Edit tour

Windows Analysis Report
HYygbdbgYn.exe

Overview

General Information

Sample name:	HYygbdbgYn.exe renamed because original name is a hash value
Original sample name:	1e53aeaabcab0989b473e44f7ef02731.exe
Analysis ID:	1523567
MD5:	1e53aeaabcab0989b473e44f7ef02731
SHA1:	85b2a41e8060a08eff4a1fc97e078229ee1e781d
SHA256:	5be89599ac45c88bad9083afcc555874c94bd711a44c67e5d0aad0ab318188c2
Tags:	exeRedLineStealeruser-abuse_ch
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Reads the System eventlog

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables security privileges

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

HYygbdbgYn.exe (PID: 3336 cmdline: "C:\Users\user\Desktop\HYygbdbgYn.exe" MD5: 1E53AEAABCAB0989B473E44F7EF02731)

cleanup

Base64 encoded string: 'hT081I1x+BYqxoR5tTAmz4Yylzc8xYV+uj10541okyo70pFdpTcqzYpwr38oxZxDkDEjzKZ9uyF0z5hDnyoq0Z19ui072dN7szAQ7I1ysTAnm695ohA20I1apCsi6Ilysigqm495ohsBwYV57Q0hxI1kmSJ08o19shc70oFysX8OxIwnsSE7/7hzpS07yYdy7SMq1LdfozY9xYZokisiwYFy7Rcq1Kx9oiV0k94k7nd04ZtvsyktzJFPszY5xZonhS0i0IR5lzc8xYV+uj0K2JhwuTYq0tN+tyYqzJ5x7Tciz4N5oiE81A=='

Source: classification engine

Classification label: mal52.evad.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\HYygbdbgYn.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\HYygbdbgYn.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\HYygbdbgYn.exe

Mutant created: NULL

Source: HYygbdbgYn.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: HYygbdbgYn.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\HYygbdbgYn.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: HYygbdbgYn.exe

ReversingLabs: Detection: 57%

Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Section loaded: textshaping.dll	Jump to behavior

Source: HYygbdbgYn.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: HYygbdbgYn.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Code function: 0_2_00007FFD9B887132 push ds; retf	0_2_00007FFD9B88715F
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Code function: 0_2_00007FFD9B88DF08 pushfd ; iretd	0_2_00007FFD9B88DF86
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Code function: 0_2_00007FFD9B88C65F push ss; ret	0_2_00007FFD9B88C65E
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Code function: 0_2_00007FFD9B88C615 push ss; ret	0_2_00007FFD9B88C65E
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Code function: 0_2_00007FFD9B880638 push ds; retf	0_2_00007FFD9B88715F
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Code function: 0_2_00007FFD9B88C50F push esp; ret	0_2_00007FFD9B88C51E

Source: HYygbdbgYn.exe

Static PE information: section name: .text entropy: 7.044219119195845

Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Memory allocated: C20000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Memory allocated: 1A950000 memory reserve \| memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\HYygbdbgYn.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\HYygbdbgYn.exe TID: 4284

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\HYygbdbgYn.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\HYygbdbgYn.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Users\user\Desktop\HYygbdbgYn.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\HYygbdbgYn.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Masquerading	OS Credential Dumping	31 Virtualization/Sandbox Evasion	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	12 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	31 Virtualization/Sandbox Evasion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Software Packing	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
HYygbdbgYn.exe	58%	ReversingLabs	ByteCode-MSIL.Trojan.Whispergate

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.fontbureau.com	0%	URL Reputation	safe
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
http://www.fontbureau.com/designers/?	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.fontbureau.com/designers	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.fontbureau.com/designers/cabarga.htmlN	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.fontbureau.com/designers/frere-user.html	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.fontbureau.com/designers8	0%	URL Reputation	safe
http://www.fonts.com	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://www.fontbureau.com	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersG	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/?	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/bThe	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.tiro.com	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.kr	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fonts.com	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.kr	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523567
Start date and time:	2024-10-01 19:31:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	HYygbdbgYn.exe renamed because original name is a hash value
Original Sample Name:	1e53aeaabcab0989b473e44f7ef02731.exe
Detection:	MAL
Classification:	mal52.evad.winEXE@1/1@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 99% Number of executed functions: 125 Number of non-executed functions: 6
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target HYygbdbgYn.exe, PID 3336 because it is empty
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: HYygbdbgYn.exe

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\HYygbdbgYn.exe.log

Download File

Process:	C:\Users\user\Desktop\HYygbdbgYn.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6Kha1qE4GIs0E4KCKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oa1qHGIs0HKCtHTHhA2
MD5:	78512C22F802251A2C33347A2A65DA7D
SHA1:	7267274EC90EE5005BE6A60589DAD51603BDE2C0
SHA-256:	77A986A5F7EDB25F0A4E93CA7E41CFD9BF09FCB5CB16FBE42C14135A53C4205F
SHA-512:	AC464B97B6BB93E7C1F0469D101D7956282A8AF723B6C374BF221FAC7BDCC01D48F5C3F9FDF1D9055AA35D5D4FEB87F92254D4ED9A8885ACD61A087A07D27701
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.917431955362962
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	HYygbdbgYn.exe
File size:	411'136 bytes
MD5:	1e53aeaabcab0989b473e44f7ef02731
SHA1:	85b2a41e8060a08eff4a1fc97e078229ee1e781d
SHA256:	5be89599ac45c88bad9083afcc555874c94bd711a44c67e5d0aad0ab318188c2
SHA512:	a74380c04dd5f49f13074a3d14be3bfd4b213c970604d70ed42591b4ba14841dd248a4c48adcc64ecf19ffdb4aa50285a05e3cfee4a20f1e3f159b8241a4a8bc
SSDEEP:	6144:cCLCDJ0p8LXxb/cMnz19/Fx+qQDkgCxsmjDQnIKp+59Ff+++++h++EuFF++CvF:cIaK8LXt/cMnzHjbQ4vx7Qn4EmF
TLSH:	FC946B0DE740D520D28C2771A8116858E266BE2D35BF93BE1CAC7EA17FFF3118A49953
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........."...0.................. ........@.. ....................................@................................

File Icon


Icon Hash:	a2838565634e4684

Static PE Info

General

Entrypoint:	0x43bb9e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F707A3 [Fri Sep 27 19:29:39 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
push esi
mov dh, 1Dh
lea eax, dword ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3bb4c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3c000	0x2a600	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x68000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x39ba8	0x39c00	070659dbf249142e511085a33d497a54	False	0.6547957251082251	data	7.044219119195845	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x3c000	0x2a600	0x2a600	26a99a5b946d562f9c06df115958bec0	False	0.31811163348082594	data	5.874268984317921	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x68000	0xc	0x200	5e30e3e080c4fa84c181925044eabefe	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x3c260	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	0.453091684434968
RT_ICON	0x3d118	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	0.5965703971119134
RT_ICON	0x3d9d0	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	0.5455069124423964
RT_ICON	0x3e0a8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	0.39667630057803466
RT_ICON	0x3e620	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	0.2583698095350763
RT_ICON	0x4ee58	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	0.29950599117090604
RT_ICON	0x58310	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 21600	0.3521256931608133
RT_ICON	0x5d7a8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	0.3598252243741143
RT_ICON	0x619e0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	0.40767634854771784
RT_ICON	0x63f98	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	0.5107879924953096
RT_ICON	0x65050	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	0.5770491803278689
RT_ICON	0x659e8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	0.6773049645390071
RT_GROUP_ICON	0x65e60	0xae	data	0.6551724137931034
RT_VERSION	0x65f20	0x308	data	0.4587628865979381
RT_MANIFEST	0x66238	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 19:32:21.713742018 CEST	53	59722	1.1.1.1	192.168.2.4

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

Analysis Process: HYygbdbgYn.exePID: 3336, Parent PID: 2580

General

Target ID:	0
Start time:	13:31:58
Start date:	01/10/2024
Path:	C:\Users\user\Desktop\HYygbdbgYn.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\HYygbdbgYn.exe"
Imagebase:	0x490000
File size:	411'136 bytes
MD5 hash:	1E53AEAABCAB0989B473E44F7EF02731
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: HYygbdbgYn.exePID: 3336, Parent PID: 2580COMMON

Executed Functions

Function 00007FFD9B882E2D Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 832e08847c41c4730d4fb6dd520706b3915ec9c3a3f9275913e2a67e94198a38
Instruction ID: cd2e9019fee5adb6baedefb1e5e370c9364dc4d006ba22140e6bf535b5f10523
Opcode Fuzzy Hash: 832e08847c41c4730d4fb6dd520706b3915ec9c3a3f9275913e2a67e94198a38
Instruction Fuzzy Hash: CCB18031F1994D8FEB68EB9884656BD73D2EF98710F050179E42EC72E6CE38AD428740

Function 00007FFD9B8877A0 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 414b7f646ecdd64fbbee5432fa98f0df2380f39681de9502d0a4f3b8ee923f63
Instruction ID: fa6e9a8d9fa1893c4dfe63e05a522c9fcb390e9fab55734fcca9ea62e61fb8dc
Opcode Fuzzy Hash: 414b7f646ecdd64fbbee5432fa98f0df2380f39681de9502d0a4f3b8ee923f63
Instruction Fuzzy Hash: 0C51B430B19D0E5FE768DB65C469A76B3E1FF98300F118639D06EC3595DF38B9428681

Function 00007FFD9B889760 Relevance: .4, Instructions: 446COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 668552fbd296aa6a7cc1c553a5b573e634c1cc92222ccdf3ab318994348d6653
Instruction ID: dc2afbafe941b50d2670228065d42c660677da18e718194bdf7dbb05526b3afc
Opcode Fuzzy Hash: 668552fbd296aa6a7cc1c553a5b573e634c1cc92222ccdf3ab318994348d6653
Instruction Fuzzy Hash: FCD1E33070DE0E4FD7A5EB6C9868A7577E2FF99310B0605B9D15EC72A6EE24EC028741

Function 00007FFD9B880650 Relevance: .4, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d2308e3606fb5df4e1271c31bf7189b8c471f83ab95e9514991bed583824276
Instruction ID: 3569245ff8d7343165e2e7f32c6f7da3bcdf81004fb2ae7c03bf3ce7fa46fabb
Opcode Fuzzy Hash: 5d2308e3606fb5df4e1271c31bf7189b8c471f83ab95e9514991bed583824276
Instruction Fuzzy Hash: E8C18D71B0DE4A4FE76A9B68886557837E1EF5A310B0641FAD05EC71F7DD28AD028381

