CCB1A6DE28B9418741

Function 00007FFD9B6C6708 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1548f900584671e9890ca89a82fb6cbc9c5304923992717177a28cb376a3c6ab
Instruction ID: 5de7797dd67da74af1a731818d53aaa8ff16341753df722dac2e05ae619025d0
Opcode Fuzzy Hash: 1548f900584671e9890ca89a82fb6cbc9c5304923992717177a28cb376a3c6ab
Instruction Fuzzy Hash: 8B415E70E0A61D8AEBB8FB54C8657B9B6A1FF55300F1141B9D02DD72E5CF386A84CB05

Function 00007FFD9B6C2F70 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3656964a14a71704b202876604f717657104df0a2dd8925d6bcbaedd82b91f26
Instruction ID: 8e09ec6ae05af6ca75fcd1f23646ab9d58c108d546a37a3a7f493f90290e4d8c
Opcode Fuzzy Hash: 3656964a14a71704b202876604f717657104df0a2dd8925d6bcbaedd82b91f26
Instruction Fuzzy Hash: 25419870E1952E8EEBA4EB98C855BECB7B1FB58300F0141B9D51DE7291DE346A848F40

Function 00007FFD9B6BB4FB Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c0cc4ba3cc3686eab389a4752ade08d6534e1864ece59534e2bca0967196c77
Instruction ID: 5f560913b4e45dfac8e565f73fa87c6332549fec81778ec6d5ab8c8260750c75
Opcode Fuzzy Hash: 0c0cc4ba3cc3686eab389a4752ade08d6534e1864ece59534e2bca0967196c77
Instruction Fuzzy Hash: 23411961F1E55E4FE711AFA888685BD77F0FF95300F094476D12CCA0E2EE24B5008B41

Function 00007FFD9B6C7951 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c88831ea1a775a92784154094b47d1956e02394048c6062734a552ed4201bd8
Instruction ID: 84dfe046bd38c32b9d1b6b4b8a6b406ff727d646617ccb3cf06e2a8441074598
Opcode Fuzzy Hash: 9c88831ea1a775a92784154094b47d1956e02394048c6062734a552ed4201bd8
Instruction Fuzzy Hash: BE316030A1E54E8FEB61FFA8C8695B97BF1FF19300F0145B2D629DB0A6DA34B6448741

Function 00007FFD9B6BC7C4 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a88d0a6c23fdad75435f5a9130bf6c9e0cb44b84bfe6a748c08e90f10b890e07
Instruction ID: 3bbe424650babb318ac81dc251c69f56b9fc436424e8a5bac4f6947a0c6f8cd9
Opcode Fuzzy Hash: a88d0a6c23fdad75435f5a9130bf6c9e0cb44b84bfe6a748c08e90f10b890e07
Instruction Fuzzy Hash: 7531E935E1D92D9FEFA4EBA894A56ACB7F1FF58300F510079D01DD7292DE247A418B40

Function 00007FFD9B6B34D1 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b295d311b12adf084e7a9f52e5414790225de1d19d6cb2c84db2b5fd9c738743
Instruction ID: 14bc6dcefbe93ec0dccd8c0b2e7cbc9c159ee87bc91363023513ed8ffe4413a2
Opcode Fuzzy Hash: b295d311b12adf084e7a9f52e5414790225de1d19d6cb2c84db2b5fd9c738743
Instruction Fuzzy Hash: 3F314F71A0E65E8FDB69EF6488685B97BB0FF19300F1105BFD429CA1A2DA35A644CB40

Function 00007FFD9B6C5255 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56622f7bdea3bc4e885dfd05242a2e7f8a83b8c91424803c9bcc5cc49bf587d6
Instruction ID: 83b32ca34f499da1bf62204b915864ab35123cf9e6c3183561aaebb71c5d5e68
Opcode Fuzzy Hash: 56622f7bdea3bc4e885dfd05242a2e7f8a83b8c91424803c9bcc5cc49bf587d6
Instruction Fuzzy Hash: 5231B271A0AA4E8FEB59FF5488665B977E1FF54300F5100BED42ECA5A6CA39B650C700

Function 00007FFD9B6B122D Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f40a97ae64e1b2a7c8c37c34ddad1827fbc7523fcec3bc99442ec56a1f7e80bc
Instruction ID: e9c97347cf0840db34290a461eeffa384bd7eda8cf19352897fc62277560b752
Opcode Fuzzy Hash: f40a97ae64e1b2a7c8c37c34ddad1827fbc7523fcec3bc99442ec56a1f7e80bc
Instruction Fuzzy Hash: 0C31F271A1EA5E5FEBA9DB68C4652BA3BF0FF5A300F0101BAD029CA1E1DF3465448B00

Function 00007FFD9B6BC857 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0ab7e22cb6c6fe5e013bf82eab0a98ca4560fabce14c44ef59157bbe03d5395
Instruction ID: c21c769fef6782d31a2d0eebf97d48341894cdf49b051c54fe035995654cca90
Opcode Fuzzy Hash: b0ab7e22cb6c6fe5e013bf82eab0a98ca4560fabce14c44ef59157bbe03d5395
Instruction Fuzzy Hash: 5B21EC31E1D92D8FEFA4EBA898656ACB7B1FF59300F55103AD01DDB292DE2469418B40

Function 00007FFD9B6B3430 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39b518ac0fa0687cf17a4201054887282791f9f72d0c91612a2c08689d935805
Instruction ID: 1996b32eabb5e7bd9dbd5171e5b64d567a7b5ad11703e79ee2df23f799eb9028
Opcode Fuzzy Hash: 39b518ac0fa0687cf17a4201054887282791f9f72d0c91612a2c08689d935805
Instruction Fuzzy Hash: C9319F31A4E68D8FD753EFA488685A97FF0EF06310F0945EBD458CB0A2DA28A545CB11

Function 00007FFD9B6C4D35 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58cddebd6921f7dacca9b76bafe14a53525fd6a8c165152b3a0b07da6c12ca31
Instruction ID: f3673b0f719b2dc9d5c175ae0046e0057b48378cd7fa14a398418b46b7ba67aa
Opcode Fuzzy Hash: 58cddebd6921f7dacca9b76bafe14a53525fd6a8c165152b3a0b07da6c12ca31
Instruction Fuzzy Hash: 0D21A071A0A90E9FEBA9FFA884651BD77A0FF18301F11057EE42DCA1A5CB34B5408740

Function 00007FFD9B6C2E41 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f70b8362083c6618c3f25adbb5d44deedbe1b47ee04383a89217a08f7220daa6
Instruction ID: c6cfc8ec43953c20f67207dc0279e40bfe77d67674f1afa9774368388ec784eb
Opcode Fuzzy Hash: f70b8362083c6618c3f25adbb5d44deedbe1b47ee04383a89217a08f7220daa6
Instruction Fuzzy Hash: F4217E30A1955E8FEB51FBE8D8685FDBBF0FF49300F4105B6D428DB1A6DA34A5408B40

Function 00007FFD9B6B0A01 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfd35f432a75357a77e960bc29d85e0db517998037f3085fa85f7eed254af750
Instruction ID: df9d0c743406264e3df1f8d2abef77c2349bc130e3e86b282d7eab72d37114ba
Opcode Fuzzy Hash: bfd35f432a75357a77e960bc29d85e0db517998037f3085fa85f7eed254af750
Instruction Fuzzy Hash: 8A21C475E1E51E4EE7A0EBA888692FD7BF0FF54700F414976D42DCA0A6EE34B6408B00

Function 00007FFD9B6C2A31 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19a273d2e595ffa41618ddffacdd8bf75f94ac27eceb019ff59e7dacac070aa3
Instruction ID: 89900e35ee0ac0b70c25c1cd3c33510087acaa06629a4db792461a270bd23732
Opcode Fuzzy Hash: 19a273d2e595ffa41618ddffacdd8bf75f94ac27eceb019ff59e7dacac070aa3
Instruction Fuzzy Hash: 47216D70A0A64E8FDB68FF98C4615FD7BA0FF59300F12517AE91E871A5CA34B6508B81

Function 00007FFD9B6C5409 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5089361c0ee48416faabbcc8de1649f50643e01abc0d14d828a3bb15d190bcdc
Instruction ID: a67209bc26a179d6566df3e56349923e856359ca0359e82bf9258bd2d5c0cdba
Opcode Fuzzy Hash: 5089361c0ee48416faabbcc8de1649f50643e01abc0d14d828a3bb15d190bcdc
Instruction Fuzzy Hash: F231CF31A0A64E8FEB95FF64882A6BD3BA0FF15301F01417AD42DC60E6DA34A540C741

Function 00007FFD9B6C4C99 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cdfbe43949e821cdd0b6075ceaa2551031f5e2208d46caf27f0e8f47be1af30
Instruction ID: 3a89d0e273f7f7de5f0fe8384597ef6d10fbd376c6312158867d772d3b74230d
Opcode Fuzzy Hash: 5cdfbe43949e821cdd0b6075ceaa2551031f5e2208d46caf27f0e8f47be1af30
Instruction Fuzzy Hash: 87318D31A0A64E8FEB65FBA888652BD7BA0FF15300F0105BED429CA0A2DA35A540C740

Function 00007FFD9B6C7341 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c54db03427a129e67876f62e1dc25b67c0017487d7bb54980c95121c451dfee
Instruction ID: 7cd27ed5bc265e380f22d5fd67490870c3d4b20591de359fc5f41ce2f6a4f316
Opcode Fuzzy Hash: 5c54db03427a129e67876f62e1dc25b67c0017487d7bb54980c95121c451dfee
Instruction Fuzzy Hash: DB218F70A0964E8FEBA4FFA884655BD77A0FF14301F11057AE82DCB1E6DA34B5408740

Function 00007FFD9B6B085D Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 324872ffd0cf18265adaff08151695f5e85ebff9653a53322b3698807838fc09
Instruction ID: 027104df53f7c7725bf3d68913fa3d9077d1f274033425aa945103e95c8d4c68
Opcode Fuzzy Hash: 324872ffd0cf18265adaff08151695f5e85ebff9653a53322b3698807838fc09
Instruction Fuzzy Hash: 53213721B0E55E9EEB61A7BC88694F83BE0EF01300F0640B2D059CE0A3DD24B2558680

Function 00007FFD9B6C4DD5 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 939444bbaf163d430d32e6996a0b08deea0eb48da7b454ebb10aa4d4e28918be
Instruction ID: f2e9d41021035fdb837ba34a375d766abf2db1248a07adf3aa3cfe134597076f
Opcode Fuzzy Hash: 939444bbaf163d430d32e6996a0b08deea0eb48da7b454ebb10aa4d4e28918be
Instruction Fuzzy Hash: 01216F71A0A64E8FEBA5FFA484695B977A0FF18301F11047EE52DCA1A1DB35B6408741

Function 00007FFD9B6C37B9 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6892a66af3c11b6e72ac7a2d6dedd66a16d7ae4f44f78fb0cce3955508a76337
Instruction ID: c54aea4214603211572971161141309bcac75c79f2db3eac9b4f6b5da5aab0e6
Opcode Fuzzy Hash: 6892a66af3c11b6e72ac7a2d6dedd66a16d7ae4f44f78fb0cce3955508a76337
Instruction Fuzzy Hash: F021F97090E68E8FEB51FBA4C8595F97BF0FF19310F0505BAE458C7162DA38A544C751

Function 00007FFD9B6C52ED Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d094146891670855d0ccf1a999a69837a3c505351046bfe55b79e6d954c9707e
Instruction ID: f8c6ef6226796ef579cd3fbcaf91e792de78f579a45098efbea0fcecd53bd99f
Opcode Fuzzy Hash: d094146891670855d0ccf1a999a69837a3c505351046bfe55b79e6d954c9707e
Instruction Fuzzy Hash: F021B471A0E64E8BEB65FE648C2A6BD77E0FF15304F45047AD42DCA0E2EE69B500C701

Function 00007FFD9B6B0AA1 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0f4a6dc7fbb52702f2b1924b3441fae330f8810fc363ee2eca45ebf5185163e
Instruction ID: cb0df01744b652597df481e136a740aaed0a3c989df35ac3b6b83e7cd36922ab
Opcode Fuzzy Hash: b0f4a6dc7fbb52702f2b1924b3441fae330f8810fc363ee2eca45ebf5185163e
Instruction Fuzzy Hash: 0A21C231A5E51E4FE761EBA984655F97BF0FF45700F4209B2D429CB0A6EE24F5008B00

Function 00007FFD9B6C537D Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b06a05ff49618703159e3d5f4da9f25deca0f215b4f6e0a63909f5f47bb94027
Instruction ID: d66c2f0f6d3e4284b416d81ff895109cf1540b841b70f9163109950df97822b3
Opcode Fuzzy Hash: b06a05ff49618703159e3d5f4da9f25deca0f215b4f6e0a63909f5f47bb94027
Instruction Fuzzy Hash: 63218071A0A94E8BEB69FA648C6A6FD77E0FF15300F01057AD42DCA1E6EE7475408641

