Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RmjVbD9QNK.exe

Overview

General Information

Sample name:RmjVbD9QNK.exe
renamed because original name is a hash value
Original sample name:207fd3471dc4f4fe474cf9f288e3b1c1.exe
Analysis ID:1524317
MD5:207fd3471dc4f4fe474cf9f288e3b1c1
SHA1:40a907ec64d541305b5f8462f19a4c710528dcc1
SHA256:1b621eb6ee7bcda09947de50eaf562020f5edb858d82f8d852dc67265f7e74c1
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Yara detected DCRat
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Creates processes via WMI
Drops PE files to the user root directory
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Execution from Suspicious Folder
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to detect virtual machines (SLDT)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Process Start Locations
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • RmjVbD9QNK.exe (PID: 4440 cmdline: "C:\Users\user\Desktop\RmjVbD9QNK.exe" MD5: 207FD3471DC4F4FE474CF9F288E3B1C1)
    • schtasks.exe (PID: 6436 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 11 /tr "'C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6208 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 768 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 13 /tr "'C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6408 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 12 /tr "'C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7160 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6188 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 5 /tr "'C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 2716 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 6 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6048 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 3168 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 9 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7156 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 13 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 3772 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1656 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 11 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 2804 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\windows defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1088 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Program Files (x86)\windows defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7148 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\windows defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7160 cmdline: schtasks.exe /create /tn "smsss" /sc MINUTE /mo 5 /tr "'C:\Users\Default\smss.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6188 cmdline: schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\Users\Default\smss.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 2716 cmdline: schtasks.exe /create /tn "smsss" /sc MINUTE /mo 14 /tr "'C:\Users\Default\smss.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6048 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 14 /tr "'C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 3168 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7156 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 12 /tr "'C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 3772 cmdline: schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 9 /tr "'C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1656 cmdline: schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7116 cmdline: schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 7 /tr "'C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 768 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 10 /tr "'C:\Users\Default User\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 3480 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Users\Default User\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 5996 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1248 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 7 /tr "'C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 5472 cmdline: schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6048 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 14 /tr "'C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6164 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\msecache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1352 cmdline: schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Program Files (x86)\msecache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • smss.exe (PID: 6772 cmdline: C:\Users\Default\smss.exe MD5: 207FD3471DC4F4FE474CF9F288E3B1C1)
  • smss.exe (PID: 6780 cmdline: C:\Users\Default\smss.exe MD5: 207FD3471DC4F4FE474CF9F288E3B1C1)
  • WmiPrvSE.exe (PID: 6196 cmdline: "C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe" MD5: 207FD3471DC4F4FE474CF9F288E3B1C1)
  • WmiPrvSE.exe (PID: 5672 cmdline: "C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe" MD5: 207FD3471DC4F4FE474CF9F288E3B1C1)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"i\":\",\",\"w\":\"*\",\"d\":\"`\",\"v\":\" \",\"z\":\")\",\"1\":\"$\",\"O\":\">\",\"n\":\"%\",\"A\":\"#\",\"I\":\"-\",\"K\":\"~\",\"=\":\"@\",\"5\":\"^\",\"l\":\"&\",\"D\":\"!\",\"c\":\"_\",\"9\":\"<\",\"8\":\"|\",\"p\":\";\",\"2\":\"(\",\"R\":\".\"}", "PCRT": "{\"c\":\"(\",\"0\":\"~\",\"I\":\"!\",\"S\":\"*\",\"b\":\"%\",\"D\":\"$\",\"6\":\"&\",\"j\":\" \",\"p\":\"<\",\"i\":\"-\",\"w\":\".\",\"f\":\"@\",\"=\":\",\",\"y\":\")\",\"M\":\">\",\"X\":\"^\",\"x\":\"|\",\"l\":\";\",\"Q\":\"_\",\"e\":\"`\"}", "TAG": "", "MUTEX": "DCR_MUTEX-nfMbgM4TOAwhgI8HJeRM", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false, "H1": "http://ch67763.tw1.ru/@==gbJBzYuFDT", "H2": "http://ch67763.tw1.ru/@==gbJBzYuFDT", "T": "0"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000025.00000002.2312710960.0000000002B67000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
    00000007.00000002.2290146036.0000000002D1A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      0000001F.00000002.2316758525.0000000002B12000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        00000022.00000002.2311559613.00000000024F2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          00000009.00000002.2291808749.0000000002FAA000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            Click to see the 15 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Execution from Suspicious Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe, CommandLine: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe, NewProcessName: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe, OriginalFileName: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe, ProcessId: 1200, ProcessName: QWQpSrRPpykBmPKCQiELiILCQi.exe
            Sigma detected: Files With System Process Name In Unsuspected Locations
            Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\RmjVbD9QNK.exe, ProcessId: 4440, TargetFilename: C:\Users\Default\smss.exe
            Sigma detected: System File Execution Location Anomaly
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: C:\Users\Default\smss.exe, CommandLine: C:\Users\Default\smss.exe, CommandLine|base64offset|contains: , Image: C:\Users\Default\smss.exe, NewProcessName: C:\Users\Default\smss.exe, OriginalFileName: C:\Users\Default\smss.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Users\Default\smss.exe, ProcessId: 6772, ProcessName: smss.exe
            Sigma detected: Suspicious Process Start Locations
            Source: Process startedAuthor: juju4, Jonhnathan Ribeiro, oscd.community: Data: Command: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe, CommandLine: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe, NewProcessName: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe, OriginalFileName: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe, ProcessId: 2608, ProcessName: QWQpSrRPpykBmPKCQiELiILCQi.exe

            Persistence and Installation Behavior

            barindex
            Sigma detected: Schedule system process
            Source: Process startedAuthor: Joe Security: Data: Command: schtasks.exe /create /tn "smsss" /sc MINUTE /mo 5 /tr "'C:\Users\Default\smss.exe'" /f, CommandLine: schtasks.exe /create /tn "smsss" /sc MINUTE /mo 5 /tr "'C:\Users\Default\smss.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\RmjVbD9QNK.exe", ParentImage: C:\Users\user\Desktop\RmjVbD9QNK.exe, ParentProcessId: 4440, ParentProcessName: RmjVbD9QNK.exe, ProcessCommandLine: schtasks.exe /create /tn "smsss" /sc MINUTE /mo 5 /tr "'C:\Users\Default\smss.exe'" /f, ProcessId: 7160, ProcessName: schtasks.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: RmjVbD9QNK.exeAvira: detected
            Antivirus detection for dropped file
            Source: C:\Users\Default\smss.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Users\Public\Videos\explorer.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
            Found malware configuration
            Source: 0000001F.00000002.2316758525.0000000002AC1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"SCRT": "{\"i\":\",\",\"w\":\"*\",\"d\":\"`\",\"v\":\" \",\"z\":\")\",\"1\":\"$\",\"O\":\">\",\"n\":\"%\",\"A\":\"#\",\"I\":\"-\",\"K\":\"~\",\"=\":\"@\",\"5\":\"^\",\"l\":\"&\",\"D\":\"!\",\"c\":\"_\",\"9\":\"<\",\"8\":\"|\",\"p\":\";\",\"2\":\"(\",\"R\":\".\"}", "PCRT": "{\"c\":\"(\",\"0\":\"~\",\"I\":\"!\",\"S\":\"*\",\"b\":\"%\",\"D\":\"$\",\"6\":\"&\",\"j\":\" \",\"p\":\"<\",\"i\":\"-\",\"w\":\".\",\"f\":\"@\",\"=\":\",\",\"y\":\")\",\"M\":\">\",\"X\":\"^\",\"x\":\"|\",\"l\":\";\",\"Q\":\"_\",\"e\":\"`\"}", "TAG": "", "MUTEX": "DCR_MUTEX-nfMbgM4TOAwhgI8HJeRM", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false, "H1": "http://ch67763.tw1.ru/@==gbJBzYuFDT", "H2": "http://ch67763.tw1.ru/@==gbJBzYuFDT", "T": "0"}
            Multi AV Scanner detection for dropped file
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeReversingLabs: Detection: 84%
            Source: C:\Program Files (x86)\MSECache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exeReversingLabs: Detection: 84%
            Source: C:\Program Files (x86)\Windows Defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exeReversingLabs: Detection: 84%
            Source: C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exeReversingLabs: Detection: 84%
            Source: C:\Program Files\Windows Photo Viewer\QWQpSrRPpykBmPKCQiELiILCQi.exeReversingLabs: Detection: 84%
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeReversingLabs: Detection: 84%
            Source: C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exeReversingLabs: Detection: 84%
            Source: C:\Users\Default\AppData\Local\Microsoft\Windows\History\QWQpSrRPpykBmPKCQiELiILCQi.exeReversingLabs: Detection: 84%
            Source: C:\Users\Default\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exeReversingLabs: Detection: 84%
            Source: C:\Users\Default\smss.exeReversingLabs: Detection: 84%
            Source: C:\Users\Public\Videos\explorer.exeReversingLabs: Detection: 84%
            Source: C:\Users\user\Downloads\QWQpSrRPpykBmPKCQiELiILCQi.exeReversingLabs: Detection: 84%
            Source: C:\Users\user\QWQpSrRPpykBmPKCQiELiILCQi.exeReversingLabs: Detection: 84%
            Source: C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exeReversingLabs: Detection: 84%
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeReversingLabs: Detection: 84%
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeReversingLabs: Detection: 84%
            Source: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\RuntimeBroker.exeReversingLabs: Detection: 84%
            Multi AV Scanner detection for submitted file
            Source: RmjVbD9QNK.exeReversingLabs: Detection: 84%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Users\Default\smss.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeJoe Sandbox ML: detected
            Source: C:\Users\Public\Videos\explorer.exeJoe Sandbox ML: detected
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeJoe Sandbox ML: detected
            Source: C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: RmjVbD9QNK.exeJoe Sandbox ML: detected
            Source: RmjVbD9QNK.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeDirectory created: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeDirectory created: C:\Program Files\WindowsPowerShell\Configuration\Schema\24dbde2999530eJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeDirectory created: C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exeJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeDirectory created: C:\Program Files\7-Zip\Lang\55b276f4edf653Jump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeDirectory created: C:\Program Files\Windows Photo Viewer\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeDirectory created: C:\Program Files\Windows Photo Viewer\74b655f41a3036Jump to behavior
            Source: RmjVbD9QNK.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Networking