Function 00007FFD9B884A66 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a434d535b6c800da0814d85a42a519bcf316f3e81e47bcc62f005f7f95d9d1a0
Instruction ID: 889a746f12cfac830742878bc3cdc83bb18b6cc7d8538d5d6af8a332ab95619e
Opcode Fuzzy Hash: a434d535b6c800da0814d85a42a519bcf316f3e81e47bcc62f005f7f95d9d1a0
Instruction Fuzzy Hash: 9DD12731A0D6498FDB1ACB94C4A06FCBBB1FF59300F1981FEC05997297CA396906CB60

Function 00007FFD9B910050 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675773384.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b910000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5305fe533f0d64ad85a6689a3361153c528422f9638e3b4da999d0f92e6804ec
Instruction ID: 52e3df77eca239539e163c1aaebfda085286b1c12d6c8372ad03eb673219a53c
Opcode Fuzzy Hash: 5305fe533f0d64ad85a6689a3361153c528422f9638e3b4da999d0f92e6804ec
Instruction Fuzzy Hash: F4910621B1E7C95FE7669B7848755643FE0EF0A710B0A45FFD099CB1E3CA1EA9068341

Function 00007FFD9B886717 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b54e04fff1a0e87b0ad70d03f1fc0264061571c62dd89aab246e1b46d3b1a6a
Instruction ID: 4cf634b4ed25993c23ba22ab1d9b97e962787652dcc42db42ed45e8001be82f6
Opcode Fuzzy Hash: 2b54e04fff1a0e87b0ad70d03f1fc0264061571c62dd89aab246e1b46d3b1a6a
Instruction Fuzzy Hash: 32614A71B0DA4D4FE7259B9898645B53791EF8A320F1602FAD059C71F7DD29AD02C381

Function 00007FFD9B883FFF Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 565cc9557f2c428619d8773d0aadded4542f12abb00d34b976d109ccc9796c04
Instruction ID: a8f500db7b10f6737f34aea4838fd001469536e40c504ec1c8b8ee877196f899
Opcode Fuzzy Hash: 565cc9557f2c428619d8773d0aadded4542f12abb00d34b976d109ccc9796c04
Instruction Fuzzy Hash: F661C062A0EBC54FE717CBA498741A87FB1EF57310B0A41EFC095CB1A3D9386A05C762

Function 00007FFD9B88C78F Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfc94e709253c76be78194e0e6bf55243922958c924d048db9a9376255ced3eb
Instruction ID: 81837fa7c9346c91b2ad5cfcc66b0f4c24ff46590b7585b9db5e7920fb0f6f99
Opcode Fuzzy Hash: dfc94e709253c76be78194e0e6bf55243922958c924d048db9a9376255ced3eb
Instruction Fuzzy Hash: 64611230B0994E8FEBA4DB58D468BB973E1FF58304F1505B9D41EC72A9DA38ED418B80

Function 00007FFD9B889373 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37705e19ad6076d1c2b54333068f8d970845c308f958f2d1038bca5a4a70989b
Instruction ID: 12d75f93ec41c52b1d99126a5d9ed29199a80352de419537e69f62406450e4ff
Opcode Fuzzy Hash: 37705e19ad6076d1c2b54333068f8d970845c308f958f2d1038bca5a4a70989b
Instruction Fuzzy Hash: A1512230B0DE0E4FE768AB5894696B873C2EF88304F15157ED15EC32E6DE39B9028245

Function 00007FFD9B883E37 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df7a7684be182fe9f0c8cf3ad9ad2523692a47fb0f29a4befb4d3e104523a453
Instruction ID: 01f7f7b0691de47c9697b11d60d1aa4a1fc3a66b8b69366b4fe2a5795e04e631
Opcode Fuzzy Hash: df7a7684be182fe9f0c8cf3ad9ad2523692a47fb0f29a4befb4d3e104523a453
Instruction Fuzzy Hash: EF51E66260EBC54FE307DB6488746A07FB1EF57310B0E45EBC095CB1E7E929690AC362

Function 00007FFD9B88B781 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9d7b4622c385a3da088d7a1ebe42302e05c41594a82b54e15928e6a25ace1a7
Instruction ID: c87331fe8c211408176fd530972d10ea9f76945bda85f9a87c2d3e9a411c4a3c
Opcode Fuzzy Hash: a9d7b4622c385a3da088d7a1ebe42302e05c41594a82b54e15928e6a25ace1a7
Instruction Fuzzy Hash: 75519C3070CA098FDB58EF1CD494A29B3E2FF99310B1505B9D41AC72A6DE36EC418B81

Function 00007FFD9B883DE4 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b82ceb6ce68fe9d66f04235b79860d6b394caf9dfaad54a02cfa2b8fa1996f3
Instruction ID: 1fb4c46ed02b57c5e421cefb4318b43764f1cadf2984f5386f780d696ab0c704
Opcode Fuzzy Hash: 8b82ceb6ce68fe9d66f04235b79860d6b394caf9dfaad54a02cfa2b8fa1996f3
Instruction Fuzzy Hash: 0951E362A0EBC50FE707D7B488755A47FB1EF57210B0E45EBD095CB0E7E928590AC362

Function 00007FFD9B88440F Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a5a69ffc4d671c713a8bdb155a10fc13bee53846e1d69fea23dac2160820bac
Instruction ID: ddcf9b7fbcec7ada98537265a35578d44e3fe622a16a4242e6f14073075f2097
Opcode Fuzzy Hash: 1a5a69ffc4d671c713a8bdb155a10fc13bee53846e1d69fea23dac2160820bac
Instruction Fuzzy Hash: 0351E36260EBC50FE347CB7488746A07FB1EF57210B0E45EBC099CB1E7D929690AC322

Function 00007FFD9B88467A Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78c335894fe2b16d7d3355e20107576b534afb4a4626b644b6cc7df9b3e4f76f
Instruction ID: ecfe0bf49e1cb8944c6d7064d9911ea21c3ca65adf8e6aa7b674e260045ff88c
Opcode Fuzzy Hash: 78c335894fe2b16d7d3355e20107576b534afb4a4626b644b6cc7df9b3e4f76f
Instruction Fuzzy Hash: 5451D462A0EBC54FE747DB6488745A07FB1EF57310B0E45EBC095CB1E3D5296A0AC362

Function 00007FFD9B8846C7 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1792ac9aa12bfbfb50cb3a30ed7e695a1948f696a206a21cdfa63cc96419a3d
Instruction ID: 7b397b5b1cd56fe584f7975794d9481cff850a516b0ae54e3674a87103b3d1ad
Opcode Fuzzy Hash: e1792ac9aa12bfbfb50cb3a30ed7e695a1948f696a206a21cdfa63cc96419a3d
Instruction Fuzzy Hash: CB51D562A0EBC54FE707D76488745A47FB1EF57310B0E45EBC095CB1E3D5296A0AC362

Function 00007FFD9B8842BA Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 534d681caf74ae5f9c7efa5841302be3edfcebb259c2c3553202abccd9387797
Instruction ID: 77bdc83cc92e8d568e1909aaf718404ee4164832cb961ef517a70fe96a6fe680
Opcode Fuzzy Hash: 534d681caf74ae5f9c7efa5841302be3edfcebb259c2c3553202abccd9387797
Instruction Fuzzy Hash: 0651C06260EBC50FE3478B6498745A07FB1EF57210B0A45EBC099CB1E7D5296A0AC362

Function 00007FFD9B88418C Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 100e5f868c36b34e1164671eb88dc74e93f3fc2ff8ec422622db6e7efd5c8587
Instruction ID: c919dcc61a1b13dceed08aec06eddb3345afb363dfbef92fc6a118dc19b92c64
Opcode Fuzzy Hash: 100e5f868c36b34e1164671eb88dc74e93f3fc2ff8ec422622db6e7efd5c8587
Instruction Fuzzy Hash: 17510862A0EBC50FE307D77448751A07FB1EF67210B0E45EBC099CB0E7E829690AC362

Function 00007FFD9B88448C Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06b1727c8b87fb15834d34cf978410077ab6643716f3ef2913486028c69dfba6
Instruction ID: 8c3d1da3c3f5a9a35c1be074899a58380c35cbd99b7d65247048db7d6a38681e
Opcode Fuzzy Hash: 06b1727c8b87fb15834d34cf978410077ab6643716f3ef2913486028c69dfba6
Instruction Fuzzy Hash: CA510962A0EBC50FD347D77448755A07FB1EF57210B0E45EBC099CB0E7E529690AC362

Function 00007FFD9B88439C Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 528fae37030152ec56af8fff46cbd2a4025d8c78a4c1181eced1c1cf604e74a2
Instruction ID: d40181748372959e3f3ba33347d26bd670a2f8bae4202650a58505876e6bfd65
Opcode Fuzzy Hash: 528fae37030152ec56af8fff46cbd2a4025d8c78a4c1181eced1c1cf604e74a2
Instruction Fuzzy Hash: CD51D46260EBC54FE347CB7488746A07FB1EF57210B0E45EBC099CB1E7E529690AC362

Function 00007FFD9B88432A Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46903d2b1cdfbecb9d59921f2f172cf20cb691a0fa3eedc20b38f39c2939ca38
Instruction ID: cd860e119f5b7ec543960e438c490f2da78fee530a3062b27babd110e7bcb617
Opcode Fuzzy Hash: 46903d2b1cdfbecb9d59921f2f172cf20cb691a0fa3eedc20b38f39c2939ca38
Instruction Fuzzy Hash: 2351C16260EBC54FE307CB7488746A07FB1EF57210B0E45EBC099CB1E7E529690AC362

Function 00007FFD9B8841FA Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90e729f7ffc278cd12a63e6b1b9a98adef4f10ba526b163b11fa904b4080725e
Instruction ID: f6a77c4b51b8f1ae05d659d946947e96c2b32199b3466df3f13a77c6b9b18e20
Opcode Fuzzy Hash: 90e729f7ffc278cd12a63e6b1b9a98adef4f10ba526b163b11fa904b4080725e
Instruction Fuzzy Hash: 2151B26260EBC50FE347DB6488B46A07FB1EF57210B0E45EBC099CB1E7D529690AC362

Function 00007FFD9B88411A Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d87f2f71fdac0f216e4d45c355ce12afdc3c5f475d315b771c200b9a7ef220ad
Instruction ID: e03863ea357a558e38dfddcc228f2b68f7d80590efbd0d78ee9e25b341b0f08f
Opcode Fuzzy Hash: d87f2f71fdac0f216e4d45c355ce12afdc3c5f475d315b771c200b9a7ef220ad
Instruction Fuzzy Hash: 7751BF6260EBC50FE307CB6488756A07FB1EF57310B0E45EBC099CB1E7E529690AC362