Function 00007FFD9B6C6669 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f41ed38b048aedd205e8f986d26de0d24cd41473b40e8feb648513bde5d9ca55
Instruction ID: 56a96cf47ba501fb4e3e4476545159800c43d8fe6b80cce0720ef73958a3d93f
Opcode Fuzzy Hash: f41ed38b048aedd205e8f986d26de0d24cd41473b40e8feb648513bde5d9ca55
Instruction Fuzzy Hash: E6215670A0E54E8FEB65FBA4C8695B97BE0FF26300F0505B6E529CB0A2DE34B5448746

Function 00007FFD9B6C553D Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1884d046a5df34cf03c593b8b9a389ca74dc3236f0e72b4c4bca035d23887de
Instruction ID: 950272080c1933d572b5711dcfc0ebc72897f47ebddaef2158cd0d5b6948a93e
Opcode Fuzzy Hash: f1884d046a5df34cf03c593b8b9a389ca74dc3236f0e72b4c4bca035d23887de
Instruction Fuzzy Hash: 58219170A0954E8FEB68FB68C86A6BD77E1FF14300F41057AE42DCA1E6DE34B9408741

Function 00007FFD9B6BCA89 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 973790f053aeb8e86f0ef062e236ff1f68a9bda09e9a82f3a4acc1baa91adb11
Instruction ID: 0ad6b18c09d1b54f4504193e7751b60f99d6dd169c76c08b139c48378a4b9c36
Opcode Fuzzy Hash: 973790f053aeb8e86f0ef062e236ff1f68a9bda09e9a82f3a4acc1baa91adb11
Instruction Fuzzy Hash: A4217430A0E69E8FDB65DF64C8651BA7BB1FF15300F1545BAE429CA0E6DA35B610CB40

Function 00007FFD9B6B289D Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f66e7c793c60e1e49c93666f307d07b4eb6f2657d582778bb90bd44f1428fbc9
Instruction ID: 91ed1424820d419735d5ec44e4f4fe776b2c4ba97f9547f0887d4079b7617140
Opcode Fuzzy Hash: f66e7c793c60e1e49c93666f307d07b4eb6f2657d582778bb90bd44f1428fbc9
Instruction Fuzzy Hash: 5E219230A1E55E8FE765ABA494695B93BF0EF15300F01447AD42CCA0E6DF38F544CB40

Function 00007FFD9B6C2C50 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e03bf74766d0a4cbdb7703eb9cf4167c9f4cf16014d2a030c4ee7a28968ac9f
Instruction ID: 364a6556312d406c261d47efb45539eb4597912cf50d3598d96542373750c31c
Opcode Fuzzy Hash: 1e03bf74766d0a4cbdb7703eb9cf4167c9f4cf16014d2a030c4ee7a28968ac9f
Instruction Fuzzy Hash: 5211B13094E7894FD756ABB088291B97BB0EF07205F1604EBE81ACB0F3DA296685C751

Function 00007FFD9B6C244D Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c1ea44411ddd3dfed4997355084ef873e93113d3cb0a636020c0835f44097f2
Instruction ID: 250fa30bc424ad593ac5a7504f964ad19cd72e32c3fda78cd0b13cf9c26cb16d
Opcode Fuzzy Hash: 8c1ea44411ddd3dfed4997355084ef873e93113d3cb0a636020c0835f44097f2
Instruction Fuzzy Hash: A421F231A0D50E8FDB69FA94C4656FD77A0EF09300F12047EC91AD71E1DE647A44CB80

Function 00007FFD9B6C81D9 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe7a211e71e6c89ebc0674b9a22455ded87c33eea12fa3d8d99ea794d3d38183
Instruction ID: cdbfb3100a25f6f2890bedbe7d62ffb3eb71787fce3cdadebbf8fe54e9c27fe6
Opcode Fuzzy Hash: fe7a211e71e6c89ebc0674b9a22455ded87c33eea12fa3d8d99ea794d3d38183
Instruction Fuzzy Hash: EB21C270A4A64E4FDB75FF64C8295B97BA0FF06300F0514BAD52ECB4E2DA28BA008740

Function 00007FFD9B6B08E5 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9afe445961dfe475fcf707f01a71c3e4b8a8f7233309e15d8a774bbd4da8dcf3
Instruction ID: 5caa644ad3d57f56223b11aae0ee096d5a3597cfbd502a962a62725bf7556f93
Opcode Fuzzy Hash: 9afe445961dfe475fcf707f01a71c3e4b8a8f7233309e15d8a774bbd4da8dcf3
Instruction Fuzzy Hash: 2A11B631A4E51E8FFB71BAB584592B93FF0EF59700F124976D42DCA0A2DE34F6408A40

Function 00007FFD9B6C7485 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dc4044260b01f543e8e592bb9a6ca64f1a2afd308ae63be980f0c27827dcf2a
Instruction ID: e739cc9e09fb5c73bdce1190395182b759ea52408b9e1f413f565707e4be84b8
Opcode Fuzzy Hash: 8dc4044260b01f543e8e592bb9a6ca64f1a2afd308ae63be980f0c27827dcf2a
Instruction Fuzzy Hash: 4311E171A0EA4E4BEB65BF6488A55B83FA0FF15300F0640BAD569CA5F2DE256940C701

Function 00007FFD9B6B1CFD Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c99d700dfb92c213a9963494b88e3bcb73e86b8fa69f95dfa692b79680fea2e0
Instruction ID: 5e7149b20281b88f436629a0d0b4be17b1b3aea94fe2de71ecf2ffdac5938cb4
Opcode Fuzzy Hash: c99d700dfb92c213a9963494b88e3bcb73e86b8fa69f95dfa692b79680fea2e0
Instruction Fuzzy Hash: 3E11D670A1E65E8FEB659F6498252F937A0FF05300F11447AE41DCA1E1DB38B650CB40

Function 00007FFD9B6C73E5 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 780ccf99558a4cea767ff0410e418a8c334af632ed9fdc14ddf203a7f5a8c1af
Instruction ID: 0b49f1826a20f444f13193ea8c9f43c2c6e46d128df01bcc20ff25b76d801ddb
Opcode Fuzzy Hash: 780ccf99558a4cea767ff0410e418a8c334af632ed9fdc14ddf203a7f5a8c1af
Instruction Fuzzy Hash: 3211A271A09A4E8FDB98FF6884696B97BE0FF58301F1145BED42DC71A1DA34A540C741

Function 00007FFD9B6BCF60 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80db056c9b52caf68b6a4413fe8786d24284bb0e859bdbff168839c030806260
Instruction ID: 5f5b47f171e5c94e503a4fe9308128162bc89b1994a309fdaf8ab37abd4f1946
Opcode Fuzzy Hash: 80db056c9b52caf68b6a4413fe8786d24284bb0e859bdbff168839c030806260
Instruction Fuzzy Hash: AC116370A0E65E8FEB56AF68C8655B97BB0FF15300F0104FBD42DCA0E6DA346650CB50

Function 00007FFD9B6B0F2E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb2a309b63c871e699349b78c235f0df20bf21722ada749dc51b98e545053e68
Instruction ID: 1a4474f01d4261ff2764194fc38346b824de9ff2863ff09deb7fecf77615d1e0
Opcode Fuzzy Hash: cb2a309b63c871e699349b78c235f0df20bf21722ada749dc51b98e545053e68
Instruction Fuzzy Hash: 5F114F31F1981D8BEB64EB58C864FEDB7B1FB54300F118265C419EB2A5DE347A458F80

Function 00007FFD9B6BCED7 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4561b7e2195e6dc273685778fea47a31fd53a573bf18bf61c328c3a9b4dcafe
Instruction ID: 28dc38389a31067abdd155cea27fd67cf22da2080a425ce367f7626fefaa6203
Opcode Fuzzy Hash: d4561b7e2195e6dc273685778fea47a31fd53a573bf18bf61c328c3a9b4dcafe
Instruction Fuzzy Hash: 3011C831A0E79E4FEB55AFA898251EA7B70FF46310F0100F7E96CCA0E2DA346614CB50

Function 00007FFD9B6C55C9 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29759dd6e8b649072686b1f86b0fb1764ad4688ce93c85c0f2afa89a9486b2e4
Instruction ID: c92228c69124eb05da07d3292204c0dc9fbedf8fa9840c6d3118e06c38153e68
Opcode Fuzzy Hash: 29759dd6e8b649072686b1f86b0fb1764ad4688ce93c85c0f2afa89a9486b2e4
Instruction Fuzzy Hash: 88118171A1A64E8FEB55FB6488695B97BF0FF15300F4504BBD429CB1F2DA3565408B01

Function 00007FFD9B6B282D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42e7fd8c092df248325dc8c89ecfe8f564d107b9afe01994a9c9a5dd4c811cea
Instruction ID: 2545e987f8a9077b55dba1a83a7094b28cfe711133acaffd23060a2a959153c8
Opcode Fuzzy Hash: 42e7fd8c092df248325dc8c89ecfe8f564d107b9afe01994a9c9a5dd4c811cea
Instruction Fuzzy Hash: D711E330A1E65E8BEB799FA494252F93BF0FF05301F01487AE42DCA1E1DB38B554CA40

Function 00007FFD9B6C12B1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a10fe7509b6a81f359262c9cd18b53474dd088af71095d954cb0fbfdbf5465a7
Instruction ID: ec649af9c05380df9700f8f3b8a48d398688be50d9018c7f86d97521f6d607cf
Opcode Fuzzy Hash: a10fe7509b6a81f359262c9cd18b53474dd088af71095d954cb0fbfdbf5465a7
Instruction Fuzzy Hash: 2D118E70A0964E8FEB55FF64C8696BD7BE0FF19300F1104BAE429CB1A1DB34A680C700

Function 00007FFD9B6C751D Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0aa6639e5f95a3f612c1e4820109ff7a47ca620abe074aa5f8af37c69cbf373
Instruction ID: c8d062f135fce327e2058e09dfa7fc30ae51b8c4012e337f9439855fe4f48d3f
Opcode Fuzzy Hash: d0aa6639e5f95a3f612c1e4820109ff7a47ca620abe074aa5f8af37c69cbf373
Instruction Fuzzy Hash: B411B270A4A64E4FEB68FF5484695B97BA1FF54300F4101BAD429CB1E2DE35A9408741

Function 00007FFD9B6BC285 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a996424a05e947de8db5ff9dff6d92d94b8cafacbd42751040b6fcc0ea88a4cd
Instruction ID: f52a5c88b2a307f47b5317a5ee6a6e745eb66b1dd61ebf8ac245a94854880bc2
Opcode Fuzzy Hash: a996424a05e947de8db5ff9dff6d92d94b8cafacbd42751040b6fcc0ea88a4cd
Instruction Fuzzy Hash: 51117070A1DA5E8FDB55EBA8C4691B97BB0FF19300F4104BAD429C61A1DA34A640CB00

Function 00007FFD9B6BB53D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a0960bd5a897b39f802954f3a71f0511b766964daa1db162e8dcce00fa8cda0
Instruction ID: cbf32dba836ea2f81f1a9b4b7f46c084821d29b3535fbeb24f514f647b748660
Opcode Fuzzy Hash: 8a0960bd5a897b39f802954f3a71f0511b766964daa1db162e8dcce00fa8cda0
Instruction Fuzzy Hash: 6411E962E1E55E0AE761AFE85C345FD7BB0FF85300F4A0576D52CCA0E2EE2876008A01

Function 00007FFD9B6C7D8A Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6bd41a2b376a00d089782dd54341d62ecf0495633933f340739ed5ab6a3771e
Instruction ID: da8efe9259e9d14098ff341ceb7ef956de3972a285248802ccd1a8e9d5fa49fa
Opcode Fuzzy Hash: b6bd41a2b376a00d089782dd54341d62ecf0495633933f340739ed5ab6a3771e
Instruction Fuzzy Hash: 3011EA71E0A11E8AEB64FED0C4647FDB6B0AB58310F151039D51AAA2A1CB787A84CB55

Function 00007FFD9B6B2EC1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d08d8f2b815e699ba4f1ee37b41198492d68e880604a1a080c4b946b26d7b370
Instruction ID: 8d2a70c12d57cb473020972216934c4cfad24e3e33efd1abfe2b9618c82f9fa9
Opcode Fuzzy Hash: d08d8f2b815e699ba4f1ee37b41198492d68e880604a1a080c4b946b26d7b370
Instruction Fuzzy Hash: B9019EB0A5E65E8FE761EBA488695A97BF0EF19300F0205B6D418CB0A2EA24E1448A00

Function 00007FFD9B6C824D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9743daa5ce09dafacf94614b433b0e8aacb7f1094951099c063f0ccec558855
Instruction ID: 5383c1c726d1e87789ff53edd42433a4128429d029fe5eedbae94763ec5324fb
Opcode Fuzzy Hash: f9743daa5ce09dafacf94614b433b0e8aacb7f1094951099c063f0ccec558855
Instruction Fuzzy Hash: 8A019270A4964E8FDBA9FF64C4695FA77A0FF15300F0104BAD41AC60E2DB39B550C780

Function 00007FFD9B6C7A61 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d323b787a9c0d241ec369b720aa1da62f588ad457289a74f7df811d25b890ea
Instruction ID: 5eb8919f23859e00bfd99886df40725457ad03d3400f6382aea3898b77c73536
Opcode Fuzzy Hash: 2d323b787a9c0d241ec369b720aa1da62f588ad457289a74f7df811d25b890ea
Instruction Fuzzy Hash: 24F0D13090E54E4FE761BFF488582BA3BF0FF16301F0409B6E52CC60A1EA38A3418740