            barindex
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: http://ch67763.tw1.ru/@==gbJBzYuFDT
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002E64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe\:Zone.Identifier:$DATAJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\Cursors\74b655f41a3036Jump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe\:Zone.Identifier:$DATAJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\Media\74b655f41a3036Jump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe\:Zone.Identifier:$DATAJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\AppReadiness\74b655f41a3036Jump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\RuntimeBroker.exeJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\RuntimeBroker.exe\:Zone.Identifier:$DATAJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\9e8d7a4ca61bd9Jump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeCode function: 0_2_00007FF848CB73630_2_00007FF848CB7363
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeCode function: 7_2_00007FF848CC73637_2_00007FF848CC7363
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeCode function: 9_2_00007FF848CD73639_2_00007FF848CD7363
            Source: C:\Users\Default\smss.exeCode function: 31_2_00007FF848CB736331_2_00007FF848CB7363
            Source: C:\Users\Default\smss.exeCode function: 34_2_00007FF848CC736334_2_00007FF848CC7363
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeCode function: 35_2_00007FF848CE736335_2_00007FF848CE7363
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeCode function: 37_2_00007FF848CC736337_2_00007FF848CC7363
            Source: RmjVbD9QNK.exeStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: QWQpSrRPpykBmPKCQiELiILCQi.exe.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: QWQpSrRPpykBmPKCQiELiILCQi.exe0.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: RuntimeBroker.exe.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: QWQpSrRPpykBmPKCQiELiILCQi.exe1.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
            Source: RmjVbD9QNK.exe, 00000000.00000000.2189639898.0000000000582000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs RmjVbD9QNK.exe
            Source: RmjVbD9QNK.exeBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs RmjVbD9QNK.exe
            Source: RmjVbD9QNK.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: RmjVbD9QNK.exe, CX840FAVVdLFTsdtITi.csCryptographic APIs: 'TransformBlock'
            Source: RmjVbD9QNK.exe, CX840FAVVdLFTsdtITi.csCryptographic APIs: 'TransformFinalBlock'
            Source: RmjVbD9QNK.exe, eH1Qb6Y4iClQLMdHSXZ.csCryptographic APIs: 'CreateDecryptor'
            Source: RmjVbD9QNK.exe, eH1Qb6Y4iClQLMdHSXZ.csCryptographic APIs: 'CreateDecryptor'
            Source: classification engineClassification label: mal100.troj.evad.winEXE@30/55@0/0
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Program Files (x86)\windows defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Users\Default\smss.exeJump to behavior
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeMutant created: NULL
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeMutant created: \Sessions\1\BaseNamedObjects\Local\d6f442805f9cdd3ee750b86c40ec8585d24fdcc8
            Source: RmjVbD9QNK.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: RmjVbD9QNK.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: RmjVbD9QNK.exeReversingLabs: Detection: 84%
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile read: C:\Users\user\Desktop\RmjVbD9QNK.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\RmjVbD9QNK.exe "C:\Users\user\Desktop\RmjVbD9QNK.exe"
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 11 /tr "'C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 13 /tr "'C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 12 /tr "'C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
            Source: unknownProcess created: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 5 /tr "'C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
            Source: unknownProcess created: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 6 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 9 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 13 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 11 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\windows defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Program Files (x86)\windows defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\windows defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 7 /tr "'C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Users\Default User\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
            Source: unknownProcess created: C:\Users\Default\smss.exe C:\Users\Default\smss.exe
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 7 /tr "'C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe'" /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe'" /rl HIGHEST /f
            Source: unknownProcess created: C:\Users\Default\smss.exe C:\Users\Default\smss.exe
            Source: unknownProcess created: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe "C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe"
            Source: unknownProcess created: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe "C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe"
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\msecache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Program Files (x86)\msecache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\Default\smss.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Users\Default\smss.exeSection loaded: mscoree.dll
            Source: C:\Users\Default\smss.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\Default\smss.exeSection loaded: version.dll
            Source: C:\Users\Default\smss.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Users\Default\smss.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\Default\smss.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\Default\smss.exeSection loaded: uxtheme.dll
            Source: C:\Users\Default\smss.exeSection loaded: windows.storage.dll
            Source: C:\Users\Default\smss.exeSection loaded: wldp.dll
            Source: C:\Users\Default\smss.exeSection loaded: profapi.dll
            Source: C:\Users\Default\smss.exeSection loaded: cryptsp.dll
            Source: C:\Users\Default\smss.exeSection loaded: rsaenh.dll
            Source: C:\Users\Default\smss.exeSection loaded: cryptbase.dll
            Source: C:\Users\Default\smss.exeSection loaded: sspicli.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: mscoree.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: apphelp.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: version.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: uxtheme.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: windows.storage.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: wldp.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: profapi.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: cryptsp.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: rsaenh.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: cryptbase.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: mscoree.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: version.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: uxtheme.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: windows.storage.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: wldp.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: profapi.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: cryptsp.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: rsaenh.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: cryptbase.dll
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeDirectory created: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeDirectory created: C:\Program Files\WindowsPowerShell\Configuration\Schema\24dbde2999530eJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeDirectory created: C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exeJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeDirectory created: C:\Program Files\7-Zip\Lang\55b276f4edf653Jump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeDirectory created: C:\Program Files\Windows Photo Viewer\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeDirectory created: C:\Program Files\Windows Photo Viewer\74b655f41a3036Jump to behavior
            Source: RmjVbD9QNK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: RmjVbD9QNK.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: RmjVbD9QNK.exe, eH1Qb6Y4iClQLMdHSXZ.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
            .NET source code contains potential unpacker
            Source: RmjVbD9QNK.exe, WZFJHrEksZYQWHOYvfY.cs.Net Code: Lk0dqRE73b System.AppDomain.Load(byte[])
            Source: RmjVbD9QNK.exe, WZFJHrEksZYQWHOYvfY.cs.Net Code: Lk0dqRE73b System.Reflection.Assembly.Load(byte[])
            Source: RmjVbD9QNK.exe, WZFJHrEksZYQWHOYvfY.cs.Net Code: Lk0dqRE73b
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeCode function: 0_2_00007FF848CB9258 pushfd ; ret 0_2_00007FF848CB9259
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeCode function: 0_2_00007FF848CB00BD pushad ; iretd 0_2_00007FF848CB00C1
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeCode function: 7_2_00007FF848CC9258 pushfd ; ret 7_2_00007FF848CC9259
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeCode function: 7_2_00007FF848CC00BD pushad ; iretd 7_2_00007FF848CC00C1
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeCode function: 9_2_00007FF848CD9258 pushfd ; ret 9_2_00007FF848CD9259
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeCode function: 9_2_00007FF848CD00BD pushad ; iretd 9_2_00007FF848CD00C1
            Source: C:\Users\Default\smss.exeCode function: 31_2_00007FF848CB00BD pushad ; iretd 31_2_00007FF848CB00C1
            Source: C:\Users\Default\smss.exeCode function: 34_2_00007FF848CC00BD pushad ; iretd 34_2_00007FF848CC00C1
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeCode function: 35_2_00007FF848CE9258 pushfd ; ret 35_2_00007FF848CE9259
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeCode function: 35_2_00007FF848CE00BD pushad ; iretd 35_2_00007FF848CE00C1
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeCode function: 37_2_00007FF848CC00BD pushad ; iretd 37_2_00007FF848CC00C1
            Source: RmjVbD9QNK.exe, qMHRZowPAFQNo4wwSu.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'x2KkBsBM5uPk1NSi0pS', 'dW3aGsBJ8v0LJ2NGdBI', 'uwD31FBbrhClu8JTJ70', 'j9wIreBXBD65UuhQKHc', 'qxiow9B0gqK9PjbTf7o', 'fuSGgKBoZdGA2IS04aB'
            Source: RmjVbD9QNK.exe, Ui2Ap9MJ31SSmOuCUT.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'KkM9YOB9TMvBcy89KUp', 'k7xPpZBQ4GDBTC7mjNj', 'T14TFrBUveZj5jcQmgM', 'PUM9dwBWxCrjbuUgZfS', 'rUmb1LBe0sb90rsML6o', 'Upie8QBtlZhNNF1Gj0M'
            Source: RmjVbD9QNK.exe, KtwyhfQOsQMpNyPkVYd.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'XydaIv1IEfSra8U9rRb', 'SvMxl215Olojfcv1o4i', 'dKmMGZ1jx3IoQ8KHi6a', 'rs7v3Z1hsG9ApewM9AY', 'Le8uel1Zhx60fZCkG74', 'r0dO1a1urWf6QtrFuE5'
            Source: RmjVbD9QNK.exe, z2Iwf3daGWsjdoDKr3P.csHigh entropy of concatenated method names: 'OQiBNTXvrp', 'mImB7uG3a7', 'PNIBMIPWhW', 'Aru5yvv8M3SjLM7nBtI', 'UlhMbKvlp1E8tcqlZ8O', 'zDZfLrvHpwhaER9qy1o', 'B77Kw2vOpTbGVul8e6t', 't2T5pWvpaDEOkG8HfCT', 'vYiQ4VvPvdDmKwVoQAv', 'lZGyLkvDW9Il31N99H1'
            Source: RmjVbD9QNK.exe, grNOmZQhtA166jhDmcT.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'oi1kOVAyLHB3aFlFDQ5', 'jsWlbDAcjXMbxWATwP1', 'Y5NjrCAV0Vq0L2Wssme', 'qA1mRUAKOqDSVPS3UQU', 'rMZettA3ANZwSa5niau', 'TAajiYAnRJgs8BBGJmA'
            Source: RmjVbD9QNK.exe, XMVWmJYKJt1AB1vagq.csHigh entropy of concatenated method names: 'aWm4JKJt1', 'alwOAt4xPqlAEm56fK', 'LCJWf8skrepasfygsC', 'TUVSnUkKTv42T3BEgY', 'ayv1MimJMHramTxyc5', 'GoMyUIC81vsyVXsG9u', 'zD0EOdNKC', 'DSgd3wO9Q', 'UIL85Nu48', 'GhMyCW1fp'
            Source: RmjVbD9QNK.exe, jA0B0PYeqdtiWFPJV5c.csHigh entropy of concatenated method names: 'kHa2ROnntWqMm', 'Q1eC5B89XCJAmFAenbq', 'AfiF8i8QTuyOVxOvYcl', 'T9F4628UGp89RfTuo57', 'm7hfn48WqMxWuSkSFag', 'mqPdhL8e1vLBoP44r8I', 'F5OZy08N3TKNHuKrQA0', 'vGOrTq8xLRonCIq1uOa', 'lFCZws8tT9p74NsnSjv', 'PAELo58GpAy7eMDpW6m'
            Source: RmjVbD9QNK.exe, fuo2Xl3wSpQjc3vP36.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'hb2qBDrTJvWhf1bvL91', 'wBZRNsrwLbX1kxCasaa', 'ta6bpIrFXvGEEYKKycn', 'ke0ZYorNLGDJ8RlrPBt', 'TL8E6qrxfcngqXgWDcw', 'pfZKDDr9NyHL7dmrw2U'
            Source: RmjVbD9QNK.exe, v66CPgyjNx0NN4tLgi9.csHigh entropy of concatenated method names: 'EKKWbnwFd6', 'bVRWPjGYqp', 'iJ4WgeFhN5', 'e7vWLAQG7N', 'fPkWDiYq0o', 'a83e4IcZijoMfaNnp52', 'YOckvgcje4kCWNIwNvI', 'H7OaJRchIFReVDv777C', 'QTXn7acuiqhIYf5tyfn', 'kX5gJQcq6YftIn2dB3K'
            Source: RmjVbD9QNK.exe, qi6FswylluKOG7Eh0wQ.csHigh entropy of concatenated method names: 'cQnIVRGTZ0', 'QqMVbdcXhE66Q0mfQP8', 'eBtss0cJj18Rei9GJoK', 'GyDv0IcbTb5nNo76W3x', 'pIHOOoc05kOYPjekOvv', 'ERdJwRcoijS0rdeMgdC', 'rxaFpTczNVPfiQIjqxN'
            Source: RmjVbD9QNK.exe, FjSp2nAEAXsumKQweuN.csHigh entropy of concatenated method names: 'eAkGBJeOWQ', 'chAGk6Sh2J', '_8r1', 'fCWGHmSUPB', 'sHMGeZNgJ5', 'BV8Gf33lHu', 'xUmGZthame', 'YRxIku3Q7RHuRJpMZxT', 'uGJQ0L3UGE5fCmKDmAt', 'Q2LVXf3WbysbSDyRgBC'
            Source: RmjVbD9QNK.exe, zTOusRdL9SRixbyr9A9.csHigh entropy of concatenated method names: 'sg9', 'WgvWcbTI0p', 'rbCkw3rlsv', 'PKMWnYtEQB', 'Trri4qLHmywd2XiQKUc', 'xdmFU5LOdJgkNUcuhh9', 'S8jLQlLp1rAJT8Atv2r', 'GEsSq2L8TyujUqE2RP5', 'DUe9hbLlIJxN4HRbQus', 'P8WOeZLPjqGeBDTRSLk'
            Source: RmjVbD9QNK.exe, krVtiqQQ3i2ocWvakty.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'z3jxQqatkxMITyeasJO', 'cLrEcTaGPLoBUc2R1Rn', 'zauqYvavaXqfWQgiICg', 'wZKAQ2a27RCvYYWwTxx', 'gHFSTOaLOkSBf9emhk9', 'w5jyYxaRIj453dW3RmL'
            Source: RmjVbD9QNK.exe, PfU3J4QlJkIl4ERi9FL.csHigh entropy of concatenated method names: 'UMTQU1OWhs', 'xbO5rv6IwobGqEmvSqO', 'MMx29Y65JSRAE9wRWRV', 'mlj4mV6LS6lgVXQsBP4', 'ArLi016RGIej6USMBuL', 'kqepiQ6jA9YLSi0CA5c', 'QLw', 'YZ8', 'cC5', 'G9C'
            Source: RmjVbD9QNK.exe, DWmoTFykwIEtu4CqhSS.csHigh entropy of concatenated method names: 'jQwWrrchs6', 'NRlWujlCqG', 'RQ8Rf8yMMeyLyfBd1ru', 'huQaeGyJWsAQs1HU1TF', 'gUoKajyblZb5xVcujGf', 'DfZdasyXDaR8NdJquOK', 'K5ie8Ty0HYMFfNWiTi1', 'im1IGwyojUCKWPRar2K', 'zVhHq0yzXXUEdttIU1p', 'rqtHKScf6lVNYCw55Uu'
            Source: RmjVbD9QNK.exe, hTrmw88w2OWyyg28SWh.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
            Source: RmjVbD9QNK.exe, isdmHaA0NH7m0l9cjNp.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'YvFGW937m5', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
            Source: RmjVbD9QNK.exe, aF5hfBElP6eT7qqDTYR.csHigh entropy of concatenated method names: 'RVFyt5hfBP', 'JCoOINU0YD6SS6ScAlc', 'JGmJMQUofjOhU6tfNSB', 'KUS1wVUbXSQQo5nTlvS', 'JLy5cGUXo4RDCXSkCfa', 'UGAEcNUzAaP0rNMKK03', 'SbTrdqWf8NONFlSlM4x', 'PQtgUpWgtoW9S8wLuWf', 'BfcjF0WrHulD7PPGdTb', 'IkwyI0WYWyLtqiG1SV6'
            Source: RmjVbD9QNK.exe, RFd1MaQCkIYxUtZjWhe.csHigh entropy of concatenated method names: 'mPdQtgPU7p', 'bEZc371W2QksobBpSVM', 'zO1Sfx1esVqGT5u899d', 'frR61r1QXOk9p552CUk', 'xRThS61U3dR5yQaAuSS', 'URcoSQ1tf1IXxBAZ3qM', 'hXhfeP1G6xUQVPrncM7', 'bI8cM11vGVPrTnG80DT', 'oMPGHV127fG5KrPiIbr', 'f28'
            Source: RmjVbD9QNK.exe, DO6uCeEoEPNq4uRWJh9.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'a0mylMyjUv', 'KuiyJCKO6u', 'reEynPNq4u', 'PWJyoh9fGK', 'nISyb4mVBg', 'QgApjhWAJupRnLgWXGt', 'iwN2BrW6fdHMgoMyQSc', 'B48HF3WdFkYmCJ1xWow'
            Source: RmjVbD9QNK.exe, Y2VNUWQqAd5RtKxY7ic.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'fkCB4LdKoyOkve0c8iK', 'hJqMl5d3s0SAgkvVh1t', 'BpqEPAdnHd7IlnxgYwd', 'LBVXiNdi3nMLKmVNZm5', 'EaTHhxd7soFD6mxvM4d', 'GAsabsdSrQrNOZSfuVC'
            Source: RmjVbD9QNK.exe, YpfHBBycQoHmKwGXqGm.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
            Source: RmjVbD9QNK.exe, pfp2ixQTjoHFT9tGbYg.csHigh entropy of concatenated method names: '_2WU', 'YZ8', '_743', 'G9C', 'z8bRPuTaX22HBfikqLo', 'eO8pmjTd5h4HrpToAph', 'ChveDET1oykUtMQCiA5', 'zs6hOwTAJgbekf082qE', 'UN9dSoTECuVclSoBNnb', 'OvhIw0TBwxk6wDnXDPu'
            Source: RmjVbD9QNK.exe, wFC57rNpLbqWUoGYtF.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'SqFm4dBaZRKI2YmnrDm', 'hleg7nBdf7FbfTYDQTS', 'f3RmqAB1XO6cuGSZ72Z', 'u57UgFBAbVr2tE2UTMV', 'aOjWfsB6cY1IYIJgbyS', 'pfVitpBTikSXmu8f6cZ'
            Source: RmjVbD9QNK.exe, NUdZkuKY7Ci9s0YUfh.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'kVeP5VYAx', 'IJbVsdrtNaBnCH7q769', 'YXOFqErGauvTjuVhdmB', 'JJKq8srvjTshoL31Nvw', 'uOSoJZr2i47qsbKMeuu', 'E1eJXTrLDv3EDD2EnvO'
            Source: RmjVbD9QNK.exe, Ja6XLv8yLdmWckOvVlB.csHigh entropy of concatenated method names: 'KRnfSwnO1c', 'ISjhxM5exINuPYN8atw', 'vrUUK55trPgbjydajmE', 'W6uZ6s5U3QMIpQPdrIr', 'CTGmfA5WRDPkKvp2aut', 'GUmHFWux63', 'GVaHKiqt5o', 'LwlHvDn6NV', 'teVHxvCdkS', 'Qw6HlQa7xH'
            Source: RmjVbD9QNK.exe, CX840FAVVdLFTsdtITi.csHigh entropy of concatenated method names: 'IYEI2YQSFR', 'PQ2IRXnhL2', 'qAkIiDUKiu', 'yyoINs7hCw', 'Qa7I7nBWL3', 'HymIMDua7E', '_838', 'vVb', 'g24', '_9oL'
            Source: RmjVbD9QNK.exe, Knvs4PLdgPU7p138qp.csHigh entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'jT5rMQETt8ktnabWhEo', 'Ae56sdEwRy3uhqsFLjn', 'XWSswAEF3XGaYbjyLeE', 'puS7KIENvP6QQoASQ9x', 'EQUloqExstNUp7gWi1k', 'vexr7tE9vUBoKBlqcyZ'
            Source: RmjVbD9QNK.exe, H63tQ9y50LaBGZjEwkI.csHigh entropy of concatenated method names: 'aGoI86wQZu', 'tv1IyEwJna', 'eaXIAryGRI', 'MVyIY2veLf', 'X7wIBDLwAq', 'H6SIkOtwRK', 'YKVIHlu2QN', 'UmjIeoAExn', 'xiaIf6OPZa', 'LVgIZM3JXv'
            Source: RmjVbD9QNK.exe, iLAjTJT8hg7w4pxx3u.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'RwJpIPEWdsaRmWni8Zk', 'STNffdEeswCr1rXIlYD', 'sAi1RMEtufx9rb6ZQRB', 'TmmlmCEGQnQxkanehY2', 'QELOnhEvXdveq3tpSli', 'fGsxLtE2HaVxkql8FYQ'
            Source: RmjVbD9QNK.exe, QOTnK4Q1HsmgwvqRMjd.csHigh entropy of concatenated method names: 'Pi8ECfkG5F', 'b3StcHwaXuR8g6vtacO', 'j0LvqEwdo2C5tfyMe9c', 'oDq7NMwEQmhPvsqXopG', 'hZ27ohwBHnIXHvpHBOo', 'Mx2QVPw1cVO6s5LEeOl', '_5q7', 'YZ8', '_6kf', 'G9C'
            Source: RmjVbD9QNK.exe, WrkTyMAK60KYFPNZq0u.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'thIjIX7V4V', 'lB1jGj2YNH', 'rvSjjBS1Zy', 'SGuj3gbwmP', 'j3KjhGq75G', 'WC9jtRkbVw', 'OxaoNMicteGQWOOR09x'
            Source: RmjVbD9QNK.exe, enu0hRdCofoacE4Oj7v.csHigh entropy of concatenated method names: 'A1tk9XKP03', 'vc8kaQZ8Wc', 'KfRkSjBsYj', 'zi93Js27GbMYK1u72GZ', 'V4IH7D2n6mFJ9umQIs7', 'rZVVlL2iJk9gQvtsQhZ', 'VN2nPR2SNqY6TKZRfWp', 'y3KkAtAH20', 'd5jkYWhm1f', 'LohkBI3xgk'
            Source: RmjVbD9QNK.exe, wK2AN4yFwMP8NTq1gpR.csHigh entropy of concatenated method names: 'H4qWiaCYjn', 'B9MWNKANoX', 'ps9W7ppECT', 'pJZor7c35xvvo7wZCpl', 'vl7XMdcVdsunN9uP0iW', 'NUktkJcK48ZBEBQbjpJ', 'sFSQ4qcnGEfM4dE5bnN', 'wTsOK5civFaoUP66cyy', 'TXYpELc7k3xFvv0jnNr', 'H0ifgjcSNYkGQUTyqjA'
            Source: RmjVbD9QNK.exe, pHwtipQerkV4B29NE0M.csHigh entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'wo8rS3dtIDLwBN0ldja', 'P8bBmBdGhjlm88THh88', 'VgvR5rdvEGFktM3PTJu', 'HTcXiWd2vEE80qEemL8', 'qqORnadLFBiE4JxfCDL', 'io35VUdRQZyDvaoPaM0'
            Source: RmjVbD9QNK.exe, XIB8vLEPP56wndE2I6p.csHigh entropy of concatenated method names: 'DwyABsueJU', 'zhHAkqZUtN', 'YujBm1WJSB4YaXcnPkk', 'HUXVRdWb22ZO3HqBNyL', 'CMvvUNWDC3itUym1duZ', 'WxodVnWMO8P164oGgkg', 'm98ASyk8cS', 'dc1hRCefPhkgitmbWRV', 'tIjwjKege0sE5niXBmD', 'qutrvEWoiVxcD2hDhws'
            Source: RmjVbD9QNK.exe, zZSaY8ybG81Hj13Cdjq.csHigh entropy of concatenated method names: 'gcxf0gVBfe0DKU5bsyr', 'oVujeGVaod5XQ8NU0oA', 'niiiDpVYjYCrs6N2fre', 'pwQwBtVELoixSvM36aJ', 'aMogE7VdmLC23tkyYvV', 'tt4QFXV10OMT0UoWjZS', 'LSdSZ8VAYcQoTwOim2Z'
            Source: RmjVbD9QNK.exe, h9AYMZdQJSg6s1XrRXi.csHigh entropy of concatenated method names: 'tnCYt9lNy3', 'uLtYFgyd6K', 'dGHYKb7xrb', 'cy5YvCVj5o', 'VngFg0ezhSq7L5wD0Yt', 'K5Tqw8e06YC5f1uOEbT', 'mK9gUEeox2rTSTHwuLn', 'MmV59KtfR9A4QTn5rP7', 'DLgTkhtgpT3NhWpRT5D', 'UTXG1HtrO7XSiJq5miV'
            Source: RmjVbD9QNK.exe, q9NIpXQofr7a1b8e47k.csHigh entropy of concatenated method names: 'uCGQwNHTSv', 'BwC6dC6cmMB2J2rRwWA', 'gsXy5f6VS1dIvFEb2W6', 's5lypH6CCjbShrHwkVP', 'Mkp1qq6ywMu4HDnGam1', 'BQWRRf6KnsYEX3l29Q9', '_3Xh', 'YZ8', '_123', 'G9C'
            Source: RmjVbD9QNK.exe, aVfC0gEraZL6nvYJmNf.csHigh entropy of concatenated method names: 'uoH84P6ZfR', 'XCa8q58wov', 'BWHyXW9I0R04Et7bD9C', 'gviGkQ95wAST3kWJh4m', 'HWKZh99LyCNRSsSB5dn', 'FaXI389Re7CTOSQv7mG', 'aMdBep9jVbZnemQUBni', 'r9TJPU9hJkNi8i9rbF6', 'qhjcbJ9Zf0rmXwtN6pu', 'T4UBPr9uWiUC9PM4Yws'
            Source: RmjVbD9QNK.exe, gpvJg3AjCxlKTrJyjRf.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
            Source: RmjVbD9QNK.exe, eL0Hgsd8Nfy75rPt2Qc.csHigh entropy of concatenated method names: 'CQtYL4x6P9', 'WMNYD5L50V', 'XixYTUdris', 'qImY25T6tQ', 'BDKYRVWGVO', 'Sc5Yi2yYbM', 'hV0d0GtuHJYv4uvpVyB', 'Kqsn9WthS0brLhTrp89', 'RyqdROtZupYmqp7im3O', 'FTROgTtq87s1osNDjp2'
            Source: RmjVbD9QNK.exe, pJjMvKQIQc9ex0RoUZy.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'uxv0Ed1lYsMCy6RUQDo', 'GdOHW81Hs3UZwRaPeWv', 'HVgiie1OQfCr9b8v7Rm', 'gC8OLo1phIv35h8Ik4u', 'ndc0Ca1P8FEEgrEP6Sn', 'RJsgv01DStpTXdxxsRK'
            Source: RmjVbD9QNK.exe, QDOctWQsHLlw68xa6Oq.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'AQJ4JG1fsaV1t6jWQZa', 'aAQKlt1gTkn3rAh3mHI', 'cQ0YD11rapDjwIMf1Rr', 'milMm21Y5IFFx0eHsfE', 'vCngWx1ELOcG43WxEjE', 'xx5prH1B5cmr4LAsZ7B'
            Source: RmjVbD9QNK.exe, S0LCsOypq6pxZTxm9Xg.csHigh entropy of concatenated method names: 'G0MI37VnbO', 'AMXIhAVXta', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'mhNIt7Ga38', '_5f9', 'A6Y'
            Source: RmjVbD9QNK.exe, fVSunjQgv9v1oaMhLuv.csHigh entropy of concatenated method names: 'KAFEQQNo4w', 'XSuEEJLP82', 'WjBEdsGuYW', 'k8jjPi6Prk2cUf8dny5', 'jEgQb86DClgfgZtvvL8', 'hXHieb6Oeqx3g0s0duT', 'SQW18i6pR0cqrjOZZ2b', 'f98DLc6MVB0H7CC02DQ', 'KuG6Rf6JiS4FeWsK9Y6', 'k10jOs6bhBuVlQ9dj02'
            Source: RmjVbD9QNK.exe, zn1Ng9xMd4MOVKQ5d1.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'tHaDwvyjm', 'YpWwFyrCr7vJ7uFOpyI', 'VQfydjryOGrpVsnGtLO', 'kvEV8Xrc7VS4Bl4lfIU', 'Uqj8mIrVYarvc2IFYqG', 'EeA1JyrKRydZEE2Vvna'
            Source: RmjVbD9QNK.exe, lKEYBJATcC0PyLneq1U.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'SSItks6egN', 'I0ktHplywW', 'aZRtegxFwY', 'EC9', '_74a', '_8pl', '_27D', '_524'
            Source: RmjVbD9QNK.exe, viqR7TA7WlT5gakiySf.csHigh entropy of concatenated method names: 'kNctXiVFCE', '_1kO', '_9v4', '_294', 'aWut01wAZL', 'euj', 'rWetWCtVSB', 'uTQtI9s8DK', 'o87', 'iNotGL7PeG'
            Source: RmjVbD9QNK.exe, hu7n2J8kRyRsALGbu32.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
            Source: RmjVbD9QNK.exe, Gb3QSpAOMQMmqXaNbOP.csHigh entropy of concatenated method names: 'HxnGrFNe6T', 'erfGuCRtQZ', 'B8hGOBTqen', 'tHiGXOovJB', 'kOiG0GkD7J', 'eICU5A3XAdptb68cmOT', 'u0932130yqlGx5LokD7', 'E8fvJc3oeyaj7VgfY4t', 'teZiuX3zapD2TaGw85X', 'u0JW6vnfjHJtvcGqOtS'
            Source: RmjVbD9QNK.exe, f498ykEp8cSMocW7WhN.csHigh entropy of concatenated method names: 'AgXYIAnVKV', 'ne2U2Bepi82DBMoIOKs', 'eVXmMieH7CHKE6qDrq7', 'KeoOPIeO3bjJf2OF9gC', 'IjgEt3ePx65sZ55OMgu', 'slOkqTeDUfsXbjfpev7', 'q3UYmKmoQ4', 'w3sYCruC9D', 'tqcYrYVneJ', 'IjXYuipUXi'
            Source: RmjVbD9QNK.exe, OVPslTEqmuBvj3BZNVI.csHigh entropy of concatenated method names: 'M1Cd18KlEt', 'bxGYZVxYkFhxiprnSs0', 'o2WPraxEHu73HPeXLjf', 'JtsVDZxgN91kNMmb9FF', 'MqH6phxr4edtdFvQkNB', 'TkhVYqxB3G3Qafagera', 'g4ZaSGxarLUADSpxBhH', 'lhVJ2WxdFM6iLMU0HIC', 'dBW8HOx1Qn6xtYyd5Gh', 'NKByLoxATuTbLCqLkij'
            Source: RmjVbD9QNK.exe, Q1UZW7QFqlpjoKil3XP.csHigh entropy of concatenated method names: 'tsQQ2Wr55V', 'xjrR3i6r0PrIDH6VmN2', 'DRujOA6YAwpohw8o4Ve', 'BmZ7s46fkpbEho5tH0d', 'v0tHDw6g17Q33B9KLnD', 'hfFFX76EwlGXv1FEdKt', 'CPo0lL6BR7x57FYdUs6', 'VeCyYH6a440rL0xUqsJ', 'Y9JQi31SSm', 'BAPyx76AMMAxfvQlJE1'
            Source: RmjVbD9QNK.exe, O4H1yrdZCmjduJBctOf.csHigh entropy of concatenated method names: '_223', 'tUcgEQvWEie3UvEd6ms', 'iyW33ZveIFhBoJ4rAkM', 'RNtErwvtP8ipLZlYPR2', 'WLMNCwvGO3ttvhBnrqZ', 'FWJt1avve2fjeXyXVk1', 'KHxRliv2FsBsgtpkg7p', 'abPdK8vLpTHP6y0HrGK', 'bqR1JRvRfydJqcjFySu', 'JEOtXNvIgxDQigTbg09'
            Source: RmjVbD9QNK.exe, ciL6Xqd187HX0whvHqL.csHigh entropy of concatenated method names: 'nSvqC8IcqX570XymFJS', 'lUOV4ZIVxS6CByQkieq', 'Molp6nICfUPL1I43UZ6', 'ciD4p3IycIAqCRpteTh', 'IWF', 'j72', 'wiPHSGQgAV', 'uwyHsDLr32', 'j4z', 'DZaHmqDt2c'
            Source: RmjVbD9QNK.exe, mcjZWVJXw5lYuV2wES.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'ly3Tn3r0aOtvyq8mZCZ', 'Ko3PTOroEm7nfwZWtkv', 'nxTXuirzaT9hpGxRqOq', 'Dm1EHpYfJkjKZMcfjki', 'OgSQo3YgF8tFAWdm3b5', 'iZajOUYrIl5GrwWld8s'
            Source: RmjVbD9QNK.exe, w3Xc8Q8uZ8WcPfRjBsY.csHigh entropy of concatenated method names: 'oM6Zx9OtqD', 'oRiZlc5Hsd', 'qHaZJNH7m0', 'G9cZnjNpPf', 'Bj3Zo5K9ER', 'CtZMVFjCswMCFXAG8hP', 'X7LrpnjyCiJZ8VmNOEk', 'lDjrl1j4BbdGSRyAm7l', 'I9ZLqGjmMwBWHX2hxi2', 'GYYajdjcycMHs7B9LXP'
            Source: RmjVbD9QNK.exe, IppUFEQjqPbRGurXNGA.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'QXOqef1owjsnvFWPPkD', 'oHdK2w1zqsqDIrujK1N', 'Bhg7lqAfpLFkOthny2b', 'HkXNAKAgW73v4KLoCYE', 'rtojouArV4olbhH85PB', 'z3xOsgAYpswfKrG6LVv'
            Source: RmjVbD9QNK.exe, MCBygjRaKVMPcKkCGf.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'W7lLSWE7yaR8UPwtJv1', 'jicb1pESUnPLcA2hG3L', 'D0sNkfE8ZlVqeH2ohWQ', 'OO7VYTEld2Zt4fsP4PZ', 'ho0P2dEHb7ZD83OsWXY', 'v4XZPtEOQd4hGxc31hP'
            Source: RmjVbD9QNK.exe, LAuR808ZHE6GnKVLv6c.csHigh entropy of concatenated method names: 'xodfJxMWtj', 'XqufniJtv2', 'OM0foLCsOq', 'WpxfbZTxm9', 'vgifP9AYBN', 'B1WKi55o2pAHKrSf24R', 'fdg8pO5zSBa5dexSjIn', 'rJ1BRK5XZtqPLSZDyQD', 'AjNYv350PLqeOVe24Sc', 'l7COSMjfA0E9cp5jDfA'
            Source: RmjVbD9QNK.exe, JA2tt01h7uCGNHTSvd.csHigh entropy of concatenated method names: '_88Z', 'YZ8', 'ffV', 'G9C', 'eJ6FUABS7WK82vOk5F6', 'UG3SH9B8sY4kplETCmV', 'zCin1uBlA2CsmDYpVwd', 'T6BA41BHEYI6k8wmRWO', 'qJpCHpBO3Ttn37hcLrJ', 'jWyhp6Bp7Xn7089aXRx'
            Source: RmjVbD9QNK.exe, xofbPPdqFPLOfMruGvN.csHigh entropy of concatenated method names: 'Tb2BDU3CTC', 'kHuBTBY5L2', 'cpeB2cNkvQ', 'hu7BRn2JRy', 'OaJhWjvmhcRgfAclxkm', 'kkVei6vCiiLiN1wyDFB', 'iOJCEUvyvNYqCHwZ0Wo', 'zSQkfQvkKrnxQJIcnOj', 'vAN4pJv46whZwpbKwk4', 'YMF1R3vc2Dxp5ekc6b5'
            Source: RmjVbD9QNK.exe, k5vlPFQNwaisZTRCcRJ.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'wx5rpLTvK9tvD0sv18a', 'EOwp1GT2Jw1C7IetZfd', 'hhOgrZTL0DuaVCTA9ct', 'VqqSRrTR6KB4R4p3Abd', 'APMAJvTISuifmhmqlWc', 'Qlh18fT5tSIRJQEHrx4'
            Source: RmjVbD9QNK.exe, ikjxCw8WOJyToLMQZc1.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'Tpw4VedfxK', '_3il', 'cKL4QWpZTx', 'nf44EPWeud', '_78N', 'z3K'
            Source: RmjVbD9QNK.exe, ef6MvhQRdMjOQyB4ce9.csHigh entropy of concatenated method names: 'b7UEeLNktX', 'qDeEf0JTHq', 'gWXKJTTw7FYFYa4Bc9J', 'HsK9MNT6y346FGZYpH1', 'eYnC4XTTX77pBUyujcG', 'cqgtrdTFAJ8kXwLjexa', 'g6GyZVTNEXTgOE9ei7J', 'wNhoBVTxDku6oiQ7er5', 'pHfHdST9O9bEaviNn1Z', 'NdQuKOTQjOXp7gUYSir'
            Source: RmjVbD9QNK.exe, ved2DQQyosll5LB2fvY.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'qArVCRa8dM91NoNNymr', 'cXBoUIal3iacoDV1Mh7', 'kE66AMaH1kxRIIAXJXM', 'FyHY0faOLJr1AhZxD1Z', 'xXoumoapgEcnCWgMJJx', 'VKOQhUaP7DqCQEuEdVk'
            Source: RmjVbD9QNK.exe, zlRN6SAndANKMDEdatH.csHigh entropy of concatenated method names: 'woGho1p7tV', 'hA1mnD7ql7RS0xxqBjR', 'xlQST77sDnNDSC6LUxM', 'iVlKXX7ZTDhp9u87yAj', 'bOudjB7u9v8THF8Wr31', '_1fi', 'Mmh3MsHU2e', '_676', 'IG9', 'mdP'
            Source: RmjVbD9QNK.exe, Pr9HGtdNo8ZT1KQHOgb.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'REAW2Bc4F0', '_168', 'Ys0jDXR53B5tJJrG4IK', 'xtkR6iRjBtfrtCyT3ow', 'NU25LURhBXOK0V7wSnk', 'rbymtKRZaUj2HoHT2IO', 'QnxG8gRu9SWbY4ImDGt'
            Source: RmjVbD9QNK.exe, xYki5nEhbE0lP4KxhYp.csHigh entropy of concatenated method names: 'k5Y8wNaRBW', 'gkG8poxaHp', 'AVV8zfC0ga', 'lL6yVnvYJm', 'RftyQhn5dE', 'DOayEXxgic', 'YgnydKWAQP', 'p55y8Npkdw', 'tS1yyaQumd', 'jmIM6ZQJ285btryrKeX'
            Source: RmjVbD9QNK.exe, bumdrxEX93ncbTNjv4o.csHigh entropy of concatenated method names: 'Dwm8uKj46F', 'vgu8OaHghm', 'bP08XDyBIJ', 'C6f80CMH0A', 'ni58WueM3v', 'qKiOmpQf8Jh1GFPI9jA', 'R646PwQgm5EyZCLY1gc', 'pUxOoj9o4GFHwPvUyjZ', 'WkaJMc9zaEXwLyq0reb', 'OP1ECEQrJ1TwjuAhcon'
            Source: RmjVbD9QNK.exe, o1oVfcAAqBPfSYvbhhe.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
            Source: RmjVbD9QNK.exe, maYuKW87NtD11d10iPG.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'KJVq95cKWB', 'aJNqa8wDk4', 'r8j', 'LS1', '_55S'
            Source: RmjVbD9QNK.exe, I6T5jRURcT9UMT1OWh.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'bB28GRBZpVlmVp31aC2', 'WjqFoJBuKyBa8MpAK1C', 'v8xuGGBqy9LVEG9SR5m', 'BI28nWBsUpQarq81lx9', 'OtevSjBkYeU96Cn49VS', 'O4t6OQB49v5VfKyOV1q'
            Source: RmjVbD9QNK.exe, JSAkMCQZek6cZYmG7JN.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'itBvgMdhwlweFZHGoCj', 'YLtV8fdZA2RoEJGpEnu', 'usDrpmdumqArSwRtSav', 'WSXTjydqBciMMDqJcho', 'OTVbT0dsxH7p8fjYZ3t', 'SB0R84dkCP8AsIfDSU2'
            Source: RmjVbD9QNK.exe, TpwedfAxxKEKLWpZTx9.csHigh entropy of concatenated method names: 'W7K9GK7E1dra5NPcfxw', 'xRB9IU7BuqU3csfXRxQ', 'UpVZhl7rk7JiMovLV1D', 'MRaCol7YCWg3Y1vwFvY', 'bvMjlhB20O', 'WM4', '_499', 'ITYjJma534', 'DZ5jn85sLq', 'Iw3jokklx5'
            Source: RmjVbD9QNK.exe, yaDbtR81i4CTKqahUTl.csHigh entropy of concatenated method names: 'WqV9I4aFCr', 'oXI9jY225y', 'ElA94DdY1Z', 'veU9qH18Rh', 'RTq99PChqX', 'VMn9aGZAhq', 'veL9SIHQa3', 'XBc9sccnj2', 'qsm9mp664r', 'IHR9Cx5u6N'
            Source: RmjVbD9QNK.exe, y6my3vYI94dhO4Ytqse.csHigh entropy of concatenated method names: 'ObxKWE3MUM', 'mEpKIWUuar', 'QMmKGgwlJS', 'MAYKjC3MoI', 'r8wK39En5i', 'UdAKhcKPmo', 'FcyKt2BC7u', 'SQOKFb5Xhj', 'x5vKKZBin6', 'bxXKvTZVlO'
            Source: RmjVbD9QNK.exe, qKGhVZAh5WiuphexP0Q.csHigh entropy of concatenated method names: 'wudjk4ECXd', 'bopjHAwQ9C', 'RibjeblSEh', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'XBsjfSSakm'
            Source: RmjVbD9QNK.exe, aYAxghCao3FSri4wk4.csHigh entropy of concatenated method names: '_0023C', 'IndexOf', '_0023D', 'Insert', '_0023E', 'RemoveAt', '_0023F', 'get_Item', '_0023G', 'set_Item'
            Source: RmjVbD9QNK.exe, s8KlEtQMOWAitYA8siW.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'klEag1TkTgIwF8DQlqR', 'EfoT10T4SdQOKhs3yAx', 'E7KmaWTmnxrnMGpBVWW', 'buVApFTCiEtHIlcE8aD', 'rqv10HTyHP45kr6xVFc', 'v0WsImTcms56a5lWW8j'
            Source: RmjVbD9QNK.exe, DhDc3xdTHWBKW7ZakDm.csHigh entropy of concatenated method names: '_5u9', 'CFIWGVZRiw', 'T12HVoUhCV', 'eGTWJlNLGL', 'mMhtTKLX15CVOA4fXOk', 'vadlRrL0Qrnsb8bWEE3', 'iYEpq2LofRvWbG8kM7c', 'x69iwyLJPCs1XOCuDeV', 'KeTib8LbS2lo8U1tPUC', 'ggoOIjLzm76crwyikEV'
            Source: RmjVbD9QNK.exe, XtMmGB8mMf5bGpau244.csHigh entropy of concatenated method names: '_7zt', 'HY8ZCRgAFt', 'fvZZrQn0C5', 'nYQZudgkxW', 'fOqZOO0nNd', 'O1gZXYMMui', 'Xf8Z0EbLs1', 'X4gCHvjLtTwUGntyeBc', 'bHilLJjRs6aOu70Do5P', 'wcTwhZjvSkamVbmLZbb'
            Source: RmjVbD9QNK.exe, GgBESAAICtaBTEqWq2R.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
            Source: RmjVbD9QNK.exe, VCi3vfEEiPupp46d7hG.csHigh entropy of concatenated method names: 'wndEijbvZm', 'y0NENFd1Ma', 'hIYE7xUtZj', 'xheEMBVjAO', 'jYqEclZ2rx', 'GraEUnLJPa', 'CowbL1FWayOubtgibpo', 'akxsdgFeg3uJeuJSJmg', 'axmxqOFQnHcDHrq56ah', 'TOffrOFUb5AyrICPfwX'
            Source: RmjVbD9QNK.exe, BnyoyYdH8J5AYXHB3ET.csHigh entropy of concatenated method names: 'XopBxPImLh', 'aAJBlpdvOA', 'vdNBJWm5Q8', 'oDWo5avx9fFyEq41psO', 'kbvIuqvFMA7y8q0RbOn', 'DKOjJDvNcQWVbFx1S5A', 'qb8iePv9U9k5NUf3BNf', 'PyMB9wEqaJ', 'CnkBak7XV2', 'UwvBSATlJN'
            Source: RmjVbD9QNK.exe, PyKqLREmr1mNtSy3eq8.csHigh entropy of concatenated method names: 'EwDdzGsgT1', 'com8VXgqZs', 'baT8QUWacu', 'PZB8ED58N6', 'U3t8dxHxiO', 'NnK884Hsmg', 'Yvq8yRMjdg', 'RuH8AjnKtr', 'Q088YD1YPF', 'kS48B50smN'
            Source: RmjVbD9QNK.exe, AKtAH28S085jWhm1fLo.csHigh entropy of concatenated method names: 'w0rZ8LiI3a', 'sUmZy2NgPY', 'eWgZAZbVD8', 'gLQcG0jUl2ZfEq3Vu1s', 'DFdFtPjWh0yxmg3UxEt', 'NIEIjhj9LVGoIHo1By9', 'EGaQSVjQKbiH0W5wrSA', 'Bqgxe1jeisZxQSxLYNK', 'G4AE66jtGqkSFOZ9yQb', 'J3axlEjG1hl5ZCYL3vV'
            Source: RmjVbD9QNK.exe, lchbseG0XV3vVkmwS7.csHigh entropy of concatenated method names: 'mEolmA2He', 'PX5JD8k6T', 'elCnbnPoP', 'ClNxQRgVsC0tWrQlKqI', 'ilPLQcgyLbrSSfeFuP1', 'feDuKOgctySXWcBp903', 'mExvTUgKByKDtc2ysCS', 'MPoKI8g3C31EEqgVcTi', 'FkMm1Egn7idaWBNMTbl', 'dgJkGqgiTAoCow7jBhQ'
            Source: RmjVbD9QNK.exe, O97hoOX4uSOay8u9qa.csHigh entropy of concatenated method names: 'jkLWw4nEr', 'EBFIyFwlQ', 'aIDGgEFWl', 'ctdj4GVGc', 'uC53GwYIu', 'gt8hw3eT9', 'envtXqnw3', 'aii08lg136pbK1H2ikn', 'nmSH1rgApM8jvL0DxIm', 'MQYrLtg634aT5YTI1OF'
            Source: RmjVbD9QNK.exe, v0kVfVdRbuTbvemJlUK.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'hMUW69bpnR', 'MBKH83cPLq', 'XnmWjc6IS0', 'QrVMY2RNdiAb9HOX2kj', 'N4pCqxRxslEsYLKCu8T', 'PRIJ06R9cuQJwyogMwp', 'xuFWWIRQkbLNMJ8M5Hy', 'mAyAEcRUeeNRni5TJys'
            Source: RmjVbD9QNK.exe, K6ZfR6EVCa58wovBEED.csHigh entropy of concatenated method names: 'OSNEImXwAM', 'lYJEGgTRJl', 'pHwEjtiprk', 'dMYHHBw4YkdUrDuKand', 'cOdme4wmLmNQ3td8Wsd', 'b5hIBqwC6hX1T6jHxUK', 'eAhRgIwyR67KuhBjSnY', 'bmGKghwcmSZ0lUbcOO6', 'gETWjqwVB6hBV0h96td', 'QDrNDCwsupLRJU8uvqQ'
            Source: RmjVbD9QNK.exe, mWyPdtydchQWrL8qEos.csHigh entropy of concatenated method names: 'GByQwF4LiZ82iDYr9GD', 'pqYk1u4R3t6y5jVXAL3', 'f8Px8o4vlvcYcXkTCvO', 'QJgNPt42oH7RMgZfDgk', 'chNrW8n9w3', 'uQlAe04jgCauwmJMHiL', 'YbHbtB4h4Ww4IaKOcZo', 'OPwrnD4IImNTtdt52Ko', 'phSaRL45cnorMwOdbd9', 'h6K57n4ZyKojWAVCfHy'
            Source: RmjVbD9QNK.exe, eH1Qb6Y4iClQLMdHSXZ.csHigh entropy of concatenated method names: 'EB77DD8j2eQTbraNGCu', 'lZAxy78h1C1vplPO4La', 'DXv4HB8IWpsdayIhH2P', 'P3xUt885q0WHlg0NEJS', 'bUlKq3nMPD', 'VdF2sT8qXqFGb4hUqLT', 'D9MHBX8ssHecNEk8ty5', 'dY8YvZ8kgFN9qdq8k05', 'ERwWXy84tZn7N6QYKAS', 'P0Nk9k8mBVu08IO3SLX'
            Source: RmjVbD9QNK.exe, s2vXkJdOkk5qQsXnmaM.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'txRJjaLNkXpUknAgbLg', 'Q9L6bsLxW01wbg0T8AV', 'GxUaFdL9geM2M6tWjxY', 'm58YwdLQyX4ILaPtQ4c'
            Source: RmjVbD9QNK.exe, vtfX9eo5F1sPmXjJup.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'cmSZtaYy6PJBgkQi7xh', 'z5wdfpYcID5buA1rHyl', 'NZApvFYV53eRB2KiSV9', 'HTRxN4YKe955CqLlBrl', 'teF2WGY3mMgnPhyEjQo', 'SSvpXpYnwyk1Mlj2PG8'
            Source: RmjVbD9QNK.exe, oMU15syv30AvNERAxwU.csHigh entropy of concatenated method names: 'fA3WcAuQRJ', 'HKPWUFiTts', 'qgDW536M51', 't38W167koU', 'sYtW6QNFy6', 'a7rWwf1xiJ', 'IIMdJmcHbtt5Ee1kTHC', 'We0PNec8hGmfQAsKWNO', 'MWmiBbcldbuOJc7UwXE', 'EG14SAcO4WrAnkiepeO'
            Source: RmjVbD9QNK.exe, xIPWhW8ewt56yVjUo8T.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
            Source: RmjVbD9QNK.exe, FErZwndzfwg8u3Rlljn.csHigh entropy of concatenated method names: 'mwkH3Trmw8', 'OOWHhyyg28', 'pWhHtWjvU2', 'y23mlYInBLaNXCbZOIP', 'LAHcXAIiK5DMAXemDh7', 'YHcvOCIKCyca8l8CWKV', 'Mf5MDxI3pt5yuks74Jj', 'eoRR43I7pMv06eWxwFX', 'Q11yICISh3YX3wWW2aZ', 'tJrM8YI8dOplOE39FQG'
            Source: RmjVbD9QNK.exe, UqYyBjQ0l0UHTe2KEIg.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'HsGkAM1CnuB3tR6cmDp', 'LPQKTn1y2mJaDx56kgX', 'LFE3lt1cxiMfEO9CHo8', 'j2xLDq1VM6gP6nFTwfw', 'aMDlDf1KnpkA4npYWFn', 'AZbUrJ13sxRMfkaPS2u'
            Source: RmjVbD9QNK.exe, uIn0Y1QdkMtmuguC5M6.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'y4tEiOaqeCutjSOjOYM', 'LGCCEras0PLN0tKUmCh', 'bF7ABHakeVhHMf0Edjh', 'TfKJpXa4s7ymAfjMLbk', 'mFc8OOam2rGJvwMdGs0', 'fu4Ac1aCUUBaWDXvaYp'
            Source: RmjVbD9QNK.exe, EW3csx8jeI0XXj7OGDH.csHigh entropy of concatenated method names: 'SxL4xLM9Ds', 'Xjc4lf3S1y', 'F8D4JLjlPP', 'bts4n1wEYb', 'Guv4oYOqiS', 'Hr3vNehtmUQGieQUqrw', 'H2b0DPhW1oFs9kxy9tp', 'bAOPRmheiqPD8AX2mOh', 'yHNDudhGWlDrRcWhtOp', 'LN1oyohvRMFVInpZ5sS'
            Source: RmjVbD9QNK.exe, CiUycJ8UhJbLts3u1cv.csHigh entropy of concatenated method names: 'uWLqwd3U4e', 'Lp7ql2P5d3', 'Us9qJVe3BM', 'YEjqnq0mLr', 'Y1QqoZYrw5', 'CUuqb5gHF4', 'xKdqPRc8k9', 'TWkqg1TqGy', 'GBgqLO0VJ9', 'jNJqDvwYlc'
            Source: RmjVbD9QNK.exe, Fr4IhXESGKI5L3XwXPY.csHigh entropy of concatenated method names: 'qiWdw80sZc', 'MRJdpkNXn1', 'QQl2dMxtLlhHh9Pjw8B', 'MV6SnHxGlwhb4jcr90L', 'tGAMhRxvDp70lyEm5id', 'KhrLNyx2hBW5wQSHE7v', 'G6fNbAxLq4RO5tTDhCw', 'Tc4VSMxRgOKb1kd5mwa', 'nJglA0xIYucsQjqS5eJ', 'H6WjuBx5G0dDZbB6wKJ'
            Source: RmjVbD9QNK.exe, gCeqHgP1FPLWpAlwTG.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'yBJ7VVYb4AbHWFkMo86', 'CqHNpTYXkh8uO3XjviD', 'q3aBa5Y0nNrOoSTSJlP', 'hpwve2Yog52iAsWVFRM', 'byf7DjYzJYlRfKaxsGk', 'B9AMMjEffXv88nm1L3G'
            Source: RmjVbD9QNK.exe, p6LISads9UJuDEVSdu3.csHigh entropy of concatenated method names: 'Xt5Bc6yVjU', 'I8TBUKeMYm', 'WknB51tjPj', 'Tq9B1KLAuR', 'e0HB6E6GnK', 'sPSbx32aSHyhgvCTkxu', 'caGUQ62db303bFYMVd0', 'gI3NYk2E0iDVMehhxsT', 'qu0yVC2BAh3Djwcbimi', 'lmfqvv21clDy6Gh2Cqs'
            Source: RmjVbD9QNK.exe, Ux5clrQknwvVIWqY1UA.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'bNi9stddG51MnmQ3nlQ', 'Hy23tud10eDLnrvU5J3', 'RWOjhadAR1fRh5nPlRg', 'ylZbCad6QlSVnQAtllK', 'CFt8pWdTm7phPqXliyb', 'pWgtSVdwe3eaK2pdYCV'
            Source: RmjVbD9QNK.exe, bVLbcHQpiENdlW8fZjA.csHigh entropy of concatenated method names: 'PmqEXpJ2Ux', 'VclE0rnwvV', 'xWqEWY1UAI', 'nVekblwTDsTgl9LqJR2', 'AnP0cOwAdAXlVohWQXs', 'FVOkBZw6AbvtnXGVqBl', 'AdNDdlwwPf6FvBOKrR8', 'PYOCFSwFh7ifUjMZnBI', 'WfCi14wN367Ibou1Kib', 'x06isLwxqRtRmoP1UBP'
            Source: RmjVbD9QNK.exe, WZFJHrEksZYQWHOYvfY.csHigh entropy of concatenated method names: 'uu5dvq6LvR', 's6bdxUeam9', 'TAVdlSunjv', 'nv1dJoaMhL', 'tvgdnylccu', 'Bnodo5qJrq', 'rTXdbwYBUh', 'bNWIGVNIMWjQtP02QTd', 'sOCg2rNLb64OCSswWdf', 'A2qAKgNRIUjxKYIpLZh'
            Source: RmjVbD9QNK.exe, VOcfZ7zi0eYtdao5AA.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'GyW2axaYCbeYCKwgqWs', 'rxsZgCaErRNrJTFVN61', 'wM03e2aBTYgqcyHqAAS', 'gUgC8SaaoDMf84hKeX2', 'wMAYwDadIm7wM9hVZEv', 'H7NpFra1sjuC4lFMnYN'
            Source: RmjVbD9QNK.exe, DWeNlBy6ibfmExs8Hn9.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'GMHI09c0Rr', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
            Source: RmjVbD9QNK.exe, hG5FQiQYDuwV5l0nEKm.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'UCnghMaJeFcWENM1gKO', 'amR8ZVabhBGY97lr63e', 'LlmSjtaXvBjBNmpnbIK', 'BoANcRa05pmCM4bkeMj', 'SHgwNaaokxBTS2rfFc4', 'r1VQ3WaztpuaACIs4gi'
            Source: RmjVbD9QNK.exe, SYIo35dMXdKddiNDslx.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'NLbHecCh9G', 'CdIW7MfJcq', 'FkLHfBoGSU', 'DlJWNh32df', 'UXorQ7RVwvB1sRAgary', 'dUlvt5RKGvoeEVOgqew', 'BtSt1ERy7jecMXOnMak'
            Source: RmjVbD9QNK.exe, zLCWweQad3gN0wRWYML.csHigh entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'JCpFHSdD6yQZO8JELtZ', 'c2ht4hdM4f6sq85e27l', 'qsBpdjdJWsQF9BNII6L', 'eiQW8QdbtEWF2agKZag', 'qc4aoHdXEojICDQbw0A', 'ys54IUd06RUJbS6D1X2'