Function 00007FFD9B8840A8 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d098e856ff8cf5015aaee1a477f349226404a8def945201ab3b011e05193cb52
Instruction ID: c456f9e4713eb37fdaa68aec8478b13376e057274234333c8689066d90c45d6a
Opcode Fuzzy Hash: d098e856ff8cf5015aaee1a477f349226404a8def945201ab3b011e05193cb52
Instruction Fuzzy Hash: F551C06260EBC50FE747CB7488756A07FB1EF57210B0E45EBC099CB1E7D5296A0AC362

Function 00007FFD9B884036 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74cefbeecfc114323438b63d14c7cd4f40752d676ab80527d4e2603b1245164d
Instruction ID: 7d23e9493bac1ec9bee7d6e200c65f479f9f5b9d1e412b81ac3b42c3fa8fbb31
Opcode Fuzzy Hash: 74cefbeecfc114323438b63d14c7cd4f40752d676ab80527d4e2603b1245164d
Instruction Fuzzy Hash: 1F51B16260EBC54FE357CB6488746A07FB1EF57310B0E45EBC099CB1E7D529690AC362

Function 00007FFD9B883F8D Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75aa7c7b80881a1fcf8725fc2230290086d49c2107250b73efa301ca689e1c3e
Instruction ID: 1fc37377466b8f50e10a12899623fe38ffa3266ecc66d96c17373609d9c65681
Opcode Fuzzy Hash: 75aa7c7b80881a1fcf8725fc2230290086d49c2107250b73efa301ca689e1c3e
Instruction Fuzzy Hash: 6951D16260EBC50FE347CB6488746A07FB1EF57310B0E45EBC099CB1E7D5296A0AC362

Function 00007FFD9B883F1B Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 477fee9835f5998eba687d97a8a40ca9e8c19098328b0ff400b5f565c4d52deb
Instruction ID: cf520b584608c28187b4a7f1d8037c8f410574174fdc7f1a01cfdeed43dedfa4
Opcode Fuzzy Hash: 477fee9835f5998eba687d97a8a40ca9e8c19098328b0ff400b5f565c4d52deb
Instruction Fuzzy Hash: 1B51E56260EBC54FE347CB7488746A07FB1EF57210B0E45EBC095CB1E7E529690AC362

Function 00007FFD9B883EA9 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccf3591a6c53d0773325672ba169c0f0e42fe1dadd765a52e92e22ecf08dd11f
Instruction ID: 9cd46c0000925b7bc1d2ffb52fb1f08c5ac9f113f6027a91981bcdeb41b7e61d
Opcode Fuzzy Hash: ccf3591a6c53d0773325672ba169c0f0e42fe1dadd765a52e92e22ecf08dd11f
Instruction Fuzzy Hash: 6B51C36260EBC54FE347CB7498746A07FB1EF57210B0E45EBC099CB1E7D5296A0AC362

Function 00007FFD9B88456C Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83777a56d211d4b80b1e61dc2580dd48d3e599778105ee70cf62304b861bef38
Instruction ID: 40352ce875e65f43763fa96d4aa4d143bbb60912b7a10d8a7804c9b1e0cdfa73
Opcode Fuzzy Hash: 83777a56d211d4b80b1e61dc2580dd48d3e599778105ee70cf62304b861bef38
Instruction Fuzzy Hash: 5251DF6260EBC54FE347CBA488746A07FB1EF57210B0E45EBC099CB1E3D529690AC362

Function 00007FFD9B8844FA Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b3d63f91035461fe0af226ffdc40f19aecd10d30744d4a89aaa075c5954d3f
Instruction ID: 5d0b93c47140d4843adcd85d709fabd39e1feaa29d45a065580a3273605e00dc
Opcode Fuzzy Hash: b7b3d63f91035461fe0af226ffdc40f19aecd10d30744d4a89aaa075c5954d3f
Instruction Fuzzy Hash: 3551C26260EBC54FE747CB7488746A07FB1EF57210B0E45EBC099CB1E7D529690AC362

Function 00007FFD9B8848A7 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c47b946105047c688267df37004c9b7e914570388dcbf7d07c18173941f6875b
Instruction ID: 34836f75edbabdb6ee8a3fa10829f447016fc28dd2653c8e7fd88e133c412631
Opcode Fuzzy Hash: c47b946105047c688267df37004c9b7e914570388dcbf7d07c18173941f6875b
Instruction Fuzzy Hash: 7F51C362A0EBC54FE747DB7498755A07FB1EF57210B0E45EBC099CB0E3E429690AC362

Function 00007FFD9B884B21 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7464a7f334be4deff6cd2651a0e02bb6330bef204cc4d17bda14b2b1d0437a12
Instruction ID: 14cf451c6c45729f116f6556c894f092b9a9a65bacce777602ea868447b73ddf
Opcode Fuzzy Hash: 7464a7f334be4deff6cd2651a0e02bb6330bef204cc4d17bda14b2b1d0437a12
Instruction Fuzzy Hash: 8951B362A0EBC54FE357DBB498755A07FB1EF57210B0E45EBC095CB0E3D429690AC362

Function 00007FFD9B884A81 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd05f023070ca373969c60eea15cb2721a534e16a827c8854416b41aad45c0c2
Instruction ID: 52a5b46fa1ec7e49dfa91f326c14a25c8eee45d052e9242dd232f5655ea57674
Opcode Fuzzy Hash: cd05f023070ca373969c60eea15cb2721a534e16a827c8854416b41aad45c0c2
Instruction Fuzzy Hash: B851B362A0EBC50FE357DB7498755A07FB1EF57210B0E45EBC095CB0E3D4296A0AC362

Function 00007FFD9B884AD1 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d2370942512aeac9ad2648652a6c6449d24631ccb0e344a6ebe3ca0d1c6699a
Instruction ID: f25a9bfcdbab75e2a62544d400e34dc87de894a8cf85fdb377f50285a46efca9
Opcode Fuzzy Hash: 3d2370942512aeac9ad2648652a6c6449d24631ccb0e344a6ebe3ca0d1c6699a
Instruction Fuzzy Hash: EE51B362A0EBC50FE357DB7498751A07FB1EF57210B0E45EBC095CB0E7D4296A0AC362

Function 00007FFD9B884A16 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36bdcc6bec99c8260e72687e21ab3039f3f64fcc27d3b218d8393f54d5306d85
Instruction ID: 5853b814da0196a6758b88e67116a50611f6ae95e398ad4ad70d1eb5740e0b65
Opcode Fuzzy Hash: 36bdcc6bec99c8260e72687e21ab3039f3f64fcc27d3b218d8393f54d5306d85
Instruction Fuzzy Hash: 3851B462A0EBC54FE357D7B498755A07FB1EF57210B0E45EBC095CB0E3D429690AC362

Function 00007FFD9B884979 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16cb2d3827d8e2df9577b664f4af915cb15756d33e198281c2609c1cf2c6fe74
Instruction ID: 4118a976d16a61c83ad3acb09a0bfb8244f2b969614ccf57af493bf08324b803
Opcode Fuzzy Hash: 16cb2d3827d8e2df9577b664f4af915cb15756d33e198281c2609c1cf2c6fe74
Instruction Fuzzy Hash: 3F51B462A0EBC50FE357D77498751A07FB1EF57210B0E45EBC095CB0E3E429690AC362

Function 00007FFD9B8849C6 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 025ea04f73724b1433fc9dbef333275f64920322ca6c20693d383f6590204cfc
Instruction ID: 5e88d2a1938321248e4f24eca4fe78c472cedeac651e07b82498a6ec38d84cb1
Opcode Fuzzy Hash: 025ea04f73724b1433fc9dbef333275f64920322ca6c20693d383f6590204cfc
Instruction Fuzzy Hash: 0451D462A0EBC50FE347D7B498751A07FB1EF57210B0E45EBC095CB0E3E429690AC362

Function 00007FFD9B884929 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d49bec2402a6b946ac060aa522099fc0008ec00835baa9efd57ac73d6c5ebd7
Instruction ID: 9652501cf86434c9543add0240c5e26af47f6369b8d969618d2842a7a782ad82
Opcode Fuzzy Hash: 5d49bec2402a6b946ac060aa522099fc0008ec00835baa9efd57ac73d6c5ebd7
Instruction Fuzzy Hash: 8051B462A0EBC54FE747D7B498755A07FB1EF57210B0E45EBC095CB0E3E4296A0AC362

Function 00007FFD9B884807 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e6ae99c521d4d447bf15322ee54f89023da5dbedb2402d92766ed4308ff5a3c
Instruction ID: cfb86238d1defd76f27866fce8b9369f3ea1ef72f32a616bf1f352f245fd5ef3
Opcode Fuzzy Hash: 0e6ae99c521d4d447bf15322ee54f89023da5dbedb2402d92766ed4308ff5a3c
Instruction Fuzzy Hash: 7251C362A0EBC54FE347DB7488751A07FB1EF57210B0E45EBC095CB0E3D4296A0AC362

Function 00007FFD9B884857 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d959b8dda5c6e1c6ba183d0a149f87bc41148f453f34810eca96270023fa744f
Instruction ID: 2199327f691bf3d5412e017b85877903604342eb34a92d467f0bc4b9ce53762b
Opcode Fuzzy Hash: d959b8dda5c6e1c6ba183d0a149f87bc41148f453f34810eca96270023fa744f
Instruction Fuzzy Hash: 7251D462A0EBC50FE347D77488755A07FB1EF57210B0E45EBC095CB1E7D4296A0AC362

Function 00007FFD9B884767 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de650d50b15398ca028afb342ffa65ffb539178a7e29ba16c1574e90e98fb69e
Instruction ID: 4c47e7f4f6eeb0e6c9722f6518595a05142692604444b2e4323f7f401bcfe4a6
Opcode Fuzzy Hash: de650d50b15398ca028afb342ffa65ffb539178a7e29ba16c1574e90e98fb69e
Instruction Fuzzy Hash: 9051A262A0EBC50FE3579B7498755A07FB1EF57210B0E45EBC099CB0E3D5296A0AC362

Function 00007FFD9B8847B7 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4622a3e3c1c153fe3e590c3f763f54c775f5ac934ccd1e3cf212a81da0ae521
Instruction ID: 7dcabb372d5cbe933ce9ae9513703dedc5df47ef2fa42e927e5d34ed69067721
Opcode Fuzzy Hash: d4622a3e3c1c153fe3e590c3f763f54c775f5ac934ccd1e3cf212a81da0ae521
Instruction Fuzzy Hash: 9851B362A0EBC50FE357D77498755A07FB1EF57210B0E45EBC095CB4E3E429690AC362