Function 00007FFD9B6BB0D9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba6f1ca3c72ddfe57d36a67f9a4f43cdc089c2b04487eb3fb6a4cc070a99efb0
Instruction ID: c22864c14c155d783ffcbe12276b4a068e314376d7d6df90274fc50725355467
Opcode Fuzzy Hash: ba6f1ca3c72ddfe57d36a67f9a4f43cdc089c2b04487eb3fb6a4cc070a99efb0
Instruction Fuzzy Hash: A301B931E0E65D4FE762EB6488596B97BF0EF5A300F0644F2D418CB0B6DA24F5548700

Function 00007FFD9B6B05D8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 815af0a0bc5862b1b51570534b0de976f11cc99e5dd52bc4e10a1e9cbed39e41
Instruction ID: 4173e96015e5309f28051d4e8763c9a0a66ffd82fa176f064923b284133aafd7
Opcode Fuzzy Hash: 815af0a0bc5862b1b51570534b0de976f11cc99e5dd52bc4e10a1e9cbed39e41
Instruction Fuzzy Hash: 1F01BC30A1A91E9FDBA8EF64C0696B977F1EF58300F20087ED02EC61E5CA31B651CB40

Function 00007FFD9B6C7BE9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da59880b8d60c5bf5621d84c89c9354eaa113db82b53a6f911307d79e4005d2f
Instruction ID: 4142220896ac8b6d69369e5477c12f06dc77600cf9d224bfcc63027fefd382a6
Opcode Fuzzy Hash: da59880b8d60c5bf5621d84c89c9354eaa113db82b53a6f911307d79e4005d2f
Instruction Fuzzy Hash: 89018F30A5E64E8FE752BB7488695BA7BE0EF0A300F0209F7D019CB0B6DA38B544D711

Function 00007FFD9B6BB7CE Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5951b5b331c7dc592c395b16f42c7267d99f3c9e2cf48e38d36a76e0c80afb89
Instruction ID: 63940d30e208cc445f4eaf6371c3e4d8e55a21043a971ccfd9d85f32a040401a
Opcode Fuzzy Hash: 5951b5b331c7dc592c395b16f42c7267d99f3c9e2cf48e38d36a76e0c80afb89
Instruction Fuzzy Hash: 4C110970E1A52E9EEBA1EB98D8657EDBAF1FB48301F4101B5D01DD62A1DF342A81CF40

Function 00007FFD9B6B2F39 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ab5e8060c6ae36b6a96be30c28a6bd3211faea081527c7c1137f5a0c1aa3edf
Instruction ID: aaec09bf2e7b82a75445dfd791033e91446a51c40cd9c4922f6843f7c73334a8
Opcode Fuzzy Hash: 0ab5e8060c6ae36b6a96be30c28a6bd3211faea081527c7c1137f5a0c1aa3edf
Instruction Fuzzy Hash: AA01B570A5E64D4FD762ABA488695A97FF0EF06300F0608F2D41CCB0F6DA24A5448700

Function 00007FFD9B6B0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50d9f9e62a50ea7e198fd9a334c04d9e6cfa204f62ce86d068bbf33e2f95ac56
Instruction ID: cbfdec178e3504994cb6ec70e50b33a433ff00b7976c07e233e3f5e333746797
Opcode Fuzzy Hash: 50d9f9e62a50ea7e198fd9a334c04d9e6cfa204f62ce86d068bbf33e2f95ac56
Instruction Fuzzy Hash: 80014F30A1990E8ADB69ABA4D4685B977E0FF19305F11047EE42ECA1E5DF35F554CA00

Function 00007FFD9B6B0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c423fcadd67db886cd66b12944b3fa6262f212557a3f72b91846b2ee6be37587
Instruction ID: be4cacf0c50f0dba3d257d5fc0a78a16a1d192a808fb1e25d9af1be573ffae0b
Opcode Fuzzy Hash: c423fcadd67db886cd66b12944b3fa6262f212557a3f72b91846b2ee6be37587
Instruction Fuzzy Hash: 8C016230A1951E8ADB59EFA4D4695BA7BF0FF18305F11087EE42EC61E5DF35B194CA00

Function 00007FFD9B6C27F8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5ab2459d284ea63fbd7fbc1bd5c65a95bf9f8821324771e9f3e4aa5968d1ed7
Instruction ID: e1f47be707feabe1c91ffbe2a3f1887e99b09434c442c852a236a37a4d6fff48
Opcode Fuzzy Hash: e5ab2459d284ea63fbd7fbc1bd5c65a95bf9f8821324771e9f3e4aa5968d1ed7
Instruction Fuzzy Hash: 0401AD70A5A50E8FDB69FBB4C4685BA77A4FF09300F11087AE82AC70E1DE31B254C640

Function 00007FFD9B6BDA85 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889f8dc18bf554b86b22b642c05b1c9b56ec5e2b555d0463634da8ac52d3bd01
Instruction ID: 7224234ee4da2798ed21c533b908e3f591007b26b200d7bfe38d541964cbe4ce
Opcode Fuzzy Hash: 889f8dc18bf554b86b22b642c05b1c9b56ec5e2b555d0463634da8ac52d3bd01
Instruction Fuzzy Hash: 7001C430A1D91DCBEB64EB94C4A0AEDB7F1EF58311F51013AD01AEA2A5DA357A42CB00

Function 00007FFD9B6B1240 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcdb740ef9e88dae93083c822390c61b64a783b8b99b4ef75b03759b421f6b42
Instruction ID: 21afc560e6581cadf11f57402f04b4a98b3c6a77004c913a72e40bd9cf67d577
Opcode Fuzzy Hash: bcdb740ef9e88dae93083c822390c61b64a783b8b99b4ef75b03759b421f6b42
Instruction Fuzzy Hash: 1FF0A970E1E55E4AFB659A9884293BA77F0FF56311F00057AE429C60E1DF3426948A40

Function 00007FFD9B6B05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d10691ad045a7ad108492be410595e68251f0855e73eb5477c66b365e661829a
Instruction ID: e84160083a5654fe6db62255b03be54cf3e0a042839194441c1da495e518bba1
Opcode Fuzzy Hash: d10691ad045a7ad108492be410595e68251f0855e73eb5477c66b365e661829a
Instruction Fuzzy Hash: 33F0C230A1E65E9FDB68EF6494256FA37A0EF05304F51087AE81DC60E1CF35B660CB40

Function 00007FFD9B6B23AA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b834a66cea2e8838f8e7a27b9442c1e66e0d6b4dfc5dcefdcabc92c5830eb815
Instruction ID: ad63aaa89bc9d36336235176b1544df97fc58255a6992bd1b0cbc45e124ba10e
Opcode Fuzzy Hash: b834a66cea2e8838f8e7a27b9442c1e66e0d6b4dfc5dcefdcabc92c5830eb815
Instruction Fuzzy Hash: 4101AD31A1E52D8AEBA4EA80D8647E877B5EB55300F1141B9C05D961A1DE743A898F01

Function 00007FFD9B6B3555 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 500da16a2ab7d508419512607441615295569338dfcd863e91e4cab36492d4ee
Instruction ID: 3f7783450ffffc8e4a3fa5c228bc949f8a2968b7b12d2a24361e71b711254a3c
Opcode Fuzzy Hash: 500da16a2ab7d508419512607441615295569338dfcd863e91e4cab36492d4ee
Instruction Fuzzy Hash: F1F08671E0D69E8FDB659F6488285FD7BB0FF15300F41057ED428C61A1DB3465108B40

Function 00007FFD9B6C7E00 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2926cd4f2c0c5f2dd1c2e20c591cb30ec76164fee90b56adf2eef6397faa7010
Instruction ID: 09910f785c5746ba59b6156fb5d3718c847802c16695dfff2bb17b167d81a1f5
Opcode Fuzzy Hash: 2926cd4f2c0c5f2dd1c2e20c591cb30ec76164fee90b56adf2eef6397faa7010
Instruction Fuzzy Hash: B6011E35E0911E8ADB64EED0C4646FC77B5EB58310F150039C41AEB1A1CA38BA84CB55

Function 00007FFD9B6BBEAD Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc685c827c73f8f5a1eee5053b34654d79f3ee3c63051e9c063a07916360d784
Instruction ID: 1645dba5c012854eda1278c4e2e69253c405102ae8f0d85138445e55dcb5a12f
Opcode Fuzzy Hash: bc685c827c73f8f5a1eee5053b34654d79f3ee3c63051e9c063a07916360d784
Instruction Fuzzy Hash: 07010870E0952ECFEB64DF94C8547EEB6F0FB48301F1482B6D018A6295DB386A84CF94

Function 00007FFD9B6B27B9 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 022aa8e454fd61a94af02088e339a6c6fd247b8542e08c75b9b2487888ba01a1
Instruction ID: 9b74f90d1ad97abdbb0bc7ac702d2d8bef9a8542ab7d002d56388f7ec3821320
Opcode Fuzzy Hash: 022aa8e454fd61a94af02088e339a6c6fd247b8542e08c75b9b2487888ba01a1
Instruction Fuzzy Hash: 66F0A43090E78D4FDB6A9F6488651AA3FB0BF16300F4504BAD419CA0E2DB28A554CB01

Function 00007FFD9B6C12D0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 744b37ae296935b92304d584455e9c0691c0df4834d36935e740ee363edd6d78
Instruction ID: 5c7e7ce625567928d61b0360b99525ba1f2099afbf5918ed8c54c7123ca7e369
Opcode Fuzzy Hash: 744b37ae296935b92304d584455e9c0691c0df4834d36935e740ee363edd6d78
Instruction Fuzzy Hash: 90F05430A1551E8EEB54FF6488182FE76E0FF14305F41053AE82DC61A0DB3466508640

Function 00007FFD9B6C2734 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 402f2b4259402e1f534f75252659f7c256d79dc56703650d7a6599d49f9d319a
Instruction ID: 713ab652a58900630af2fa17841bc392fc6cff3671e86a54e9c0bf3d567567a7
Opcode Fuzzy Hash: 402f2b4259402e1f534f75252659f7c256d79dc56703650d7a6599d49f9d319a
Instruction Fuzzy Hash: 7DE06D30B0D50F8BEB28FAC088B56FE72A5DF58300F210539C92ADA1E2ED6876505A90

Function 00007FFD9B6BBF2C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6BB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6bb000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e859c560bc3bfa46d72b4f66ca1e66e717e321e04ca9f186c9f79b2d257fddf4
Instruction ID: 04aeb46ebbc5dfbe8cd6a71f0d949f20c6b5fbd946b54814091dcf754b948d53
Opcode Fuzzy Hash: e859c560bc3bfa46d72b4f66ca1e66e717e321e04ca9f186c9f79b2d257fddf4
Instruction Fuzzy Hash: D9E0EC3091E51E9ADBA1A7908861AE9B6B4AF56300F5942F1D51D8A1B6CD24BA818F40

Function 00007FFD9B6B0FAE Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6b0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 204721c2fcc7d1d6bc2e4b513e17e152d76f4ccd510873f63780adb5c893747b
Instruction ID: 30ff1787ed33dbc6b9b8378b9ee5ff1e8e428523e2d7d509f43cba46081c179f
Opcode Fuzzy Hash: 204721c2fcc7d1d6bc2e4b513e17e152d76f4ccd510873f63780adb5c893747b
Instruction Fuzzy Hash: 8CB00902FAF02F86E978A1E200225BC082C4F0AA44F62A535E47E280A70E2872412921

Non-executed Functions

Function 00007FFD9B6C15A9 Relevance: 8.8, Strings: 7, Instructions: 100COMMON

Download Yara Rule

Strings

#, xrefs: 00007FFD9B6C152C
[, xrefs: 00007FFD9B6C1731
}, xrefs: 00007FFD9B6C15E0
!, xrefs: 00007FFD9B6C1A9D
/, xrefs: 00007FFD9B6C18C3
", xrefs: 00007FFD9B6C1923
", xrefs: 00007FFD9B6C1930

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID: !$"$"$#$/$[$}
API String ID: 0-2194321067
Opcode ID: 47b758add011749f1fd82a170b3ed0c7acdd9e95a25c5775821b226f801d7c5b
Instruction ID: 407606cbdf5bb79fea867ed64a1236185c24e12ed1a0eb37570f530c73241c78
Opcode Fuzzy Hash: 47b758add011749f1fd82a170b3ed0c7acdd9e95a25c5775821b226f801d7c5b
Instruction Fuzzy Hash: 5B41C070E0922E8FEB68EF94C4A47FD77B1AF54301F1145BAD55EAA290DB346A84DF00

Function 00007FFD9B6C068E Relevance: 5.0, Strings: 4, Instructions: 46COMMON

Download Yara Rule

Strings

0, xrefs: 00007FFD9B6C0455
b, xrefs: 00007FFD9B6C06AF
[, xrefs: 00007FFD9B6C06A2
F, xrefs: 00007FFD9B6C04C7