            Persistence and Installation Behavior

            barindex
            Creates processes via WMI
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
            Drops PE files with benign system names
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Users\Default\smss.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Users\Public\Videos\explorer.exeJump to dropped file
            Drops executables to the windows directory (C:\Windows) and starts them
            Source: unknownExecutable created and started: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe
            Source: unknownExecutable created and started: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Users\Default\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Program Files (x86)\Windows Defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Users\Default\smss.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Program Files (x86)\MSECache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Users\user\Downloads\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Users\user\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Users\Default\AppData\Local\Microsoft\Windows\History\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\RuntimeBroker.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Program Files\Windows Photo Viewer\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Users\Public\Videos\explorer.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Users\Default\smss.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Users\user\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\RuntimeBroker.exeJump to dropped file

            Boot Survival

            barindex
            Drops PE files to the user root directory
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Users\Default\smss.exeJump to dropped file
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile created: C:\Users\user\QWQpSrRPpykBmPKCQiELiILCQi.exeJump to dropped file
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 11 /tr "'C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\Default\smss.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeMemory allocated: CA0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeMemory allocated: 1A900000 memory reserve | memory write watchJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeMemory allocated: 1070000 memory reserve | memory write watchJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeMemory allocated: 1ACD0000 memory reserve | memory write watchJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeMemory allocated: 2D00000 memory reserve | memory write watchJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeMemory allocated: 1AF60000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\Default\smss.exeMemory allocated: 2AC0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\Default\smss.exeMemory allocated: 1AAC0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\Default\smss.exeMemory allocated: 5F0000 memory reserve | memory write watch
            Source: C:\Users\Default\smss.exeMemory allocated: 1A4A0000 memory reserve | memory write watch
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeMemory allocated: D60000 memory reserve | memory write watch
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeMemory allocated: 1A970000 memory reserve | memory write watch
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeMemory allocated: EA0000 memory reserve | memory write watch
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeMemory allocated: 1AB20000 memory reserve | memory write watch
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeCode function: 0_2_00007FF848CB9DE0 sldt word ptr [eax]0_2_00007FF848CB9DE0
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\Default\smss.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\Default\smss.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWindow / User API: threadDelayed 1814Jump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeWindow / User API: threadDelayed 570Jump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeWindow / User API: threadDelayed 364Jump to behavior
            Source: C:\Users\Default\smss.exeWindow / User API: threadDelayed 367Jump to behavior
            Source: C:\Users\Default\smss.exeWindow / User API: threadDelayed 364
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeWindow / User API: threadDelayed 366
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeWindow / User API: threadDelayed 363
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exe TID: 6160Thread sleep count: 1814 > 30Jump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exe TID: 6540Thread sleep count: 570 > 30Jump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exe TID: 5956Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe TID: 3180Thread sleep count: 364 > 30Jump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe TID: 5712Thread sleep count: 128 > 30Jump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe TID: 5512Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe TID: 6784Thread sleep count: 325 > 30Jump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe TID: 6784Thread sleep count: 235 > 30Jump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe TID: 4432Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\Default\smss.exe TID: 7256Thread sleep count: 367 > 30Jump to behavior
            Source: C:\Users\Default\smss.exe TID: 1248Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\Default\smss.exe TID: 2716Thread sleep count: 364 > 30
            Source: C:\Users\Default\smss.exe TID: 7136Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe TID: 5908Thread sleep count: 366 > 30
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe TID: 6436Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe TID: 7148Thread sleep count: 363 > 30
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe TID: 7156Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\Default\smss.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\Default\smss.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\Default\smss.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\Default\smss.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeThread delayed: delay time: 922337203685477
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: jC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: pC:\Windows\WinSxS\amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.867_none_b57fce26790eec13
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_en-gb_71570953289cd4d0
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: sC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid.resources_31bf3856ad364e35_10.0.19041.1_en-us_447494df1222bcd8
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dC:\Windows\WinSxS\amd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.19041.1741_none_1bf0e7c12b78479b
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.19041.1_none_25a2ff96aac272dd
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1741_none_a3a0448c191b2fda
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: fC:\Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1889_none_46e4953b6f70cc79
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: oC:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.19041.1_en-us_d314f4eb3925c8b5
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.19041.1_en-us_fc0cba9450a52790
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: mC:\Windows\WinSxS\amd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.19041.1_none_d7dfb451bd621127
            Source: RmjVbD9QNK.exe, 00000000.00000002.2246746491.000000001B9F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\rQRUvXXlh
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: wC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.19041.1741_none_4fe99c993cb84326
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: mC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none_78a9b11b7a3cc41b
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: cC:\Windows\WinSxS\amd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.19041.1_none_93cc37f483916b61
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.746_none_6fbcad1699b89a67
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_ddaeabc80a3525d6
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: pC:\Windows\WinSxS\amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.19041.1_none_a87cce111f2d21d5
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: hC:\Windows\WinSxS\amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.19041.1_none_34b87765e20dcc15
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: aC:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.19041.1_none_555170071aa29c2c
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.19041.1_en-us_8e6d1518accc0bf5
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: sC:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_6ca4b4247e291981
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.19041.1_none_43a9017744e82ca8
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: pC:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dC:\Windows\WinSxS\amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.19041.1_none_fc5d2e67adee5611
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: rC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.19041.1_none_a2ace16370124ff4
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_en-gb_7788797720472f2d
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.423_en-us_f14a4bbefe65ac87
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3e0d97c4c052586
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: mC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.19041.1_none_50b60ffc14c70fb2
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: hC:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.19041.1_none_a7bb53746630ebd3
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: sC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.1741_none_b365912b94b35a98
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: eC:\Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1889_none_e7d7bde611c8c141
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: wC:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0c
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f0441379
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: sC:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_50c23e4c771f203a
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb07518552135
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: wC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.2006_none_f93d3f541072d580
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ccb9f4751718744
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: nC:\Windows\WinSxS\wow64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.1_none_97e0d8d7edeea164
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lC:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.19041.1645_none_fe1307608fa06d8c
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: hC:\Windows\WinSxS\amd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.19041.1_none_b6d8bfc73f89cc96
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: lC:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa.resources_31bf3856ad364e35_10.0.19041.1_en-us_168291f09487ebd5
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ee8ada67d246bda
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp.resources_31bf3856ad364e35_10.0.19041.1_en-us_369e8b635061fdb3
            Source: RmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b3d1ef0d088d6955
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\Default\smss.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\Default\smss.exeProcess token adjusted: Debug
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess token adjusted: Debug
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeProcess token adjusted: Debug
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeProcess created: unknown unknownJump to behavior
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeQueries volume information: C:\Users\user\Desktop\RmjVbD9QNK.exe VolumeInformationJump to behavior
            Source: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exeQueries volume information: C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe VolumeInformationJump to behavior
            Source: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exeQueries volume information: C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe VolumeInformationJump to behavior
            Source: C:\Users\Default\smss.exeQueries volume information: C:\Users\Default\smss.exe VolumeInformationJump to behavior
            Source: C:\Users\Default\smss.exeQueries volume information: C:\Users\Default\smss.exe VolumeInformation
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeQueries volume information: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe VolumeInformation
            Source: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exeQueries volume information: C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe VolumeInformation
            Source: C:\Users\user\Desktop\RmjVbD9QNK.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 00000025.00000002.2312710960.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2290146036.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001F.00000002.2316758525.0000000002B12000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000002.2311559613.00000000024F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2291808749.0000000002FAA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2290146036.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001F.00000002.2316758525.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000023.00000002.2313038112.0000000002971000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000025.00000002.2312710960.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000002.2311559613.00000000024A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2291808749.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2240275956.0000000002E64000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RmjVbD9QNK.exe PID: 4440, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QWQpSrRPpykBmPKCQiELiILCQi.exe PID: 2608, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QWQpSrRPpykBmPKCQiELiILCQi.exe PID: 1200, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: smss.exe PID: 6772, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: smss.exe PID: 6780, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 6196, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 5672, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected DCRat
            Source: Yara matchFile source: 00000025.00000002.2312710960.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2290146036.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001F.00000002.2316758525.0000000002B12000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000002.2311559613.00000000024F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2291808749.0000000002FAA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2290146036.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000001F.00000002.2316758525.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000023.00000002.2313038112.0000000002971000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000025.00000002.2312710960.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000022.00000002.2311559613.00000000024A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2291808749.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2240275956.0000000002E64000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RmjVbD9QNK.exe PID: 4440, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QWQpSrRPpykBmPKCQiELiILCQi.exe PID: 2608, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: QWQpSrRPpykBmPKCQiELiILCQi.exe PID: 1200, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: smss.exe PID: 6772, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: smss.exe PID: 6780, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 6196, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 5672, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
            Windows Management Instrumentation            		1
            Scheduled Task/Job            		11
            Process Injection            		333
            Masquerading            		OS Credential Dumping11
            Security Software Discovery            		Remote Services11
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Scheduled Task/Job            		1
            DLL Side-Loading            		1
            Scheduled Task/Job            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable Media1
            Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Obfuscated Files or Information            		Cached Domain Credentials14
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            RmjVbD9QNK.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            RmjVbD9QNK.exe100%AviraHEUR/AGEN.1323984
            RmjVbD9QNK.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\Default\smss.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%AviraHEUR/AGEN.1323984
            C:\Users\Public\Videos\explorer.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%AviraHEUR/AGEN.1323984
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%AviraHEUR/AGEN.1323984
            C:\Users\Default\smss.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%Joe Sandbox ML
            C:\Users\Public\Videos\explorer.exe100%Joe Sandbox ML
            C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%Joe Sandbox ML
            C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Program Files (x86)\MSECache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Program Files (x86)\Windows Defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Program Files\Windows Photo Viewer\QWQpSrRPpykBmPKCQiELiILCQi.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Users\Default\AppData\Local\Microsoft\Windows\History\QWQpSrRPpykBmPKCQiELiILCQi.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Users\Default\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Users\Default\smss.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Users\Public\Videos\explorer.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Users\user\Downloads\QWQpSrRPpykBmPKCQiELiILCQi.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Users\user\QWQpSrRPpykBmPKCQiELiILCQi.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat
            C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\RuntimeBroker.exe84%ReversingLabsByteCode-MSIL.Backdoor.DCRat

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://ch67763.tw1.ru/@==gbJBzYuFDTtrue
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRmjVbD9QNK.exe, 00000000.00000002.2240275956.0000000002E64000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown

              World Map of Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1524317
              Start date and time:2024-10-02 17:48:29 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 7m 19s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:40
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:RmjVbD9QNK.exe
              renamed because original name is a hash value
              Original Sample Name:207fd3471dc4f4fe474cf9f288e3b1c1.exe
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@30/55@0/0
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 54%
              • Number of executed functions: 308
              • Number of non-executed functions: 6
              Cookbook Comments:
              • Found application associated with file extension: .exe

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe
              • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Execution Graph export aborted for target QWQpSrRPpykBmPKCQiELiILCQi.exe, PID 1200 because it is empty
              • Execution Graph export aborted for target QWQpSrRPpykBmPKCQiELiILCQi.exe, PID 2608 because it is empty
              • Execution Graph export aborted for target RmjVbD9QNK.exe, PID 4440 because it is empty
              • Execution Graph export aborted for target WmiPrvSE.exe, PID 5672 because it is empty
              • Execution Graph export aborted for target WmiPrvSE.exe, PID 6196 because it is empty
              • Execution Graph export aborted for target smss.exe, PID 6772 because it is empty
              • Execution Graph export aborted for target smss.exe, PID 6780 because it is empty
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size getting too big, too many NtOpenKey calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • VT rate limit hit for: RmjVbD9QNK.exe

              Simulations

              Behavior and APIs

              TimeTypeDescription
              17:49:36Task SchedulerRun new task: QWQpSrRPpykBmPKCQiELiILCQi path: "C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe"
              17:49:36Task SchedulerRun new task: QWQpSrRPpykBmPKCQiELiILCQiQ path: "C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe"
              17:49:38Task SchedulerRun new task: smss path: "C:\Users\Default\smss.exe"
              17:49:38Task SchedulerRun new task: smsss path: "C:\Users\Default\smss.exe"
              17:49:38Task SchedulerRun new task: WmiPrvSE path: "C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe"
              17:49:38Task SchedulerRun new task: WmiPrvSEW path: "C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe"
              17:49:40Task SchedulerRun new task: explorer path: "C:\Users\All Users\Documents\My Videos\explorer.exe"
              17:49:40Task SchedulerRun new task: explorere path: "C:\Users\All Users\Documents\My Videos\explorer.exe"
              17:49:40Task SchedulerRun new task: RuntimeBroker path: "C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\RuntimeBroker.exe"
              17:49:41Task SchedulerRun new task: RuntimeBrokerR path: "C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\RuntimeBroker.exe"
              17:49:41Task SchedulerRun new task: StartMenuExperienceHost path: "C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe"
              17:49:41Task SchedulerRun new task: StartMenuExperienceHostS path: "C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe"

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Program Files (x86)\Java\74b655f41a3036

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):100
              Entropy (8bit):5.495916314580016
              Encrypted:false
              SSDEEP:3:feG/6fKTL3xK5H87uMtKFyUuxKHsCx9XE6n:fB6fKTL3KHSDtZUu4J906
              MD5:7F66E9AFEF6601EE6AD53C3E57EA6FDF
              SHA1:88F5F9B23454F6D5599DDF2C5D054F9FDE0F740B
              SHA-256:26EA1A2963863A8D49D18C2D8FB71D70FCC523025F6B151914853BA8F738644D
              SHA-512:3ACAC8844618D11B891E8269437E91A787C723B12A3A783F0D36F6408EFF0CE3D7A6467E9FC5C950891B22A362B4F1159E45A71ED0E00062DA3734B77A71CE23
              Malicious:false
              Preview:tMyVmwPcBcZ5cNeMSVzofjnugz0kGRvLnGhJbgxUOGWObD1Z5K44LgkKiEzw6oVuqORVqUuwhfZYNYTc8bp6W0AHgXkXrAYkulhN

              C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:true
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Program Files (x86)\MSECache\OfficeKMS\win7\74b655f41a3036

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):19
              Entropy (8bit):4.0374011976541135
              Encrypted:false
              SSDEEP:3:YqEz:tI
              MD5:354CCBF8791340A6E46536E750D98209
              SHA1:7219D860D5DBFF1D1E498A7DF7343923EF853101
              SHA-256:5972A4639E5C724D8AECB253CE4EEC977FBDC9641F4CFBE010C74F2B8335ACB2
              SHA-512:6F0AFC8FFA3285C8B2DFB2F9474357D396750A65819F6EF686E23AF70367B0ED72CFD54BB3551A2A9AF248855DAB5E6C8F4DEB2F2EC929EB1B8D68CDEAA96C26
              Malicious:false
              Preview:ddCNzMRVQ1aHeiYr18T

              C:\Program Files (x86)\MSECache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Program Files (x86)\MSECache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Program Files (x86)\Windows Defender\en-GB\74b655f41a3036

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (811), with no line terminators
              Category:dropped
              Size (bytes):811
              Entropy (8bit):5.892518619512764
              Encrypted:false
              SSDEEP:24:dLN+EDJAHnUl8N4ZdKOpb2b7aCiOWBNww/Li7:dHdbyNCr929JWBCcO
              MD5:19082D6F257E7960353307CB02745BDA
              SHA1:8F5E09B1099C3BE2A8660915FC5F036588014A49
              SHA-256:63DC25BF05F637DA163E0968F4BB6F3764609BED6DDFBD18BC63A24CA7F19123
              SHA-512:6D04F7B382B1BF69EF192787FD997EA9CCE03974F98C67BDAEA1DE641BDC47118BB0E32E010505D5645F67B65E919159594D44E85A414E14A59A4E2CCE35E9F9
              Malicious:false
              Preview:EBth0dsOcSBItP2a6vaG6wM15f96XOor7nagvocZ4UQCqp5Krw82Hd1Sz2lUdw0NoTLFyVpRTALlfKKQjzOkQvjdvIr2DH6IeDYXe0VVHqjGRPwpsUuohP62trTqowOLEDHcwwwtd2cjLcMfVBKsXRkPGfnwgprVcYBNIU35iAKowXqQexUnlgxxc2VQJ9NyLHGxb8XBIOJWH6csyWSsUEt5kOuQ9mwjxWcpQ3zgaTeXWbpgZmcwredHXLNMNHBgbkivdxc5gwRBjVjJjO0WKA1T2VSFpnSTR86v24CmKgP4MciBlEm9RpVbsP2IfWP3e8tlZxQpMNMnu6GawQelATBmmfDmB3HxRWaNt6lxx7wDdsqvJbVO2n2K6G84uonSGYWXg2rzoqyCg8J4yRdjh35ndQQm8rDIUe7EVSPQufjMz0o87EFdLDuNdt4QlF17mpsBBEigBMzCTsynlSo4mj7RtulmY9poomjJHn73fjb8Ns3u5QoTb7UCsbRRd6HBhKXqJof7VvYDI8DB00rHUWNqRgbqVqZjbabDUMkQuq7qiR4tYQamPAqL6rZmNympVzlsgAqnQaWnYhI9lrSFPxUbtQGnx7D6ESUtpMNYjxWynDwZiZBgghZhfK8P3C0SXajFMYTYe4fcbfxperEY6gZh2wOfN7eg7DbMdqMKFmClB7G9XTvM8bV0ABNZKyLga8fXEkMxe4SUeyf4qOI4LRifrkLcdw9QbfLCct4wG8rDJBWMfSt5qQUIa9peYuTs4B38mdc7TVxNjeVqN96LCDjKKCmcDaXWp9IHIXjC0wm

              C:\Program Files (x86)\Windows Defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Program Files (x86)\Windows Defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Program Files\7-Zip\Lang\55b276f4edf653

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (342), with no line terminators
              Category:dropped
              Size (bytes):342
              Entropy (8bit):5.801279290186129
              Encrypted:false
              SSDEEP:6:WZWchmZ6PioOLSzRgzU18X9VCBCSKWsSdj1idy89gEiqTXKQkI2xolPEV7:gWchVPioOLP99VR3WsShYdyU4QkIIOEp
              MD5:0D3AB23C94A70ADE8A6A13C3F28A0406
              SHA1:67F7050581771157987606F1B21BE89AAB7F3FE0
              SHA-256:5471E9C47B12FFB5C744753E69F4C013973E3F9976638ECC7A0B0B6F8E47B434
              SHA-512:EF438B7469690A3B71414F176769A3CCB222773301CC99F0C9658F72AA56E39A4CCB0859E49561ACA6879E4E91627BBCD3457698184FD18631B1C82D63A36200
              Malicious:false
              Preview:rTeLQvVIPPytv6nzLGDsyzu0GOaOOJ3EjswxsaZMWL9KAxUHjPp6Lef1jnEBVG3GWtJCK0Gvq1Wnzj0T3So9d72FN4NEVX0PS3yQnS6tJ4PUH2CAwvHCc4mZ0EzPmBZSAHV5vkplW5zjri7U2NSkQxxXRZZjdrGIe6TAhGPMFfqgEDrRGeWZtzCNU7oWKGIoyrEvP6ww8FeuHQTNrIc8UrYo4Gqkb2B8XCrW85CJskbnVRGDnaoCoJTHSa1IQMUFDgXEj6PwFSQuPvTnAn6AO9UNsjEhE33fPWjy3BerK17V3i1hGOImPT0ELJW92rrLYue3Met9IP0WC8UJrgb0vR

              C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:true
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Program Files\Windows Photo Viewer\74b655f41a3036