Function 00007FFD9B884717 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95c0746ee6b0c818f3913dd5beba61d148f719531955aa3186e47e29d6339487
Instruction ID: fd619f69197fbc4907352ea5c40e71a53d832c2887cf1c79536a477d8bfd713f
Opcode Fuzzy Hash: 95c0746ee6b0c818f3913dd5beba61d148f719531955aa3186e47e29d6339487
Instruction Fuzzy Hash: EF51B56290EBC54FD347D77498755A07FB1EF57210B0E45EBC095CB0E3D429690AC362

Function 00007FFD9B880C64 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d64cabec59a15770592427d3716442f524a741d9caee220931fc4d20602916f
Instruction ID: 67848544265997b83d17751d5078ea8f9fbb3cd547b79c854a55d48436424a7b
Opcode Fuzzy Hash: 0d64cabec59a15770592427d3716442f524a741d9caee220931fc4d20602916f
Instruction Fuzzy Hash: 3C411C21B2EAC90FE3699B7C48795753BE1EF59610B0501FFE459C71E3DD185C468342

Function 00007FFD9B88DD00 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32732a5580b5ec513ad4e63043948cb1aac473620ec6f3732c5ba8a8a652caf0
Instruction ID: 87e1e2bcb141376dbba3355285648a6ac87694e483e3d682ac93454c44617b7d
Opcode Fuzzy Hash: 32732a5580b5ec513ad4e63043948cb1aac473620ec6f3732c5ba8a8a652caf0
Instruction Fuzzy Hash: C2411A3170EB894FD759DB2888666B57BE1EF5A310B0901EFE099C72A3DE24AC058742

Function 00007FFD9B8878F8 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97e8dfd6a9144c9f1d41dece1da480874e8d3c11f080b70b38f414b6ae296d00
Instruction ID: 02bbc124a002e7d93008b47fe2f5a08948b0202fabc222338e5bda85dbad5b28
Opcode Fuzzy Hash: 97e8dfd6a9144c9f1d41dece1da480874e8d3c11f080b70b38f414b6ae296d00
Instruction Fuzzy Hash: 68416A3130EE594FE365E76CE8995B47BD0EF4A320B0601FAD49EC7167D91AAC828780

Function 00007FFD9B8836FA Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 630237c81cbbef29eba799f7c6eeea7deda676433f48565dbb1793c22557eb55
Instruction ID: f96688af0016d23d99593230ed7dcc3a9a0ec671c7f25f15c03d522c1fcef05c
Opcode Fuzzy Hash: 630237c81cbbef29eba799f7c6eeea7deda676433f48565dbb1793c22557eb55
Instruction Fuzzy Hash: C8412BB2B0A5894FD36AA7789CB55B57BE0EF5521970902BAD0AECB2A3FD1854078340

Function 00007FFD9B882E47 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c8ecc98cf416b6a5c2fdd14050e42e16caa5284d8237665f0465b8999d25455
Instruction ID: 2ad3600d7aa0e231e9bb64f3d4c8f368e60d667803fa12657c6f6742d5e094df
Opcode Fuzzy Hash: 3c8ecc98cf416b6a5c2fdd14050e42e16caa5284d8237665f0465b8999d25455
Instruction Fuzzy Hash: AC41A461F1895D4BDB68DFAC88656BD63D2EF98344F01017AD46EC72DBCE786C068344

Function 00007FFD9B88C80E Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 681642dd93a04ced9c50b3509d117fd66a88fc901cd81e7fda98c5e970c9b3b9
Instruction ID: 86ddc43333b8b82eefc02296e8d48e357e602495a2d02ac050dfda9baf38ba96
Opcode Fuzzy Hash: 681642dd93a04ced9c50b3509d117fd66a88fc901cd81e7fda98c5e970c9b3b9
Instruction Fuzzy Hash: C0411C30719D0E8FEFE8DB589468A7963D1FF9C300B1645B9D42EC72A9DA34ED418B80

Function 00007FFD9B88BDD5 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a69563dcb136f2d5abf3d0ef0278a207efba4a09ec08516b57e081fdb0992dab
Instruction ID: fbaf7db1d982b8954ef1ba0ab163fe96725c25a66ca354440de6730115e88ddf
Opcode Fuzzy Hash: a69563dcb136f2d5abf3d0ef0278a207efba4a09ec08516b57e081fdb0992dab
Instruction Fuzzy Hash: AB31D531B09D494FDB98EB18D8A16A5B3D2FFDC314F100679D05DC3296DE3AE9428741

Function 00007FFD9B889382 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a19fcffe74c6f2fae6355c152940ecbf9b16728f6ab9e1a902b3b08284512eb8
Instruction ID: 5742e7fd79830583bbd370baebdd099c4877121c30cee122a56e51c6eb196852
Opcode Fuzzy Hash: a19fcffe74c6f2fae6355c152940ecbf9b16728f6ab9e1a902b3b08284512eb8
Instruction Fuzzy Hash: BF31E220B0DE4A4BE779AB5C947927873C2FF98304F15167DE05FC22E6CE38B9028201

Function 00007FFD9B884F9C Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab484d02298785fb1d288e0d507ed55b04bc30b9f829c315a9589a2a4533ca71
Instruction ID: 993d627e7016d95a78d7a8ae554c2dc310995957d52d5df5f05853b8ed1f39da
Opcode Fuzzy Hash: ab484d02298785fb1d288e0d507ed55b04bc30b9f829c315a9589a2a4533ca71
Instruction Fuzzy Hash: 0D310726A0EACA0FE3275B6058701B57B71DF57310F1606FBC0A6C60E3ED2959068392

Function 00007FFD9B8884A4 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98d48585f34145212c5e8d7b4ed5494d880faf297d61dfcc31a72abbcf392bcc
Instruction ID: d4751f0fad4190096bb3eb92697ad2a17d61af8b809c93a739e26103435491a8
Opcode Fuzzy Hash: 98d48585f34145212c5e8d7b4ed5494d880faf297d61dfcc31a72abbcf392bcc
Instruction Fuzzy Hash: 13316B61A0E98D5FD765AB2C4C294723BE4EF8A310B0401FEE0ADC71A3ED246D06C392

Function 00007FFD9B887F5C Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9745a0da5737cb84b97c40c774b9f1d45872db5c953064e29686baa0bd75d8c0
Instruction ID: 1b7a0d9380d6404f7322a996ea8189ef9edb907fe547297adcea10c7d559adeb
Opcode Fuzzy Hash: 9745a0da5737cb84b97c40c774b9f1d45872db5c953064e29686baa0bd75d8c0
Instruction Fuzzy Hash: 6A417031A0EBC98FDB538F7888655987FB1AF5B304F0A01EBD499DB1A3C6285905C792

Function 00007FFD9B88BDF0 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d9f1fd7400887d60cc0cda8b83ee7c1ede6fe743bd0030b3d0db9001e4101f4
Instruction ID: aec18dd5bb87b39ec0ea6914bfa2682bd971ad3598a635ba83a5564ffe2bba72
Opcode Fuzzy Hash: 7d9f1fd7400887d60cc0cda8b83ee7c1ede6fe743bd0030b3d0db9001e4101f4
Instruction Fuzzy Hash: B5319131B19E494FDB98EB1894A166973D2FFDC308F110579E05DD3396DE2AE9028741

Function 00007FFD9B8807C8 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc9a113b1f7bf1444e0d0a5b1569b89f212be794b377b8514099df110ec77120
Instruction ID: 91bb28c5fdf39fe10c356928a884bdf8e9e70d9d5a52745579b98b0f044b16b7
Opcode Fuzzy Hash: bc9a113b1f7bf1444e0d0a5b1569b89f212be794b377b8514099df110ec77120
Instruction Fuzzy Hash: 4E313852A0E6D54BE32B77B83C354E63F50DF4622870D41F7E0EC8A0E7DD1455868391

Function 00007FFD9B887E0F Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9316e409f649ec928f8d3b51290b7594fdd113c164374a460543b03aa971c7da
Instruction ID: 78c12acff8634db569c21d0677f37dd7a041f35255e5b6dbfd125dfbc9f30a78
Opcode Fuzzy Hash: 9316e409f649ec928f8d3b51290b7594fdd113c164374a460543b03aa971c7da
Instruction Fuzzy Hash: 9921F621B1CD4D4FE758EB2C9866A7973D2EB98700F1542BEE05EC32E6DD34AC414287

Function 00007FFD9B8804D0 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48043e8bec75ace6564574fadee4364268d36ac101afcb87adfd41681e466151
Instruction ID: 42e9f1174fecb44040096dbc2312ba7f28487d768848f121e491f6711d7d7236
Opcode Fuzzy Hash: 48043e8bec75ace6564574fadee4364268d36ac101afcb87adfd41681e466151
Instruction Fuzzy Hash: 7E318431B09D0D8FDBA4EBA898555AA77E1EF99320F150239E42DD72E1CF35A8038780

Function 00007FFD9B910311 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675773384.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b910000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da4272467b4a73b11718c25a766a66e870f3f819a71ffdd754c220395a850f60
Instruction ID: c4483042cfb6000e9913fba998f4d0ea3401cd8095c8a7f5e176c2b30446b396
Opcode Fuzzy Hash: da4272467b4a73b11718c25a766a66e870f3f819a71ffdd754c220395a850f60
Instruction Fuzzy Hash: F7210762A1F7C95FE36297A44CB55643BA1EF1A610B0A02F7C088CB1F3ED1A69079745

Function 00007FFD9B880560 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d2b2ee18f12b5c8c9f33fef6e0c2f75f339532e369e98e85c2af9f394d738de
Instruction ID: ea28d9e4b22a1fd006d7a5420f9d299706dcfc6a3f1b0cb071b193c26897dc12
Opcode Fuzzy Hash: 6d2b2ee18f12b5c8c9f33fef6e0c2f75f339532e369e98e85c2af9f394d738de
Instruction Fuzzy Hash: F4219D31719E4D8FCBA8EB5DD894E6177D1EFAC310B52027AD40DC7276DA61EC818780

Function 00007FFD9B8807E0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db03240cecffc33eaaba10a2f7ca9a180bf5ffa458f228b29b60548362e51557
Instruction ID: 8cc3063b1310a29aae0c4bdcc023dcd25bef8018cc579ca59e04048f4c61edf0
Opcode Fuzzy Hash: db03240cecffc33eaaba10a2f7ca9a180bf5ffa458f228b29b60548362e51557
Instruction Fuzzy Hash: DA21F66290E6D54BE32B77B83C254E67F60DF4622870D41F7E0EC8A4D7DD14598A8391