Memory Dump Source

Source File: 00000025.00000002.1770593403.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID: 0$F$[$b
API String ID: 0-1668057103
Opcode ID: 5e7d0b3d67754f939391071519a3ad47a03583031819be69bbdc693db2f4676c
Instruction ID: 9772b8e7bb71208d23270b9e3d9070363f9ed17de7e899f3055506a198c23b98
Opcode Fuzzy Hash: 5e7d0b3d67754f939391071519a3ad47a03583031819be69bbdc693db2f4676c
Instruction Fuzzy Hash: 0111EA70E0962E8FEB68DF54C8657BAB6B1AF48301F4001F9D05DAB291CB782A81CF00

Analysis Process: services.exePID: 4320, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B6C35D5 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

M_H, xrefs: 00007FFD9B6C3760

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID: M_H
API String ID: 0-372873180
Opcode ID: ca19636991d5cd4e6172572171511ae4672da2e59d734077d7b1739227d38b46
Instruction ID: c1e94d9dc8a04cf278f945e64a819be433f5ee8a9a9779bb42280966fe560cef
Opcode Fuzzy Hash: ca19636991d5cd4e6172572171511ae4672da2e59d734077d7b1739227d38b46
Instruction Fuzzy Hash: 2891C271A1994D8FEB54EBA8C8657A87BE1FF5A300F5001BED05DCB2D6DBB528018B40

Function 00007FFD9B6C1738 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ba0cecf8d09e008b22d376178774d4fe1b27008074f43452908ada7dee7e678
Instruction ID: 0043629407cc97d191abb57351ee37fac8e8c34d10c8a23d1bf8573f40938c49
Opcode Fuzzy Hash: 4ba0cecf8d09e008b22d376178774d4fe1b27008074f43452908ada7dee7e678
Instruction Fuzzy Hash: 6181B031B09A4D4FDB58EE5888715B977E2FF98300B15417AE56EC72A2DE34FD028780

Function 00007FFD9B6C1D7D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33d3dc687bc75deabd1d65d02fda1dd5ff1ada08451c0ef6b037bbfa4bcf6c95
Instruction ID: 1bb00127bebef5ea67f598763de5899b0ddd322c6dd2190385aedf177af03ae0
Opcode Fuzzy Hash: 33d3dc687bc75deabd1d65d02fda1dd5ff1ada08451c0ef6b037bbfa4bcf6c95
Instruction Fuzzy Hash: 5E51D031B09A4A4FDB58EE5C88655BA77E2FF98300B15417ED56ECB292CE34FD028781

Function 00007FFD9B6C22C5 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 965fd9b891c94e3ed2ee4c27c03221b99e43e6eb84d9a4e40008eabc5cd17918
Instruction ID: a9e1ca7245ea9d1d89693036b9590c421332ebcb377857aeea89ca5fa72c23fd
Opcode Fuzzy Hash: 965fd9b891c94e3ed2ee4c27c03221b99e43e6eb84d9a4e40008eabc5cd17918
Instruction Fuzzy Hash: 97519431E0A55E8FEB74FBD4C8217B9B3A0FF45300F0241B9D56D9A1E2DE397A458A41

Function 00007FFD9B6C3231 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc1991b8224b8c5aaa70673b5e45aeafc5ee168a4bd8448ffabd88862ff643e5
Instruction ID: 5957774c1d6db374595217f054b8ab1871700b300e771effca8784febb606c0f
Opcode Fuzzy Hash: cc1991b8224b8c5aaa70673b5e45aeafc5ee168a4bd8448ffabd88862ff643e5
Instruction Fuzzy Hash: 38511770E0965D8EEB64FB98C4A56FDB7F1FF48300F51007AD119EB2A1DA38AA40CB40

Function 00007FFD9B6D5870 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c9f6b9b0b528c1496f44150e54bc3c294dd70bff00d4cef886d3757d6880fe0
Instruction ID: cce886741255ad380b2863536760e54d0c882c7a1dbfdf07fa4cb9fe191fc603
Opcode Fuzzy Hash: 8c9f6b9b0b528c1496f44150e54bc3c294dd70bff00d4cef886d3757d6880fe0
Instruction Fuzzy Hash: A8513C70E1991D8FEBA4EBA8C899BADB7F1FF68300F10016AD01DE7695DF3568418B40

Function 00007FFD9B6C2195 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 706e3ecc788dc64961f3a8ff16c88dc1c6e6295538556446b07a2fd3bb7b1234
Instruction ID: db9f5240dd2a0231c92c87b0a161e7c81a366d0727cf0a0eb4b1b4475e27782a
Opcode Fuzzy Hash: 706e3ecc788dc64961f3a8ff16c88dc1c6e6295538556446b07a2fd3bb7b1234
Instruction Fuzzy Hash: D3413931B0E68E4FE765FBB884651B97BE0EF46300B0541FBD96DC71A6DE28B9418341

Function 00007FFD9B6C34D1 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5112dd732e81cf8e8d4af88904830ba6df86e53ad1e044fed102ead78c6b2ea0
Instruction ID: ac8aa510c126c9a62d84b56470f5d54a9092b9af68d6af7c47a68bb4cafdd592
Opcode Fuzzy Hash: 5112dd732e81cf8e8d4af88904830ba6df86e53ad1e044fed102ead78c6b2ea0
Instruction Fuzzy Hash: 38316F70A0A64E8FDB69FF64C4695B97BB0FF19304F5104BED429CA1E1DB35AA44C740

Function 00007FFD9B6C122D Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01cc08618b034a489fcc9ac1a8d93ee3fde98a04d7c0b5bc24a62f1fe83792a2
Instruction ID: 48edbf868d6245850239a4e8e42687a00c0cada40153e8ec617edcd71687ccea
Opcode Fuzzy Hash: 01cc08618b034a489fcc9ac1a8d93ee3fde98a04d7c0b5bc24a62f1fe83792a2
Instruction Fuzzy Hash: F331D475A09A4E8FEB69FF68C4652B97BE0FF56300F0101BAD02ACA1E1DF2865448700

Function 00007FFD9B6C3430 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c10fd6b0d413cae8ed4f91f4bf51c1c850944c0dbc1bbf72e906429e72941f5e
Instruction ID: cc59caac75844692b3f1e594afb3cbf15b7dabb0f60f4ef1ec22f5a44cc65b0d
Opcode Fuzzy Hash: c10fd6b0d413cae8ed4f91f4bf51c1c850944c0dbc1bbf72e906429e72941f5e
Instruction Fuzzy Hash: 45319C3190E78D8FD753EFA488685A97FF4EF1A310F0941EBD498CB0A2DA38A545C711

Function 00007FFD9B6C0A01 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 505e72d661337f82005870e10db4aeb06b5f3618b22d2cea78fbf64f25d70458
Instruction ID: fb463b3ba194195b1e7232376d860e7167e61336d79dad0dfdd0d6841cc0bda4
Opcode Fuzzy Hash: 505e72d661337f82005870e10db4aeb06b5f3618b22d2cea78fbf64f25d70458
Instruction Fuzzy Hash: A121A171E1A50E9FEBA0FBA888692B977E0FF58700F415576D52DCA0A6EE34B6408740

Function 00007FFD9B6C085D Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5f1e207d85f46dd4ea4347f80688e44fd49216ca3dcb72ee0e920e6f22e6de0
Instruction ID: 03cabef7da540aab544cb9dd0084a9606dea1ad176288d885a462c4a3f9dc663
Opcode Fuzzy Hash: e5f1e207d85f46dd4ea4347f80688e44fd49216ca3dcb72ee0e920e6f22e6de0
Instruction Fuzzy Hash: D7210421B0E54E8EEB61BBB888694F93BE0EF11304F1684B3D169CF0A3DD24B6558284

Function 00007FFD9B6C0AA1 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cbcbf91b64ee4eb80bddef010a21addf5a12f4cad1aef99c7acfa0d92789ba2
Instruction ID: 465a98b3fd32f3bca0229e19f777a3ec0acc6102a377b76870960d81e2a91a96
Opcode Fuzzy Hash: 2cbcbf91b64ee4eb80bddef010a21addf5a12f4cad1aef99c7acfa0d92789ba2
Instruction Fuzzy Hash: 0521C271A5A54E8FE761FBA888655B977E0FF19700F4205B2D52CCB0A6EE24B5008740

Function 00007FFD9B6C289D Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78a1ce07a60324df824f7dad1dd46fcebb3cf80c2a22e51864bb6a7d56773ce5
Instruction ID: aca542b34944255ef96de4dcfb3520aafe419690f2659c123dd9a85a1aa9b95f
Opcode Fuzzy Hash: 78a1ce07a60324df824f7dad1dd46fcebb3cf80c2a22e51864bb6a7d56773ce5
Instruction Fuzzy Hash: 5C218470A1B64E8FEB65BFA484695B977A0EF15300F014476D92CCA0E6DF38F554C740

Function 00007FFD9B6C08E5 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9546c46636d41560b28e9c9fcf594ca88944ecaab3e23028332447c57753c68e
Instruction ID: 46a594f424da4e0facb417a58fca54f044058582cafef198ac2d71cd77a42e57
Opcode Fuzzy Hash: 9546c46636d41560b28e9c9fcf594ca88944ecaab3e23028332447c57753c68e
Instruction Fuzzy Hash: FD11B631A4E50E8FFB61BAB484592B937D0EF59700F128972D52DCA0A2EE34F6408640

Function 00007FFD9B6C1CFD Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed950e9b8e5a5d63fd91ee0cb02f394a36e680dc1fce245dd03f146bd11efd51
Instruction ID: fde7828e93a32d23d5b97ae25a8070a8d68f8b9d50345747a0c5d00e5bed055e
Opcode Fuzzy Hash: ed950e9b8e5a5d63fd91ee0cb02f394a36e680dc1fce245dd03f146bd11efd51
Instruction Fuzzy Hash: C7119370A0A64E8FEBA9BF64C8252F93BA0FF55300F51447AE51DCA1E2DB78B650C740

Function 00007FFD9B6C0F2E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c895df12f010f6ce4853f5a162bce9b6d6ec728fbfdf12d9441357f34e3adfe8
Instruction ID: 4c690f0594b8360a415ae8d9bc7f8ff06b5dcc50118f68b94e78a37e83d810e3
Opcode Fuzzy Hash: c895df12f010f6ce4853f5a162bce9b6d6ec728fbfdf12d9441357f34e3adfe8
Instruction Fuzzy Hash: FA114F30B0991D8BEB64FB98C864FEDB3B1FB58300F518165C529EB2A5DE347A458F80

Function 00007FFD9B6C282D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4fa14710f636715c87d4156de61baaed88a7d8593ffe3d29a5d3d1b923946fe
Instruction ID: 879382e5beabf596177b44b66e48564c4511b3f36858aa5b956e5b82b4d68bb7
Opcode Fuzzy Hash: d4fa14710f636715c87d4156de61baaed88a7d8593ffe3d29a5d3d1b923946fe
Instruction Fuzzy Hash: C811A030A1B64E8BEB69BFA488652F937A0FF15301F01487AE92DCA1E1DB39F554C640

Function 00007FFD9B6C2EC1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b457944196d21762167f7715e99c81f6b644c2723f94b8319fad6c776e1451
Instruction ID: f58be7cb700659a0ac042f13021ce81ea8853fe956a52495a6e8b5cba445873c
Opcode Fuzzy Hash: f8b457944196d21762167f7715e99c81f6b644c2723f94b8319fad6c776e1451
Instruction Fuzzy Hash: 6601B5B0A4A64E4FE761FBA484691B97BE0FF19300F4604B6D92CCB0A1EB34F5448700

Function 00007FFD9B6C05D8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1746186a003425d1babc5b60d362fbb9fdf478b4ff15a52fd526be639ae57a82
Instruction ID: 97aa94a7cc3508119e8ca6ed9a82a2e94ea5470ebdd0b4bd8cf3f48d73167ec7
Opcode Fuzzy Hash: 1746186a003425d1babc5b60d362fbb9fdf478b4ff15a52fd526be639ae57a82
Instruction Fuzzy Hash: 62015E70A0A50E8FDB58FF64C0696B977A1EF58304F61447DD41EC61A5CA35B651C740

Function 00007FFD9B6C2F39 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac5f90c02b03c9c9023feedd5355a43d1c159edbf3fa25119793a8a131da9ad1
Instruction ID: e335b995d8d784954486f0ea79bb2c136976ddb36022066927a83ab5bb92e26c
Opcode Fuzzy Hash: ac5f90c02b03c9c9023feedd5355a43d1c159edbf3fa25119793a8a131da9ad1
Instruction Fuzzy Hash: 43017570A5E64E4FE762BBA488695B97BE0EF46300F0609F7D92CCB0F6DA24A5548701

Function 00007FFD9B6C0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 040d51a2515bf8b9ba6d1911b19111b5a1592d58f7be2ee9d803fabc36bce1ae
Instruction ID: aae1fa3715f4368c358291317f28d22e0b8cd472fba8f9514c9ab9a6103609bb
Opcode Fuzzy Hash: 040d51a2515bf8b9ba6d1911b19111b5a1592d58f7be2ee9d803fabc36bce1ae
Instruction Fuzzy Hash: FC016230A1690E8BDB69FBA4C4685B973A0FF19305F11047EE82EC61E5DF35F554C600