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (690), with no line terminators
              Category:dropped
              Size (bytes):690
              Entropy (8bit):5.884215241073366
              Encrypted:false
              SSDEEP:12:2bj9hZgIyWquN3+aT8QT5qAc+MTH19Ij7XLAxRmoGWKLlCfb/W/Z7Pnq1UmXBYjz:2b5hZgzWnXT8QJc+GvIjL0RGWE8i/5PN
              MD5:12F64A0E0A6C7B0FBEA8851D0DC49AA3
              SHA1:869A7830A658219A82ACD3A4262A6959C13D8DEB
              SHA-256:91AD57437A8C747E6928F3E7E73F75E90F350D7B30361140583AC6009AEA076F
              SHA-512:677296F41ECFCFE0401DF9CB4A2C09C55677A2E4BEF7CCAE4D68E849024D12E860261D1D14375AC3839EAA03121FB6C1A639E0747E2743B606F3D3A3C3770D6B
              Malicious:false
              Preview:9XBdWplzJd9etWURXVKmrW2LFJ0SW8MT0vz1TGEFIedTa6FeCAcu6I8ne0XNyScLRpn7hd8QQEdN2jvJEWQWfbWrwMWct1QzBSBuSH7iCLd2pvu4FNJcCGpzS5KUGfhZynLjhA06YrUT7eCBbcXfsxx5nMbW7mbgoEEBjKWFXMEUwV1x3J2oIBqA0P6Vid9vPxp3aBbRFSIftcJRUodxuxYmYEKTOBg3NSE8p8X2rlj03LQXGoA4ALBcYDfW0HCEvPRbYKmWQlGJNisMxxNjAm2CRlkmdABkifEo3y95ConZF1O0USiD4dDJWPKwk92QjfksdET9xRgV8c6ZXtSLb7qEb4RnoMVDvXzjRgWP9jPm6rK3SvZ0qrylzfRixpVk6djlmXI0XDM2sDItuXU2xeWEiOtvOxcTOopdHjR5nidnf53vXhyZUcxcGfDYoXmjk2oDYolLGZPOAtjmU7Xq8D8v1NWmg2RP64DmR0Xs6nS4MibX6aEq95kh33LKS9oOI9SGp6VekouVuEiSw8qGykQATftYoNa78EvNQUrAEjFUKPxzU3XTTiZhtRwKN7zWOxWpSVCbRpBOe50Es3DvzGnZpOd8hhwGutGX3Ih806CnhLCxbsbT4EhHJ6AE2E3t35dvzdKkWF42EA2dLqgzFcMqL8N6HdGwDStlrR88h17yJoDIDg

              C:\Program Files\Windows Photo Viewer\QWQpSrRPpykBmPKCQiELiILCQi.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Program Files\Windows Photo Viewer\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Program Files\WindowsPowerShell\Configuration\Schema\24dbde2999530e

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (854), with no line terminators
              Category:dropped
              Size (bytes):854
              Entropy (8bit):5.913177277123797
              Encrypted:false
              SSDEEP:12:f06NA6JCKKhYGiBYS8Zr50CRL/Nv5ZUxkZT2NJzHGBYGLnO8RYVXOYySr+DmbOuP:M2FKJS8hrR71UeTWxmOMOaYXZr+SquJT
              MD5:4E2CDD2BA15901F7ED4344283F5C95D8
              SHA1:8EDD5D7C459A589806F577DAB616E627154C4EDA
              SHA-256:9A50F77A065F0F9636C6ACA6FB0CE598417B5CB11C7F03FC2BCAF83A6C6ED1FD
              SHA-512:80F41CE7949F213C88B83DA1068C426A3E53FEC34A04865B672F1C619D437E20A9AACEE68DB72332D67DCC3D710445EE0FBE6C4A742D28F7D82C7A79B8DD5925
              Malicious:false
              Preview:HW1STe7WOIZ8h4i9f1zUbqs4M8yKeUb37PJhEcZqgk1ISesQXFGHleZao7GUqx14qgASvB5CcIy0yjlrQiwYNTRd0s2HWEAst7cwdZfVKDpdqimFVYEIAcqXPhcCIxqXHFH1HzO1CbOJoxxRGxw7A2sQQFh66cNXXRVkau7fJNFjOgsbuK6UBtXPX1kCRS4kN1wWbM1VzQxwwIBtWFLwf2Vn4FNjJ5N1TeVXuV9iTkeu5kdOz0pMGIEVfIbW8RL4C6dRxo9AGnc5XksUm9tTPBuLaA2l4njCZks8GLaL0pGdpJ74ZHt8h2oBLS1wwYGcDZfx2tObiick5RfQC7Lx3leg6rxxToZcinZPnKCq2SZ9aDF3xluyNTjc580L6aH4J9BS2Pm24f4lLfG2l3As4kPPE6UoT1tcKezaBxBh814rY8QZ28jDZZAiuvO548iCwbaqpq0y1duCph1Fq4wVSpDueRpPiFm9T157hjtLHuL6p82M4IPALMuGYpMYAlPw0usym3iGLkOhdGFgYdVa0myHHyi1XVKgfZF5PEkAkIyk7NnRkqAhPy6N5lrxVqtzZsCDAJQT2U0rxNJ3LQQrUnQqd29oXxp3Z9LPLjQbZqp58PasbxmEZCfwcVkIJm6Fo7RyC3sm9zRo8UrObQMjLkdXeYxz8IRxtjRB7lqhE9Eku0yHnWr3ZX4Ed4UnG3n1he4YDqQ0koeLf3mnkpLmaYXWpMiDRDbLWNCQ6ZE7F0Su2sikRrDarAaJGhs0IMjhNSyS0WqKlOgkFmd6o7wjAAeVw3JYrNy3Rvgj4Pt5A2zce0DdDvLKa9hNycg7MRdXZnSUF4CYN0iHKB15zpU5Bn

              C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:true
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Recovery\74b655f41a3036

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (483), with no line terminators
              Category:dropped
              Size (bytes):483
              Entropy (8bit):5.856829719838555
              Encrypted:false
              SSDEEP:12:b4wf+ld3YL+miFH3ShpDVtoOVtsouK1E6GcJiY:bfiFuDV6s3GckY
              MD5:D90FF75DE82BB4B219612756CFC8934C
              SHA1:3298C877686F5D5EB9005F125C5F96A6EF76B41C
              SHA-256:40A7F55941FA830B7561F1BD520E3E189AC93CFADA6101EB404EF9DEFCE2D4F4
              SHA-512:29FB6B6B812AE9E9550261189EF7A11A8D80043DFEE15FA6F1BF82D6951DA1A4ABF52618A2895980C4F5F7EDBD6C64B0CCA54C9468CB889225D864D31518BCB7
              Malicious:false
              Preview:ePKv67AtUE6QTKhDFA8XjrRmOldjcnX2B4NuF1mnrPUf8rF67Cqj6I4w7ihUebRrqEOY6w7OYVpTXvngggmZ6x529awhTSIQ7ny4dq9KFcLldkZL5By7y2u3IVZg9a5GMZWt7tDzhcTemTZZBklSdLbF35vHRdKogFZDOpOM79aWiPRz6AeYymmB7Q0C76hERp7g4WKWWZVdvFgnn6LR8vz4cXG7zLOBbVE3Ru4kzICYRIQ2tMYBvPFgzDDhPMgKLTCZAnW3Clb0tamUHNOnxNPLPiDOrXUnl1N7G02Fzf8KyOwYatZC83X8D0JbkILpRyP1NpNQVIxROFXBwox77RoreP3QqafrTT2995LvfIqzGFu8cIp5UNr9JhX8v7j5mF74NYB0dBbylzlYf5xivjXFl3zchMAiivMAHzvDHycTw2YU58dzJBKCs2STjiTQA3QzmkQpKtb6HDTtfegjtKZhlKSPgbeifLS

              C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Users\Default\69ddcba757bf72

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (696), with no line terminators
              Category:dropped
              Size (bytes):696
              Entropy (8bit):5.897143663161701
              Encrypted:false
              SSDEEP:12:hV7QRLjRN0rc5c14yi+U94cRWKsVPnAVh1mnV24TwqA4iXqS0ajlx4EEh:hV7sPRN4c5FaM4cRWtwh1sV24TRAX63V
              MD5:7A06C2F315EA9C2E5BB29A58B04F9606
              SHA1:6531A40A866741DB0B04B612B648860225253F69
              SHA-256:7E7A0961F431A38C2DBC7549E6CAFCC087832FA9DBEC33E1EFDECC803B7DCEAD
              SHA-512:7CFD55A4E07EF425838F1680E4E3CA5B748E3A5AEF4D6B0BB472BEF1EE3C3DF93CB9F4DDF5E33F802A00ACD16E960E8E17A3ECDD2B19FE9A17A12A8F3198365F
              Malicious:false
              Preview:yEK7jgSRpaj9L03sWBj7jZbaA4xZZM9uGJLytA1BSEiHQZreXt2regHYmu7ot32caz2CpE9VJhpe1UJkMSCpUSQkCwM8DNRYLFqbhpySthh60mhSkXbb0MIHiS931AR6PQTvnrDhdu6xvTuZP3Yqv0i87i2Op5asPlqjTvo2T47GQVWOikn8mlKZrUyEzy2iTOhKnKFdPfW13cslMnqEScFnaR197jDfCYwCxMlXfJsHOTfOmM2LIxQ0I4tVSGgpb1zepqy9CSjIu8YGvmXuq2XOI633cPEYmDpXeBj5Y3JzNHFJfmkptw8jekVsw4gwNLfrTBmuDbVxthBB1uY0pZo0EG34p0JeXWlCmY0dAzmSaLz6iU1CgqGygpmMIsFNS1aW69Yc34z0wWZ2Q6VU8H7qQwf7vnVRuY9jvc9j5ZIl0QBJPu6LXuPL3tGJdbqPjiFXW0Gx7vZi8V0AuWrBrJ4AJypCW0Ges2CSKowZnIOlVqMi3GYHtpianFOhKEbHo4zFThzGjSXj4SpdmHJQb9uDUmoFaOOjrH6a0GOVQShaR8fVZu5D4KppKwvr3uqUEx2xVPnf2yAIbTwVGTppTKpgbRQDVhbglNWeGs9KGaKGKhO0AZkkEAB3IVVE9jKVWehN7RPYTfj2AiW4DZD571bkMcWvW5LgQztq9A2sKLQjbI3j8bBjfOYf

              C:\Users\Default\AppData\Local\Microsoft\Windows\History\74b655f41a3036

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (403), with no line terminators
              Category:dropped
              Size (bytes):403
              Entropy (8bit):5.88369978416787
              Encrypted:false
              SSDEEP:12:6hiulk8MpGhZHXhMJ58b6wDDJQM/3YbZUAH5tS:6hiOk8h3HxM3w7D+43EZUAHy
              MD5:06E74CD36B10862B5E3B73E3108C96FE
              SHA1:E08F4E34438D9D97A052BEBCD8A3FF4FB145D8A8
              SHA-256:FF0283015DC68ADDC7C432B6B1509ACCD5DDB7AC09693667BF926CE4536046CA
              SHA-512:A379A3E07FB589B10189D18CEE0F1D37391B56B9BBBC04E38F477F59C8A49C23A9DEBD9FF46E439F9D2660B38F986B4A8CFFB04CDE78AB815E304BC322B3341C
              Malicious:false
              Preview:WHte0AdhdKCndy5f3VoMJfUMELPO4CLMzXtSlT3vxTtxzFmO2QwPuHP1whaouPna80xFFn4jb3YzvhW8jBVoP5bsI2fD3PAiqSy9ShJPWMy1sZFPLbFt39LDYF6MH0qM2zJdtXqB1FRCHk9txQ2bJQorGukMk6Igfm82QlfyuD1yrI6yGNZ07PClLcX8wea57vgelGdLvEqGZ0A7yvGXgRiQkXrxOgBQm605mbN9uNF3i5MUcZJAYDYpNQ4NZp7OCadc9EVXiGnTMpsoKXVyXA2jiLsVg9kFQ00IbuUXDwcRZFchiPCBTI1Ch43yW90ifiCVzjMaC8vkikJdsKxR6ivH9xkh0gAD53w1CHs8Cm9UXQe7uaFLMjl6w5VB9pkg8rpoyRblczOUjbutTnw

              C:\Users\Default\AppData\Local\Microsoft\Windows\History\QWQpSrRPpykBmPKCQiELiILCQi.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\Default\AppData\Local\Microsoft\Windows\History\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Users\Default\Saved Games\74b655f41a3036

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (716), with no line terminators
              Category:dropped
              Size (bytes):716
              Entropy (8bit):5.889619962738212
              Encrypted:false
              SSDEEP:12:Yu3ynkM3w3Dqb/GsDe/09rb1qi4hl8O7tq7GvFRjIvkQAyXOr2Z0P:YLz6ub/GoI6HYDvFRjIv+yXOSiP
              MD5:E9EFDCAA2B53876292A0E0599ADF08C2
              SHA1:E8BABD10438ABE0A28A56742076F419268F72631
              SHA-256:54AF4A2A848B5EDD6BF81DBDA73E517C0DD798D28518DF329594748FC17987CB
              SHA-512:D969A49711A3A67C00072CA3BCA9235865EB7533AC27FABFBE2FDDBB83EFEFDE4133BFDDCD8DC632A9FB4AA1DE42B81153B49E53FB16E193DAFC7E4B49B05BE8
              Malicious:false
              Preview:tZbC1htYJtw6jbZCwkkHh7hVwKAFwIkpbIzss9AXGRKLPq20yQ81JoKw1GQqhnlBJHfalqUxkMBPwWGFRJQgJsfw7D1msU0cpJCHLbPH6LR7m59e9LYXWF1altdizrEPVjjmU83z4Ij8biJCDWmh5dFkSlfc8rSOGBlDVXKARicNf29DjaecFhU1d9Tsdb1N0V1a6FrqLlQXB2EZlc2iMzIjrukVDchzrOXJBjGdsyRdQ60k44GAiSBAMRtMfWmtEapwf5YCVZzXipTu39aJVgQZNW7tz47WLhZ0RDF9fEoJcnbh89Sf5dYhJQjI8oMbbdLBQcc04bnQ2H6j4Zv0lcasJ1rBe7B01Mr9caQggcldzHpBTANi3W09Cd2YvbW6awZpa7HdJPUJ062BMprdtd6fWr69i1uFGoDCsAlW2tZoCqJFk0MGu2N604SsBI5RePDL30TMDUl9ESdqi0YspoUNbGMyr3VuyHKxm7MuhACZRO2ialJKtMm04zuwneeJ90K6HqDkooKol46MNoXFtLBlfU2xNaGCf2aaE6auijfEB7O92hi8HYZyyibxxQXNhIIsefIROmhKp7khF34p2I4Hdmmffn6RLSg3yfeWZQue1OI183r4WrVZNBP23mwkpQ8XaqsjYhQlXaQOduhl5C5e6HpxQmdweJykQvbRLHfzauCxvBZIFKpnUeaTB5TwDdGNlp8rTPay

              C:\Users\Default\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\Default\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Users\Default\smss.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\Default\smss.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:true
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Users\Public\Videos\7a0fd90576e088

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (442), with no line terminators
              Category:dropped
              Size (bytes):442
              Entropy (8bit):5.859766939443328
              Encrypted:false
              SSDEEP:12:/iwnnC4U+DzxaysVLI7ze2LqdJDpqqqYo:/i6txky4LT0
              MD5:56766A6324E7B2460AE03D517B13517E
              SHA1:2C66F306E075F9762505A7B22297E97680EDF92E
              SHA-256:4D9625D779D1277F4AF8975E8B672F6F25412E0BA29D54EA94670026EC5CB573
              SHA-512:820548B8FFBBAA8E8D323CFBC46A4117F50F1982E6A9769D068C22AFB2E555AEE5652690E96F8C4FEDDE980B083D91C6FBD18F2B900B174270D03AD30CA58703
              Malicious:false
              Preview:yRymrJQDCNJvfcvB4NV8FywTEr4EPoW27CnAGdy3gsxeiSNu4nxH5sVAefiAPLxY0Ryczu4bYcbXASvvdJKl1O6Oqmgl4ynU4ZnRdv4KsVtdQ89MtwgFBMgmVkwNOThkyHdlpeSsPA3gfc8smT2IRiTs2B538r5ZyIpJfYhPey0BTAG2lDk4bYSPxvtniYthEdsWxyNOwmocsRZ15DR5HB8ZzZVup3qFFS7zStFx0WHyu0hfW1sfGyaCeSgXddi35iXZUjjL7eEu4Ko91zYxKL8R24U9MrTXxN2MdILwShhmtpIUnhgnFvstjGgZOj9QKr7qRcgsolfnoWhNw9WoKqSCeImWmvhtiQbCrbDLBx9dPFFNiTnPNUFeZ5LJzJG3DwFX4ffV6KnXrywZDZxSISfOL7nwP3V1rGZdArSDxRSCqswkIwFaVxuvQ1

              C:\Users\Public\Videos\explorer.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\Public\Videos\explorer.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:true
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Users\user\74b655f41a3036

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (952), with no line terminators
              Category:dropped
              Size (bytes):952
              Entropy (8bit):5.919568035433141
              Encrypted:false
              SSDEEP:24:yBj/AJ/3eR9aSWk774Ud6LuPcGUOy2OHSZKx:yepc9ai7TEuPYOy9yc
              MD5:1478231B49AAFE64570839176E740A64
              SHA1:ED4F0E9D0C043D8735B848B33F453E7F3F3EE6C4
              SHA-256:3FCB9DC57D86830DF33FF1E891B7990D716F94A3E3E5CA9F665C1E6DEC6D8BAC
              SHA-512:F2119A767C196A6D31F90707B761DB9AA3551C4C11D0CB8984AC6AB493C9B1C5E54A79F2306CCF578464309F94F2C6FBF996B250789D04A77F610AC1C761B53D
              Malicious:false
              Preview:JuWyf9ZX0NJzTuXEgHznl0GpcsEgOdTAUaamUM2kVOr9mpZ0CD0jRiVSorWx53IW4Jf3TuuUOPSXJGCxSNdLnutvEI8n0FpcFUFdJfhSSfVBP8JioierZ7tJZtzLwHeIj0RyBjnwqK3HZrfF8a8Rk8CIl5EZqVgKBMcZqVgF5sAODmurOtMVINhkxJNFfNFVosGMPGZn33V28xE8LWL7JKCxp1lhIbksmpkVghcIUjcP1omAEO3IBILeqShXe1fcTnQTNtcn3Dmjrw6APlc3hbqddGoOAFncEA5NYTwVvPP7fmw3VhI2Zl427wzHFOnxZKer1sm5zGIRLs80Tu2d7vCdGDQldoQhmbhVHFCn4MCTdnqOy9xUVK0oHBlybBcK0kpuKntOsPiuttAcWCwe16Lbk3NGdNL3u2c275DLQjlGmG4YBIbZO7T3ZNKQZnufDpA0QHea8lOSUFze9zEVvvpwiiduvwvnyFC6GDH3nBbmtBiUXqRkiYtSANSrouoLzldPC2X5rLsuUCChAJWFfKEZWu62vZO2WPxIhTRfSW3Xq977LurfYjqpgE2S5fJR6zYFP39q11xIRrsWw8rAstexjHmdb9jxMla0l2sRuBngvhXyVff6xIjNVkgHRgO2RA5pR2v4QaPqF7BBuxH5dm9ECMfAWl9OwvPvmshdulqX32IXjeXeZTYpA1mEWviobB4TsQZBPoL25mLKEHa1OeycWjuuFdG8CC518yoTFVOuIgtXqc9OUrZ6Mb7Ifo6wiMz3qTLQdHv3QEU00WDnd1nVm9og1fxaZcM5qzrWQtvN5gqIHGSIkSSqjeQrppY7UUex1YJAprWuFaZGTfZuNozGKfWMj9rlUy3kC2Qs7Sc36ilJEKYJPoupfXnWB7bq9vZRgyEaPqx4L5Jl4NHZliVqDOFoP4r91w4LITmPF74i0zdjNBcy0BEa

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\QWQpSrRPpykBmPKCQiELiILCQi.exe.log

              Download File
              Process:C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe
              File Type:CSV text
              Category:dropped
              Size (bytes):1281
              Entropy (8bit):5.370111951859942
              Encrypted:false
              SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
              MD5:12C61586CD59AA6F2A21DF30501F71BD
              SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
              SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
              SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
              Malicious:false
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RmjVbD9QNK.exe.log

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:CSV text
              Category:dropped
              Size (bytes):1740
              Entropy (8bit):5.36827240602657
              Encrypted:false
              SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkhHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkhtpaqZ4x
              MD5:B28E0CCD25623D173B2EB29F3A99B9DD
              SHA1:070E4C4A7F903505259E41AFDF7873C31F90D591
              SHA-256:3A108902F93EF9E952D9E748207778718A2CBAEB0AB39C41BD37E9BB0B85BF3A
              SHA-512:17F5FBF18EE0058F928A4D7C53AA4B1191BA3110EDF8E853F145D720381FCEA650A3C997E3D56597150149771E14C529F1BDFDC4A2BBD3719336259C4DD8B342
              Malicious:true
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WmiPrvSE.exe.log

              Download File
              Process:C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe
              File Type:CSV text
              Category:dropped
              Size (bytes):1281
              Entropy (8bit):5.370111951859942
              Encrypted:false
              SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
              MD5:12C61586CD59AA6F2A21DF30501F71BD
              SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
              SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
              SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
              Malicious:false
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\smss.exe.log

              Download File
              Process:C:\Users\Default\smss.exe
              File Type:Unknown
              Category:dropped
              Size (bytes):1281
              Entropy (8bit):5.370111951859942
              Encrypted:false
              SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
              MD5:12C61586CD59AA6F2A21DF30501F71BD
              SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
              SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
              SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
              Malicious:false
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

              C:\Users\user\Downloads\74b655f41a3036

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (994), with no line terminators
              Category:dropped
              Size (bytes):994
              Entropy (8bit):5.902886491572926
              Encrypted:false
              SSDEEP:24:LJNUhQRLOGPw/zg3jjz67iYd9H2G9Ng2FmJ/AsYBqaw:LPSQRLOGPWzQ367iY95g2PsYNw
              MD5:D99A1CBCCF71EABC6F5399500C6FC868
              SHA1:5854C1B2C5A4D8E4E249150099DE34400696DA6A
              SHA-256:0F2D691034C69A0F5B43E595DC8640247682AA74ECAF66CA9BA0D583892F2558
              SHA-512:E84C96E329E753F3E3D421A09EC436256890B622C66C8C2DE6551CF6F9BDEF4C7F54FE03227F2AFBA71FCF868A850E74E1608B697F118E2B16FEA0D5856A4F3F
              Malicious:false
              Preview:yDZB8dkl1Tnow0OugaNc2JzrdvZGThpwjjCvEhPi1N8sbwm28hL971GoOrhMDeRUn0ENxdq9LpkpKGQrJhHvVqzrcXgX9CfX5oElrYEf1MxSRbeIa0DfWf97AWva6T9JJNtgCp9ucl4I3haA3Y6J89AZpHkUmoiiMnIDr7Gv0SDvl0Ed6ugiW0KKMT15EpIxCV5PYWS5RKSq6PyyCGY2H9LWd81YGKqLKPsQ4zEjblQMieN7fC28QQpCKjwaf4zHdGgqhi4NByagt9y8u42ESs44jpFVCoDhvJsb7hZ7Io6bzJTLvxplCvyuMmH1cjKXv2ujQXBNe45nwcEaV4kP8ceAV7OVZifjejq7Yu4XwcHHzL8thqgh94YSYuOSIpx6ZWJNwHCl9MdgVXLK9fytB7kjKYjofmPGoKrcBu7ao4iwb16AiETm1E4cwjCXiYFX6W2KpsIOiXEHZxISbiFbTmPjQPqcsj2QzL0E9wV05EEd9xC9bt69SnDTHS3ZBqg9fyRO6EToNOgOivkdMrB8m27LHg6r25yPiE8LfyCXaRwDHzvVraNUoiXm1GGZHlwRaQqdwY8XonhUF3ERvk9csdk9rWUYsmQyffn0JRjSbzpBACh7BzogmTj6pqvaEjpCXszkQNIeBqA2yj8pzWW38tML5qKcfIO1JnnSN6ryqKe5SqIGrGlsMwEofnojCp82cJtL6qb2oiMyPR2PiEvZhfoXj9wjSIvAMldJ76JBosEojPYOvZA74iV7eWm732kgwLmnysSl5tvybAxTkhy3HxFnQfplULHwIi1XnvaCGZCKxggeiSXVDrY8G8XSDrRtm8q3IZpyHwwsv50t9LCByvtaJ2RpXI8ZHTiy0mVJniOQ4pNKIoS2pP40PPtQHAa8yXkcWB2Wz2YQhcfepGgt0Fu2Yrik3ECmHPchEvyGv5Cw1oTxtPlAerIsnsEpcSdu0vIRA8Z4SZ84D7AtXv1odBIaHt4WqJodcR

              C:\Users\user\Downloads\QWQpSrRPpykBmPKCQiELiILCQi.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\Downloads\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Users\user\QWQpSrRPpykBmPKCQiELiILCQi.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Windows\AppReadiness\74b655f41a3036

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (321), with no line terminators
              Category:dropped
              Size (bytes):321
              Entropy (8bit):5.802195806150521
              Encrypted:false
              SSDEEP:6:JhijcYw8i14Hlw+7delsqvQHSwBFu8SHXMyx36hwCYNl:WjcYa1++lsqvSS6Fu8Wd3aw3
              MD5:8994DCA5844B50DCF259087E00490D72
              SHA1:CA7942EA66CCAB2385E188832F6E9B5F9F82831D
              SHA-256:42F4CB6B876E74FB0099E67774DE65517F57E06D0E8C0575DBBD8E13F1708E5A
              SHA-512:E286B55185FDC8827CA0D15DC185A5B84564227751FD6D235780D048A69629AA67B945DD7EC0EFCE4C181CD07A6B966FC7DFD117886C2814FFFD61EAD68ABE1C
              Malicious:false
              Preview:CmKzq4CgVvvk1JEjww53mBBbNnD9YwqI2QZfstSg8CKcm5Lw65IrHerBktlC1DIiFmrlui0DdY5k0jyScQCco8BYjY49IQo43lX9NkCYFFNsiGKB4TjlBp4GlTCWn05NuAqOMzE2NnXivTzcN2EyqD3OrQY4iquOK98ia5zFPrXXSVVRdjIuwGhqGcg5aJUg3IYvVRBRD8j8qg5W5Gb8i9cDcRb7Y4pFX0eJ7j6Lh0rxhiAkgKAUrW83qUTDzD3ITdlzBwZWJPasSpg4R0bO4UXB2kcmP3Ve7idD6LjtvoKc5QlBxZw9moO8Fk6aUwGQ3

              C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Windows\Cursors\74b655f41a3036

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (811), with no line terminators
              Category:dropped
              Size (bytes):811
              Entropy (8bit):5.887904646194051
              Encrypted:false
              SSDEEP:12:n6pYGaPR7XU74yuSavWXjw5ORkvqYyXm47jaBTSGnzLz0/k5n0vYYrQQ9rxA:n6phUa0ySOjXW47+BrPLnEHvA
              MD5:17F120F2990072E39DD3AEDDEEDFE0D3
              SHA1:F8A4D958635CB7039B2756E697D86E14DDEB032C
              SHA-256:14C0B3940B689D0FD0137404D71FC7A302155BFE1DD23FC0E2E781BA363CCB1D
              SHA-512:122063C3FC51B0F12F6CFC2D884F525B77C4F5BADB13A0698E91365BB24290E7F73E6DCC2EB80A0617F631E3FF24D61F16EB6B360AC7153982020BAE28978EBD
              Malicious:false
              Preview:brgZ04WIMaosrDNrRxDyzC7VyVK7ouYA2TrKB2lLdhuqu4w20nkBG48YtLketZebCn0YWDqZM2URRQk4iSGAKX47USa0RGbEDToGDXfw7LzNkqHdkq5bSeQot3EDnzHFbQO8me0LwTC8irXnL7QlK9vjC9WKTcJIEtvTcI0Fzuo9bSGCga2qjf5bfp5mHp1UK44y5DLCGKwZVwHu3Un3jciiyTywNN8J2TyhXRGdOzjZtfGsiLtwB8urVVAmOZz2LmhB7jWlOKot2JzSNGOBeLH4jHLCReOzArNG8Fu8zIi0UAyMfsZILxYAenc0XTTt6ztL6sTHVPMVnQjiS9gjFFnMSNmVm4kfyy4fRnPwYRx5lCWND4iXxuo1Lg2tG8faprhzWEQputKyRslQ0YSsWMrDJCUvugqawWQ3eh08n2nDk0jd4m2rqwEc9dpTuf5NDuC4brvShTFdiodTd10In8t9Sy4B2hOH7aAzyoBN0kJXqk3VAV03pwkEACmnxuZAE7gIonfyzmRCzWSr4jAgrVbK05zvCYZFKJSsEuqX0BDCfhPot4sOu3TtgVSsytwbMM2pDknJ2nppRZpTqLCIpLVRzjMsc8iHPmzSojkJQiWGNnbHq9CnqnvB0kzeX5r4EiZpjWoGl21GzOEMIFCc55al0ycEuFwV1bCpOwhTV6ByvoMlgnWR3O8IHxyu3kWfGgPXMY7WhsH93m0Lm0hGtebnc4ia7xZvjgrOZyZHpAuLG9Oe7mIDCPvmFm4S0hYuSWZX5lwxbZbtuQgdpDcVoWsUuEJx3HRHl92tj1iW0Vl