Function 00007FFD9B888A5C Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d2dec7a19fe4c17bfd218b9a23761a91a00a117d026391c0485ec5e97b9636a
Instruction ID: 48cd2a3167f16daba1e35997a3cb098c484d27ae9f68a07df7a23d5f97a03541
Opcode Fuzzy Hash: 0d2dec7a19fe4c17bfd218b9a23761a91a00a117d026391c0485ec5e97b9636a
Instruction Fuzzy Hash: 0C21B561B0DD0E8BE779AB5854616BD7292EFC8710F260279D42EC32E7DD3CAE024285

Function 00007FFD9B880780 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 423c49991a39d9fcbeb17ac06f9d5dcf1b705391dd51734da34afcb33e4a46cd
Instruction ID: c2df9eba4ee7482dbd4e642bc2feb485d0e2a1f65df17455c2d52ae779e6809f
Opcode Fuzzy Hash: 423c49991a39d9fcbeb17ac06f9d5dcf1b705391dd51734da34afcb33e4a46cd
Instruction Fuzzy Hash: 4E115B11B0EE1D0BF779929868553B576C6DF8A320F15027FE8ABC15D2DD2D3A4282C0

Function 00007FFD9B889EC9 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0347f803258d4a3db2733a9139d039f4247fddfd73599af7875287af059666a
Instruction ID: 17e721095bd139045da4a3323f9169464997c9c59b9b23d7486ecc9d80c23246
Opcode Fuzzy Hash: c0347f803258d4a3db2733a9139d039f4247fddfd73599af7875287af059666a
Instruction Fuzzy Hash: 0E118930A0EA4A1FE3384AA48C284767B85DB87360F0643BAD15AC71A3DD68690743D1

Function 00007FFD9B888F89 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c51e77e76a3c2e085bde05d179fd72ba5f1a8d1607d073b0caa1bf08a284f835
Instruction ID: fca8497e75f03ccce8fa43d0b1db407964b3aac0b92612379a9855a4395447ef
Opcode Fuzzy Hash: c51e77e76a3c2e085bde05d179fd72ba5f1a8d1607d073b0caa1bf08a284f835
Instruction Fuzzy Hash: 8111A33271DE0D0FD789E65DB8557B873C1FB98221F4401BBE59EC3296ED25A8478381

Function 00007FFD9B883B22 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce632b99be54139e9d6601948d92e4680d8554404ea5ed41b750ebfb16630e6e
Instruction ID: 14cbff0ab17195e24a4cd45efd33137bd6792230af1c2439d1b4c59bcdfaf9b8
Opcode Fuzzy Hash: ce632b99be54139e9d6601948d92e4680d8554404ea5ed41b750ebfb16630e6e
Instruction Fuzzy Hash: 1021BB3170DE0E8FEBB4DB44D4A0AA973D1FB98360F11063AE01AC31A5D93CF6818741

Function 00007FFD9B885029 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8d55835bbb4ba4f3e587853ea04ae669b669d2f36c4fe3212b53a96deff442c
Instruction ID: 6986bdb945d5899f09b50ca6f9625b64fd946cff1eb0e6eccec17536f0901965
Opcode Fuzzy Hash: f8d55835bbb4ba4f3e587853ea04ae669b669d2f36c4fe3212b53a96deff442c
Instruction Fuzzy Hash: 6B21D22164F7C90FD3179B7498605A0BFB09F57310B0A45FBC099CB1E7E9295D49C792

Function 00007FFD9B88823C Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb940f39cc26923d7412c909eb757cd724996b0b8786ee660bfba84434fd5c07
Instruction ID: 6c416170f26e23b6b51dc2d923f8868b8e9eb5af72cde2a2aa8f3d3a2dbce157
Opcode Fuzzy Hash: cb940f39cc26923d7412c909eb757cd724996b0b8786ee660bfba84434fd5c07
Instruction Fuzzy Hash: AA11E731B0AD0D8FDB60EB98A8511ECFBA1FF88315F050276C01DD7292CB395D468780

Function 00007FFD9B880BE1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bf2ab7eb923e8f6edf4017024d3ff2624e76c6870e7bcd62d7b941693d019e5
Instruction ID: 5dd5ef47afc10c010192eef761397485dfe6a7575cf2f233314142755087f46f
Opcode Fuzzy Hash: 3bf2ab7eb923e8f6edf4017024d3ff2624e76c6870e7bcd62d7b941693d019e5
Instruction Fuzzy Hash: 8A11E32271AD0E4BE6A0AA8CA8A477873C2DF98661B15027BC41DC72B4DD39DE854381

Function 00007FFD9B888410 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78ebed3af7aa152bdd0311ad8b4dcb3fa5c967e508691575ba9c21dfbb6696ab
Instruction ID: f04e63adf33bc8f410f94fc385834a22958b1f80d6dc3305142f45f17a782327
Opcode Fuzzy Hash: 78ebed3af7aa152bdd0311ad8b4dcb3fa5c967e508691575ba9c21dfbb6696ab
Instruction Fuzzy Hash: AB11033171EF4D4FCB69AB6858614B67BE1FF59210B0502BAE859C32E2DE34E802C381

Function 00007FFD9B889733 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83cec19313237f4d034868f14a7ef07f48985a32af4b50e5f54e29d20b400273
Instruction ID: b6ebf83a1712d9e05160280c798520892402c60e9821035953263a4b6c6b9938
Opcode Fuzzy Hash: 83cec19313237f4d034868f14a7ef07f48985a32af4b50e5f54e29d20b400273
Instruction Fuzzy Hash: F701453120EA495FE365DBA9ACA5AB13BF0EF4B22070601FBE04DC7063D51D6847C3A2

Function 00007FFD9B887868 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cbffd0c9790f70ccc6e18636b21f966ff01287c215a908de9ba5dab86331263
Instruction ID: b6994effacf7bf387eb30090b80f2e2ec1f8d9601db7787384d312caf4e07f9b
Opcode Fuzzy Hash: 4cbffd0c9790f70ccc6e18636b21f966ff01287c215a908de9ba5dab86331263
Instruction Fuzzy Hash: 9B01263070CD0D4FE7A8EEADA899A75B3D4FB89320B411579D11FC3196ED25AC428380

Function 00007FFD9B8804D8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ddc03a400f6cd6b854768b6895a39bcd376c58a7130e3ba054965c03c150f16
Instruction ID: 642bf121067e2327ac40129c669288288a2665bbfc6a85ca39ef61b09883863d
Opcode Fuzzy Hash: 7ddc03a400f6cd6b854768b6895a39bcd376c58a7130e3ba054965c03c150f16
Instruction Fuzzy Hash: B8119431719E0D4BDB78AB5894555BA77D1EF5C350F01027AE81EC32A5DE34F802C380

Function 00007FFD9B887FC0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e29b1a39bb3f67311a4822ffff82b103a2dfa6c8916bd11502045cc44981dbd
Instruction ID: 553e5178c143dd76f543a2397e90b57c3ae773d4b9d507dc9fdcec7f5080415c
Opcode Fuzzy Hash: 1e29b1a39bb3f67311a4822ffff82b103a2dfa6c8916bd11502045cc44981dbd
Instruction Fuzzy Hash: F4114831A18A5D8FDFA4DF58D851AED7BF1FB9C744F51022AE819E3290CB35A9018B81

Function 00007FFD9B8889AD Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6efd9657b3e32c6801706759ffc0b7cdfbeeb3e56d96624821a86c9887cc1fd
Instruction ID: f125caf035fe6c776f08ae6ee1b79d8d0769b66b69804e821b5f3a9958eaf1b9
Opcode Fuzzy Hash: a6efd9657b3e32c6801706759ffc0b7cdfbeeb3e56d96624821a86c9887cc1fd
Instruction Fuzzy Hash: 86118831B18D098FEB58FB58D855E6473D1FB58300B114579E05EC32E7EE34E8428B41

Function 00007FFD9B88899D Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e21f1020a26b1dad47d351b117b664ac499e5bcf890ad4763c80c50e88441105
Instruction ID: f5e8f6d529d67f46ff9090233f57d2bd753e92d4426a6580fc009b4ac8b3c263
Opcode Fuzzy Hash: e21f1020a26b1dad47d351b117b664ac499e5bcf890ad4763c80c50e88441105
Instruction Fuzzy Hash: 1901C821F1D90A47E728AB58D861AA87381FB98720F15467AD06EC32D7ED38E9434685

Function 00007FFD9B880680 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20d48fd86bdde5f536ac9da70151788a81b835b28898b195ad9546fba1351025
Instruction ID: e690bbf70938904ae67c412a710294de60a2f807e4a65836c478453bcebac2bd
Opcode Fuzzy Hash: 20d48fd86bdde5f536ac9da70151788a81b835b28898b195ad9546fba1351025
Instruction Fuzzy Hash: BC01D43160D90D1BE3389A94C81D57A728AC7CA362F02563AE62FD32A1EDA8690251D0

Function 00007FFD9B884E98 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1df746e670257e9727fa030dd5fff9388bcd73c0991b8ac7bf78052b34c3b96
Instruction ID: 6754d58a87831fa9c61a166dc6191efca0efa53a8ca7c65ce53c26f6fbfcc16e
Opcode Fuzzy Hash: f1df746e670257e9727fa030dd5fff9388bcd73c0991b8ac7bf78052b34c3b96
Instruction Fuzzy Hash: 9CF0FE53B1ED4E0BEB9CF7AD14B91B492C1EB6812070402BBE42DC31D7EC245D424341

Function 00007FFD9B888B4B Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ad1b86f56be3df900bfd5e0f59e07193500d3240514b795348a818db0c26d67
Instruction ID: b981dec8bf56b67adddb3f24a319487f743daf70e14788b9d06a3ea9905c2848
Opcode Fuzzy Hash: 0ad1b86f56be3df900bfd5e0f59e07193500d3240514b795348a818db0c26d67
Instruction Fuzzy Hash: E6019261B09E0E4BE779DB6848A16B97293FFD8350F160179C06EC31E7ED3CAA064381

Function 00007FFD9B880AE5 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67554d83ff8aecc567ee3ec8b4821f2c87997d12a4bc3cab7a4747bc80fc2d43
Instruction ID: 61b041117ba5e7f874c241bb5ceadde60cbce3eebcf48c46084995e8b3fb6470
Opcode Fuzzy Hash: 67554d83ff8aecc567ee3ec8b4821f2c87997d12a4bc3cab7a4747bc80fc2d43
Instruction Fuzzy Hash: 29012B13F6FE860BD3BDA77458765A56792EF84610B4901F6C05DC71DBED2CA9024341