Function 00007FFD9B6C0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13b39f72a5f89d10698449b675f91a527b317699fef76c753d2136cc22b8261b
Instruction ID: 7eae41f482bc25fe2883e3d919513a17123a8cc910b1e26bf8c4eb15f0c8486f
Opcode Fuzzy Hash: 13b39f72a5f89d10698449b675f91a527b317699fef76c753d2136cc22b8261b
Instruction Fuzzy Hash: C4016230A1A50E8ADB59FFA4C4695BA77A0FF18305F11087EE82EC61E5DF35B194CA10

Function 00007FFD9B6C1240 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66f9bf650ff879dd6bb815b28f0ae12cd69fa6b3d3007befd157f922ad641575
Instruction ID: ad90fd3cf83a52f412d6db78cdf3d4a8b213cd83a03b8d28ba2a0fb7b0a9b484
Opcode Fuzzy Hash: 66f9bf650ff879dd6bb815b28f0ae12cd69fa6b3d3007befd157f922ad641575
Instruction Fuzzy Hash: F0F0A974E0A55E8AFB65BF9884283F977E0FF55311F00057AE429C60E1DF2822548640

Function 00007FFD9B6C05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 063b3569f557508d963039a396a0985c671ca89c404de12683e56079a0d74d40
Instruction ID: 6553557c7d25f6c20064d62f2063ec3fa8c9ad096451d4a1a6e12534d193e0fd
Opcode Fuzzy Hash: 063b3569f557508d963039a396a0985c671ca89c404de12683e56079a0d74d40
Instruction Fuzzy Hash: 09F0AF30A0A64E8FDB68BF6484256BA37A0EF05304F51087AE81DC70A1CE35B660C640

Function 00007FFD9B6C3555 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 415d605772b8e46233524d5ab31ff72ba76ce81bd0d26b05fe7a5dd4e6eb5f8a
Instruction ID: d2c426095f3f9983fa53fd46be5abf8acf527ba917264750f1828584c1e83fdc
Opcode Fuzzy Hash: 415d605772b8e46233524d5ab31ff72ba76ce81bd0d26b05fe7a5dd4e6eb5f8a
Instruction Fuzzy Hash: C0F0A470E1A68E8FDB65FF6488291FE7BA0FF15300F41057ED528CB1A1DB34A6508740

Function 00007FFD9B6C27B9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1792326158.00007FFD9B6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9b6c0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f5b41850910b6104ede1994ebfc888a4b9fe74fe26565935f0814eae1a837cb
Instruction ID: e64c4a79facbf828c5055aa5e0b270de2d6fced963cca1a2e1c5944bd7ee9e03
Opcode Fuzzy Hash: 5f5b41850910b6104ede1994ebfc888a4b9fe74fe26565935f0814eae1a837cb
Instruction Fuzzy Hash: 2DF0A43090E78D4FDB6AAF6088651BA3FB0BF06300F5504BAD819CA0E2DB28A544C711

Analysis Process: services.exePID: 2800, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B6D35D5 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

L_H, xrefs: 00007FFD9B6D3760

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID: L_H
API String ID: 0-402390507
Opcode ID: 1fc235b695e9b1ab36fbd49b35a1db579b7fdd9289b0aab6f6a40dd0d24f6086
Instruction ID: f2074d158005e598fa27167cfff1a7596906ee814b48e01f9f58d86a90320a98
Opcode Fuzzy Hash: 1fc235b695e9b1ab36fbd49b35a1db579b7fdd9289b0aab6f6a40dd0d24f6086
Instruction Fuzzy Hash: 5A91B171E1994D8FEB58DB68C8657AC7BE1EF9A300F4001BED059DB2DADBB528018B40

Function 00007FFD9B6E3D08 Relevance: .8, Instructions: 847COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4c62c3228613a21a32034670782e03df12d89a6543f2c0685f7190eff631130
Instruction ID: ac77cdc05568f86a8ad19a1d4f0b238071a5ab964e5ba0cb0f91f51965c5b674
Opcode Fuzzy Hash: c4c62c3228613a21a32034670782e03df12d89a6543f2c0685f7190eff631130
Instruction Fuzzy Hash: 8052A171A0A68E8FEB65EB7488695BD7BE0FF19300F0105BED42DCB0A6DA34B654C741

Function 00007FFD9B6E48BC Relevance: .8, Instructions: 815COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3caed87f106f7afb16308f13559506783336c792364cf74bb6dbcf3f3dedee8f
Instruction ID: 3279abe50574f770650c1088a0b78da7814ae60656a78fb1e7432a9fd653aafb
Opcode Fuzzy Hash: 3caed87f106f7afb16308f13559506783336c792364cf74bb6dbcf3f3dedee8f
Instruction Fuzzy Hash: BD529671A0E68E4FEB659BB488691FD7BE0FF15300F0505BEE42CCA1E2DA68B654C741

Function 00007FFD9B6E52ED Relevance: .7, Instructions: 720COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a22cb89cd156f72dc7658e86a26bc6ba0f3228f9798d3813c356848e8ec094a
Instruction ID: 2d4f3e3163db9a103481b3d08eb6b518e4265b60211c70999c87ca455fd55144
Opcode Fuzzy Hash: 5a22cb89cd156f72dc7658e86a26bc6ba0f3228f9798d3813c356848e8ec094a
Instruction Fuzzy Hash: 9342A270A0A64E8FEBA5EB68C8696BD7BE0FF15300F0105BAD429CB1A6DF74B554C701

Function 00007FFD9B6E7798 Relevance: .6, Instructions: 594COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 020a1b3cc03377e23490e89968ebc9f5c1bf6af9ec205c097c475733c29288fb
Instruction ID: 89f738b124e192da730c33469ec4d602379f99b4df0bf6ad5d7b86c43cfc9751
Opcode Fuzzy Hash: 020a1b3cc03377e23490e89968ebc9f5c1bf6af9ec205c097c475733c29288fb
Instruction Fuzzy Hash: 6C12A530A0E64E8FE766EB68C86D5B97BF0FF16300F1505BAD419CB0A2DA38B655C741

Function 00007FFD9B6E63A1 Relevance: .5, Instructions: 480COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f41b6014cd80035ea9d5ce8e1b5b8bcde513c45849138184a516247cd45d441c
Instruction ID: e3a010f58d061136044043c1b212d23bea2913f825ba906f60952a34808321ec
Opcode Fuzzy Hash: f41b6014cd80035ea9d5ce8e1b5b8bcde513c45849138184a516247cd45d441c
Instruction Fuzzy Hash: D8F1B270A0964E8FEBA5EF64C8696B97BB0FF19300F0145BAD429CB1A6DF34B654C701

Function 00007FFD9B6E27F8 Relevance: .4, Instructions: 419COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1f56925a59b603279cb359521df055f56facfb6d8f9986e12b7482ea3ae7ce9
Instruction ID: cdb3f62cb3c705f40705bc42f8cb9c250625b4a8b9db8a0655bdba3347cdd47f
Opcode Fuzzy Hash: a1f56925a59b603279cb359521df055f56facfb6d8f9986e12b7482ea3ae7ce9
Instruction Fuzzy Hash: 30E1E270A0964E8FEB65DFA8C8686F97BE1FF19300F01457AE429C71A1DB38B654CB40

Function 00007FFD9B6E726D Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16d61022d99740f67578bd3def18bd179b8eb2178a763de9dc72f5d79693e11d
Instruction ID: 991762c14b321f407dc683b3832d5daf374e595f31cf40335b7ded74601febb7
Opcode Fuzzy Hash: 16d61022d99740f67578bd3def18bd179b8eb2178a763de9dc72f5d79693e11d
Instruction Fuzzy Hash: 59A11530A0E68E8FEB9ADF6488695B93FE0FF15300F1501BED429CB0A2DA347654C751

Function 00007FFD9B6DCD7D Relevance: 2.7, Strings: 2, Instructions: 232COMMON

Download Yara Rule

Strings

;wL, xrefs: 00007FFD9B6DCD7F
%{v, xrefs: 00007FFD9B6DCE3E

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID: %{v$;wL
API String ID: 0-2731751567
Opcode ID: 2efb175386b32f676695719de166f8dbb1eb3681aeb3e993c2aa70cacd933083
Instruction ID: 980e54149819f9d7a5f17811d97c628d7680e6a91eae7562adb37eefdbbaa021
Opcode Fuzzy Hash: 2efb175386b32f676695719de166f8dbb1eb3681aeb3e993c2aa70cacd933083
Instruction Fuzzy Hash: E4612423B0C62A4AD7247BBDB8214EA7B60EF81375B0446B7D99DCE0D3DE24744A87D0

Function 00007FFD9B6E813D Relevance: 1.2, Instructions: 1174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f21b70d531c6557e7c316c17b348ad76cae2cc563cf0a97cf471528b1ea0a59b
Instruction ID: a9a1fba3c97548ebd0af7f4a991b7ff4dc15b85b22aba238c3a30f7ab5a6ce9a
Opcode Fuzzy Hash: f21b70d531c6557e7c316c17b348ad76cae2cc563cf0a97cf471528b1ea0a59b
Instruction Fuzzy Hash: E351F170A4A68E8FDB56DB64C8695FA7BB0FF06300F1504FED429CB0E2CA39A655C741

Function 00007FFD9B6E4A58 Relevance: .7, Instructions: 679COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc5a32ab5b28b3bcf51c55521e663661d2b06e1dc9df0a35eb511b7c161abc6
Instruction ID: f22882f206b540abfa959484a32486d61df19d305cdf5c81a56bbbd8a7835153
Opcode Fuzzy Hash: abc5a32ab5b28b3bcf51c55521e663661d2b06e1dc9df0a35eb511b7c161abc6
Instruction Fuzzy Hash: 7E327571A0E68E4FEB659F7488252FD7BE0FF15310F0505BEE82CCA1E2DA68B6548741

Function 00007FFD9B6E4B78 Relevance: .6, Instructions: 588COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c55b835b80eb5f90976478e6a02b7c2d3a2e7604f1a05b71baa20a154d71381e
Instruction ID: c1dbfca35a30687175c91ad7013fa47e08fa8800483f672daa8d2f710226960e
Opcode Fuzzy Hash: c55b835b80eb5f90976478e6a02b7c2d3a2e7604f1a05b71baa20a154d71381e
Instruction Fuzzy Hash: 32227771A0E68E4FEB659F7488251F97BE0FF15310F0505BEE82CCA1E2DA68B6548741

Function 00007FFD9B6E3D30 Relevance: .5, Instructions: 537COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f3126a00a462ad3c782a1377fc0ad9c5eadfce1223ac85ad3e357f61cfe6a2b
Instruction ID: 7fa59d125f535a40480ac52c28f19738b58de4e91513d345284e4c1dc66ec9fa
Opcode Fuzzy Hash: 1f3126a00a462ad3c782a1377fc0ad9c5eadfce1223ac85ad3e357f61cfe6a2b
Instruction Fuzzy Hash: 47128871A0E68E4FEB659B7488291FD7BE0FF15300F0505BEE82CCA1E2DA68B654C741

Function 00007FFD9B6E4CA8 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9d0f93e3a574e525156382724bd1dbbd48afaf8e8150e90b255205e0282efac
Instruction ID: b93c85de61cf1ad4ad22fb2278dd0b4776db067c11c68cedd309f15eee25d13e
Opcode Fuzzy Hash: f9d0f93e3a574e525156382724bd1dbbd48afaf8e8150e90b255205e0282efac
Instruction Fuzzy Hash: 7A028871A0E68E4FEB659B7488391F97BE0FF15300F0505BEE82CCA1E2DA68B654C741

Function 00007FFD9B6E393D Relevance: .5, Instructions: 454COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90d40ecf9a15b53d4b73668aeef4275564b5b7c95ceae31bc4b5ef6720d0411e
Instruction ID: 892cd9d676c5c4d6b5c6bd396c510474039c51e6542f5ebc4bb5a630ef65d621
Opcode Fuzzy Hash: 90d40ecf9a15b53d4b73668aeef4275564b5b7c95ceae31bc4b5ef6720d0411e
Instruction Fuzzy Hash: 42118471A0E68E8FE763976888655B97BF0EF16700F0604FBD4A8CB1F3DA24B6148701

Function 00007FFD9B6E4D48 Relevance: .4, Instructions: 441COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1b8f79b93f2f19fdfb0ff60aac614d158196b4df17c0476525445d7acebc3ed
Instruction ID: 1eee5d6dfc446bb471347f87f4864ae385d6f17c6e2cac597e75699cebb2cb7a
Opcode Fuzzy Hash: c1b8f79b93f2f19fdfb0ff60aac614d158196b4df17c0476525445d7acebc3ed
Instruction Fuzzy Hash: 21F18971A0E68E4FEB659B7488391F97BE0FF15300F0505BEE86CCA1E2DA68B654C741

Function 00007FFD9B6E3FFA Relevance: .4, Instructions: 410COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f5a99ddbc6cd00c165eb3e5f452c93e2ebd1ace1159c4dd28c1828e2170a918
Instruction ID: c4c9ec919e7fe2a946708c2414960ed4b92906a96105a3a4e858abe80636370d
Opcode Fuzzy Hash: 9f5a99ddbc6cd00c165eb3e5f452c93e2ebd1ace1159c4dd28c1828e2170a918
Instruction Fuzzy Hash: 72E19E71E0961D8EEB64EBA8D8657EDBBF0FF54310F0001BAD01DDB1A2DA346A95CB40