              C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Windows\Media\74b655f41a3036

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (624), with no line terminators
              Category:dropped
              Size (bytes):624
              Entropy (8bit):5.869090964932639
              Encrypted:false
              SSDEEP:12:COx2kT9RnkEA7TZwNkMgYkopIq/enrDx0vimnGcJYQoI5V4qGlL8:COxTTDkEqwTgYkopbl1n7yVo4Y
              MD5:7A3C54FFE9FBE1875C7D9F8D15B78BA4
              SHA1:9F12244E3A7F24B25F37186224DDC54C3D73C73E
              SHA-256:97035D35C6D5F9FE4CC50EDE7D898A04C3916F35A5596E3B0D5F4B7EFEBDC2B4
              SHA-512:814C08659DDF509113FAE16F756A79DF44FA809DE8DAECA2F2730E0E079C003EB99FAC92CFB7FB69B9D81628CAC3817D81C722D1DFE1E2344711C1B9F95E08BC
              Malicious:false
              Preview:wFDG5oFm0b84TITHuYw3yeFeTuGfsMVsceeCi36FeOr42aRdf4IaThyR9iwKij3oGQczoRj0bqYjwLm2dmAyE4Y4qMC9Hwh5VDyl8czOVR9mJOfy64r5iFkL1hIcOjtoIdOtXA3Awwdw5wvcrODNElWPdmuaUX9vhUdpAvb5ArJwmxQFwquAfgkhH8QuQcpZwrPlSFb5wHMXcknpWpoom9PBt6iCfqphBt95ipwrOzNYTNEgUkYlyBwxbN1WhYaGcpVsksHq36Zxw1rg1Bs5SDsA7MdUyZJzZH5o2W5lcrs1l9BjgUefqexZ6UvYOx2dxjXo6DofFGclV0Y7K4yd5oJ4TfrhkhXoyOEBmWmcq8ZkBMEG6yNU9ZiJadVaWH5isywGwXVyRVx6Oi2HbklwTDpZq5lIBMFiD12Na7UjdZCnlm42kN8vgJPpIWZ0vMxFQO2XqordQBS4AByEBshxNUC4mMEDidxQl7XXthL6geee0UoHiVzCo925M8udkn5wOBSDoaVdhlRsziDRh7fMoummEbLuwsW3jrPzClcHAVfDsJGn5d6mHsIeZq8MPkqyPYJHSOP5eXMSOi45VhyTvtv0jvZWnQ1ZpqyUA8VrNAHugzP0

              C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\9e8d7a4ca61bd9

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with very long lines (463), with no line terminators
              Category:dropped
              Size (bytes):463
              Entropy (8bit):5.840807561953425
              Encrypted:false
              SSDEEP:12:fXSOYmQy0BM/xNNJ0MgG+ZrrajmpyWFFPpyCBUuQcRQ2:ZYmQnBMpLJngG2aj4FbhUuQZ2
              MD5:BA27181B7593A53C8F143A4BC8D2AB8B
              SHA1:A1B178D58F0F110495ABC0E934E58B3CD178EFBA
              SHA-256:03BDA75F622C00780350A9CCB99E504E488DCC1FF205A60821A5650F4B9DB7E5
              SHA-512:B2035211DFE8C8AC64684AD09DD86E0B392A6FE57A74071B6BEF562735069B8723FA859CAD94CADB642EFE1E7882596CB188FCA43288CF0E94230A121C8113B9
              Malicious:false
              Preview:28IzvQRw3rhROfXgh5E2lk4O8oT13rHsTZFzAyR2wt9eAxZ5WQC5LV0SE41G7Z2Mky7yZhgsnMG1laNLOYfnoLh7iwvG7K5X0w3LzlfyuTR9P9qoqp2i3PhYRAQmvZvcQsAygCVn3r2V3hrjGHZRSWdlOf3zU2CUiysg81HoUOpMXMeuSqgoAdK4PZjAIgSAoiwFyKlO9u7ErQOCBJhnVYTEoyRiRGgx5oiyZZ5HFSoQfGN8Lh989ppPOsaA3C62NJICsZnlOZhDtDjilTWuHhyQ9Skr84ODWwCV7KPw3YujHlgLI2YkpLvqV2Cay6mTKer7BNlaDk0twPJXwZiGfoXKAWAEHz77vbYm4iJ5Q7gFUC3FtpnZXgxgHg7pMgTNm27V0gdNPn0hHSz8c4UcLikPo2eXlestoTccEhPMLaJupPYzr9MRL1BDSsr7CFmu4G3yzX34pIQvZzj

              C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\RuntimeBroker.exe

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):849408
              Entropy (8bit):6.083651998637944
              Encrypted:false
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              MD5:207FD3471DC4F4FE474CF9F288E3B1C1
              SHA1:40A907EC64D541305B5F8462F19A4C710528DCC1
              SHA-256:1B621EB6EE7BCDA09947DE50EAF562020F5EDB858D82F8D852DC67265F7E74C1
              SHA-512:373E94CCDDB88180FB3559F5A09A17F8BBDAFFC6E4A3AFDDA34CD3B48DDE43EFB0E5B7268F437CFFC00E1650CC7BC24A85EDF0E7505ACC67167F834D058059B6
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 84%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......N.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\RuntimeBroker.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\RmjVbD9QNK.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:false
              Preview:[ZoneTransfer]....ZoneId=0

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):6.083651998637944
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
              • Win32 Executable (generic) a (10002005/4) 49.75%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Windows Screen Saver (13104/52) 0.07%
              • Win16/32 Executable Delphi generic (2074/23) 0.01%
              File name:RmjVbD9QNK.exe
              File size:849'408 bytes
              MD5:207fd3471dc4f4fe474cf9f288e3b1c1
              SHA1:40a907ec64d541305b5f8462f19a4c710528dcc1
              SHA256:1b621eb6ee7bcda09947de50eaf562020f5edb858d82f8d852dc67265f7e74c1
              SHA512:373e94ccddb88180fb3559f5a09a17f8bbdaffc6e4a3afdda34cd3b48dde43efb0e5b7268f437cffc00e1650cc7bc24a85edf0e7505acc67167f834d058059b6
              SSDEEP:12288:phGvLmYJoTbOPeb2W2oM0aKpmINkiA+ZeewPeWNBMJshWso:ySCsOPeRpmI6ihBWNBMiG
              TLSH:8D05F802BE44CE11F0191233C2EF495887B4AD5166E6E31B7DBA37AE55123AB7C0D9CB
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....rb.....................6......N.... ........@.. .......................`............@................................

              File Icon

              Icon Hash:00928e8e8686b000

              Static PE Info

              General

              Entrypoint:0x4cda4e
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0x6272A3D7 [Wed May 4 16:03:35 2022 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xcda000x4b.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd20000x218.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xd40000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000xcba540xcbc00248b11cdb504d94d69340f74d705c628False0.505998370398773data6.123572244305946IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .sdata0xce0000x2fdf0x3000507d95b55b4c64d27f3870a74f37ec23False0.3102213541666667data3.2421793989846064IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .rsrc0xd20000x2180x400a0eb98cfbb72fea7cf0984384d7b3371False0.263671875data1.8371269699553323IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0xd40000xc0x20089061b5957582fa61fdc8bdaf6626b57False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_VERSION0xd20580x1c0ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970EnglishUnited States0.5223214285714286

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Possible Origin

              Language of compilation systemCountry where language is spokenMap
              EnglishUnited States

              Network Behavior

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Oct 2, 2024 17:49:50.910778999 CEST53648041.1.1.1192.168.2.5

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:11:49:35
              Start date:02/10/2024
              Path:C:\Users\user\Desktop\RmjVbD9QNK.exe
              Wow64 process (32bit):false
              Commandline:"C:\Users\user\Desktop\RmjVbD9QNK.exe"
              Imagebase:0x4b0000
              File size:849'408 bytes
              MD5 hash:207FD3471DC4F4FE474CF9F288E3B1C1
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2240275956.0000000002E64000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2240275956.0000000002901000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              Reputation:low
              Has exited:true

              General

              Target ID:2
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 11 /tr "'C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:3
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:4
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 13 /tr "'C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:5
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 12 /tr "'C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:6
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:7
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe
              Imagebase:0xb40000
              File size:849'408 bytes
              MD5 hash:207FD3471DC4F4FE474CF9F288E3B1C1
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000007.00000002.2290146036.0000000002D1A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000007.00000002.2290146036.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              Antivirus matches:
              • Detection: 84%, ReversingLabs
              Reputation:low
              Has exited:true

              General

              Target ID:8
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 5 /tr "'C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:9
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe
              Imagebase:0xb50000
              File size:849'408 bytes
              MD5 hash:207FD3471DC4F4FE474CF9F288E3B1C1
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000009.00000002.2291808749.0000000002FAA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000009.00000002.2291808749.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              Antivirus matches:
              • Detection: 84%, ReversingLabs
              Reputation:low
              Has exited:true

              General

              Target ID:10
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 6 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:11
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:12
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 9 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:13
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 13 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:14
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:15
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 11 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:16
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\windows defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:17
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Program Files (x86)\windows defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:18
              Start time:11:49:36
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\windows defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:19
              Start time:11:49:37
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "smsss" /sc MINUTE /mo 5 /tr "'C:\Users\Default\smss.exe'" /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:20
              Start time:11:49:37
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\Users\Default\smss.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:21
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "smsss" /sc MINUTE /mo 14 /tr "'C:\Users\Default\smss.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:22
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 14 /tr "'C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:23
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:24
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 12 /tr "'C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:25
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 9 /tr "'C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe'" /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:26
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:27
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 7 /tr "'C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:28
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 10 /tr "'C:\Users\Default User\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:29
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Users\Default User\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:30
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:31
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Users\Default\smss.exe
              Wow64 process (32bit):false
              Commandline:C:\Users\Default\smss.exe
              Imagebase:0x640000
              File size:849'408 bytes
              MD5 hash:207FD3471DC4F4FE474CF9F288E3B1C1
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001F.00000002.2316758525.0000000002B12000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001F.00000002.2316758525.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              Antivirus matches:
              • Detection: 100%, Avira
              • Detection: 100%, Joe Sandbox ML
              • Detection: 84%, ReversingLabs
              Has exited:true

              General

              Target ID:32
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 7 /tr "'C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe'" /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:33
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:34
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Users\Default\smss.exe
              Wow64 process (32bit):false
              Commandline:C:\Users\Default\smss.exe
              Imagebase:0x10000
              File size:849'408 bytes
              MD5 hash:207FD3471DC4F4FE474CF9F288E3B1C1
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.2311559613.00000000024F2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.2311559613.00000000024A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              Has exited:true

              General

              Target ID:35
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe"
              Imagebase:0x570000
              File size:849'408 bytes
              MD5 hash:207FD3471DC4F4FE474CF9F288E3B1C1
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000023.00000002.2313038112.0000000002971000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              Antivirus matches:
              • Detection: 100%, Avira
              • Detection: 100%, Joe Sandbox ML
              • Detection: 84%, ReversingLabs
              Has exited:true

              General

              Target ID:36
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 14 /tr "'C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:37
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe"
              Imagebase:0x8a0000
              File size:849'408 bytes
              MD5 hash:207FD3471DC4F4FE474CF9F288E3B1C1
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000025.00000002.2312710960.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000025.00000002.2312710960.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              Has exited:true

              General

              Target ID:38
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\msecache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              General

              Target ID:39
              Start time:11:49:38
              Start date:02/10/2024
              Path:C:\Windows\System32\schtasks.exe
              Wow64 process (32bit):false
              Commandline:schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Program Files (x86)\msecache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST /f
              Imagebase:0x7ff7183f0000
              File size:235'008 bytes
              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Has exited:true

              Disassembly

              Reset < >

                Executed Functions

                Function 00007FF848CB1DC2 Relevance: .2, Instructions: 217COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a74ae06678716ac4e50c99bd403bffb5253eaf9e36ba743a3932c661a513bf8
                • Instruction ID: 7d6cd8401ffda8c05f6b16ba42d2bebd0e498d04906193d1b9e42823ab907382
                • Opcode Fuzzy Hash: 2a74ae06678716ac4e50c99bd403bffb5253eaf9e36ba743a3932c661a513bf8
                • Instruction Fuzzy Hash: E8617E31A1CE498FDB89EE1CA8555B977E2FFE8744F14416ED44AC3286CE34E902C789
                Function 00007FF848CC5440 Relevance: .2, Instructions: 173COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a46b1672730642a41d968cb088bb3d80ba5a66e706c632516ea0c6fc8575e29
                • Instruction ID: 632c4e777d717bc0a280b8dc157efc980c8dd316410009e852486bd43cb2f91a
                • Opcode Fuzzy Hash: 2a46b1672730642a41d968cb088bb3d80ba5a66e706c632516ea0c6fc8575e29
                • Instruction Fuzzy Hash: E651E570D1891D8FEB94EBA8D859AADB7F1FF58341F5000AAD00DE7296DB3468818B44
                Function 00007FF848CB31F5 Relevance: .2, Instructions: 168COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fa3e1aa2c030d95633d1a35cb49a9a9e88d0652b2784aa8569fbd0a7723bc3da
                • Instruction ID: 1a81d83663c094d692f1161544f85bf0014dcc38929d9995bf3b32bef54c3657
                • Opcode Fuzzy Hash: fa3e1aa2c030d95633d1a35cb49a9a9e88d0652b2784aa8569fbd0a7723bc3da
                • Instruction Fuzzy Hash: 8C513A70D0CA0D8FEB94EBA8D4846EDBBF1EF68341F504079D009E7292DB386A45CB54
                Function 00007FF848CB2135 Relevance: .1, Instructions: 141COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c50aa962c9830a6762d9c22ca84ec60ceca386d63cd603de86a7829ca838768e
                • Instruction ID: f7834c76f3c9f14090e7c7d931c56b5b3edce68f6008214895f29b4613c8247b
                • Opcode Fuzzy Hash: c50aa962c9830a6762d9c22ca84ec60ceca386d63cd603de86a7829ca838768e
                • Instruction Fuzzy Hash: 3A41483190DA4A4FE789EB78A8451B97BE0EF96390F0445BBD00DC7193DF28AD41C74A
                Function 00007FF848CB363B Relevance: .1, Instructions: 136COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e450d0a3c948fcda60b139e22fa0310d00eaef977e23f4cdd20e9e5eb33606d9
                • Instruction ID: f77b631ea3979334d625403cefdcf48b55a69a835b4fb3e30a0f16ad88f3d33c
                • Opcode Fuzzy Hash: e450d0a3c948fcda60b139e22fa0310d00eaef977e23f4cdd20e9e5eb33606d9
                • Instruction Fuzzy Hash: B3417D31E1C94E9FEB84EB2CE8696BDBBE0FF69340F440179D009D7296CF2469418B55
                Function 00007FF848CBA8D5 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 32c38894434c1987efe39a6a6597994d72ba595fd7ca9c86bb23c1d3a13b25cb
                • Instruction ID: 57d070140447bf96263742f6e1055650127937666a962c4319985e7a8a0b48b8
                • Opcode Fuzzy Hash: 32c38894434c1987efe39a6a6597994d72ba595fd7ca9c86bb23c1d3a13b25cb
                • Instruction Fuzzy Hash: 4021BD30D1DA099FEB89EB68E4252FDBBB1FF69310F1101BAD009D3282CF282944CB55
                Function 00007FF848CBA6C1 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 80e9bf880e1ac4da17b4d90de42ab306df9034ce12e2411bb6d6fe24e74a4cdf
                • Instruction ID: a22f9846c2f7988465b4799a3035dae44483316587252a07dbb4e4b465331f08
                • Opcode Fuzzy Hash: 80e9bf880e1ac4da17b4d90de42ab306df9034ce12e2411bb6d6fe24e74a4cdf
                • Instruction Fuzzy Hash: 61214D70919A4D8FDF88EF18C4896E93BF0FF29305F11056AE849D7251DB34A591CB80
                Function 00007FF848CB33FC Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9391cd5464a53c5846ff9aaad993cc959cd9eaf80dc47c66f5ad00af320fa09
                • Instruction ID: 719e8f4e3d22f46ff0767bed82522843939694afec86bce7e812d8b4d3e186db
                • Opcode Fuzzy Hash: f9391cd5464a53c5846ff9aaad993cc959cd9eaf80dc47c66f5ad00af320fa09
                • Instruction Fuzzy Hash: 3F217F3084DA8A8FE783EB7888586A97FF0FF16360F0505FAD459CB062DB389645CB51
                Function 00007FF848CB084D Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 874b81bcfd4a6ea486ca5aaf0ccca4ea0eef20315a1d4212b6059391307b8ce9
                • Instruction ID: bc521199bbf65db19fa80f2e6d073a551554ef16e6aec45101471bfda7dee02e
                • Opcode Fuzzy Hash: 874b81bcfd4a6ea486ca5aaf0ccca4ea0eef20315a1d4212b6059391307b8ce9
                • Instruction Fuzzy Hash: 53110131D1CE8A9FF795FB78A85A1E87BE0FF25344F0544B6C049C6092EE25E645C684
                Function 00007FF848CB3814 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d2c25e473a56d553d133a5388c95ced53748638c7dc2d6a3c54868e037657728
                • Instruction ID: f0640af213238dbcccb38a795759a2309452be89fca709d1408e4a9bcaec4e5e
                • Opcode Fuzzy Hash: d2c25e473a56d553d133a5388c95ced53748638c7dc2d6a3c54868e037657728
                • Instruction Fuzzy Hash: 4921CFB190E60E8FE358DF68D8293AA7BE1FB95354F5000BEC009D72D6CBBA14498B54
                Function 00007FF848CB0A01 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 737f30f5312fd6d95d7d3643fa7e6442960e66e464c355410ffe523da9a4f2aa
                • Instruction ID: 478e84e18be9ff7d8ac5e4b13578ca0371d2d7e72c9465da85c2eae6776ec75f
                • Opcode Fuzzy Hash: 737f30f5312fd6d95d7d3643fa7e6442960e66e464c355410ffe523da9a4f2aa
                • Instruction Fuzzy Hash: EA116D71D1C90E9FE780FB6898491BD77E4FF68380F4049B6D408C7092EF34AA448744
                Function 00007FF848CB0F2E Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c8dbfeefa9d1cf568ad93ee0f0d52003d117afa9a01cf3cc298c4ea7da623421
                • Instruction ID: 2707b37b28beb30593812205a00fe5c649498d85d0c573a109de8abaa623949b
                • Opcode Fuzzy Hash: c8dbfeefa9d1cf568ad93ee0f0d52003d117afa9a01cf3cc298c4ea7da623421
                • Instruction Fuzzy Hash: 37215C30E0D9198EEB94FB58D844BEDB7B5FB64340F104279D009A7286DF38AA85CB58
                Function 00007FF848CB3595 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cdbc141a2a6f22fbb04b48d325f2ec290f051c7d775723d944eaf703f4823281
                • Instruction ID: 4f8091e56ff2124ca31cc7698ec674f2ce9ae60426485150927a2c5c503f2182
                • Opcode Fuzzy Hash: cdbc141a2a6f22fbb04b48d325f2ec290f051c7d775723d944eaf703f4823281
                • Instruction Fuzzy Hash: 5911817090DA898FEB86EB3888692BD7FF0FF25301F4404BAD409C7192DB34A544C745
                Function 00007FF848CB123D Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 68d89584b79c843bc5e454b4cbcad01018f279edc673cb52f91e719887a3ecd0
                • Instruction ID: be5ca413bd5f1776e0408db75bdce10fae54a46c73ca8c1b32ec631c90acccbf
                • Opcode Fuzzy Hash: 68d89584b79c843bc5e454b4cbcad01018f279edc673cb52f91e719887a3ecd0
                • Instruction Fuzzy Hash: 7C11B270D0D94A8EEBD9EBA894596B97BE0FF66340F0405BFD409C70D5EF246644C705
                Function 00007FF848CBAFDD Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2c990315de4e1cae504abc528323996624c5673c12c2d4ae4761d49b68208e98
                • Instruction ID: 95e69791c6a1d5e09ecc409c0ccc714f2318d7e44152144e0dcc91c49eabcc84
                • Opcode Fuzzy Hash: 2c990315de4e1cae504abc528323996624c5673c12c2d4ae4761d49b68208e98
                • Instruction Fuzzy Hash: 12116D30958A4E9FEB89EFA8D4592BD77E0FF29304F10047AD41DC2191DB356290CB45
                Function 00007FF848CBADF5 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b5dd40ebf977c1c81e4faefcaa341b0d3aeda2cb3bf58714a2472d8d70b73bc9
                • Instruction ID: 3d3775e3cbe184d4af54d7d3f9a12239322cfb00b969978d6fef0b239c81ae11
                • Opcode Fuzzy Hash: b5dd40ebf977c1c81e4faefcaa341b0d3aeda2cb3bf58714a2472d8d70b73bc9
                • Instruction Fuzzy Hash: 62118E30D0891ECEEB84EF68C4481BE77F1FFA8311F108676E40DC6194DB34A5918B80
                Function 00007FF848CB05D8 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a1c255cb61d2c0a19209caafb7a6fb3fc541cbba3f308a6c816048caec99b47b
                • Instruction ID: 96535bf125df36b7d9c48ea025de12c3dfa7c8e14413e8ab84f02966fcfb90be
                • Opcode Fuzzy Hash: a1c255cb61d2c0a19209caafb7a6fb3fc541cbba3f308a6c816048caec99b47b
                • Instruction Fuzzy Hash: F6018C3090890E8EEB88EF24D0496BA77A1FF68344F20047AD80EC2188CB31AA50CB48
                Function 00007FF848CB28CD Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 15b9f0cf284c7bb60dd7fb2bfb029df67e8afa8209a111508c24aa27a719f4d9
                • Instruction ID: e0bf71ae8e5688f25357ec2a0ab21de3d9257a77de90ff1f8afed5cad4445065
                • Opcode Fuzzy Hash: 15b9f0cf284c7bb60dd7fb2bfb029df67e8afa8209a111508c24aa27a719f4d9
                • Instruction Fuzzy Hash: 77018F71D5CA4D8FE791FB6498496B97BE0FF29340F0515B6D40CC60A2EB34E684C745
                Function 00007FF848CBAC09 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 948e0ef810ad1bf5fb1c6c8f53d9a20e7d27bc306d69a03cc37414546f73ac7a
                • Instruction ID: f27442fe5c1192d8b38fe6dfdb87c239a4e8c64ba0e7e79289269096b4941491
                • Opcode Fuzzy Hash: 948e0ef810ad1bf5fb1c6c8f53d9a20e7d27bc306d69a03cc37414546f73ac7a
                • Instruction Fuzzy Hash: 43018F3095EA4D9FE791FB34988A1A97BE0FF2A340F0545B2D448C70A2EB29A9848755
                Function 00007FF848CB2F69 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9599949b9e939e2862e23ad77af6e383a2a4235c63afe16b710fff7d565346ae
                • Instruction ID: 94bbb958b4d64a563eb518f91a635aacf1f8f7169c0c048a7a4c7919e8171f31
                • Opcode Fuzzy Hash: 9599949b9e939e2862e23ad77af6e383a2a4235c63afe16b710fff7d565346ae
                • Instruction Fuzzy Hash: 4C018F3094DA999FE792FB74885D1A97BF0EF6A340F0508F7D408CB0AAEB28E544C751
                Function 00007FF848CB0610 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d515671f3ab2507e663eb3f4e158f713ad8b9ac06176652763a26fc38b55ab73
                • Instruction ID: a76666fd2f27f467a48e713c4221ef3ba3d4f8c67de98ed8deac34d76fe3fc02
                • Opcode Fuzzy Hash: d515671f3ab2507e663eb3f4e158f713ad8b9ac06176652763a26fc38b55ab73
                • Instruction Fuzzy Hash: 7401A931818A0E9EEB88EB6480492B972A0FF28308F10087EE40EC65D0DF36E280CA00
                Function 00007FF848CB0608 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eafaf73c09ee6d229f1ffc7f8a5cfd03cb050f0f45547566ba96c204913337b3
                • Instruction ID: 8420c75860583ff7b9f20f2d506956b6fca8988c28524a45f0d612a7cf7bdb7e
                • Opcode Fuzzy Hash: eafaf73c09ee6d229f1ffc7f8a5cfd03cb050f0f45547566ba96c204913337b3
                • Instruction Fuzzy Hash: B4016931818A0E9EEB99FB2494592BA73A0FF28345F10087EE40EC6595DF36A650CA44
                Function 00007FF848CB1C9D Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ad09a56d6b221a0d0bc5189465d251fa1b27c87ecec3f0bc521829530209ef16
                • Instruction ID: 399aeceffa2e0bc65140edb1caba4dd3172d01851e9536e225e0369aa3a2cecf
                • Opcode Fuzzy Hash: ad09a56d6b221a0d0bc5189465d251fa1b27c87ecec3f0bc521829530209ef16
                • Instruction Fuzzy Hash: C701817080DA8E8FEB99EF2498556BA3BA0FF65340F50017AD809C6185DB359A54C788
                Function 00007FF848CB1250 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 284f0539293943c5f6ce57a15b604740c5afb2492f267d3798f4bd6e87035e95
                • Instruction ID: f911044951433d0661430454d4d9363229a79223a91580740def93632fb559d9
                • Opcode Fuzzy Hash: 284f0539293943c5f6ce57a15b604740c5afb2492f267d3798f4bd6e87035e95
                • Instruction Fuzzy Hash: 5CF0DC30D0D95B8EEFD8EAA8A8182BA73E4FB26290F00053BE40DC20C4EF2416008246
                Function 00007FF848CB05D0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce236c38b825efc7aea20a4afbe78f1f9989edcee538cbaf2cf8c7d4880815c1
                • Instruction ID: 5a09764acb9a01442013b10870765633cb3dc49a2d9548f7cde654d7c737ac88
                • Opcode Fuzzy Hash: ce236c38b825efc7aea20a4afbe78f1f9989edcee538cbaf2cf8c7d4880815c1
                • Instruction Fuzzy Hash: 65F06D3091DA5E8FEB84EF68A4556FA77A4FF25344F50057AE80DC2185CB35AA60CB88
                Function 00007FF848CB27E9 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d5fa71a7d584c8e64d80bca7c4ff38fa13f22f60f80f5ac9d14195fd2c2f7c44
                • Instruction ID: 432918f78acf490a95fb1a74b5a5da3127b1139a5311a86bf67e44c70dbded0d
                • Opcode Fuzzy Hash: d5fa71a7d584c8e64d80bca7c4ff38fa13f22f60f80f5ac9d14195fd2c2f7c44
                • Instruction Fuzzy Hash: ACF0623180EB8D8FEB9AEF2498551B93B60FF56201F4504BAD409CA1D3DB299558C745
                Function 00007FF848CBB35A Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fe27ab66c4764be8c0d7d3b105dc3b2d32a820a82d2fbd42eae3b28b2d9465fc
                • Instruction ID: bdcfde0ca19be12c8fe0df7d39185f7c588511d88c660b87145a30e1fa417408
                • Opcode Fuzzy Hash: fe27ab66c4764be8c0d7d3b105dc3b2d32a820a82d2fbd42eae3b28b2d9465fc
                • Instruction Fuzzy Hash: 29F01970D1D9598FEB91EB288845BA9B7B0FF68340F1041E6940DD3146CB34AA81CB44
                Function 00007FF848CB285D Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f2b9a1da3c3cb232037ad8e4b00acb8c69dd4632936cf4b93a2d9d88622e5c07
                • Instruction ID: 519de8938356d7fc5e826f3d13db025a1f6ca8c4b96cb704892b30b4b5dc222e
                • Opcode Fuzzy Hash: f2b9a1da3c3cb232037ad8e4b00acb8c69dd4632936cf4b93a2d9d88622e5c07
                • Instruction Fuzzy Hash: B7F0903280DA8DCFEB99AF6498592B93BA0FF25205F40157AD409C55D1DB3AD554C640