Function 00007FFD9B8839F5 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4581174c85829459b3151943115d0daef47ada4987a5df031ff196d52f500f93
Instruction ID: 68571b2bc19f075936ed79b5a8b85fba9b22fcbebd7817020364451fa1558485
Opcode Fuzzy Hash: 4581174c85829459b3151943115d0daef47ada4987a5df031ff196d52f500f93
Instruction Fuzzy Hash: 5E01DD20B0DD1A4BF774D75498613B572C2DB49320F15177EE4BB815E5DE3D7A4242C1

Function 00007FFD9B8831A9 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 554f10224eaf9e1220bf9407d0420a63810dcb8505ae2c62a22148863b5772c2
Instruction ID: 082e37c3cf7de15030462db8994685c4d5f74f92701dc563e68b14bdaf67fa81
Opcode Fuzzy Hash: 554f10224eaf9e1220bf9407d0420a63810dcb8505ae2c62a22148863b5772c2
Instruction Fuzzy Hash: 68F0E9B260EA0C1EEA1C9659AC278F73798DB87234B00002EF48FC1162E1527913C255

Function 00007FFD9B889FAD Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 944374a877d632d05b45d4b071f368d29e345e7dbd6ee917a63f07cab6984090
Instruction ID: e2404afdced93f0a1896c63fda34e37fbfdf05e593195b39c8f8df1688b41ade
Opcode Fuzzy Hash: 944374a877d632d05b45d4b071f368d29e345e7dbd6ee917a63f07cab6984090
Instruction Fuzzy Hash: 6001267070DA0A4FE3589748D8522BD73D2EBC9320F50D53AD55A822A5DE3DA5034785

Function 00007FFD9B88BEF8 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6ebdac17f6f921571c13dcc68a19e6ae18fa5229c430abd3a3b9723a001db29
Instruction ID: 6406bb74f896380095f178f380fec23179045d576c5e9c1df108efc8232953aa
Opcode Fuzzy Hash: d6ebdac17f6f921571c13dcc68a19e6ae18fa5229c430abd3a3b9723a001db29
Instruction Fuzzy Hash: 5801D26184F7C51FD75397B848298567FB45E0711574E85EBC0D6CF0B3D51E580AC722

Function 00007FFD9B88108A Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10fe81fad745f3a6ac2dc171a85a08a9a2f6a169cc71174f5f2740c8f19ba2a9
Instruction ID: d15cb736580804072b78d69d9a08d79bc1088fbdd3954066e1f822eaceaa6226
Opcode Fuzzy Hash: 10fe81fad745f3a6ac2dc171a85a08a9a2f6a169cc71174f5f2740c8f19ba2a9
Instruction Fuzzy Hash: C3014F71B0DA898FE3A8DB2898A676A73D1FFDC310F14467E905DC7295DF3494428701

Function 00007FFD9B886410 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7efcbefe2f6b1e52785c3f3f6f7949f1950f44f9cf46b310a015153c915cf9e
Instruction ID: f411687c7a6165df0f0bca3a19250a84caba4437f2cdd27b1c8bbcc95a75416a
Opcode Fuzzy Hash: e7efcbefe2f6b1e52785c3f3f6f7949f1950f44f9cf46b310a015153c915cf9e
Instruction Fuzzy Hash: 80F06871749D0A8FDB64EA88D890E7933D2EB99320B160276C41EC72A4DD34F9818740

Function 00007FFD9B8808B5 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f082cbea1ddca40b50ba4f503d31461aa559a241f21bfb9bc8f5ba43554c44a
Instruction ID: a259f71f970fa06d5f758fb53282ee856e3cf37a96416e7549cb4a97e22c63eb
Opcode Fuzzy Hash: 0f082cbea1ddca40b50ba4f503d31461aa559a241f21bfb9bc8f5ba43554c44a
Instruction Fuzzy Hash: E7F0BB71E1AA4C4FE754DB6898650EC7FB0EF58640F4105EBD458CB0A6EA3465458741

Function 00007FFD9B88A285 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76cfc011b4a6f00973f75f5b0f3fbe0a708a3a0870b1c83df65747f892a4d262
Instruction ID: 8ba332a334b22ab8af066f3b00949b66d19f17b1325d64139e24d73331726722
Opcode Fuzzy Hash: 76cfc011b4a6f00973f75f5b0f3fbe0a708a3a0870b1c83df65747f892a4d262
Instruction Fuzzy Hash: 97F0897175DB084FD258DB4CA8530BD73E1EBC9620F50D53FE59AC2665D936E8034782

Function 00007FFD9B880DCD Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4a2168c2a4dbb8c52bc287a4aa3a609e904bf1598be69ecbd93ee84fc99427d
Instruction ID: d7807352adc0c94e95d699e582a28cec99acd1f46e62afff0b73dfb49b520d49
Opcode Fuzzy Hash: a4a2168c2a4dbb8c52bc287a4aa3a609e904bf1598be69ecbd93ee84fc99427d
Instruction Fuzzy Hash: 34F0A722B09D0D0FE785E61C6424574B3D3EFE962175542B6D41EC32E5EE29E8838286

Function 00007FFD9B8868B5 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a587f2ce7a4c6d42a0d01ecdaada969b2908c92b8dea73c14e07f7aa86be1ed7
Instruction ID: d71fa7ff816eb93631181296efb2ca8fe055d0ff4975f6a0830cd902d9bb29ba
Opcode Fuzzy Hash: a587f2ce7a4c6d42a0d01ecdaada969b2908c92b8dea73c14e07f7aa86be1ed7
Instruction Fuzzy Hash: EEE03051B1DE1D0BA5A8AB8874621F962C1DF88620B51417AD45DC22DBDD29A9434189

Function 00007FFD9B88598D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f119267f12eed7ecb12fe5be506cbd87fed4b06f851e53b94d8ee53600fad01
Instruction ID: 494a726b3262f83b69315bf6a7c7044433849bb9a9a11393ce3e18be90a58103
Opcode Fuzzy Hash: 8f119267f12eed7ecb12fe5be506cbd87fed4b06f851e53b94d8ee53600fad01
Instruction Fuzzy Hash: BFF0B130B1D9068BD365D718D9524B9B3E1FBC9321B519138D4AA83261DD34F9114BC2

Function 00007FFD9B88A2A3 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6973576a38c386e600130b799e8061a9ebde5d9821248170e1b6a26108c9e08
Instruction ID: ccef60e422c5c743c3a8c492a29ed743d6cfcaea942c1f8c5feb969c0470649a
Opcode Fuzzy Hash: a6973576a38c386e600130b799e8061a9ebde5d9821248170e1b6a26108c9e08
Instruction Fuzzy Hash: 81E0377175D7044FD258DB4CA8420BAB3E1EBC9220F50D53FE5D682225D536E4034B82

Function 00007FFD9B884FD3 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 242f0af68f2f92f6f681921185a6de616ffdc555350e00d27679d80d136d15bd
Instruction ID: fa5e463c78530dfea4452bc7ad9b15e7496627e36cdaf462bb64be26385003f6
Opcode Fuzzy Hash: 242f0af68f2f92f6f681921185a6de616ffdc555350e00d27679d80d136d15bd
Instruction Fuzzy Hash: 9AF0E53274D80E0BE7386798A8612F8B381C7C5321F66423EC02BC21E4ED7BAA420280

Function 00007FFD9B8856AE Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f090d4c7712a7e0881d284cc814e6f1229871ed2cd4af2b17310ba2962e2535
Instruction ID: 8ff68297241add52fe2cf2c2441ec7b88ab72d01ee43fbb20e726b182e963df0
Opcode Fuzzy Hash: 8f090d4c7712a7e0881d284cc814e6f1229871ed2cd4af2b17310ba2962e2535
Instruction Fuzzy Hash: E0F01C3220CA084FD6B8EA4CA8827F9B3D0FB88320F00452EC08EC2515DA36E5868742

Function 00007FFD9B88099A Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca60fdc633e2947d8362d9140389f8811a0847e29393eddc149ef487dd1f22cd
Instruction ID: 7c5e5556d8a58322ce2c3c8c651ffa41cf4c53ae215518ec35c07e81c4ac54e4
Opcode Fuzzy Hash: ca60fdc633e2947d8362d9140389f8811a0847e29393eddc149ef487dd1f22cd
Instruction Fuzzy Hash: 00F0A032B1DC0A4BF765AB4884A46B93393EBE8360B054277D01AC72A9DD38E90282C0

Function 00007FFD9B8809D6 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b8248ceccd2ce1a7d8cf73f1475a2498dae0a005261f76f253d6b328f7e0016
Instruction ID: ff6b8855d856404c933dad9d61b066850b3a408e896002ec17e45a9b5b50dee3
Opcode Fuzzy Hash: 5b8248ceccd2ce1a7d8cf73f1475a2498dae0a005261f76f253d6b328f7e0016
Instruction Fuzzy Hash: FAF03732719C0E4BF765FB5484A59B93392EBA47507164276C41AC31A6DD34F9018380

Function 00007FFD9B889495 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95a800f17a44c001c491498c425e3986d5935f2d0c71b688f2d2e8ad60e83b7e
Instruction ID: 62568c317fc3427f8687e4b391265c0626d3f7c925611d25033130e77434a785
Opcode Fuzzy Hash: 95a800f17a44c001c491498c425e3986d5935f2d0c71b688f2d2e8ad60e83b7e
Instruction Fuzzy Hash: 72E0ED30608A498BF329DB48C4967BAB3E1FB58700F64423CC48BC25E2CE2839028280

Function 00007FFD9B8863B9 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 319be1540c5761f625c67f179a7c62d64a500f6c73aed065287a6e1a888807ad
Instruction ID: 891951203439158df53e6246a3341dc24f24e23966338d586c9b4cf73400ed51
Opcode Fuzzy Hash: 319be1540c5761f625c67f179a7c62d64a500f6c73aed065287a6e1a888807ad
Instruction Fuzzy Hash: 68F0E531708D09CFDB55EB58D854F6933E2EB99311B1A0666D01AC72A5DA34FD81CB40

Function 00007FFD9B910FB1 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675773384.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b910000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9768b6e4289a0d60c3c32f69f5c1812524483db1fdaf5df7a545e7ba4d1af2ce
Instruction ID: 0be944bc756f272d246b2ad28f157818a29a353071cc7032f9a8ff53cbacc8af
Opcode Fuzzy Hash: 9768b6e4289a0d60c3c32f69f5c1812524483db1fdaf5df7a545e7ba4d1af2ce
Instruction Fuzzy Hash: 2DE08633B1D9095AF72C6268B4234F93381DB49236B21113BD55EC25E3FE27B5538549