Function 00007FFD9B6E4DE8 Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c76ba5b6f2b8ea9ce0d2da2c6b20dc002c5df64b234755990f6152a5f2b08212
Instruction ID: 1f95d4c9f438e16c9c965de61f89fca21cc364c59f5bb1ab2a9c58febb4fb4ea
Opcode Fuzzy Hash: c76ba5b6f2b8ea9ce0d2da2c6b20dc002c5df64b234755990f6152a5f2b08212
Instruction Fuzzy Hash: A8D1A971A0E68E4FEB659B7488351F97BE0FF15300F0505BEE46CCA0E2EA68B654C741

Function 00007FFD9B6E1191 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f215f2894f7dd04497de2d96411aec84ab8805e46774a3256b888f02e6ef70b0
Instruction ID: 3af324a1bcf395146c613aba98a68c70b3be97a43e9bb7765dead04171b7b4e1
Opcode Fuzzy Hash: f215f2894f7dd04497de2d96411aec84ab8805e46774a3256b888f02e6ef70b0
Instruction Fuzzy Hash: BCC14B30A0964E8FEB65DF64C8686F97BF1FF19300F1105BAD429DB1A1DB34AA94CB40

Function 00007FFD9B6E4F08 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79d8e6da9a6ae3642aafd26129aca1255850e4b1cb87830cf015d1fc1ad9c77a
Instruction ID: 12f9a6a3e9583eb5b34d8b2889d047ebcfeb5342a5f9cb8a594579f61ff2c355
Opcode Fuzzy Hash: 79d8e6da9a6ae3642aafd26129aca1255850e4b1cb87830cf015d1fc1ad9c77a
Instruction Fuzzy Hash: 36B1AB71E1E68E4FEB659B7488351F93BE0FF15310F0505BAE86CCA0E2DA68B654C741

Function 00007FFD9B6D1738 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 706ffb06a28a734865a2eab966ec08537206c1d4a137ea781af8e8615b17e41e
Instruction ID: 698ccd58e0dcfff3fbfd83ab7dab72e321789ad4ba324f8efdd98ab8fdbb61cf
Opcode Fuzzy Hash: 706ffb06a28a734865a2eab966ec08537206c1d4a137ea781af8e8615b17e41e
Instruction Fuzzy Hash: 7281AD31B09A4D4BDB68DE5888715B977E2FFD8300B15467EE46EC72A2DE74BD028780

Function 00007FFD9B6E5710 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610a344afffc68ce58f9cd3c4e0b232952873c16dc6fa811f3ea665cb4e3195d
Instruction ID: f3abbdab40236e5bad2c47196654f2e31799264fb346bb3f753e454646f292fa
Opcode Fuzzy Hash: 610a344afffc68ce58f9cd3c4e0b232952873c16dc6fa811f3ea665cb4e3195d
Instruction Fuzzy Hash: F6918F70A1AA5D8FEBA4EBA8C8696BD77E0FF15300F01057AD419DB1A2DE34B951CB40

Function 00007FFD9B6E2870 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb22b02f9dffa393e6c2614bf65496a0c8fb03c691d5c8e2a842debc2421f4e
Instruction ID: 1687b16cdef81ae399f0099b7700b197b345e73a0ff59c7e241f92e1d8ce6fa4
Opcode Fuzzy Hash: fdb22b02f9dffa393e6c2614bf65496a0c8fb03c691d5c8e2a842debc2421f4e
Instruction Fuzzy Hash: E581B570A1E64E8FEB659FA4C8652FA3BE1FF05300F01557AE419C71A1DB38B654CB41

Function 00007FFD9B6E4FB8 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fa7943f54301649c38b1a7c82ad15dfd5980a873db7fe2e64d34c2b7a1a0bd0
Instruction ID: 133c15ff3714dd35b4b9680e133a2e307b2ed27f4cbd8f1444ae8868303255e8
Opcode Fuzzy Hash: 5fa7943f54301649c38b1a7c82ad15dfd5980a873db7fe2e64d34c2b7a1a0bd0
Instruction Fuzzy Hash: 0F819871A1F68E4FE7659BB448351F93BE0FF15300F0505BAE86CCA0E2EA68B654C742

Function 00007FFD9B6E28E0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0b6355839fcdb856457387370a3c2b001882c5995869d9ef3575d92a0145926
Instruction ID: 143dc2f37891925514b27dc907f73ac944329fd0410887e2fbba71dd0bbe151b
Opcode Fuzzy Hash: f0b6355839fcdb856457387370a3c2b001882c5995869d9ef3575d92a0145926
Instruction Fuzzy Hash: DC71B170A1A64E8FEB659FA8C8252FA3BE1FF05300F01557AE429C71A1DB38B654CB41

Function 00007FFD9B6E5038 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da232083d8078ef4353a94f7d8089402c9c58dcd35aec66fe2409b1cca8d1ce5
Instruction ID: d0b182ba9f13ed0a6a85583a4834c44d4b92069e924735e949a6c4a7a323ae7b
Opcode Fuzzy Hash: da232083d8078ef4353a94f7d8089402c9c58dcd35aec66fe2409b1cca8d1ce5
Instruction Fuzzy Hash: 8A61AC71E0F68E4FEB659B7448391F93BE0FF15300F4505BAE868CA0E2EA68B654C741

Function 00007FFD9B6E7A61 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08f94d0b13d42539f59a35a4448ecb757c3cf367a8d38342d0c8da0f00880220
Instruction ID: 1fa84201f1b1c5814fb941d38e1722b7d75d63bc7115ab57a7a6b606c8ddd715
Opcode Fuzzy Hash: 08f94d0b13d42539f59a35a4448ecb757c3cf367a8d38342d0c8da0f00880220
Instruction Fuzzy Hash: B8618330A5E68E8FE7659B6488286F97BB0FF06310F1505BAD419CB0E2EB78A654C741

Function 00007FFD9B6E50B8 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76ddd1e2ed63781e0aa9445b8c6c8c04eefa4eda5145958097101ae19111dcc3
Instruction ID: 13d7941686ef0c1badc7de161662c1091b5703cedc53054b019fcf6d0a989f3a
Opcode Fuzzy Hash: 76ddd1e2ed63781e0aa9445b8c6c8c04eefa4eda5145958097101ae19111dcc3
Instruction Fuzzy Hash: E0619B71A0F68E4FEB659B7488351F93BE0FF15310F0505BAE468CA0E2DA68B654C741

Function 00007FFD9B6D1D7D Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f22ac3db1e824e5066aa3b73af60200e4c63fb1fb40e47707c7ff0e7988fb3d2
Instruction ID: fe94c57d45e627c9e81cdd7d261cbbd2b0786238dd7c4986246b9363f576053a
Opcode Fuzzy Hash: f22ac3db1e824e5066aa3b73af60200e4c63fb1fb40e47707c7ff0e7988fb3d2
Instruction Fuzzy Hash: 5451D131B09A894FDB58CE5C88655BA77E2FFD8300B15427ED46EC7296CE74ED028781

Function 00007FFD9B6E2950 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5290c8501b8be99f42bd746402612f918463d585bc49abadd1d0292bb118083
Instruction ID: 6b56641e01e7a8f7c736b6e601d6e42884eedac6b65d259e35840bef1fd0aae0
Opcode Fuzzy Hash: b5290c8501b8be99f42bd746402612f918463d585bc49abadd1d0292bb118083
Instruction Fuzzy Hash: 62519270A1A64E8FDB649FA8C8652FE77E1FF05300F01557EE429C71A1DB38A6548B41

Function 00007FFD9B6E65F0 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea1fe24fc07ef0483f7a8ade166da1d1ebe9f4cd8367e51dcb07b0f5318eb380
Instruction ID: 80b6e2f5e3af3b02aa226fd1d9cf3d4fed593da01ba1e8e917e6a524472a953f
Opcode Fuzzy Hash: ea1fe24fc07ef0483f7a8ade166da1d1ebe9f4cd8367e51dcb07b0f5318eb380
Instruction Fuzzy Hash: C0615270E0A64D8FEBA49BA488297B97BB0FF15300F0145BAD46DD71E2DF786694CB01

Function 00007FFD9B6DC309 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 182ef75a971d5a55366b6e083021a34a785529faa8346ba62524b74f8eaf40b2
Instruction ID: fc995277586c67e97208cd0f75064e11eb0e4cfb52afa316e9da9ea4184b7785
Opcode Fuzzy Hash: 182ef75a971d5a55366b6e083021a34a785529faa8346ba62524b74f8eaf40b2
Instruction Fuzzy Hash: C1612D71E0960E8FDB64DFA8C8646FD77B1FF98300F11413AD429EB2A5DB7869448B50

Function 00007FFD9B6E3CF8 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fc2ea0035472778ef5eede1def83952a688e31d1bc97184de51b487ced7123c
Instruction ID: c28c940b36ad7b9cc5b4a8b859ff45b5b36bb1b6737870e030b9658de1238121
Opcode Fuzzy Hash: 4fc2ea0035472778ef5eede1def83952a688e31d1bc97184de51b487ced7123c
Instruction Fuzzy Hash: 4F51E570A0EA4E8FEB65DBA484796F977E1FF19300F0504BAE429CA0E6DA34B654C741

Function 00007FFD9B6D22C5 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9b4cd4609629518a98fbd365d64f8d1cfb48ff264cc18d084e34aa60ca6f895
Instruction ID: c87e3a65c882fb9432a1f3b5f01a647e34cc85cc17abc77f657017f14fbbc871
Opcode Fuzzy Hash: b9b4cd4609629518a98fbd365d64f8d1cfb48ff264cc18d084e34aa60ca6f895
Instruction Fuzzy Hash: 41517F31E0A55E8AEB74DBD4CC216B9B3A0FF85300F1203B9D46D9A1E2DE797A45CA41

Function 00007FFD9B6D3231 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72c5f9b363797903c121539975310ce2f08a0520f633f9bb68d316e7a8fcccd6
Instruction ID: 7505c4708238097e3e7885e844fa8ff532f0469b468743c01571ef6cf732a5b8
Opcode Fuzzy Hash: 72c5f9b363797903c121539975310ce2f08a0520f633f9bb68d316e7a8fcccd6
Instruction Fuzzy Hash: F5513B70E0965D8FEB64DB98C8A46EDBBF1FF99301F554239D019EB2A1DE346A44CB00

Function 00007FFD9B6E2E41 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aff04ab882940dd90a63ac05d75ec57994048e3a65e2474661839b3617037ba
Instruction ID: 3f454d76b2d897bdc9b733d3337a9eb42339c3e11d725f2d001c011d0bea955e
Opcode Fuzzy Hash: 6aff04ab882940dd90a63ac05d75ec57994048e3a65e2474661839b3617037ba
Instruction Fuzzy Hash: 9551A170E0955E8FEB61EBA8C8586EDB7F1FF49300F01457AD418DB1A6DA38B654CB00

Function 00007FFD9B6D2195 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3797611317f889cef9634e822987bb9b0f553a331460445a574ec4de0859cdf7
Instruction ID: 6df17922a0064754fb69388d8b58def0d19bdc6175458594e08bdddd33e26e57
Opcode Fuzzy Hash: 3797611317f889cef9634e822987bb9b0f553a331460445a574ec4de0859cdf7
Instruction Fuzzy Hash: 32413B31B0E68E4FE765D7B8C8655B97BE0EF86300B0542FBE46DC71A6DE18B9418341

Function 00007FFD9B6E5148 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cfb441825d72c44631a4119e8c4293c09eccb1e7f55b952996518fa6274d25c
Instruction ID: a620f099092ec53ec8cd7b3c15e4607b698f20d79c1eb91adbfcc271983211ce
Opcode Fuzzy Hash: 8cfb441825d72c44631a4119e8c4293c09eccb1e7f55b952996518fa6274d25c
Instruction Fuzzy Hash: E7419A71A0F78E4FEB659F6488351F93BE0FF15300F4505BAE468CA1E2DA68B654C741

Function 00007FFD9B6E2F70 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c5f083afbfb2d42b80b40779f6f62a8c89b930396a0311886c02ae3235f9a4b
Instruction ID: b144ad26ce4268d80f3b4141b97dbb80e8690f242a5b4e20759f40c910f97b86
Opcode Fuzzy Hash: 4c5f083afbfb2d42b80b40779f6f62a8c89b930396a0311886c02ae3235f9a4b
Instruction Fuzzy Hash: CE41A870E0951E8EEBA4EB98C855BECB7B1FF58300F1142BAD41DE7291DE346A848F40

Function 00007FFD9B6DB4FB Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bfe9662591bbf654f3ab9f4c3d9d79f7f573290d5a85df323d180529091ee7a
Instruction ID: 4a5334f9df8e6b39f5aa3042997befeb4cc9be31454f02f96a8e534b3fa757db
Opcode Fuzzy Hash: 0bfe9662591bbf654f3ab9f4c3d9d79f7f573290d5a85df323d180529091ee7a
Instruction Fuzzy Hash: A941C661F1E94E5EE761AFA88C681BD77E0FFD5300F4946B2D02DCE0E6DE24B5048240