                Non-executed Functions

                Function 00007FF848CB7363 Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID: Z
                • API String ID: 0-1505515367
                • Opcode ID: d32a10ea4febc29f21f7276d63ae6347b24b05ee636e3799b4bb7d47e0bb759f
                • Instruction ID: 0b56456a5a2845af948b22d91a37daad83ca4275a7bc34169b9ab283d66d2040
                • Opcode Fuzzy Hash: d32a10ea4febc29f21f7276d63ae6347b24b05ee636e3799b4bb7d47e0bb759f
                • Instruction Fuzzy Hash: B161C475E046198FDB60CFA8C981BDDBBF0EF48310F1442AAC508E7245D634AA85CF90
                Function 00007FF848CB9DE0 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2248282232.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7ff848cb0000_RmjVbD9QNK.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b2af452390c5a325c74415af5cff79add98dc0e27ccbd685fc4766ca81641e4d
                • Instruction ID: f9c81bcd69328c73be37324a6700beaa0fea19366275c1e997d476bae6cf6c4d
                • Opcode Fuzzy Hash: b2af452390c5a325c74415af5cff79add98dc0e27ccbd685fc4766ca81641e4d
                • Instruction Fuzzy Hash: DF31E4A654E7C14FD3038BB08C696813FB0AF17254B0B46DBC4C1CF0A7E2685A9AD726

                Executed Functions

                Function 00007FF848CC1DC2 Relevance: .2, Instructions: 217COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7a0273d0fb3211f736ba8576dcbc67ae5082ccfed70ebf5f73e325e20aeb5554
                • Instruction ID: 294f21cdf316c7bc44f72b17bb9f46a973cd4d2513cfac3f08b4896eebe91dfa
                • Opcode Fuzzy Hash: 7a0273d0fb3211f736ba8576dcbc67ae5082ccfed70ebf5f73e325e20aeb5554
                • Instruction Fuzzy Hash: F7619B31A0CA498FDB89EE1C98A55A977E2FFD8744F14456ED54AC3286CF34E8028789
                Function 00007FF848CD5440 Relevance: .2, Instructions: 173COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ee143967a51569580c1515a8d75e4ec30a5e6285ed1aca57d0e2b32006bfdab7
                • Instruction ID: 4061c4249ca22d5d933a10ab16f84ea0e5c06976b71186e7f3b638e5339a2662
                • Opcode Fuzzy Hash: ee143967a51569580c1515a8d75e4ec30a5e6285ed1aca57d0e2b32006bfdab7
                • Instruction Fuzzy Hash: 93510670D1891D8FEBA4FB68D859AADBBF1FF58341F1001AAD00DE3296DF3568818B44
                Function 00007FF848CC31F5 Relevance: .2, Instructions: 168COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6a60bac9190c2efc9a2fb9d2f223ac96042e786b0d234063ace20e67e6590c7a
                • Instruction ID: 338922ece3d3e958dd30d9e3ff8b5b909acdb15b094378e7312e2698dbd246ff
                • Opcode Fuzzy Hash: 6a60bac9190c2efc9a2fb9d2f223ac96042e786b0d234063ace20e67e6590c7a
                • Instruction Fuzzy Hash: DB511570D0C60D8FEBA4EBA8D4446ECBBF1EF58341F54407AD009E7292DB38A945CB58
                Function 00007FF848CC2135 Relevance: .1, Instructions: 141COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c93465582014cd4a5a7ff3d7fb471d9c80150cb2d828d04e54f2aa99395b66e1
                • Instruction ID: 04bd2245f46a9097a6fd7e573524691cdab5c85adcf1228a99eda4a5ba3c32ae
                • Opcode Fuzzy Hash: c93465582014cd4a5a7ff3d7fb471d9c80150cb2d828d04e54f2aa99395b66e1
                • Instruction Fuzzy Hash: 1C412831E0DA4A8FE799EB3898451B9BBE0EF8A390F0545BBD40DC7193DF28AC418755
                Function 00007FF848CC363B Relevance: .1, Instructions: 136COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2ac64c05ca29d593860a03214f730130e59961c3e208769ea94aa5a5be46518e
                • Instruction ID: 745a1c607ef1ef2b167bd0d8813129ecef7a4b901af45bc88032f78789eb4a75
                • Opcode Fuzzy Hash: 2ac64c05ca29d593860a03214f730130e59961c3e208769ea94aa5a5be46518e
                • Instruction Fuzzy Hash: ED41AC31E1C94E9FEB94EB2CE8696B8BBE0FF59340F04007AD009D7296CF2468418B94
                Function 00007FF848CCB08A Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a26d0503774736e87816986a95c9cf712d63fada25634ca49cabc47e97bb0c77
                • Instruction ID: 9532704a1eb2fb645dbfc72b6a0b6b207fb116df1024fb83c6dd4ecb4c0a99ae
                • Opcode Fuzzy Hash: a26d0503774736e87816986a95c9cf712d63fada25634ca49cabc47e97bb0c77
                • Instruction Fuzzy Hash: 6F217C70D1C90E9EEB91FBA898492BD76E0FF48381F0048B6D01DD7096EF38A5848B45
                Function 00007FF848CC33FC Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c0173606985f80f91a846132a09fd676a8fd601243da910c5584f505331cde3d
                • Instruction ID: da2b2a2aa300a41c6ae02ad7c3cbe497f05936be0a7271ca257c0ac700bc59f3
                • Opcode Fuzzy Hash: c0173606985f80f91a846132a09fd676a8fd601243da910c5584f505331cde3d
                • Instruction Fuzzy Hash: 9E217F7084D68A8FE793EB7888586A97FF0FF16350F0505FAD449CB0A2DB389545CB51
                Function 00007FF848CC084D Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d5863b8f81efb2d0d07a6e181274128489f0450a48d055c3e21076838d37d979
                • Instruction ID: 55bfedcf3dbbcf838c5180d1e52ec7ee2ec93a66c658b73ab12f3745956e9d38
                • Opcode Fuzzy Hash: d5863b8f81efb2d0d07a6e181274128489f0450a48d055c3e21076838d37d979
                • Instruction Fuzzy Hash: DF112071D1CA8A8FFB85FB78885A1F97BE0FF15344F0584B6C049CA092EF24A445C294
                Function 00007FF848CC3814 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d969fd322b0a572596e2f561609633caa70a0b1a2279300ae80d9d8ed646441d
                • Instruction ID: 6910c8de5993479e4feedb27a6f4bc194c60a956119872b299df14ffb3bfb800
                • Opcode Fuzzy Hash: d969fd322b0a572596e2f561609633caa70a0b1a2279300ae80d9d8ed646441d
                • Instruction Fuzzy Hash: 6521D1B190E60E8FE358DF68D8293F97BE1EB95355F5000BEC009D72D6CBB614058B90
                Function 00007FF848CC0A01 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 645edebf6ea9b15b887de1a340e09efa3c1266332cab5255e0471a9e247beeff
                • Instruction ID: 13773107a35af07477fa0c1e23688b3d4cb8bc34cf748e5cf0c120d3a1951bbc
                • Opcode Fuzzy Hash: 645edebf6ea9b15b887de1a340e09efa3c1266332cab5255e0471a9e247beeff
                • Instruction Fuzzy Hash: 34114C71D1C94E9FEB80FB6888492BD7BE1FF58380F4055B6D409C7196EF38A9448B44
                Function 00007FF848CC0F2E Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0360bd21ecdecca8819310b29d3b6d68690106d9567e7c93b077e2aedb4e0030
                • Instruction ID: c2d37959c194f847570541df2561b428e0513c6f351396e8986002681b38b5fa
                • Opcode Fuzzy Hash: 0360bd21ecdecca8819310b29d3b6d68690106d9567e7c93b077e2aedb4e0030
                • Instruction Fuzzy Hash: 5B213C30D09A098FEB95FB58C854BEDB7B1FF58341F104175D009A7285CF38A985CB58
                Function 00007FF848CC3595 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5d9671cbf30c0a997330bae5c927ccd55e7cfeaeb93d456d304e55c0536a79ea
                • Instruction ID: a10455a50caad5ae1aa147991b5ba5ae34cfe3ab2922dbcbf8735aacc2225e16
                • Opcode Fuzzy Hash: 5d9671cbf30c0a997330bae5c927ccd55e7cfeaeb93d456d304e55c0536a79ea
                • Instruction Fuzzy Hash: 7E114F7091C54E8FEBA5EF7898592F97BA0FF18340F4005BAE419C7191EF35A5508784
                Function 00007FF848CC123D Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b84519bea2e6e563cd3be6668bd23081f4328227ac2e9f203e18efed409a0b5
                • Instruction ID: 1b4f7861534c19bc38d05230b945b40683377f69e178fdc7df4138bced02e8ea
                • Opcode Fuzzy Hash: 0b84519bea2e6e563cd3be6668bd23081f4328227ac2e9f203e18efed409a0b5
                • Instruction Fuzzy Hash: 3E11BF74D0D64A8EEBD9EB6984692B97BE0FF56340F0405BFD50AC60D2EF28A444C744
                Function 00007FF848CC05D8 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 608ae4a7d69fd8603ef52e9ddfaec300edb648a8bba84b5f247a1eb91cc97152
                • Instruction ID: e7deefdae61705012e41eeef80078bec55c2861ba4ade9f31a6e5ab95aec6255
                • Opcode Fuzzy Hash: 608ae4a7d69fd8603ef52e9ddfaec300edb648a8bba84b5f247a1eb91cc97152
                • Instruction Fuzzy Hash: A4014C3091890E8EEB88FF25C4596BA77A1FF58344F50457AE81EC2195CB35A561CB48
                Function 00007FF848CC28CD Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6d384c7dce16af2f284b4426e9dfa41ddeefffc0a97e0873bf76cd49480a2585
                • Instruction ID: 86c507ac2c949023264acc6e9531c35a4530d55b6c4c4f4f1bca548af098e937
                • Opcode Fuzzy Hash: 6d384c7dce16af2f284b4426e9dfa41ddeefffc0a97e0873bf76cd49480a2585
                • Instruction Fuzzy Hash: E2017871D1CA4E8FEBD1FB2488896B9BBE0FF19340F0515B6D408C60A2EB38E5848745
                Function 00007FF848CCAC09 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 16628cb3950c76119d0e5bf90adb3023fc2372b9a930b2f9fc4ee2d0f546ef37
                • Instruction ID: 7e9889584c9668cf4114aac62bddd7da1f8993c6436fddc1ef73f3046659221f
                • Opcode Fuzzy Hash: 16628cb3950c76119d0e5bf90adb3023fc2372b9a930b2f9fc4ee2d0f546ef37
                • Instruction Fuzzy Hash: 5101A27090D64D8FE791FB34888D1E97BF0FF0A340F0545B2D408C70A2EF29A4848754
                Function 00007FF848CC2F69 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1279b8002bc49292874fae0c17f302d56dd6ec99592a18d7dd3ff5adb32beee9
                • Instruction ID: 5fbc1d64972340501317beae4a406bbe97d4b7bb3cfaa4e5323da11eb473d845
                • Opcode Fuzzy Hash: 1279b8002bc49292874fae0c17f302d56dd6ec99592a18d7dd3ff5adb32beee9
                • Instruction Fuzzy Hash: 6D018F3090D69E9FE792FB7888591A97BE0EF5A340F0504F7D408CB0AAEF28A444C751
                Function 00007FF848CC0610 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cbbec5558979db4925130075e8851cb50d9a6e95c3f7d0e675fcac864e1cd69d
                • Instruction ID: 73559855b4551c7592f37497a3d79abd85a2ae91f540488c6c50372da732f84b
                • Opcode Fuzzy Hash: cbbec5558979db4925130075e8851cb50d9a6e95c3f7d0e675fcac864e1cd69d
                • Instruction Fuzzy Hash: 7F016931919A0EDEEB98FB6484592B972A0FF18349F50087EE40EC65D5DF35A590CA04
                Function 00007FF848CC0608 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 678898db80daf95b9cca18b20d1267d7683dbd1afe4cffbdef2f953bdf60eed9
                • Instruction ID: c82e4cd1f71da92d521736fe3aaf3fbbe9d5945e349233c6bf61b4165522ac6c
                • Opcode Fuzzy Hash: 678898db80daf95b9cca18b20d1267d7683dbd1afe4cffbdef2f953bdf60eed9
                • Instruction Fuzzy Hash: D7018C3181CA0E9FEB99FB24C4592BA73A0FF18345F10087EE40EC25D5DF35A550CA44
                Function 00007FF848CC1C9D Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a0959789fb17c3a21aef9a88373acc8c8ad67bda89e176219c13a2a734d7b26
                • Instruction ID: dabd521b831820cacbf21c61bd0b07650726acfe078c958d31c43b07a0938196
                • Opcode Fuzzy Hash: 2a0959789fb17c3a21aef9a88373acc8c8ad67bda89e176219c13a2a734d7b26
                • Instruction Fuzzy Hash: 0B018C7080D68E8FEB98EF2588556BA3BA0FF55340F4001BAE909C6182DB759960CB88
                Function 00007FF848CC1250 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce94cc153953625c42c1f480756677ebf5b0a2cf500345c4b550ebeb9db4313d
                • Instruction ID: e1235a3340dc7eb6a39f7762c989c529402cee44d3170042ceb0f6379d28a33e
                • Opcode Fuzzy Hash: ce94cc153953625c42c1f480756677ebf5b0a2cf500345c4b550ebeb9db4313d
                • Instruction Fuzzy Hash: 52F08C34E1D55B8EFBD8EB6A94182BA77E4FB56254F00053BD50EC20D0EF2855548644
                Function 00007FF848CC05D0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3bf1f8b3f8bb6af38f3d267fecca66f9d8b0d34360ca4a1e899440897c574249
                • Instruction ID: 771b39291412c0e7714837fe31e9b31130a98b2129f4cf25e5b866c196d72763
                • Opcode Fuzzy Hash: 3bf1f8b3f8bb6af38f3d267fecca66f9d8b0d34360ca4a1e899440897c574249
                • Instruction Fuzzy Hash: B5F06D3091DA4E8FEB84FF2994556FA77A4FF15344F50057AE90DC2181CB35A960CB88
                Function 00007FF848CC27E9 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 259737e81061414abc59ae1a37898c94c940964c6382058f7983b0ca53ea5afc
                • Instruction ID: 8434aced3f6d870721b285a6c11e04dffe53541ee3a3c34d9b52d43e4483e10e
                • Opcode Fuzzy Hash: 259737e81061414abc59ae1a37898c94c940964c6382058f7983b0ca53ea5afc
                • Instruction Fuzzy Hash: BEF0627180E78D8FEB9AEB2488551B93B60FF46201F4504BAD409C65D3DB699458C741
                Function 00007FF848CCB35A Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7c292df75a5621514997731893f2257b21d0d84bebae0c863ff21967203d7e6e
                • Instruction ID: d12e97eefe220f421b840078669c4503c733623801c330c0ff4769f78c540982
                • Opcode Fuzzy Hash: 7c292df75a5621514997731893f2257b21d0d84bebae0c863ff21967203d7e6e
                • Instruction Fuzzy Hash: E5F01471D1D96D8FEBA1EB288845BE9B7B0FF69340F1042E6940DE3146CB34A981CB84
                Function 00007FF848CC285D Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2291859546.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_7ff848cc0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9a43b2b82b7b69dee8d90c1217b4dc80f1522f02b850afa58c8f4ec07643b1ef
                • Instruction ID: a804630e059ba2f007614c4002034affe9b8df7923f3abb85639883366c112a1
                • Opcode Fuzzy Hash: 9a43b2b82b7b69dee8d90c1217b4dc80f1522f02b850afa58c8f4ec07643b1ef
                • Instruction Fuzzy Hash: ECF09A7280EA8ECFEB99AF2488592B93BA0FF15205F4005BAE809C55D2EB389454CA40

                Executed Functions

                Function 00007FF848CD1DC2 Relevance: .2, Instructions: 217COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8e69d31bc5986d41c7082bd46eb9df575a8f2bbb28edd3cebf7c73641f49bef
                • Instruction ID: b1021acb9893c1db826d43143a047facc76b60143207bbbbc8ccb9d31c2ddcc7
                • Opcode Fuzzy Hash: d8e69d31bc5986d41c7082bd46eb9df575a8f2bbb28edd3cebf7c73641f49bef
                • Instruction Fuzzy Hash: E5618E31A0CA498FDB99EE1C98955B9B7E2FFD8744F14416ED44AC3296CF34E802CB85
                Function 00007FF848CE5440 Relevance: .2, Instructions: 173COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 341c68b8c5d590a9914a6a69aab253159f3578d453ac0311304a338bb041d709
                • Instruction ID: 594e28dc870b618eb6dad8910afdef27cf491385e54ad9197fc1f1edac63fd38
                • Opcode Fuzzy Hash: 341c68b8c5d590a9914a6a69aab253159f3578d453ac0311304a338bb041d709
                • Instruction Fuzzy Hash: EC51F670D1891D8FEBA4EB68D859BBDB7F1FB58341F1000AAD00DE3296DB3968818B44
                Function 00007FF848CD31F5 Relevance: .2, Instructions: 169COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9652faa7b5c22bd31cd15bd6e76a4e0a015af8afbf88abce1a7a4dcac78f0f41
                • Instruction ID: eb96bdfed3f745954fc4c3072f5640121e2a82710d66401ea9b0e265e1d91866
                • Opcode Fuzzy Hash: 9652faa7b5c22bd31cd15bd6e76a4e0a015af8afbf88abce1a7a4dcac78f0f41
                • Instruction Fuzzy Hash: F8511571D0861E8EEBA4FBA8C4546ECBBF1EF58341F50407AD009E7292EB38A945CF54
                Function 00007FF848CD2135 Relevance: .1, Instructions: 141COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: db4948ccd08b05956333045dd535e0a093f111169e2e28533424f96877842888
                • Instruction ID: 99ff43191cc4a0df493fa0b0647a5351effd96205a01a7cca62966e5ac7ca0c4
                • Opcode Fuzzy Hash: db4948ccd08b05956333045dd535e0a093f111169e2e28533424f96877842888
                • Instruction Fuzzy Hash: 8C41293190DA498FF796FB7898451B97BE0EF86390F0445BBD40DC71A2DF28B8418745
                Function 00007FF848CD3628 Relevance: .1, Instructions: 131COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 94c7824cc2a2b26d12ed3bd41ef8a1bd367141a39f7e9828164950fc23de3ac9
                • Instruction ID: b6ff31fd89a652f9f4d2d608bb1e75492f3c874711ea20642b529803e1cc1a2c
                • Opcode Fuzzy Hash: 94c7824cc2a2b26d12ed3bd41ef8a1bd367141a39f7e9828164950fc23de3ac9
                • Instruction Fuzzy Hash: 23416B31E1C94E9FEB94EB2CD8697B9BBE0FB59340F000179D009D7295EF286841CB95
                Function 00007FF848CDB08B Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: edcbad51741c66243d82712de710e97f5c717266c4e04c3d590c8e7633a6b677
                • Instruction ID: 4cb9f78b7cc9711ab162e1831f8d2717c2c85daa7b31f67b0b5e877619966a4c
                • Opcode Fuzzy Hash: edcbad51741c66243d82712de710e97f5c717266c4e04c3d590c8e7633a6b677
                • Instruction Fuzzy Hash: A1214B70D1C90E9EEBE1FB6894491BDB6E0FF58381F0058B6D41DD31A5EF34A5848B44
                Function 00007FF848CD33FC Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 07e5b944e8712245812b10c7963179e7cd3247e59b2a97f17601e7f22c3bc5c5
                • Instruction ID: 1b7a7c40b8d80abab2dbbafa2d981e54462d78d8232080cbd8438b36f7da5db2
                • Opcode Fuzzy Hash: 07e5b944e8712245812b10c7963179e7cd3247e59b2a97f17601e7f22c3bc5c5
                • Instruction Fuzzy Hash: C5216A3084D68A8FE782FB7888585A97FF0EF1A350F0505EAD049CB0A3EB2C9545CB51
                Function 00007FF848CD084D Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4cb00b5144ef8be64a39e7790b8e20d12e1517deb5c9664642f79e620691b416
                • Instruction ID: df0020121d561fabe1af29140d22e6f347fe666b8839660e152ce08cc3cdc0b6
                • Opcode Fuzzy Hash: 4cb00b5144ef8be64a39e7790b8e20d12e1517deb5c9664642f79e620691b416
                • Instruction Fuzzy Hash: F2110131D1CA8A8FF7A5FB7CA85A1F8BBE0FF15344F0584B6C049C7092EA24A445CA94
                Function 00007FF848CD3814 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b83fc25cc331a03b4b1390a1211303658564d87bbbaa88bde1146a1b85524ac
                • Instruction ID: c4a2a0df04922d4d12b99ac5004fc04821b24aeec291335d1f7006383df2b5f3
                • Opcode Fuzzy Hash: 3b83fc25cc331a03b4b1390a1211303658564d87bbbaa88bde1146a1b85524ac
                • Instruction Fuzzy Hash: AD21CFB190E60A8FE358DF68C8293BA7BE1EB86314F5000BEC009D32D6CBBA14058B40
                Function 00007FF848CD0A01 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 44c0ed1b229afc081a7a6d4e6a1c2d9dc85dd08ed5643c20e2c5da8d7402b16a
                • Instruction ID: dde018669d39bc4e9bad5268ddad9a161fd7a99da7d5fd6f7461c5ccedcf3e67
                • Opcode Fuzzy Hash: 44c0ed1b229afc081a7a6d4e6a1c2d9dc85dd08ed5643c20e2c5da8d7402b16a
                • Instruction Fuzzy Hash: 1A11583091C94E9FE7A0FB6898492B97BE1FF58380F4045BAD40CC6192EB38A5448B44
                Function 00007FF848CD0F2E Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a7ee9c50df506f8b2c50cc4c9160c1eeb88b46b46d4425cd624fc8f53fbd28de
                • Instruction ID: 7fe972572d0794ecb4cb10a064bb5057538d209c052a7d425b73316776ec2985
                • Opcode Fuzzy Hash: a7ee9c50df506f8b2c50cc4c9160c1eeb88b46b46d4425cd624fc8f53fbd28de
                • Instruction Fuzzy Hash: 94213C30D095198EEBA4FB58D854BEDB7F1FB54340F144279D009A7286DF38A985CF58
                Function 00007FF848CD123D Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 34d48f15f24fc5fc0f36b656a743498ef0e0cce63c851d1b709d366571c4aacf
                • Instruction ID: 5116b7479218d11444d518bebc1f88d7ee13072c3cd133e9e6b046c9666bf2a7
                • Opcode Fuzzy Hash: 34d48f15f24fc5fc0f36b656a743498ef0e0cce63c851d1b709d366571c4aacf
                • Instruction Fuzzy Hash: 7D119070D0D94A8EEBE9FB6884592B9BBF0FF56340F0405BFD409C60D2EB265440CB44
                Function 00007FF848CD3595 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 356062521f27bf700d5751f31aae941eaf1804162e89bd26c79652bab15cc173
                • Instruction ID: 598b889bf24a63f3889fa6712463f4de59157eab13bc81395bb6419c09d58a2b
                • Opcode Fuzzy Hash: 356062521f27bf700d5751f31aae941eaf1804162e89bd26c79652bab15cc173
                • Instruction Fuzzy Hash: 6D118E7090D68E8FEB96FB3888691B97BF0FF15301F0404AAE409C7192EB38A044CB44
                Function 00007FF848CD05D8 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 005ec544e8ee4f94471730f982c0c61afa1ad14d743d334e37fbc8df714c4cf0
                • Instruction ID: a8fc9fcdc74cc28a879b409fe6835db8679b262e4d9bc360ef7689fa66dc05e2
                • Opcode Fuzzy Hash: 005ec544e8ee4f94471730f982c0c61afa1ad14d743d334e37fbc8df714c4cf0
                • Instruction Fuzzy Hash: 5E018C3090890E8EEBA8FF64C0496BAB7E1FF98344F10047ED80EC2190CB31A551CB48
                Function 00007FF848CD28CD Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be0b47410eef200fea28fdf0a9fa0b03363c7aa091ca84e25c65bc2418e3dc33
                • Instruction ID: 77f52749c9324009d5c99d04959b39dd8e84c7fbbe64196a44d6916736cd2348
                • Opcode Fuzzy Hash: be0b47410eef200fea28fdf0a9fa0b03363c7aa091ca84e25c65bc2418e3dc33
                • Instruction Fuzzy Hash: D8017C3191C64D8FF7A1FB2488896B97BE0FF19340F4555B6D408C60A2EB34E584CB45
                Function 00007FF848CDAC09 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b8d472dfd1c7a213618131d481c8536df31be3cae0b485238c6370c4ba2e505f
                • Instruction ID: 34c5cd18280d7ead4b0ac2f80b58e3a5fbbe515f3947709fe81f04cfd966c58b
                • Opcode Fuzzy Hash: b8d472dfd1c7a213618131d481c8536df31be3cae0b485238c6370c4ba2e505f
                • Instruction Fuzzy Hash: F001A230D1D64D8FE7A1FB3488491A97BE0FF8A350F4545B3D408C70A2EB29A4858B54
                Function 00007FF848CD2F69 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 35963db6b810df518c7506bf0f8a1adacee8ca2cbfe0e5a57d8b787dfd28703d
                • Instruction ID: cc28e2dd27e95c742839c7fbf0309b31b3271d16162ac8ba901c91422bd4344e
                • Opcode Fuzzy Hash: 35963db6b810df518c7506bf0f8a1adacee8ca2cbfe0e5a57d8b787dfd28703d
                • Instruction Fuzzy Hash: B001843090D6595FF7A1F77484591A97BF0EF5A340F0508F7D408CB0A6DB28B4448B51
                Function 00007FF848CD1C9D Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0e37128104f9672bf7301bdf048fb84f9b81c3ad3a53bcf8650ee853fbcecbd5
                • Instruction ID: 487b112a72395b719af1f3e1387355f5f4fb4fb18e3a65d6910a7802309a835d
                • Opcode Fuzzy Hash: 0e37128104f9672bf7301bdf048fb84f9b81c3ad3a53bcf8650ee853fbcecbd5
                • Instruction Fuzzy Hash: 6901813090D68E8FEBA8FE24C4556BA7BE0FF95340F41017AE809C6191DB759551CB84
                Function 00007FF848CD0610 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b0bc62bda24417a99c27e967b6d8e97184942942588e435308f294dbaebfeb3
                • Instruction ID: e70cb3717776cde303fe11febe15f7b420d4b0318300b69ab8c0732785f67095
                • Opcode Fuzzy Hash: 6b0bc62bda24417a99c27e967b6d8e97184942942588e435308f294dbaebfeb3
                • Instruction Fuzzy Hash: D0016931919A0E9EFBA8FB6488592B972E0FF18349F50487EE40EC65D5DF35B590CA04
                Function 00007FF848CD0608 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fa26ac7a41bccfe5114f2de3aa9ff759e36fa3e9e87634d317940a02af69d704
                • Instruction ID: 8db361892410d90e4e54f7b67630fb74f34d36b42d868bbc6d145a702e476002
                • Opcode Fuzzy Hash: fa26ac7a41bccfe5114f2de3aa9ff759e36fa3e9e87634d317940a02af69d704
                • Instruction Fuzzy Hash: DC016931818A0E9EEBA9FB2488492BA73E0FF18345F50487EE40EC2595DF35B550CA44
                Function 00007FF848CD1250 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 210181ee7a716782bb12c847b4aa065dfae54097377d156fd8819766c8ec2804
                • Instruction ID: 87ad0ee67814e63ba4c10b5e367f0928c2b58bdb7a2a5b50ac98f44446b5317b
                • Opcode Fuzzy Hash: 210181ee7a716782bb12c847b4aa065dfae54097377d156fd8819766c8ec2804
                • Instruction Fuzzy Hash: 7EF08C30D1D55B8EEBE8FBA898182BAB7E4FB56294F04053BD40DC20D1EF291514CA44
                Function 00007FF848CD05D0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a6ff691f0d2935526b9b9983308b14f0f8509ae5a254276092e645db1e633c24
                • Instruction ID: 936924798fdaf0913fac9ab1cf4a3972e01aada88f50960d8c400ec671b6f725
                • Opcode Fuzzy Hash: a6ff691f0d2935526b9b9983308b14f0f8509ae5a254276092e645db1e633c24
                • Instruction Fuzzy Hash: 97F0CD3091DA4E8FEBA4FF2884052FAB7E0FF45344F00043AE80DC2081CB35A960CB88
                Function 00007FF848CD27E9 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 972eccac51a3c6c9ac922c5d17c473c998bf9b81a3d8bbe53c3b08203f77e41d
                • Instruction ID: 9610dd20958af4b0ba6353ade893dc0749ac8163e1cb4e4a253cdef1d2dc68f2
                • Opcode Fuzzy Hash: 972eccac51a3c6c9ac922c5d17c473c998bf9b81a3d8bbe53c3b08203f77e41d
                • Instruction Fuzzy Hash: 88F0623180E78D8FEBAAFB3488551B93FA0EF46201F4544BAD409C61D3DB69A454CB41
                Function 00007FF848CDB35A Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4d7de01f01177e863168a2804164c23f1dc27ae8d781fdaef3a8124dc4d03e72
                • Instruction ID: 1536720e2a439d613e1ec1dea4677d9f6593aad44e3da6ecf780c8512289aee4
                • Opcode Fuzzy Hash: 4d7de01f01177e863168a2804164c23f1dc27ae8d781fdaef3a8124dc4d03e72
                • Instruction Fuzzy Hash: 4CF01970D1D5698EEBA1FB248845BA9B7B0FF58300F1041E6940DD3146DB34A985CF44
                Function 00007FF848CD285D Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2294403513.00007FF848CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7ff848cd0000_QWQpSrRPpykBmPKCQiELiILCQi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3f68d19f2131ebfed2f718825280935db959115dcb25e7364b3b0785bfd56f53
                • Instruction ID: 53deb0bc80fc64d453cebd414ecc07b18a3ebc5b720355817993ea66be8df45b
                • Opcode Fuzzy Hash: 3f68d19f2131ebfed2f718825280935db959115dcb25e7364b3b0785bfd56f53
                • Instruction Fuzzy Hash: 48F0903280D64DCFFBA9BF2488591B93BA0FF15205F40457AE409C55D1DB39A450CB40