Function 00007FFD9B9104F1 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675773384.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b910000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97f1e2b7be82377e9b87e040fe437804b0c42f858f9f93ef192cf3db41244755
Instruction ID: 3908789e368b5a65eea267b689e03ebdf6334fffa05d9686d6a660328f99cca6
Opcode Fuzzy Hash: 97f1e2b7be82377e9b87e040fe437804b0c42f858f9f93ef192cf3db41244755
Instruction Fuzzy Hash: E6F02732B2E40A5BD274D340CC2542D3382EF8D720F250339D06D922F4D97A9A0212C1

Function 00007FFD9B885A80 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8152b30c1c9459cbb01fdcd3bdc87ae88fc19f42b60d92426566ff6c5f1e8ea
Instruction ID: 5cd87b78fd275349c8fd436f9d1d599429457e185323e1e7b820dac5384e7e69
Opcode Fuzzy Hash: a8152b30c1c9459cbb01fdcd3bdc87ae88fc19f42b60d92426566ff6c5f1e8ea
Instruction Fuzzy Hash: F9E0D83070D9054BD72CA614E4A29B57353E799710F20423DC46BC32D2DE34E5628685

Function 00007FFD9B910526 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675773384.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b910000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc28e322655dc28017cd87b87955e0facb9e3377f97b1ba187cb2b858c12cb30
Instruction ID: a7438a5e95b38afa12191ebc66faa8cc51ffe08cf2be6c2eb033c780075598fc
Opcode Fuzzy Hash: dc28e322655dc28017cd87b87955e0facb9e3377f97b1ba187cb2b858c12cb30
Instruction Fuzzy Hash: 2AE08C21B2AC0D4FE5A0E25CA42863813D2EF8C62172602B2D42DC32E9CD249C034780

Function 00007FFD9B88A304 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73fc94e64b271281923c4f0d946d5649ffcd2cf881d94015bee7924461bf6b60
Instruction ID: de2f535472e8fddda0fd406010409d1d2a1bccef17d7068d1635b1b91cc88aeb
Opcode Fuzzy Hash: 73fc94e64b271281923c4f0d946d5649ffcd2cf881d94015bee7924461bf6b60
Instruction Fuzzy Hash: DEE09230B0D90A9FE764EB58D05056973D1EBCD350F21453DE15FC22E1E938DA414704

Function 00007FFD9B88CAB8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6d934ada9456fe0ca36654f5370a01c7813c48075e0cb93a3e5238ffc66509a
Instruction ID: 5ca88a06a6f63ac5bb4f37bd26cfbe37e343ae559762f5fabe8092e210aecbac
Opcode Fuzzy Hash: a6d934ada9456fe0ca36654f5370a01c7813c48075e0cb93a3e5238ffc66509a
Instruction Fuzzy Hash: FBD0C208B1AD3906E678A27D1C6607869E1CB8C500B0612BBC075822D7CD995D830282

Function 00007FFD9B882FE5 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60a2858484871ad2370e82e8bf248e2370726f9410473c264b4745f1150c304e
Instruction ID: a45a72499a2123e6f13b6e186a15658fa087b0122ed2737a4b2667bfde8d44e4
Opcode Fuzzy Hash: 60a2858484871ad2370e82e8bf248e2370726f9410473c264b4745f1150c304e
Instruction Fuzzy Hash: BEE04830B0881DCFD760EB8CD454A9973E2FB9C320B1642A1D41AC72A9CA74ED41CB80

Function 00007FFD9B89043D Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc4edbeb5c0f15108b3bc7025b7ff4dcffe3cdd46a64726559f5fb4bcbdaacea
Instruction ID: 32dd40bfd792984c681671dc5207ecd7a19c314054adb815339f01b3c67ce7e7
Opcode Fuzzy Hash: bc4edbeb5c0f15108b3bc7025b7ff4dcffe3cdd46a64726559f5fb4bcbdaacea
Instruction Fuzzy Hash: A8E0863070854D8BEB14E78CC8A05BD73E1EB6C710F140235D006DB7A5DD65A9018784

Function 00007FFD9B88935D Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58f957eb4e58d32cb78ce7c24c811d6bb3c536189dd979e7a07480af055e08c9
Instruction ID: 143ad50556939bc1f81e95d5432577a90a942d31fc5b0dbf8cefa1027cec7230
Opcode Fuzzy Hash: 58f957eb4e58d32cb78ce7c24c811d6bb3c536189dd979e7a07480af055e08c9
Instruction Fuzzy Hash: 27E0CD31A0880E8FD714FF50C456CBC73D5EB54315B254679C425C75A5EE38E95145C5

Function 00007FFD9B88D12C Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c99984bf52def943a20d3d6a909d0dcdcf9d9fe1e6c0ec2f8a8af1e2c78766e4
Instruction ID: 94aed3499d39674d823eb1929a9bd7a5cccaf3288ffc0e29fa13e9d2cc57e8d9
Opcode Fuzzy Hash: c99984bf52def943a20d3d6a909d0dcdcf9d9fe1e6c0ec2f8a8af1e2c78766e4
Instruction Fuzzy Hash: B1E0C22070CA0D8FE320F65CAC606A433C2DB98B11F15067AD406C32A6ED68E9410280

Function 00007FFD9B888F1D Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 973b24a5ed1c5b4512ef0e85ff2688e0b0af4915c6fbb6720da20d5f76c845a0
Instruction ID: 97216b08131815736a5ab30e37bff678abc071acba0a38768eec8a7ffb5eb555
Opcode Fuzzy Hash: 973b24a5ed1c5b4512ef0e85ff2688e0b0af4915c6fbb6720da20d5f76c845a0
Instruction Fuzzy Hash: 65E08C30B0D90E4BE660D74C88902A97282E798720B5543B2C025C32A9DD28AE4542C0

Function 00007FFD9B880530 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1eef3fa876689f97486d41d7644a9ea1e76ea6f5d5ada70d91e9a663338b21b
Instruction ID: 58a89cc7d3a6bc480c62e18a8e4495f6f37e1f080cae91992efedf584a174ee0
Opcode Fuzzy Hash: b1eef3fa876689f97486d41d7644a9ea1e76ea6f5d5ada70d91e9a663338b21b
Instruction Fuzzy Hash: 1AE0C232F1AC1D4BD778E36C18111E52582AF8D710B2581B6D47AD72FAF824AE0A82D2

Function 00007FFD9B88626D Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 807bcee1ed6b33c03d4358125f94fd2a48c4f1d2e19b8b72a684e986859bb055
Instruction ID: cbdcd14f4cf579a09587ec047a880390eeca1fcaec69fbde15496ae8997d20c3
Opcode Fuzzy Hash: 807bcee1ed6b33c03d4358125f94fd2a48c4f1d2e19b8b72a684e986859bb055
Instruction Fuzzy Hash: EFE01D21B4DC0B47D625975CD450A6D32D2D7C9721F154369D01EC72D5DE3C694505C8

Function 00007FFD9B886298 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7906d364370b8578b3a40f8945e6e4f2763e70a34df0fc7f203467327769e957
Instruction ID: b4475332934ac9979cf0aea5fbe8e0b0ca65fad566d67f95dfc96d486132876f
Opcode Fuzzy Hash: 7906d364370b8578b3a40f8945e6e4f2763e70a34df0fc7f203467327769e957
Instruction Fuzzy Hash: 4CD0C22070D80F4BE2259758C4609BD3283E7C8720B264365C02AC32A9DE38694602C4

Function 00007FFD9B8862BB Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28b4fe7e49c19323fff31ad460d8a8c06b02a2ae3e8d992c24da75a586b4cca2
Instruction ID: 647d3102a26635e3a03f12cf724917595d703d8400267df2aef7a446e9953675
Opcode Fuzzy Hash: 28b4fe7e49c19323fff31ad460d8a8c06b02a2ae3e8d992c24da75a586b4cca2
Instruction Fuzzy Hash: 9EE01221B0E80F4BE764975CD850AA932D3DBC9721F26437AC01EC72EADD78A9450684

Function 00007FFD9B883AC9 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a5ebcf95bdc89135c1a1af5a066edcce4e186dc365ab992c2129c772a80d2c
Instruction ID: 58471944161e796119217cf73383370a0ef74874029dbcbd091b7e1a53a55dd9
Opcode Fuzzy Hash: 65a5ebcf95bdc89135c1a1af5a066edcce4e186dc365ab992c2129c772a80d2c
Instruction Fuzzy Hash: A2E0863170AF098BE7319B60D4907A93395EB99311F14467ED416C32E5CA3DF544C790

Function 00007FFD9B886790 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f36aa366b5dbcca8ba741ce7822bd37f388fea4cc054d6952691037ec62b7ba
Instruction ID: f26ff72cf7aff9cb0660a3784360ef8e315fc89cc66060f0a4e222a795c77dac
Opcode Fuzzy Hash: 5f36aa366b5dbcca8ba741ce7822bd37f388fea4cc054d6952691037ec62b7ba
Instruction Fuzzy Hash: E1E01231B1890D8BE720EB98D8556A932C3DBD9720F2A0277C419C32A5DC38EA4542C1

Function 00007FFD9B888EF8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37faf517248bb29029cd2dda1fa6975e79cf88033c792dc0841afc197757bf0b
Instruction ID: 28dc76af5246c00dcdbc37eef637970c2a7303235f3166b975e994912e741c45
Opcode Fuzzy Hash: 37faf517248bb29029cd2dda1fa6975e79cf88033c792dc0841afc197757bf0b
Instruction Fuzzy Hash: 54E0122070DD4E4BE764E75884906AA7292D79C321F514376C529C32EADD785A458784

Function 00007FFD9B8906A0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 029d2efad8d4884460f715b87f25d15ac0e4015d1cf9f18b79fd199b43736295
Instruction ID: 795fe7b7fab433b0e397215f68ceaff93b62a8cb9bb93ee3bc2228bb4dd63273
Opcode Fuzzy Hash: 029d2efad8d4884460f715b87f25d15ac0e4015d1cf9f18b79fd199b43736295
Instruction Fuzzy Hash: ACE05B2171D91D87E725EB45DC6067A3292D79C711F15013EC01FC76E5DE286905C6C1

Function 00007FFD9B885B23 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1d65ed2fd72765be68db99b12ec48c98b8783e19f93b776865f8750056af68f
Instruction ID: 4c8166ea15cfd86accd104f9f45355546cf36bd7afcdcf5ac209437d9774958c
Opcode Fuzzy Hash: a1d65ed2fd72765be68db99b12ec48c98b8783e19f93b776865f8750056af68f
Instruction Fuzzy Hash: F2D02B30B4C81A8BE330A640C4101ECF251E76C310B128234C4ABC31A9EF785A0245D0