Function 00007FFD9B6E7B78 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30370ce8cc4131268f920154c47b90e9626148ee1f427b9a9e735de7c08f7bd9
Instruction ID: 9a9e63ae02147d285de5b9adc1d367b84b439a58c53cb623962f2466407fb473
Opcode Fuzzy Hash: 30370ce8cc4131268f920154c47b90e9626148ee1f427b9a9e735de7c08f7bd9
Instruction Fuzzy Hash: DE41E330A4E78E8FEB659B6488286F97BA0EF06314F1505BAD419CA0E1EB38A654C741

Function 00007FFD9B6DC7C4 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00e5d148962790ab761d754062e71f7db6854787f3cf1a5f2a9b7e27a1ec5808
Instruction ID: d866101cdaf7884d2279c01c58e27abd675a49f743cb04aad5eeb199dfd14f09
Opcode Fuzzy Hash: 00e5d148962790ab761d754062e71f7db6854787f3cf1a5f2a9b7e27a1ec5808
Instruction Fuzzy Hash: 0C310A35E1991D9FEBA4EBA888656ACB7F1EF98300F510239D01DDB292DE3469418B40

Function 00007FFD9B6D34D1 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46e8187615e4d271bc2aab1a24e00f024e0a4060da6051055322d677f5d50f8a
Instruction ID: 0bb67d45a35c0dad0d0cbdc0926a45cebc6d0ea86e065f8d9fe5eccda0451473
Opcode Fuzzy Hash: 46e8187615e4d271bc2aab1a24e00f024e0a4060da6051055322d677f5d50f8a
Instruction Fuzzy Hash: CD317070A0A64E8FDB69EF64C8685BD7BA0FF59300F1105BED42ACB1E2DB35A644C740

Function 00007FFD9B6DCEFB Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7a5d4240474284dddfad77273aeb4926ebd35e2d96178bdf5f08dd8bc28fc2d
Instruction ID: 18e8dd228432be27928ff941462e64bf94d75a43adc631420b3daac2b786b7cd
Opcode Fuzzy Hash: f7a5d4240474284dddfad77273aeb4926ebd35e2d96178bdf5f08dd8bc28fc2d
Instruction Fuzzy Hash: 7B31D122F0E55E4AEB657BECAC214FD7BA0EF91321F410276E46DCD0E6CE24764086A1

Function 00007FFD9B6DC857 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 563369c7d633cb5262d4ac3cccb41a8009ae31827c65d044006e3abad355b2ff
Instruction ID: 9a116705fdf2c979a7ade908f8d73f32f7dcaef26d3a907aec1b1910fe2bfb3f
Opcode Fuzzy Hash: 563369c7d633cb5262d4ac3cccb41a8009ae31827c65d044006e3abad355b2ff
Instruction Fuzzy Hash: 95211C35F0D91D8FEFA4EBA888656ACB7F1EF99300F51023AD01DDB296DE3469418B40

Function 00007FFD9B6D122D Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52c6b995b5fe6e718284a9e04384410e196659b76b4472f78fea885c1db3d597
Instruction ID: 64849ede0c5f829d34991db384363d7b84eafa97c8447db4e8bf08ad468b2bd4
Opcode Fuzzy Hash: 52c6b995b5fe6e718284a9e04384410e196659b76b4472f78fea885c1db3d597
Instruction Fuzzy Hash: 30310771A0AA4E4FEB69DB68C8656B97BE0FF96300F0102BED02DCA1E2DF657544C700

Function 00007FFD9B6D3430 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34e9fb2637eb87cb8a66936f18ffa3271f4fd3a1c4dc446a31f40b296be3e7fc
Instruction ID: 5766213a4aefb025a3fff5a0311183648b6e3321f60c965da34f06e29d82f0c3
Opcode Fuzzy Hash: 34e9fb2637eb87cb8a66936f18ffa3271f4fd3a1c4dc446a31f40b296be3e7fc
Instruction Fuzzy Hash: AC319A3190E68D8FD753EFA488685A97FF0EF4A310F0A45EBD498CB0A2DA28A545C711

Function 00007FFD9B6E51C8 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a51cedb6216f342cc27252f6aa03cb6b1fdc85ff098eb5419c7695ddda3b9c0a
Instruction ID: ef960d43f327fec1aabf2059f21a83046b84c809bb5b1a475b06e4b740b0257e
Opcode Fuzzy Hash: a51cedb6216f342cc27252f6aa03cb6b1fdc85ff098eb5419c7695ddda3b9c0a
Instruction Fuzzy Hash: 7A31CA71A0E68E8FEB659F6488351F93BD0FF15300F5505BAE82CCA1E2DA68B664C741

Function 00007FFD9B6D2049 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86d1eb0ea2b8190279dc183c33d12b38919edd6690870eb339f8e4fbafe5a546
Instruction ID: 0ee61198dc0d2704bc2c4f20feee1c08fbdbfbb03f23b98c17af47f77ad67490
Opcode Fuzzy Hash: 86d1eb0ea2b8190279dc183c33d12b38919edd6690870eb339f8e4fbafe5a546
Instruction Fuzzy Hash: 1621B821A4F6C94AEB725AF88C755A57FD09F43214F1D4AFAD0E88F0F3D4196545C342

Function 00007FFD9B6D0A01 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ba09a4d17d2a1cc8afa9fd07d75d14d3b5b6f169486a7c5cc2fdfd786b27dd1
Instruction ID: 4cb60b0812f9886ef392970939ce0a6092aee0a8a5b577e424aa333e0f11bff9
Opcode Fuzzy Hash: 7ba09a4d17d2a1cc8afa9fd07d75d14d3b5b6f169486a7c5cc2fdfd786b27dd1
Instruction Fuzzy Hash: 3621A771E1A50E5EE7A0EBA88C792BD77E0FF95700F454676D42DCA0A6DE34B640C740

Function 00007FFD9B6E30E2 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 469433791e43b9c1cf5fb3a03474c79645e9ebe883494efcd0a80fa876cf61ef
Instruction ID: 3c1885126a57e95aa5b3c1d39b0cdbd46275ceb8db9bcb7ab9be9d3baabe7f0f
Opcode Fuzzy Hash: 469433791e43b9c1cf5fb3a03474c79645e9ebe883494efcd0a80fa876cf61ef
Instruction Fuzzy Hash: 4131B770E1961D9FEB64EBA8C8A5BADB7B1FF54300F5042A9D41CA7296CF3479808F41

Function 00007FFD9B6D0AA1 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1357030ab075f3a2699e513f69086f9dd789ef40951d9f8164733e1ff626091f
Instruction ID: 7ec4b63f0bc974493c95f76c34457a4ffd8714d2670ea4bf1b5069279748ec47
Opcode Fuzzy Hash: 1357030ab075f3a2699e513f69086f9dd789ef40951d9f8164733e1ff626091f
Instruction Fuzzy Hash: D2219231A5E50E4FE7A1EBA888755B977E0FF99700F4606B2D429CB0A6EE24F540C740

Function 00007FFD9B6D085D Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c704315a326c20f98d575f5e3202c457518c22f139ae9f2e9d36a48ce3c90b33
Instruction ID: 4f2b59e75ef89ddb4acf89bfa4d90133018dbf0fa24d51d1d12940a6e526039d
Opcode Fuzzy Hash: c704315a326c20f98d575f5e3202c457518c22f139ae9f2e9d36a48ce3c90b33
Instruction Fuzzy Hash: 3E210761B0E58E9EEB61ABB88C798F837D0EF91304F1606B2D069CE0E7DD24B155C281

Function 00007FFD9B6D289D Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63045fbe6760f8475d5f8c7d3d1a528c668ce4ea058dda5b18ebd42bbbf7e5bc
Instruction ID: f887decf1b366d3ec354087302913208147eb8a51001719b20b45037c5808c90
Opcode Fuzzy Hash: 63045fbe6760f8475d5f8c7d3d1a528c668ce4ea058dda5b18ebd42bbbf7e5bc
Instruction Fuzzy Hash: 6D21A430B1A64E8FE765AFA4C8695B977A0EF99300F0145B6D42CCA0E6DF38F544C740

Function 00007FFD9B6D08E5 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e3e6f44b95de905f9ec32bf95602aa4212baa31991b08ff2e8f6bcfdefbeb8f
Instruction ID: 5157164734ea81151373946ebd948ddf8d82bf17b4bd94da08445dbb2fc4398e
Opcode Fuzzy Hash: 8e3e6f44b95de905f9ec32bf95602aa4212baa31991b08ff2e8f6bcfdefbeb8f
Instruction Fuzzy Hash: 17119631B4E50E8EFB61AAB488796B937D0EF99700F124676D42DCA0A2DE24B640C640

Function 00007FFD9B6D1CFD Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb25754f81d1c7bba487fba0dfeb29d497272c4f6130c40f810ac90f1ddd13f7
Instruction ID: 856982fc06ab19a8d503ff75ff5d1271d38e521334c8c306acaa56aac82efa02
Opcode Fuzzy Hash: cb25754f81d1c7bba487fba0dfeb29d497272c4f6130c40f810ac90f1ddd13f7
Instruction Fuzzy Hash: CE119670A0A64E8FEB659F648C256F93790FF95300F51457AE42DCA1E1DBB8B650C740

Function 00007FFD9B6DCF60 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77a4b3d17cb20fdc2c5eb379c8083d2f7ec2567730198eb8da919d14840f1e2e
Instruction ID: 1b65c954d11ee7603904a0d26f13e477406cf3882587dde5d4dea6df76b46860
Opcode Fuzzy Hash: 77a4b3d17cb20fdc2c5eb379c8083d2f7ec2567730198eb8da919d14840f1e2e
Instruction Fuzzy Hash: 83119030A0A68E8FEB96AB68C8655F97BB0FF56300F0105BAD46DCB0E2DA346650C750

Function 00007FFD9B6D0F2E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d99323a83b30b07a9e885cde56f2b9c05ce9ed954ba1f6f34a4ab87dc9cffe7e
Instruction ID: 8cc05842c4c5fb4d4d1923391ae4d133bdad857129960277b38800ce752db3d9
Opcode Fuzzy Hash: d99323a83b30b07a9e885cde56f2b9c05ce9ed954ba1f6f34a4ab87dc9cffe7e
Instruction Fuzzy Hash: 6F111F31E1980D8BEB64EB98CC65FEDB3B1FB94300F118265D419EB2A5DE347A45CB84

Function 00007FFD9B6DCED7 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c263efbf63e0a7d717288ceae384756098c1d6c276a1af21dfb3e83893d8104d
Instruction ID: 00c2c7d70bcac491221c00cdee465a705feb47acacb6c7b8ad7d10c8cfc6b3b2
Opcode Fuzzy Hash: c263efbf63e0a7d717288ceae384756098c1d6c276a1af21dfb3e83893d8104d
Instruction Fuzzy Hash: 52119831A0A78E4EEB55AFA89C255FA7BB0FF46310F0505B7E86DCA0E2DB346514C790

Function 00007FFD9B6D282D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24f262cffc23c0a740d9b07ad39f3435179423296358287d3806397b0582bc55
Instruction ID: 50eddeedb9aea77ef10ea4041acc3d72d49376d353b65b3c42b0ceae21637798
Opcode Fuzzy Hash: 24f262cffc23c0a740d9b07ad39f3435179423296358287d3806397b0582bc55
Instruction Fuzzy Hash: C911A330B1A64E8BEB799FA4C8652F937A0FF85301F01497AE42DCA1E5DB39B554C640

Function 00007FFD9B6DC285 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc5dd3878ebb9a9f83c217c5282134890b794c0e0597470f27d1d410fb218a35
Instruction ID: e9cac825e1550e98f8c3d3456d5df6033065f77472c0b06b6e944b5cc86d2fdc
Opcode Fuzzy Hash: bc5dd3878ebb9a9f83c217c5282134890b794c0e0597470f27d1d410fb218a35
Instruction Fuzzy Hash: B5118270A09A4D8FDB95EFA8C8691BD7BF0FF59300F0105BAD429CB1A5DB34A640C700

Function 00007FFD9B6DB53D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 688e9871f79c2ba99bb58b6890984feda5a5ef4e78100193b67204b9d33ad455
Instruction ID: fce5a0c20d0a55238897e8ce5d3cd3cadfa102a0af88a0d07341cbbb751c85d8
Opcode Fuzzy Hash: 688e9871f79c2ba99bb58b6890984feda5a5ef4e78100193b67204b9d33ad455
Instruction Fuzzy Hash: BE11A961E1E54E49E761AFE85C241FD7BA0FFC5300F4A0676D46CCE0E6EE2876048241

Function 00007FFD9B6E7D8A Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6bd41a2b376a00d089782dd54341d62ecf0495633933f340739ed5ab6a3771e
Instruction ID: 063573eefcb4fa061a21121e90e7f98b08a3003edd1b3a35d294c6cbcb555e92
Opcode Fuzzy Hash: b6bd41a2b376a00d089782dd54341d62ecf0495633933f340739ed5ab6a3771e
Instruction Fuzzy Hash: 4B110D70E0911E8AEB64DFD0C8687FDB7B0AF44310F151139D41AAA2E1CB787A94CB55