                Executed Functions

                Function 00007FF848CC101F Relevance: 2.6, Strings: 2, Instructions: 52COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID: +$-
                • API String ID: 0-2137968064
                • Opcode ID: 5511e92e6dfaeb19e3afd34fd92e40c2798ea144edec0f3053826c640570452d
                • Instruction ID: 1021edd39bedf5a37faa28496fb7927fd2e6704713d88f7e874d147cc30b7c12
                • Opcode Fuzzy Hash: 5511e92e6dfaeb19e3afd34fd92e40c2798ea144edec0f3053826c640570452d
                • Instruction Fuzzy Hash: A321A474D082298FEB98EF55D8A47FDB6B1BF54340F1041AED04EA7281CB386A84DF44
                Function 00007FF848CC3AAF Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID: "#
                • API String ID: 0-515942874
                • Opcode ID: 2dc3f48725f700fe46a1422ce53dbf4e8e94ee850af4556ebe0c4b278905a078
                • Instruction ID: 079b6c4c23f1f236019cc8ee0e9167ffbc1508e47eae1069d1e550c6ef127c20
                • Opcode Fuzzy Hash: 2dc3f48725f700fe46a1422ce53dbf4e8e94ee850af4556ebe0c4b278905a078
                • Instruction Fuzzy Hash: 15812427B0D966AED311B77DB4491E93B90EFC13B6B044577C188CE053DA146899C7E8
                Function 00007FF848CC3AD3 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID: "#
                • API String ID: 0-515942874
                • Opcode ID: a4abba0f3965e2de9fbd5354b25c6b2cc87d11dec96a767d96729506738e931f
                • Instruction ID: 9dc9d68627f97f89ed2f9808ac6b5ca6a146e0d2490d7b727292fb03cc2c6120
                • Opcode Fuzzy Hash: a4abba0f3965e2de9fbd5354b25c6b2cc87d11dec96a767d96729506738e931f
                • Instruction Fuzzy Hash: 40713627B0D662AED312B77DB4491E93B94EFC1376B04457BC288CE053DA14689AC7F8
                Function 00007FF848CC19D5 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID: -
                • API String ID: 0-2547889144
                • Opcode ID: b3c71a90eb5bac4a75e92b6f2017ace893f4812154f568a920945d453687140d
                • Instruction ID: 4e6f8ad317c495ab4fdc089515ab46e41edb66af08896d10404ef0b6b306aa54
                • Opcode Fuzzy Hash: b3c71a90eb5bac4a75e92b6f2017ace893f4812154f568a920945d453687140d
                • Instruction Fuzzy Hash: D6010874D082298FEBA8DF51D8947FDB6B1AF40350F0040BED14E6A280CB786A80DF04
                Function 00007FF848CC34E8 Relevance: .5, Instructions: 465COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 890b1a1a329bc1f612b419ef699378b2168290031650c97f8a0b76bf3c41033d
                • Instruction ID: 24d17a556e4db07e6972620282625af20e2061d0812ac1568cae63080087463f
                • Opcode Fuzzy Hash: 890b1a1a329bc1f612b419ef699378b2168290031650c97f8a0b76bf3c41033d
                • Instruction Fuzzy Hash: C321652090E6C99FE792F77958595A97FF0FF16340F0905FBD488C7093DA28A504C796
                Function 00007FF848CBDB09 Relevance: .4, Instructions: 405COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CBA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cba000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2da719a394283c29e5c18d7c8e71f0b3c1179523a54dadd209df4968305a8eb3
                • Instruction ID: 9de640ab5eb2f35cc8338bdf329472185d48e203e622b2ec7dcfbbbe248686e2
                • Opcode Fuzzy Hash: 2da719a394283c29e5c18d7c8e71f0b3c1179523a54dadd209df4968305a8eb3
                • Instruction Fuzzy Hash: 3CE15E30D19A599FEB98EF68D4957B8B7B2FF68341F0440B9D00DD7292CB386940CB55
                Function 00007FF848CBC9BD Relevance: .2, Instructions: 226COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CBA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cba000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ff33b5b288f52491ddeb68623912f95919e1cd3c3a64971dfcaff52ea80c1ae0
                • Instruction ID: c814ec7b3a42af8e5445cd306b63d6df7fa06c3c6dd0cdaf5a536fc00f3128d7
                • Opcode Fuzzy Hash: ff33b5b288f52491ddeb68623912f95919e1cd3c3a64971dfcaff52ea80c1ae0
                • Instruction Fuzzy Hash: 5A51F227B0D9264EE742BA6DB8090FD7794EF913B1F048137D218C9083DF187A9982EC
                Function 00007FF848CB1DC2 Relevance: .2, Instructions: 217COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d29ce893dbe8cb630e1c8954d22432ec6f0abfa47648d29b9f80e83627bc6ddf
                • Instruction ID: 7d6cd8401ffda8c05f6b16ba42d2bebd0e498d04906193d1b9e42823ab907382
                • Opcode Fuzzy Hash: d29ce893dbe8cb630e1c8954d22432ec6f0abfa47648d29b9f80e83627bc6ddf
                • Instruction Fuzzy Hash: E8617E31A1CE498FDB89EE1CA8555B977E2FFE8744F14416ED44AC3286CE34E902C789
                Function 00007FF848CC2A71 Relevance: .2, Instructions: 214COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a76459119a4af0a2b250003e19298b36ddaf6850a5ea632c4c69eccbb85f631
                • Instruction ID: 740e5d2efff6e68e3b52a5491210c8f7e7fd2519190e76aab19d7878a6eb1c0b
                • Opcode Fuzzy Hash: 8a76459119a4af0a2b250003e19298b36ddaf6850a5ea632c4c69eccbb85f631
                • Instruction Fuzzy Hash: 7A81F970D0895D8EEBA4EB68D8957ECB7B1EF68341F5041BAD00DE3291DF386984CB54
                Function 00007FF848CC542D Relevance: .2, Instructions: 181COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cb3c2f99ad14d11759b64d42e7cd2f05a63d655fc65e30b34b403c79a0274a5f
                • Instruction ID: 51ab485546be66388431876cfdebd54dc0db8aff7d4081dd09546ed2079e638b
                • Opcode Fuzzy Hash: cb3c2f99ad14d11759b64d42e7cd2f05a63d655fc65e30b34b403c79a0274a5f
                • Instruction Fuzzy Hash: BD51F770D1895D8FEB94EB68D859BADB7F1FF58341F5000BAD00DE7296DB38A8818B44
                Function 00007FF848CC3BD3 Relevance: .2, Instructions: 175COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aa311db35d6ca985a5d25339329244d8d2ba490164cd7ef6b30a90716439850b
                • Instruction ID: 1a101ec26729fc505e4900ff9d0b4e92529a6a2e888bc418b08c7683af9d99b8
                • Opcode Fuzzy Hash: aa311db35d6ca985a5d25339329244d8d2ba490164cd7ef6b30a90716439850b
                • Instruction Fuzzy Hash: A741172B70D6A59ED361B63DB8591EA3F90EFC23B6B0404B7D248CE043DA10588DC7E5
                Function 00007FF848CB31F5 Relevance: .2, Instructions: 168COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f99a3aea96f75e0ed30929066f599103a141743242a4ffd9b776c4392f417359
                • Instruction ID: d3ead7e26ce22219ff4995f8cfe5e6b655bb1bd19e8bf515e8b4039dc159d2e0
                • Opcode Fuzzy Hash: f99a3aea96f75e0ed30929066f599103a141743242a4ffd9b776c4392f417359
                • Instruction Fuzzy Hash: 29513A70D0C90D8FEB94EBA8D4846EDBBF1EF68341F504079D009E7292DB38AA45CB54
                Function 00007FF848CC5440 Relevance: .2, Instructions: 159COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2482ff74122660f15ef3b5fb5eab1d9df586bc6af133bfff678d81784ebce14d
                • Instruction ID: edcc8bb218eb60d3a4bf6fa6b9d3e93e8ac49b4f067e399d044ee1095bc4498a
                • Opcode Fuzzy Hash: 2482ff74122660f15ef3b5fb5eab1d9df586bc6af133bfff678d81784ebce14d
                • Instruction Fuzzy Hash: 6651D670D1895D9FEB94EBA8D859BADB7B1FF58341F5000BAD00DE3296DB3868818B44
                Function 00007FF848CC71B9 Relevance: .1, Instructions: 149COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 739b1c137999b88b7418de76db1dc3673ab679c0b7c03b9e5cbbb0d343140fa3
                • Instruction ID: c5ce944b74a6d65a9b8a7e468103711cf6288ae47cbc3cc022e5c7d4b794cba1
                • Opcode Fuzzy Hash: 739b1c137999b88b7418de76db1dc3673ab679c0b7c03b9e5cbbb0d343140fa3
                • Instruction Fuzzy Hash: FF518830D4C60ACFEB94EFA8D4452EDBBF1EF46340F14413AE409E7296CB38A9458B84
                Function 00007FF848CC62C5 Relevance: .1, Instructions: 146COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a723d65668af8a074d1319a7fc558c9dc9528bf016e7258854e585ebef5dac09
                • Instruction ID: 51cb43c56fc1e268296fb5c372d78a820a4e794ed4caf9764b2f88105717276d
                • Opcode Fuzzy Hash: a723d65668af8a074d1319a7fc558c9dc9528bf016e7258854e585ebef5dac09
                • Instruction Fuzzy Hash: BC511570D0C6198EEBE4EB64C959BA9B6F1FF58341F1041BED00DE6282DB386A84CF15
                Function 00007FF848CB2135 Relevance: .1, Instructions: 141COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 898c374f2fb0016f9c54b94a24a7ebdfcc98f29dbc24b02b15f90fb732f0246c
                • Instruction ID: fb9443153cf6f73186255bfdc29a6bfaef2e45e24a027808a6087a4ac30b2055
                • Opcode Fuzzy Hash: 898c374f2fb0016f9c54b94a24a7ebdfcc98f29dbc24b02b15f90fb732f0246c
                • Instruction Fuzzy Hash: CB41483190DA4A4FE789EB78A8451B97BE0EF96390F0445BBD00DC7193DF28AD41C746
                Function 00007FF848CB363B Relevance: .1, Instructions: 136COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e5bf87a5eaa4200e4ebb2258f68a8c0e0cb7a70a152581249cf0c969339f40dd
                • Instruction ID: 9d305ff4eb29271dc8388aa8ab07be11c5b57d9e528d0ffd61216f2003b25a58
                • Opcode Fuzzy Hash: e5bf87a5eaa4200e4ebb2258f68a8c0e0cb7a70a152581249cf0c969339f40dd
                • Instruction Fuzzy Hash: 58417F31E1C84E9FEB88EB2CE4696BDBBE0FF69340F44017AD009D7296CF2459418B95
                Function 00007FF848CC2CBD Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0521702023f2315db9c55b5d4acc3f77055c08adf05fa6caf13e43af59721f9c
                • Instruction ID: 72cdae139e9541a7710cfb05a462495022c4c469637730542acb7035adc6c3ec
                • Opcode Fuzzy Hash: 0521702023f2315db9c55b5d4acc3f77055c08adf05fa6caf13e43af59721f9c
                • Instruction Fuzzy Hash: 8041B570E18A298EEB90EFA8C8857EDB7B1FF18341F1041A5D41CE3292DB346A85CF55
                Function 00007FF848CBC3B2 Relevance: .1, Instructions: 99COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CBA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cba000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dfbfab77bf3c670ced9579240f0231b3a44267b4247126fae2320095365d0b7c
                • Instruction ID: a4d167cf73bb2f8c37e72976a0d946a56c104c70e967ba4a152208e07951b66a
                • Opcode Fuzzy Hash: dfbfab77bf3c670ced9579240f0231b3a44267b4247126fae2320095365d0b7c
                • Instruction Fuzzy Hash: 7031A370E1C91D8FEB94EB98E895AFDB7B1FFA8340F505029D05DE3292CF2469818B44
                Function 00007FF848CBC420 Relevance: .1, Instructions: 91COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CBA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cba000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09a7262d6ec937606999762f88eba6433bd455160f9f6b9ed2438ef4007d8fd1
                • Instruction ID: b6922ebd3934b9fbc8a54a51b7f820cd27e3704b374a0acf9f312aeffccc1aaa
                • Opcode Fuzzy Hash: 09a7262d6ec937606999762f88eba6433bd455160f9f6b9ed2438ef4007d8fd1
                • Instruction Fuzzy Hash: 4E21B670E1CD1D8FEB94EBA8A8956FDBBB1FFA9340F501129D05DE3292CF2469418B44
                Function 00007FF848CBB08A Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CBA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cba000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ac26527ad731f52b5f38eec356208dfdd07d5ccb56474feaa2fca127fa857825
                • Instruction ID: 5c1181ee70e5a33bacd304c6cb366e0df7b84e633d686e4644be659158699a2e
                • Opcode Fuzzy Hash: ac26527ad731f52b5f38eec356208dfdd07d5ccb56474feaa2fca127fa857825
                • Instruction Fuzzy Hash: EC213970D1CD0A9EEB91FB68A8492B976E0EF68381F0048B6D41DD7195EF34A7848B44
                Function 00007FF848CBBF26 Relevance: .1, Instructions: 81COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CBA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cba000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5fc2288aebfa9478ec6fdc2fd2727c796151feed748f692bc705f60b6edd5a89
                • Instruction ID: ce7e3ba169c106be74350a4bbf8b6208ff62733836bdf19dcc054b2fde0b8e89
                • Opcode Fuzzy Hash: 5fc2288aebfa9478ec6fdc2fd2727c796151feed748f692bc705f60b6edd5a89
                • Instruction Fuzzy Hash: 8431B3B4D09A1A8FDB84EF94E4946EDB7B1FF28351F10003AE459A7291DB346A80CB44
                Function 00007FF848CB33FC Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9391cd5464a53c5846ff9aaad993cc959cd9eaf80dc47c66f5ad00af320fa09
                • Instruction ID: 719e8f4e3d22f46ff0767bed82522843939694afec86bce7e812d8b4d3e186db
                • Opcode Fuzzy Hash: f9391cd5464a53c5846ff9aaad993cc959cd9eaf80dc47c66f5ad00af320fa09
                • Instruction Fuzzy Hash: 3F217F3084DA8A8FE783EB7888586A97FF0FF16360F0505FAD459CB062DB389645CB51
                Function 00007FF848CB084D Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 874b81bcfd4a6ea486ca5aaf0ccca4ea0eef20315a1d4212b6059391307b8ce9
                • Instruction ID: bc521199bbf65db19fa80f2e6d073a551554ef16e6aec45101471bfda7dee02e
                • Opcode Fuzzy Hash: 874b81bcfd4a6ea486ca5aaf0ccca4ea0eef20315a1d4212b6059391307b8ce9
                • Instruction Fuzzy Hash: 53110131D1CE8A9FF795FB78A85A1E87BE0FF25344F0544B6C049C6092EE25E645C684
                Function 00007FF848CC75C1 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b40fbcb601ddfab35fcbc6894bfc8bb9bda60138d138af01f4b9926a7a79d42c
                • Instruction ID: b7b036aa30c5d1dcdaa0f8002e33b5a8659d275f74d25c4b85af810c45436832
                • Opcode Fuzzy Hash: b40fbcb601ddfab35fcbc6894bfc8bb9bda60138d138af01f4b9926a7a79d42c
                • Instruction Fuzzy Hash: C9118535A4C94E8FEB81EB6C98492FA77E1FF1A340F000472E409D7192EB28A5508B55
                Function 00007FF848CB3814 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4fe66e70a71f77bb7815f931b45c5e3377cff8a5cdfa0dbee2ff1e9e1aaa096f
                • Instruction ID: e39043dfb2bb177d38dabfd46dc730f219b6de5a6a7487989c8f71e8b00a96f0
                • Opcode Fuzzy Hash: 4fe66e70a71f77bb7815f931b45c5e3377cff8a5cdfa0dbee2ff1e9e1aaa096f
                • Instruction Fuzzy Hash: FC21F67190EA0E8FE358DF68D8193E97BE1EB95314F5000BFD049D72D6CBB614598B50
                Function 00007FF848CC2807 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09ecaacc1ce0e6644b6117916704b746a6e426b4f4fcacfc3dab17ed6f1bb346
                • Instruction ID: 014645af5fef6e677370a2034e535b502f621eb6b190d3bb978e265637ac5eb2
                • Opcode Fuzzy Hash: 09ecaacc1ce0e6644b6117916704b746a6e426b4f4fcacfc3dab17ed6f1bb346
                • Instruction Fuzzy Hash: 6E11BF3184E7898FEB86AB3098191F97BB0EF16340F1604FBD449CB4E3DB29A955C761
                Function 00007FF848CC6F51 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aa61398f80dc7c69d43592e5fbdb0fec4a24ec1613189a0dc883e96790d98fb7
                • Instruction ID: f35d35d347268c630521b2429ce36315458a2b4950fe2c22840855bdb47f1b82
                • Opcode Fuzzy Hash: aa61398f80dc7c69d43592e5fbdb0fec4a24ec1613189a0dc883e96790d98fb7
                • Instruction Fuzzy Hash: 5911BE30D0CA4E9FEB98EF6884596B97BE0FF68341F0001BED419C6192DB34A554CB80
                Function 00007FF848CC25D1 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 934dd56c984b98de156d452e1bd5568d054ded6e43be303b04e7ce3bd84887a1
                • Instruction ID: 508c18895633aa6cd3a796a4ffc926925e45df8b401b45e6f55788067c5d61b0
                • Opcode Fuzzy Hash: 934dd56c984b98de156d452e1bd5568d054ded6e43be303b04e7ce3bd84887a1
                • Instruction Fuzzy Hash: 4511797091DA498FDB88EF28C4965E93BA1FF58345F01127EE80AD3281DB38A440CB95
                Function 00007FF848CC4905 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7eac81e4d9946820cda41a7370dba0cbc0c98621b3dcd35b4585c6242a81d0d8
                • Instruction ID: 4f7f606f4e9bce4894a9376f0a1a9679c3dd93825cb4a82f41c86f04bd4a2ecf
                • Opcode Fuzzy Hash: 7eac81e4d9946820cda41a7370dba0cbc0c98621b3dcd35b4585c6242a81d0d8
                • Instruction Fuzzy Hash: 3F117C30C0CA5E9FEBD8EF68845A2B97BA0FF68341F1045BAD409D6196DB35A544CB81
                Function 00007FF848CB0F2E Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3add07b7dfe8ad38570ee234fcee7d859d571f1f421dfbb9bd872e398dfa0a0
                • Instruction ID: ee44cb2f39851957e92339849918f5120e0c9b1ff2fbe5b04f0a38949c99de99
                • Opcode Fuzzy Hash: a3add07b7dfe8ad38570ee234fcee7d859d571f1f421dfbb9bd872e398dfa0a0
                • Instruction Fuzzy Hash: 60215C30E0D9198EEB94FB58D844BEDB7B5EB64340F104275D009A7286DF38AA85CB58
                Function 00007FF848CB0A01 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 979e0a3ce2fd642636215143adb043337290714c56accce7dcad6a386b6fc440
                • Instruction ID: d66754ba4538d7034b063117953a332c229522ed0d32c939e6e14e9af3c91ad3
                • Opcode Fuzzy Hash: 979e0a3ce2fd642636215143adb043337290714c56accce7dcad6a386b6fc440
                • Instruction Fuzzy Hash: 29116D70D1C90E9FE780FB6898491BD77E0FF68380F4049B6D408C7092EF34AA448744
                Function 00007FF848CC7651 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 952d905cc79a10b44c9e5a5d9cba830be53c843a4ea4724c41ebe7e72cb19373
                • Instruction ID: 6b0ef176103433892d5644cb69a7fb65b7ab442055c42fbcfe3390d2a5735347
                • Opcode Fuzzy Hash: 952d905cc79a10b44c9e5a5d9cba830be53c843a4ea4724c41ebe7e72cb19373
                • Instruction Fuzzy Hash: A811B83084C94E9FEB81FBAC88486EE7BE0FF1A341F0004B6D009C7091DB38A1848B50
                Function 00007FF848CC4869 Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4d3b72a9a147bbd1bf599ecd55dd598246a78fe2cca4259e9526ad24a8e14fd6
                • Instruction ID: 1aaaf45d8a956035b3c9d3ecd96c9b574355d12b3b4013deeb23a01a30646147
                • Opcode Fuzzy Hash: 4d3b72a9a147bbd1bf599ecd55dd598246a78fe2cca4259e9526ad24a8e14fd6
                • Instruction Fuzzy Hash: 2C21903090DA8E9FEB99EF6884592B93BE0FF29341F1045BAD409C7596DB34A544C781
                Function 00007FF848CC4E25 Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7a577f49961eb7b75cc41b6e4dffb565a1ab063effb382d9bdfce7cc1b1ce3eb
                • Instruction ID: 21bad3f13af37d72957ffb7424ad589ab2eb2fbaf4f38b44e1b6b1eb29f4ac37
                • Opcode Fuzzy Hash: 7a577f49961eb7b75cc41b6e4dffb565a1ab063effb382d9bdfce7cc1b1ce3eb
                • Instruction Fuzzy Hash: 1411E330C0DA8D8FEB99EF6484992F8BBA0FF15344F0641BED00DC6596DF29A480C745
                Function 00007FF848CC6FF5 Relevance: .1, Instructions: 64COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 95ca695d412968b2bd988875b90b8e930441618a4ab44bb8b054fec9fa77175e
                • Instruction ID: 936de309242a25db5c8bd37b526c8179bcace9293dfb47c8908a9d496d0f5ef7
                • Opcode Fuzzy Hash: 95ca695d412968b2bd988875b90b8e930441618a4ab44bb8b054fec9fa77175e
                • Instruction Fuzzy Hash: 66117C30D4CA4E9FEB99EF68845A2B97BE0FF69341F1005BED409C7196DB38A544CB81
                Function 00007FF848CB3595 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cdbc141a2a6f22fbb04b48d325f2ec290f051c7d775723d944eaf703f4823281
                • Instruction ID: 4f8091e56ff2124ca31cc7698ec674f2ce9ae60426485150927a2c5c503f2182
                • Opcode Fuzzy Hash: cdbc141a2a6f22fbb04b48d325f2ec290f051c7d775723d944eaf703f4823281
                • Instruction Fuzzy Hash: 5911817090DA898FEB86EB3888692BD7FF0FF25301F4404BAD409C7192DB34A544C745
                Function 00007FF848CB123D Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 68d89584b79c843bc5e454b4cbcad01018f279edc673cb52f91e719887a3ecd0
                • Instruction ID: be5ca413bd5f1776e0408db75bdce10fae54a46c73ca8c1b32ec631c90acccbf
                • Opcode Fuzzy Hash: 68d89584b79c843bc5e454b4cbcad01018f279edc673cb52f91e719887a3ecd0
                • Instruction Fuzzy Hash: 7C11B270D0D94A8EEBD9EBA894596B97BE0FF66340F0405BFD409C70D5EF246644C705
                Function 00007FF848CBCB20 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CBA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cba000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 696b1512566363c6fcac04107968860c40d239c4da1dbf4978557f7b78da88b7
                • Instruction ID: 11078f7e6c742b63740a15096636f62752a5c93dc837e587fe2c301785cbe3e2
                • Opcode Fuzzy Hash: 696b1512566363c6fcac04107968860c40d239c4da1dbf4978557f7b78da88b7
                • Instruction Fuzzy Hash: 8D116030D0DA4D9EEB86FB7498581BD7BB0FF25341F0104BAD429C61A2DF345A44C755
                Function 00007FF848CC5199 Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 00890e386736d06924d36f218ec5a0cbd30520c074c06a47638537702689deef
                • Instruction ID: 5cd8374138b4b19c15bf292c8a7902bf61e7cbdf0f58b43781feee2b782935b4
                • Opcode Fuzzy Hash: 00890e386736d06924d36f218ec5a0cbd30520c074c06a47638537702689deef
                • Instruction Fuzzy Hash: EE119D3090DA8A8FEB85EB24886D2B97BF0FF29340F0004BAC409C7192DB396544C741
                Function 00007FF848CC4F4D Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aabeaec89ab1e3a2f44c9f7fd8f9ae6748b6cfff88bb2ed04c62dcadadb32c7b
                • Instruction ID: 558507fffa9641659f3d090db93935467a6b3e1c68e7e40a34b87ad12db7c1e9
                • Opcode Fuzzy Hash: aabeaec89ab1e3a2f44c9f7fd8f9ae6748b6cfff88bb2ed04c62dcadadb32c7b
                • Instruction Fuzzy Hash: B4118C3080DA4E9FEB98EB6488596F97BE0FF19340F0045BAD409C6196DF39A544C751
                Function 00007FF848CC6239 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8c0539ec8639d2b17f15319cb775cfc83185bfa71037138ebfacd0f45ef9ad50
                • Instruction ID: b3900c8c42dbc8c142d3a674425ea7579655e27fa6f6ce191d339271d76cd84d
                • Opcode Fuzzy Hash: 8c0539ec8639d2b17f15319cb775cfc83185bfa71037138ebfacd0f45ef9ad50
                • Instruction Fuzzy Hash: 32118C31C0DA8A9FEB92FB68885D6B97BE0FF19340F0505BAD408C71A2DB28A5848751
                Function 00007FF848CC29F1 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 146fc061a547733d7973b5492a1e18697c590d71819c195fc8fa1a4c4798beef
                • Instruction ID: e61225f8156540fc4c036082e96c488bfb4b83a297d66241c1c0157147d33139
                • Opcode Fuzzy Hash: 146fc061a547733d7973b5492a1e18697c590d71819c195fc8fa1a4c4798beef
                • Instruction Fuzzy Hash: 6211AD3091CA8E9EEB92FB68848D5F97BE0FF19340F0448B6D408C6096EB34A585C740
                Function 00007FF848CC510D Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6351d21c409bdae8a230b24973c8773a3f9ea853c1122e8d1a77dd7989be4000
                • Instruction ID: 7d09653c373c84e354b9c81ece1843cb3d0d47c663b284cc58016ca408e74f1f
                • Opcode Fuzzy Hash: 6351d21c409bdae8a230b24973c8773a3f9ea853c1122e8d1a77dd7989be4000
                • Instruction Fuzzy Hash: D011AC30C0DA8E9FEB88EB28885E2B97BE0FF18340F4404BED419C6192DF39A544CB41
                Function 00007FF848CC70AA Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c02ce14429d3bb703d1beec23782c556859d65aa5eca69ff37157152198a59da
                • Instruction ID: 41fb852336de80161a30a3ce23d6e794bc76a2be6b6864f04f61643090ce1b63
                • Opcode Fuzzy Hash: c02ce14429d3bb703d1beec23782c556859d65aa5eca69ff37157152198a59da
                • Instruction Fuzzy Hash: 8911E130D4DA4E9EEBD9EF6894AA2B87AE0FF16340F0000BED40DC2192DF256554C746
                Function 00007FF848CC712D Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 02d67003e6df8e63df3026e5370ec4288f581b1e0835611c983a03d68898af62
                • Instruction ID: e9eeed63de1119377cfa22c26e0525c507f3a5f6bdfbdcededef2182bffb6f42
                • Opcode Fuzzy Hash: 02d67003e6df8e63df3026e5370ec4288f581b1e0835611c983a03d68898af62
                • Instruction Fuzzy Hash: 3011A33094D94E8FEB98EF28845A2BA7BE0FF59340F0041BAD40DC6192DF39A544CB81
                Function 00007FF848CBBE05 Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CBA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cba000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a8c3ec81d82f9fa536667263704c16f83e61978f710fb85336767242528b1e3
                • Instruction ID: f3e37ca5a2ed3a185af29618f9356e15f462deacc3ffbd593cb20a2ae6ad663a
                • Opcode Fuzzy Hash: 8a8c3ec81d82f9fa536667263704c16f83e61978f710fb85336767242528b1e3
                • Instruction Fuzzy Hash: C3115E7091DA8E8FEB85EF6494992BE7BE0FF28300F1004BAD509C61A2DB75A650C744
                Function 00007FF848CC2461 Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6d593132059395b88ed3fc1b8d2d97580f4e9cf6167ee0aa5e0bdac68f6cd3b6
                • Instruction ID: 57d5a1659952cbff80fbafac26761f319e547031f33f0e2d0537f211a29684f6
                • Opcode Fuzzy Hash: 6d593132059395b88ed3fc1b8d2d97580f4e9cf6167ee0aa5e0bdac68f6cd3b6
                • Instruction Fuzzy Hash: 1A01DF3084D64D9FEB99EF24C4596F93BA0FF19340F0104BEE40AC6192DB35A540CB40
                Function 00007FF848CBD7FD Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CBA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cba000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 10676966a8ad84c5dda68bdbf60b47083c08e19f02ea99e443ad071039832e65
                • Instruction ID: 9b581448b07345328484960eab0aaaaa3fdf5a935d50286278936d33e4f37ae1
                • Opcode Fuzzy Hash: 10676966a8ad84c5dda68bdbf60b47083c08e19f02ea99e443ad071039832e65
                • Instruction Fuzzy Hash: BD118B70819A4D8FEB88FF68D4592BA7BE1FF28306F4004BED40DC6591DB35A640CB80
                Function 00007FF848CBA7F1 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CBA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cba000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dcbeb47323352ca0ebcaf79fc3f9f32582a571d24f11f8c5359dd131fb61c534
                • Instruction ID: af4b386ebd628d6ff558d219b61bfb7b912087759e56d1db49ef6a87c08000b3
                • Opcode Fuzzy Hash: dcbeb47323352ca0ebcaf79fc3f9f32582a571d24f11f8c5359dd131fb61c534
                • Instruction Fuzzy Hash: B4018B3081EA4E9FE781FB64A4496AA77E4EF29340F4104B6E408C79A2EF34E694C704
                Function 00007FF848CB05D8 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a1c255cb61d2c0a19209caafb7a6fb3fc541cbba3f308a6c816048caec99b47b
                • Instruction ID: 96535bf125df36b7d9c48ea025de12c3dfa7c8e14413e8ab84f02966fcfb90be
                • Opcode Fuzzy Hash: a1c255cb61d2c0a19209caafb7a6fb3fc541cbba3f308a6c816048caec99b47b
                • Instruction Fuzzy Hash: F6018C3090890E8EEB88EF24D0496BA77A1FF68344F20047AD80EC2188CB31AA50CB48
                Function 00007FF848CB2EF1 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3a0dfbeff1d08f51a837997e2d4b09cb438951f08d86d8f0deef23270468f251
                • Instruction ID: 4639fe235e39ead397a034d05a581701a0c5503e6f47ab207871806af488382f
                • Opcode Fuzzy Hash: 3a0dfbeff1d08f51a837997e2d4b09cb438951f08d86d8f0deef23270468f251
                • Instruction Fuzzy Hash: BE017C3091DA598FE781FF24844A5AA7BE0FF69340F4515B6D408C70A6EB34E644C645
                Function 00007FF848CC7D99 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cf56065165101c9bc4b89624e83cfbb52364cce32c61c62736fd0762ce2a9de6
                • Instruction ID: 557fa258d0e7d566aedc08509fe913cd76ead6876fc8d30cf0f36f6bd2ea0442
                • Opcode Fuzzy Hash: cf56065165101c9bc4b89624e83cfbb52364cce32c61c62736fd0762ce2a9de6
                • Instruction Fuzzy Hash: DC018C3084E6898FEB8AEB3884691B97BA0FF1A344F0104FED409C6092DF35A544C751
                Function 00007FF848CC7E0D Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dc1bfad320ededd22608b5624790feb2182a6ef2c250330a4506c494aa66bc72
                • Instruction ID: fbffdebe607fb88b83b91356fba3b23a46a9fa1286c519e64e758d55112c59c5
                • Opcode Fuzzy Hash: dc1bfad320ededd22608b5624790feb2182a6ef2c250330a4506c494aa66bc72
                • Instruction Fuzzy Hash: E801BC3188D64E9FEB89EF28C4992BA3BA0FF1A340F0004BED40AC6192DF35A850C644
                Function 00007FF848CB28CD Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 15b9f0cf284c7bb60dd7fb2bfb029df67e8afa8209a111508c24aa27a719f4d9
                • Instruction ID: e0bf71ae8e5688f25357ec2a0ab21de3d9257a77de90ff1f8afed5cad4445065
                • Opcode Fuzzy Hash: 15b9f0cf284c7bb60dd7fb2bfb029df67e8afa8209a111508c24aa27a719f4d9
                • Instruction Fuzzy Hash: 77018F71D5CA4D8FE791FB6498496B97BE0FF29340F0515B6D40CC60A2EB34E684C745
                Function 00007FF848CBAC09 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CBA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cba000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 250fb6b21bceda0e985b59c16458d4397ce513aa5a187d647b4de2b812c5bf42
                • Instruction ID: f27442fe5c1192d8b38fe6dfdb87c239a4e8c64ba0e7e79289269096b4941491
                • Opcode Fuzzy Hash: 250fb6b21bceda0e985b59c16458d4397ce513aa5a187d647b4de2b812c5bf42
                • Instruction Fuzzy Hash: 43018F3095EA4D9FE791FB34988A1A97BE0FF2A340F0545B2D448C70A2EB29A9848755
                Function 00007FF848CC77D9 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 37b1f9b4b7c2d3fb42d966349ec7b65558e8fd6853557d63da6462ce5b1aa47d
                • Instruction ID: 9c9f1d2d0702f191f84ea3ac027e71f4d0c2bc3eecdca54ee7af19dd578ab4fb
                • Opcode Fuzzy Hash: 37b1f9b4b7c2d3fb42d966349ec7b65558e8fd6853557d63da6462ce5b1aa47d
                • Instruction Fuzzy Hash: 38018F3195D6495FE782FB3888491A97BE0EF5A340F0608F3D508C70A2EB28A444C751
                Function 00007FF848CB2F69 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9599949b9e939e2862e23ad77af6e383a2a4235c63afe16b710fff7d565346ae
                • Instruction ID: 94bbb958b4d64a563eb518f91a635aacf1f8f7169c0c048a7a4c7919e8171f31
                • Opcode Fuzzy Hash: 9599949b9e939e2862e23ad77af6e383a2a4235c63afe16b710fff7d565346ae
                • Instruction Fuzzy Hash: 4C018F3094DA999FE792FB74885D1A97BF0EF6A340F0508F7D408CB0AAEB28E544C751
                Function 00007FF848CB1C9D Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ad09a56d6b221a0d0bc5189465d251fa1b27c87ecec3f0bc521829530209ef16
                • Instruction ID: 399aeceffa2e0bc65140edb1caba4dd3172d01851e9536e225e0369aa3a2cecf
                • Opcode Fuzzy Hash: ad09a56d6b221a0d0bc5189465d251fa1b27c87ecec3f0bc521829530209ef16
                • Instruction Fuzzy Hash: C701817080DA8E8FEB99EF2498556BA3BA0FF65340F50017AD809C6185DB359A54C788
                Function 00007FF848CB0610 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d515671f3ab2507e663eb3f4e158f713ad8b9ac06176652763a26fc38b55ab73
                • Instruction ID: a76666fd2f27f467a48e713c4221ef3ba3d4f8c67de98ed8deac34d76fe3fc02
                • Opcode Fuzzy Hash: d515671f3ab2507e663eb3f4e158f713ad8b9ac06176652763a26fc38b55ab73
                • Instruction Fuzzy Hash: 7401A931818A0E9EEB88EB6480492B972A0FF28308F10087EE40EC65D0DF36E280CA00
                Function 00007FF848CB0608 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eafaf73c09ee6d229f1ffc7f8a5cfd03cb050f0f45547566ba96c204913337b3
                • Instruction ID: 8420c75860583ff7b9f20f2d506956b6fca8988c28524a45f0d612a7cf7bdb7e
                • Opcode Fuzzy Hash: eafaf73c09ee6d229f1ffc7f8a5cfd03cb050f0f45547566ba96c204913337b3
                • Instruction Fuzzy Hash: B4016931818A0E9EEB99FB2494592BA73A0FF28345F10087EE40EC6595DF36A650CA44
                Function 00007FF848CB1250 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 284f0539293943c5f6ce57a15b604740c5afb2492f267d3798f4bd6e87035e95
                • Instruction ID: f911044951433d0661430454d4d9363229a79223a91580740def93632fb559d9
                • Opcode Fuzzy Hash: 284f0539293943c5f6ce57a15b604740c5afb2492f267d3798f4bd6e87035e95
                • Instruction Fuzzy Hash: 5CF0DC30D0D95B8EEFD8EAA8A8182BA73E4FB26290F00053BE40DC20C4EF2416008246
                Function 00007FF848CB05D0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce236c38b825efc7aea20a4afbe78f1f9989edcee538cbaf2cf8c7d4880815c1
                • Instruction ID: 5a09764acb9a01442013b10870765633cb3dc49a2d9548f7cde654d7c737ac88
                • Opcode Fuzzy Hash: ce236c38b825efc7aea20a4afbe78f1f9989edcee538cbaf2cf8c7d4880815c1
                • Instruction Fuzzy Hash: 65F06D3091DA5E8FEB84EF68A4556FA77A4FF25344F50057AE80DC2185CB35AA60CB88
                Function 00007FF848CB27E9 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d5fa71a7d584c8e64d80bca7c4ff38fa13f22f60f80f5ac9d14195fd2c2f7c44
                • Instruction ID: 432918f78acf490a95fb1a74b5a5da3127b1139a5311a86bf67e44c70dbded0d
                • Opcode Fuzzy Hash: d5fa71a7d584c8e64d80bca7c4ff38fa13f22f60f80f5ac9d14195fd2c2f7c44
                • Instruction Fuzzy Hash: ACF0623180EB8D8FEB9AEF2498551B93B60FF56201F4504BAD409CA1D3DB299558C745
                Function 00007FF848CBB35A Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CBA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cba000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b61a3d44db73b3c55098686e9a6c839874770be19ec2f1d389ee15abf7480ea5
                • Instruction ID: e0e2277246f2cebbe855705df591c737b94ad6002e189eb4680b68fa520d584d
                • Opcode Fuzzy Hash: b61a3d44db73b3c55098686e9a6c839874770be19ec2f1d389ee15abf7480ea5
                • Instruction Fuzzy Hash: 38F01970D1D9598EEB91EB288845BA9B7B0FF68340F1041E6940DE3146DB34AA81CB44
                Function 00007FF848CB285D Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f2b9a1da3c3cb232037ad8e4b00acb8c69dd4632936cf4b93a2d9d88622e5c07
                • Instruction ID: 519de8938356d7fc5e826f3d13db025a1f6ca8c4b96cb704892b30b4b5dc222e
                • Opcode Fuzzy Hash: f2b9a1da3c3cb232037ad8e4b00acb8c69dd4632936cf4b93a2d9d88622e5c07
                • Instruction Fuzzy Hash: B7F0903280DA8DCFEB99AF6498592B93BA0FF25205F40157AD409C55D1DB3AD554C640
                Function 00007FF848CB2447 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CB0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cb0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50d81e611649cda780487fa3be04d4755d55121494de22a1668548da7c44f046
                • Instruction ID: ead4d2821c9cf767c85676dab24312387e1c63434d594c4185008cfc6282d095
                • Opcode Fuzzy Hash: 50d81e611649cda780487fa3be04d4755d55121494de22a1668548da7c44f046
                • Instruction Fuzzy Hash: 0FF0AC309489298FEB95FB10D855BE973B1EB64351F0045BAC40ED71A2DF786A85CF44