Function 00007FFD9B91072A Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675773384.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b910000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93ba6830fed7a18c009c1c11079a92f784d02a9ee96da0d0b3ac192ffc803f65
Instruction ID: 529bdc63824bc3a6ecfeb2883c5c1d2e4880b1818d6ae0349f51a868754f54d4
Opcode Fuzzy Hash: 93ba6830fed7a18c009c1c11079a92f784d02a9ee96da0d0b3ac192ffc803f65
Instruction Fuzzy Hash: BAE0C23021D5458FD31CAB18D02453932E1FBC9318F21863DE09EC72F2CE39DA028B01

Function 00007FFD9B886145 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 446ea94e2c8f0e34e83db801014f168ae0c70d73cba59e36a5fb489621a1e372
Instruction ID: bdcae093562072c361f02fd9b02f858ba86ae1db609f32bd619bde0728388c31
Opcode Fuzzy Hash: 446ea94e2c8f0e34e83db801014f168ae0c70d73cba59e36a5fb489621a1e372
Instruction Fuzzy Hash: C8D05E3530990D4BE761FB80D8716B83241DB9A310F050236C426C72E2DD2DA7484289

Function 00007FFD9B910574 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675773384.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b910000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9acb5e522c05d9867de1748876f6f525015d4439a1b19d6a3e3546cc11fe362d
Instruction ID: 57e54fa3ff5ae04763e5eacbedb04fa79571c38a9a6c48aa047d1ca5b3b754f3
Opcode Fuzzy Hash: 9acb5e522c05d9867de1748876f6f525015d4439a1b19d6a3e3546cc11fe362d
Instruction Fuzzy Hash: 2FD05E302095088FD3148B08C01456A3AD2EFC9320F55837A901A972F5C934DA014B81

Function 00007FFD9B911029 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675773384.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b910000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc840cf3a98b7f7238b126278b84f2739b7724fc7d482a95b89eb1b694ac9d02
Instruction ID: e0360c9165efc933368d5b8fba126af008e10d205ffdc6dd7c94bb3847037ddf
Opcode Fuzzy Hash: fc840cf3a98b7f7238b126278b84f2739b7724fc7d482a95b89eb1b694ac9d02
Instruction Fuzzy Hash: 28C09B31B15D1D4BE255E778443557460C2AF5D2767650374E43CC26E6CD3598425300

Function 00007FFD9B888B15 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bae1e51bac03b702236cd50880ebe317e6e91544785f9599730da0b9f7889a45
Instruction ID: 5eab593dd1437ec9264a3f0f4d04fc56d9c5c140efc471a237b4d21d1b120269
Opcode Fuzzy Hash: bae1e51bac03b702236cd50880ebe317e6e91544785f9599730da0b9f7889a45
Instruction Fuzzy Hash: 7FB01210F0DC1947E0381248207037C00824F8C700F2A1179E11ED33D7CC2C9D431086

Function 00007FFD9B91063C Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675773384.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b910000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c55c4ca7db93fc579172e52c9cb1b18347db0550ffab14267eaceb29c30c2f3
Instruction ID: d20f3600731951be0a7bc6f73da525f787113904acac5ac7612a47fed3bf92c1
Opcode Fuzzy Hash: 1c55c4ca7db93fc579172e52c9cb1b18347db0550ffab14267eaceb29c30c2f3
Instruction Fuzzy Hash: 3AB04811B0A80E5BE62876B044252BA01435B8D680F564438901A862EACC39AA022A90

Function 00007FFD9B9104AE Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675773384.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b910000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ba0cced5d2540864fd62a4a88133ecc1d3f54431b35d773fe7f513b30fa1f95
Instruction ID: 624504669f9a6c75a3292b71bd7a129feaf58acb376c5f631a57c0460ad8da1b
Opcode Fuzzy Hash: 6ba0cced5d2540864fd62a4a88133ecc1d3f54431b35d773fe7f513b30fa1f95
Instruction Fuzzy Hash: 36B01200B1E81D4BE16462B4182013C00031FC973061682358429C21E5CC3957022300

Non-executed Functions

Function 00007FFD9B88F2F2 Relevance: 5.7, Strings: 4, Instructions: 731COMMON

Download Yara Rule

Strings

ON_^, xrefs: 00007FFD9B88F501
NN_^, xrefs: 00007FFD9B88F601
MN_^, xrefs: 00007FFD9B88F701
PN_^, xrefs: 00007FFD9B88F401

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID: MN_^$NN_^$ON_^$PN_^
API String ID: 0-1614357876
Opcode ID: 56cd9b582b2378c9d4ae7d5b110621c1736295a1cf3f530fe966739ed12d685c
Instruction ID: 974383508588a7a65a1a0727ab9d324511f2dcab2ce070373149f0673c878aea
Opcode Fuzzy Hash: 56cd9b582b2378c9d4ae7d5b110621c1736295a1cf3f530fe966739ed12d685c
Instruction Fuzzy Hash: EA12E167B0857286D30A77BDBC795E97B50CF8127E70842B3D2DDCA0C7A958208B93E5

Function 00007FFD9B88F8FA Relevance: 4.3, Strings: 3, Instructions: 540COMMON

Download Yara Rule

Strings

KN_^, xrefs: 00007FFD9B88F901
HN_^, xrefs: 00007FFD9B88FC01
GN_^, xrefs: 00007FFD9B88FD01

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID: GN_^$HN_^$KN_^
API String ID: 0-2580636507
Opcode ID: 39cf3be6e28c758bb707e47d7537922e982af2edd9bf43157549536e7ea9fc71
Instruction ID: 568613b9b78e2f9a5d1dd3e94ba2debe74de94e0f7f63c0fea5b605cd6e73862
Opcode Fuzzy Hash: 39cf3be6e28c758bb707e47d7537922e982af2edd9bf43157549536e7ea9fc71
Instruction Fuzzy Hash: C4E1DF57B0D5B28AD31A77BDBC695E87B50CF8127A70841B3D2DDCE0D7A858208B83E5

Function 00007FFD9B88F9D3 Relevance: 3.0, Strings: 2, Instructions: 456COMMON

Download Yara Rule

Strings

HN_^, xrefs: 00007FFD9B88FC01
GN_^, xrefs: 00007FFD9B88FD01

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID: GN_^$HN_^
API String ID: 0-585187026
Opcode ID: d1cc67ca175a2c0eb4b517d28e765c1e7fc195c1d6cc3e76fb4ce1b99e65ec51
Instruction ID: d05e43c9abfe7e35faf9ddf6ebcf8191b20fbc34c1f3bee5f328965599c790ad
Opcode Fuzzy Hash: d1cc67ca175a2c0eb4b517d28e765c1e7fc195c1d6cc3e76fb4ce1b99e65ec51
Instruction Fuzzy Hash: FFC1DF57B085B28AD31A77BCBC795E97B40CF8127A70841B7D2DDCE0D7A958208B83D5

Function 00007FFD9B880538 Relevance: .4, Instructions: 359COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fa8c216b29a6fa36d1d7dda683bafbf760fcabc535d0227451edd4b8047f12d
Instruction ID: 81e9f3d19dbd80e0372696266084690da11104c42367022e612b1efca19bae4f
Opcode Fuzzy Hash: 6fa8c216b29a6fa36d1d7dda683bafbf760fcabc535d0227451edd4b8047f12d
Instruction Fuzzy Hash: 56A11921B0ED4E4FFBB99BA8847567A7791EF59310F15017AD45EC31E2DE38A9438340

Function 00007FFD9B910B01 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675773384.00007FFD9B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b910000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19aea28b9296f722c699321720134c00727993e684819b3529dbfecdbd7f37e5
Instruction ID: 8f9ca08ff39531e269125ce8410728f38af002506e1d0e7511bcad287a6f190a
Opcode Fuzzy Hash: 19aea28b9296f722c699321720134c00727993e684819b3529dbfecdbd7f37e5
Instruction Fuzzy Hash: B6512821F2E60F56F77897A8143127563C1EF9CB10F16123BD45FC21E6EE1EBA026245

Function 00007FFD9B880740 Relevance: 5.1, Strings: 4, Instructions: 59COMMON

Download Yara Rule

Strings

O_^, xrefs: 00007FFD9B88072A
O_^, xrefs: 00007FFD9B880762
O_^, xrefs: 00007FFD9B88077A
O_^, xrefs: 00007FFD9B880712

Memory Dump Source

Source File: 00000000.00000002.1675695435.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b880000_HYygbdbgYn.jbxd

Similarity

API ID:
String ID: O_^$O_^$O_^$O_^
API String ID: 0-934926442
Opcode ID: 64dbdca2fa5d6fb720374c40020be5cf377dc9528e6485172a13143e1d6fdfc6
Instruction ID: 0afec0a0ab7f51fb3d7e11a2fb171a0185bc06b022c57caf1927e6a0dd38c8a7
Opcode Fuzzy Hash: 64dbdca2fa5d6fb720374c40020be5cf377dc9528e6485172a13143e1d6fdfc6
Instruction Fuzzy Hash: 9F012BE7B0A9AA8FE32666A9AC764DC3780EF0176D70900B7D0EECE193F81564478545

Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: HYygbdbgYn.exe, 00000000.00000002.1674745753.000000001C562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Code function: 0_2_00007FFD9B8877A0	0_2_00007FFD9B8877A0
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Code function: 0_2_00007FFD9B882E2D	0_2_00007FFD9B882E2D
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Code function: 0_2_00007FFD9B88F2F2	0_2_00007FFD9B88F2F2
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Code function: 0_2_00007FFD9B88F9D3	0_2_00007FFD9B88F9D3
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Code function: 0_2_00007FFD9B88F8FA	0_2_00007FFD9B88F8FA
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Code function: 0_2_00007FFD9B880538	0_2_00007FFD9B880538
Source: C:\Users\user\Desktop\HYygbdbgYn.exe	Code function: 0_2_00007FFD9B910B01	0_2_00007FFD9B910B01

Source: HYygbdbgYn.exe, 00000000.00000000.1658198441.0000000000492000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameHidage.exe" vs HYygbdbgYn.exe
Source: HYygbdbgYn.exe	Binary or memory string: OriginalFilenameHidage.exe" vs HYygbdbgYn.exe

Source: HYygbdbgYn.exe, gubqno.cs	Cryptographic APIs: 'CreateDecryptor'
Source: HYygbdbgYn.exe, gubqpf.cs	Cryptographic APIs: 'CreateDecryptor'

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report HYygbdbgYn.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\HYygbdbgYn.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

UDP Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: HYygbdbgYn.exePID: 3336, Parent PID: 2580

General

Chronological Activities

Disassembly

Analysis Process: HYygbdbgYn.exePID: 3336, Parent PID: 2580COMMON

Executed Functions

Function 00007FFD9B882E2D Relevance: .4, Instructions: 367COMMON

Windows Analysis Report
HYygbdbgYn.exe