Function 00007FFD9B6D2EC1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ba4a526a3d92c11490ec419c77dc8781a6a7dda4278be3ca8202ebcf4dfd9ea
Instruction ID: b2508c163e46f4923f35db4ad5f262d6a0a69d713ba4a867abad8e3b4a3f4f33
Opcode Fuzzy Hash: 5ba4a526a3d92c11490ec419c77dc8781a6a7dda4278be3ca8202ebcf4dfd9ea
Instruction Fuzzy Hash: 9201D870A4A54D4FE761EBA4C8691B97BE0FF55300F020AB6D41CCB0B5EB34F1448701

Function 00007FFD9B6DB0D9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb610d4b381528b2b2b7f9dc174255bdfbe912d8a08457ee40c986c8aa72cfe5
Instruction ID: 54c9589642dea6475746a8ed89350bf6035f8848650fd7a07155f09efc9d9af9
Opcode Fuzzy Hash: eb610d4b381528b2b2b7f9dc174255bdfbe912d8a08457ee40c986c8aa72cfe5
Instruction Fuzzy Hash: DA01B931A0E64D4FE762AB64CC596A97BE0EF9A300F4649F6D418CF0A6DA24B5548700

Function 00007FFD9B6D05D8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c42da4956aad4ebd103723b926bde329a86cc15631b8cc153855a09389216393
Instruction ID: 8ce946cd690ba18efd098ae2a1220ee35213e04fdc2abb91d9e40995c14b5213
Opcode Fuzzy Hash: c42da4956aad4ebd103723b926bde329a86cc15631b8cc153855a09389216393
Instruction Fuzzy Hash: E801B130A0A50E8FEB58EF64C4686B977E1EF99300F20057DD02EC61E5CB71B641C740

Function 00007FFD9B6D2F39 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de989d44b24a0861bfd4a0cd56cd21cc2b29a17f4c608b5b280417a3ae235118
Instruction ID: d13513505ac110bafe9ed0c245e5980b08d9ae3b5336836f5157be690260043f
Opcode Fuzzy Hash: de989d44b24a0861bfd4a0cd56cd21cc2b29a17f4c608b5b280417a3ae235118
Instruction Fuzzy Hash: 8C018870A5E64D4FD762ABB4CC695A97BE0EF86300F0609F7D41CCB0F6DA24B5548701

Function 00007FFD9B6DB7CE Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9b3fd1d23502742d01762f0e0c0ac43847dbbbf63e3f3b2a8d0fd6682a24d2d
Instruction ID: 975add407bb87ebaa5b3c15ff293bac3e9d55b26ebb5fbf10b1fe128a402966c
Opcode Fuzzy Hash: f9b3fd1d23502742d01762f0e0c0ac43847dbbbf63e3f3b2a8d0fd6682a24d2d
Instruction Fuzzy Hash: AF11F770E1A51E9EEBA0EB98C8657E9B6B1FB88301F4042B5D01DD62A5DF342E80CF40

Function 00007FFD9B6D0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d21799075537f4eaed51606a2a617bf9d585f032b6d0bb9565b4326c651fc7f
Instruction ID: b25ac83a0394b04b9f87d5e3d75bf2d090a846503c4ebc224f07fac51983f1ff
Opcode Fuzzy Hash: 0d21799075537f4eaed51606a2a617bf9d585f032b6d0bb9565b4326c651fc7f
Instruction Fuzzy Hash: CE01A230B1590E8BDB69EBA4C4685B973A0FF48305F10057EE42EC61E5CF35F144C640

Function 00007FFD9B6D0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f62e0c4691c46ac8d5ea019c7b67db0fadfe9fb70bc78b0370ce3ce0449ff3ca
Instruction ID: 5d536e52ffd7c603125ebd54c19139588b3130717c1630442e2b7b711d642f6d
Opcode Fuzzy Hash: f62e0c4691c46ac8d5ea019c7b67db0fadfe9fb70bc78b0370ce3ce0449ff3ca
Instruction Fuzzy Hash: BE018630A1950E8BDB69EFA4C4695BA77A0FF58305F11097EE42EC61E5DF35B194CA00

Function 00007FFD9B6D1240 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0a5d108a5b91202bb5ddd62b24d695275ee1494fdc95aa42463b2d2e3093c4b
Instruction ID: ca0eba9a896b80af00f37f8880fa500682a6ef0efa7c0108455e0514e3fbda1a
Opcode Fuzzy Hash: f0a5d108a5b91202bb5ddd62b24d695275ee1494fdc95aa42463b2d2e3093c4b
Instruction Fuzzy Hash: 0FF0A970E0A54E4AFB659B988C287BA77E0FF96311F00067AE42DC60E1DF652254C640

Function 00007FFD9B6DDA85 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889f8dc18bf554b86b22b642c05b1c9b56ec5e2b555d0463634da8ac52d3bd01
Instruction ID: 7d279e8464e6214032d0a9e25187f2b7045479218beeec21fe60484f3f7e2029
Opcode Fuzzy Hash: 889f8dc18bf554b86b22b642c05b1c9b56ec5e2b555d0463634da8ac52d3bd01
Instruction Fuzzy Hash: 3A01DE70E1D90D8FDB64EF94C860AED77F1EF98311F554239D01AEA2A5DA357941CB00

Function 00007FFD9B6D05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 870720875dc58e58ad3ccd57bb2f324200d64a452886982b512a0d1084c9776b
Instruction ID: e3be09c71acbf6231284e2ea9bb75228ddf7e5e7acdbdd82d5afbfbff9d07cb6
Opcode Fuzzy Hash: 870720875dc58e58ad3ccd57bb2f324200d64a452886982b512a0d1084c9776b
Instruction Fuzzy Hash: B1F0C230A0A64E8FEB68EF6488256FA37A0EF45304F510A7AE82DC60E1CF75B650C740

Function 00007FFD9B6D23AA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b834a66cea2e8838f8e7a27b9442c1e66e0d6b4dfc5dcefdcabc92c5830eb815
Instruction ID: 51ff30ca0a11c2b9f38022bbe81a162101b7eb6631ad4447932c56b3fd2890f9
Opcode Fuzzy Hash: b834a66cea2e8838f8e7a27b9442c1e66e0d6b4dfc5dcefdcabc92c5830eb815
Instruction Fuzzy Hash: A201C031A4A51DCAEBA4DB80CC647FC73A5EB91300F1142B9C45DD61A1DE743E85CB01

Function 00007FFD9B6D3555 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2057d5c1befb774dae1ba5f02d660f3dcd90cc384e0907a6154520d2d1c9d467
Instruction ID: bf172478af006e654475c9e5994695beb340e401fcaeccbe775d4bb0072b8439
Opcode Fuzzy Hash: 2057d5c1befb774dae1ba5f02d660f3dcd90cc384e0907a6154520d2d1c9d467
Instruction Fuzzy Hash: F1F0A470E1A68E8FDB65DF688C282FE7BA0FF55300F4106BED428CB1A1DB34A6108741

Function 00007FFD9B6E7E00 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2926cd4f2c0c5f2dd1c2e20c591cb30ec76164fee90b56adf2eef6397faa7010
Instruction ID: 39c5a04394f39b6ca90ba590d40abf4afbb6151c067dc3e45ab1d9867e0d0930
Opcode Fuzzy Hash: 2926cd4f2c0c5f2dd1c2e20c591cb30ec76164fee90b56adf2eef6397faa7010
Instruction Fuzzy Hash: 57012C34E0A10E8AEB64DED0C8696FC77F1AB54310F150139C41AEB2A1CA3CBA98CB44

Function 00007FFD9B6D27B9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98a02a178d2710a86a2686e1b132729052f2d35bcb0d9b2677880d76c7650ab2
Instruction ID: 5160c7e9bb36fbbbfb9bb1ba22f06a285d69f09e4214680690f9135e66149d44
Opcode Fuzzy Hash: 98a02a178d2710a86a2686e1b132729052f2d35bcb0d9b2677880d76c7650ab2
Instruction Fuzzy Hash: 54F0443190E78D4FEB6A9F64C8251AA3FA0BF56300F4505BAD459CA1E2DB28A554C711

Function 00007FFD9B6DBEAD Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5caf809c7517f83b07bba0accdf55720b017d9c4322be1083653a75ea56db954
Instruction ID: 69d3a5ec25176363b64fe362b8125e00c5b82625123f1dd3569652667dfed1b4
Opcode Fuzzy Hash: 5caf809c7517f83b07bba0accdf55720b017d9c4322be1083653a75ea56db954
Instruction Fuzzy Hash: DF01E570E0551E8EEB64DB94C8547EEB6F0FB88301F1482A6D018AA295DB386A848F94

Function 00007FFD9B6D17A0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6d0000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6cf9797388896da03f38a9e074d656f7ccc1dac019205c0e4e67546ed29bc1c
Instruction ID: 10e0d5c74b30f271124a4f4b374cc882695065fc6806f06a7b7cee41ad316dd8
Opcode Fuzzy Hash: d6cf9797388896da03f38a9e074d656f7ccc1dac019205c0e4e67546ed29bc1c
Instruction Fuzzy Hash: C1E0C020B0740A46EA745AD8C89566461D19BC4314FBA8B75E03CCF1F2E929BDC6C201

Function 00007FFD9B6DBF2C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6DB000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6db000_services.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c6cf18c957287cbda29abd7837cce4b2728336c6e2d61837f44f1eb2d1e2637
Instruction ID: f60beacf7e613885ab7915165f0c5b195d0964660056195b53a1e4d96b890c8a
Opcode Fuzzy Hash: 4c6cf18c957287cbda29abd7837cce4b2728336c6e2d61837f44f1eb2d1e2637
Instruction Fuzzy Hash: CAE0EC31E1E50E9ADBA0A750C861AE9B664AF96300F5942E1D52DCA1B6CD24AA808B40

Non-executed Functions

Function 00007FFD9B6E15A9 Relevance: 7.6, Strings: 6, Instructions: 100COMMON

Download Yara Rule

Strings

!, xrefs: 00007FFD9B6E1A9D
#, xrefs: 00007FFD9B6E152C
", xrefs: 00007FFD9B6E1923
[, xrefs: 00007FFD9B6E1731
}, xrefs: 00007FFD9B6E15E0
", xrefs: 00007FFD9B6E1930

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID: !$"$"$#$[$}
API String ID: 0-1770236806
Opcode ID: 47b758add011749f1fd82a170b3ed0c7acdd9e95a25c5775821b226f801d7c5b
Instruction ID: 6bb79caf79552c0151f15e8dc2ea7e6ebcc7b3c41517b9520878b53c8c6bacff
Opcode Fuzzy Hash: 47b758add011749f1fd82a170b3ed0c7acdd9e95a25c5775821b226f801d7c5b
Instruction Fuzzy Hash: 6F41DD70E0522E8FEB68DF94C8A47FDB7B1AF54301F1145BAD45DAA290DB386A94DF00

Function 00007FFD9B6E068E Relevance: 5.0, Strings: 4, Instructions: 46COMMON

Download Yara Rule

Strings

0, xrefs: 00007FFD9B6E0455
b, xrefs: 00007FFD9B6E06AF
[, xrefs: 00007FFD9B6E06A2
F, xrefs: 00007FFD9B6E04C7

Memory Dump Source

Source File: 00000027.00000002.1791763187.00007FFD9B6E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b6e0000_services.jbxd

Similarity

API ID:
String ID: 0$F$[$b
API String ID: 0-1668057103
Opcode ID: 5e7d0b3d67754f939391071519a3ad47a03583031819be69bbdc693db2f4676c
Instruction ID: d48afe82882e0b187aa1be7c3b2407ef0de417ef066e0d68f0ab378c8622fb5f
Opcode Fuzzy Hash: 5e7d0b3d67754f939391071519a3ad47a03583031819be69bbdc693db2f4676c
Instruction Fuzzy Hash: 4911BB74E0562A8BEB68DF55CC657BAB6B1AF85301F4101A9D05DAB291CB786A80CF00

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Duq6x6p2Pd.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DCRat

Yara Signatures

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe

C:\Program Files (x86)\Microsoft Office\JjUyoQCSby.exe:Zone.Identifier

C:\Program Files (x86)\Microsoft Office\a010d8a77ca910

C:\Program Files (x86)\Windows Portable Devices\c5b4cb5e9653cc

C:\Program Files (x86)\Windows Portable Devices\services.exe

C:\Program Files (x86)\Windows Portable Devices\services.exe:Zone.Identifier

C:\Recovery\55b276f4edf653

C:\Recovery\91e168f4ec1147

C:\Recovery\JjUyoQCSby.exe

C:\Recovery\JjUyoQCSby.exe:Zone.Identifier

C:\Recovery\SgrmBroker.exe

C:\Recovery\SgrmBroker.exe:Zone.Identifier

C:\Recovery\StartMenuExperienceHost.exe

C:\Recovery\StartMenuExperienceHost.exe:Zone.Identifier

C:\Recovery\a010d8a77ca910

C:\Users\Default\JjUyoQCSby.exe

C:\Users\Default\JjUyoQCSby.exe:Zone.Identifier

C:\Users\Default\a010d8a77ca910

Windows Analysis Report
Duq6x6p2Pd.exe