                Non-executed Functions

                Function 00007FF848CC13B5 Relevance: 6.4, Strings: 5, Instructions: 105COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000001F.00000002.2321829914.00007FF848CC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_31_2_7ff848cc1000_smss.jbxd
                Similarity
                • API ID:
                • String ID: "$($)$[${
                • API String ID: 0-3792314275
                • Opcode ID: 9323ad6aad34b87d08506ceccf9305bec752188546782b66a1e027dcfd5e32a4
                • Instruction ID: 47f03ce9a680bdd7a79bf08c192750d4d3554d9ce9ba413beb6af8274909bae5
                • Opcode Fuzzy Hash: 9323ad6aad34b87d08506ceccf9305bec752188546782b66a1e027dcfd5e32a4
                • Instruction Fuzzy Hash: F141D870D0922ACEEBA8EF55D8557FDB6B1BF44355F1040BED14DA6281CB386A84DF08

                Executed Functions

                Function 00007FF848CD101F Relevance: 2.6, Strings: 2, Instructions: 52COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID: +$-
                • API String ID: 0-2137968064
                • Opcode ID: fc8ea596da609b1ee72fdc1320a31b47e42c8af39a9d27c25d8040d2a6a4f033
                • Instruction ID: 489dfec1458721bd9d443b8e272a6c310bd9f211fe676842fc111e39dcefdc0f
                • Opcode Fuzzy Hash: fc8ea596da609b1ee72fdc1320a31b47e42c8af39a9d27c25d8040d2a6a4f033
                • Instruction Fuzzy Hash: 9221B874D082298FDBA8EF54D8947FDB6B1BF54341F1041AED04EAB281CB38AA84DF44
                Function 00007FF848CD3AAF Relevance: 1.6, Strings: 1, Instructions: 322COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID: "#
                • API String ID: 0-515942874
                • Opcode ID: b2d6e1a727eb02af3818fd7f25b7fda632a1296e40752c4f546ad1477e5d78cc
                • Instruction ID: 7ffe0a7dc050ce003f0d774c2a47cf4b036bd234862dfa9edb12e7126f150989
                • Opcode Fuzzy Hash: b2d6e1a727eb02af3818fd7f25b7fda632a1296e40752c4f546ad1477e5d78cc
                • Instruction Fuzzy Hash: A5810727B0D6659ED311BBBCB8491E97FD4EF813B6F08457BC288CA053DA146449CBE8
                Function 00007FF848CD3AD3 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID: "#
                • API String ID: 0-515942874
                • Opcode ID: f43c8318b2da7a75451f6ea91a01003e5d78de64c077fba411e68739078df40a
                • Instruction ID: c809a501721527752b1ef972177e6a8def8f9c88ec841e450367c6517e0f32f2
                • Opcode Fuzzy Hash: f43c8318b2da7a75451f6ea91a01003e5d78de64c077fba411e68739078df40a
                • Instruction Fuzzy Hash: 67715927B0D6619FD311B77CB8491E97FD4EF813B6B08457BC288CA053DA146449C7E9
                Function 00007FF848CCC93D Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cca000_smss.jbxd
                Similarity
                • API ID:
                • String ID: {{N
                • API String ID: 0-777276013
                • Opcode ID: 651039c5dafce1d6e7305b9f9dfcf0cddcf17af9e6725911bb10cc526b0c6159
                • Instruction ID: 9b81da6f66efbde0e1ddea6b6cae07073c8947cf11465217028251bf58e8d34e
                • Opcode Fuzzy Hash: 651039c5dafce1d6e7305b9f9dfcf0cddcf17af9e6725911bb10cc526b0c6159
                • Instruction Fuzzy Hash: FB71D127B0D5265EE352B7ACB8191F97B94EF813B5F048177D24CCA093DE18689982EC
                Function 00007FF848CD19D5 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID: -
                • API String ID: 0-2547889144
                • Opcode ID: bbed58909c14204895f7d07f167b45d0b26698de4b89993f2b883815a5dcdb55
                • Instruction ID: e87cc3d27cdca32476ad69790fd7fb7c81fdca250d218da45386f1f3a95506fa
                • Opcode Fuzzy Hash: bbed58909c14204895f7d07f167b45d0b26698de4b89993f2b883815a5dcdb55
                • Instruction Fuzzy Hash: 3B010874D082298FDBA8EF50D8947FDB6B1AF41341F1040BED04E6A280CB78A980DF04
                Function 00007FF848CD34E8 Relevance: .5, Instructions: 463COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca7c21a0ff9393909e09d8b18d8b9628485ca4bcb3fb57e0ec00bb50f2eddca1
                • Instruction ID: bab39b18eb6d005440f9f2562d3d5d18b1dce4b67c10797e182376acfb7b263d
                • Opcode Fuzzy Hash: ca7c21a0ff9393909e09d8b18d8b9628485ca4bcb3fb57e0ec00bb50f2eddca1
                • Instruction Fuzzy Hash: 6921A92090E6C59FE792F77888591697FF0FF16340F0944FBD088C70A3EA289444C795
                Function 00007FF848CCDB09 Relevance: .4, Instructions: 408COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cca000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9144d8948785fdbd24db9be4370f51f0b980948f2fab7df521dd2fc8329812c6
                • Instruction ID: 6b814d778d4d3edca213b386946d2d6fd888f19bfbb31bbfdd3c50653b40ad26
                • Opcode Fuzzy Hash: 9144d8948785fdbd24db9be4370f51f0b980948f2fab7df521dd2fc8329812c6
                • Instruction Fuzzy Hash: 4DE14A30D1965A9FEB98EB68C8957B8B7B2FF58340F0440BAD00DD3296CB386885DB55
                Function 00007FF848CCC9BD Relevance: .2, Instructions: 226COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cca000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b0c8a26083adba2bdaef138fbaa1e5d1644cbe89f5c1f379a1fa3e5c63b947e4
                • Instruction ID: 9e60b63e50bb5ce98bed0b214608cb79473f528e668a1ee12301b5112237f32e
                • Opcode Fuzzy Hash: b0c8a26083adba2bdaef138fbaa1e5d1644cbe89f5c1f379a1fa3e5c63b947e4
                • Instruction Fuzzy Hash: 7F51B123B0D5269EE752BAACB8191F97794EF813B1F148137D24CCA083DB18789586EC
                Function 00007FF848CC1DC2 Relevance: .2, Instructions: 217COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7a0273d0fb3211f736ba8576dcbc67ae5082ccfed70ebf5f73e325e20aeb5554
                • Instruction ID: 294f21cdf316c7bc44f72b17bb9f46a973cd4d2513cfac3f08b4896eebe91dfa
                • Opcode Fuzzy Hash: 7a0273d0fb3211f736ba8576dcbc67ae5082ccfed70ebf5f73e325e20aeb5554
                • Instruction Fuzzy Hash: F7619B31A0CA498FDB89EE1C98A55A977E2FFD8744F14456ED54AC3286CF34E8028789
                Function 00007FF848CD2A71 Relevance: .2, Instructions: 214COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 925266dac2b162aee0283a260fa045145a835d49b7a128405fa447911a6dd5b1
                • Instruction ID: 498b93efc20f08497797f694ae07e02c2faa30379ab24ae95fedf80cd36ac5fe
                • Opcode Fuzzy Hash: 925266dac2b162aee0283a260fa045145a835d49b7a128405fa447911a6dd5b1
                • Instruction Fuzzy Hash: 8781D370D0891D8EEBA4EF68C8997ECB6F1EF59341F5041BAD00DE3292DF3869858B54
                Function 00007FF848CD542D Relevance: .2, Instructions: 179COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2d3ba117db82bcf7a4a98bcff9d1eb5560305be93eac8fafda6cd4832dc55dce
                • Instruction ID: 05fac8279b71bdf0fa90bebc833f3fd2bf6d444b01a03160c169480e2c5b85ee
                • Opcode Fuzzy Hash: 2d3ba117db82bcf7a4a98bcff9d1eb5560305be93eac8fafda6cd4832dc55dce
                • Instruction Fuzzy Hash: 72510970D0895D8FEBA4FB68D8596ADBBF1FF58341F5000AAD00DE7296DF34A8818B45
                Function 00007FF848CD3BD3 Relevance: .2, Instructions: 176COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65504f0058e22346e2701df0bfd189b76144369be86c1866e69fb26369cd7de9
                • Instruction ID: 98407651cea4700631b80425bd9734dbd2eb2960b7a5a8c511a159116f695fb1
                • Opcode Fuzzy Hash: 65504f0058e22346e2701df0bfd189b76144369be86c1866e69fb26369cd7de9
                • Instruction Fuzzy Hash: 3541252770DAA59FD361B77CBC591EA7F90EF823B2B0804BBC248CA053DA545449C7E5
                Function 00007FF848CC31F5 Relevance: .2, Instructions: 168COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b83dc963c79438cba25dfb4eaa67c32721d6dc77219be12abf4aaad4adbc1a57
                • Instruction ID: f562b8735eb3b608f67edc1534389ce4a9068509f400dfbfb611637f2de0ef23
                • Opcode Fuzzy Hash: b83dc963c79438cba25dfb4eaa67c32721d6dc77219be12abf4aaad4adbc1a57
                • Instruction Fuzzy Hash: 1C511570D0C60D8FEBA4EBA8D4546ECBBF1EF58341F54407AD00AE7292DB38A945CB58
                Function 00007FF848CD5440 Relevance: .2, Instructions: 159COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d1d2c65f090296ecf418e24cdb7d32446d2b0aa28c3c50912e984c490a51fca
                • Instruction ID: c6091c8ea2c5b4a311786bac3ecde96abc672fb00fcfdc64708117f96075bb5d
                • Opcode Fuzzy Hash: 7d1d2c65f090296ecf418e24cdb7d32446d2b0aa28c3c50912e984c490a51fca
                • Instruction Fuzzy Hash: C951F870D1891D8FEBA4EB68D859BADBBF1FB59341F4000AAD00DE3296DF3468818B45
                Function 00007FF848CD71B9 Relevance: .1, Instructions: 148COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65bc455bbe41cf215af3b63a22529df8bff6d7a5a307221627d0920c033bcc05
                • Instruction ID: 29941ea41ac1c59102a2974b1da6bfb4e50f298469f7920a365d3bfd413b68d5
                • Opcode Fuzzy Hash: 65bc455bbe41cf215af3b63a22529df8bff6d7a5a307221627d0920c033bcc05
                • Instruction Fuzzy Hash: DD517631D4C64ACEEBA4FBA4D8452EDB7F1EF59340F10413AE409E7296DB38A9448B84
                Function 00007FF848CD62C5 Relevance: .1, Instructions: 146COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 14f389e7adde347b319c841da2827e62078ba7aea1e8dfeff2356c655573e1ea
                • Instruction ID: 779d67448bd4b428d0741e1ff6715acd827e32eeeea1c7f4da81d0820eaa8a52
                • Opcode Fuzzy Hash: 14f389e7adde347b319c841da2827e62078ba7aea1e8dfeff2356c655573e1ea
                • Instruction Fuzzy Hash: AA510470D0C6198EEBA4FB64C859BA9B6F1FF58341F5041BAD04DE7282DB386988CF45
                Function 00007FF848CC2135 Relevance: .1, Instructions: 141COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4c114fdeca72bfbe6eb71d28f397ece38fbec43c55723251a62ab2023370d6c4
                • Instruction ID: fc00e50a3d510cf39e141d05af5f98b5e3bc02186adfc40c20ad8f18dc17d9cf
                • Opcode Fuzzy Hash: 4c114fdeca72bfbe6eb71d28f397ece38fbec43c55723251a62ab2023370d6c4
                • Instruction Fuzzy Hash: A2412831E0DA4A8FE799EB3898451B9BBE0EF86390F0545BBD40DC7193DF28AC418755
                Function 00007FF848CC363B Relevance: .1, Instructions: 136COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: beceb3acfff4960cbd93a331f2524b726baa6c8717119f62c964dc0ab1d6eb54
                • Instruction ID: 6e6f6110772e24fa97cccb2d58bc172a366871a4bdad2e5e2957d6c6013981c6
                • Opcode Fuzzy Hash: beceb3acfff4960cbd93a331f2524b726baa6c8717119f62c964dc0ab1d6eb54
                • Instruction Fuzzy Hash: 4A419E31E1C84A9FEB94EB6CE8696B9BBE0FF59344F040179D00ED7296CF246841CB95
                Function 00007FF848CD2CBD Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5b33e5eee3dd997e503cad58b6f2c650fe89128e72ad387cd5200b382ffcd678
                • Instruction ID: 5ea0eaef8ce5a526e14f92eceb0f281a80e3ed10431ec8072d4baceee5523b79
                • Opcode Fuzzy Hash: 5b33e5eee3dd997e503cad58b6f2c650fe89128e72ad387cd5200b382ffcd678
                • Instruction Fuzzy Hash: D441C470E186298EEBA0EFA8C8857EDB7B1FF59340F1041A9D40CE3292DB346985CF45
                Function 00007FF848CCC3B2 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cca000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2598bdb9c962896acf3976e95f09a324278a421dcf0d5b867f6055a3709d9a37
                • Instruction ID: d1b52ee5d711e9fe69de9aee4ee49e5e805583ff6f833ad50249b9782a9e9649
                • Opcode Fuzzy Hash: 2598bdb9c962896acf3976e95f09a324278a421dcf0d5b867f6055a3709d9a37
                • Instruction Fuzzy Hash: FE317074E1C91D8FEBD8FBA89895ABCB7B1FF99340F505029D00DE3292DE3468819B44
                Function 00007FF848CCC420 Relevance: .1, Instructions: 93COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cca000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 70311843cfb6e696425864d308d5514cbdb57803f613b649821d3667780e323b
                • Instruction ID: 3196291a11377541d6732315367594a6b63c7578bcd9cf384fe9957ffea9cf08
                • Opcode Fuzzy Hash: 70311843cfb6e696425864d308d5514cbdb57803f613b649821d3667780e323b
                • Instruction Fuzzy Hash: 0A21B370E1C91D8FEB94FBA89899ABCBBB1FF99340F505129D00DE3292CF3468419B44
                Function 00007FF848CCB08A Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cca000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0f5336c68b6eb20c21808f596e23b39edd7b94c5c0f8ced9d368c70d68448cc0
                • Instruction ID: 1cda4520663982dec5640164db657ee4ef8cd3fdfc89705252481b32654dda40
                • Opcode Fuzzy Hash: 0f5336c68b6eb20c21808f596e23b39edd7b94c5c0f8ced9d368c70d68448cc0
                • Instruction Fuzzy Hash: A2217C70D1C90E9EEB91FBA8984D2BD76E0FF48381F0048B6D01DD7096EF38A5848B45
                Function 00007FF848CCBF26 Relevance: .1, Instructions: 81COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cca000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5fc2288aebfa9478ec6fdc2fd2727c796151feed748f692bc705f60b6edd5a89
                • Instruction ID: d7850fd04ed5ce508662d7780aa6dbbbcadb8b29f887069e1cb532ed1ba8ce5f
                • Opcode Fuzzy Hash: 5fc2288aebfa9478ec6fdc2fd2727c796151feed748f692bc705f60b6edd5a89
                • Instruction Fuzzy Hash: 7531B2B4D0861E8FDB88EF94D4986EDB7B1FF18351F10003AE409E7291DB786880CB54
                Function 00007FF848CC33FC Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c0173606985f80f91a846132a09fd676a8fd601243da910c5584f505331cde3d
                • Instruction ID: da2b2a2aa300a41c6ae02ad7c3cbe497f05936be0a7271ca257c0ac700bc59f3
                • Opcode Fuzzy Hash: c0173606985f80f91a846132a09fd676a8fd601243da910c5584f505331cde3d
                • Instruction Fuzzy Hash: 9E217F7084D68A8FE793EB7888586A97FF0FF16350F0505FAD449CB0A2DB389545CB51
                Function 00007FF848CC084D Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d5863b8f81efb2d0d07a6e181274128489f0450a48d055c3e21076838d37d979
                • Instruction ID: 55bfedcf3dbbcf838c5180d1e52ec7ee2ec93a66c658b73ab12f3745956e9d38
                • Opcode Fuzzy Hash: d5863b8f81efb2d0d07a6e181274128489f0450a48d055c3e21076838d37d979
                • Instruction Fuzzy Hash: DF112071D1CA8A8FFB85FB78885A1F97BE0FF15344F0584B6C049CA092EF24A445C294
                Function 00007FF848CC3814 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 271c7720ae50bb548b35b4d3002dbc140ecd1ec6712eceb760e706956facd55a
                • Instruction ID: dc3fc75e538e27b077f69da20f9014a6d47c594d25831b24cbc93c066195c6f0
                • Opcode Fuzzy Hash: 271c7720ae50bb548b35b4d3002dbc140ecd1ec6712eceb760e706956facd55a
                • Instruction Fuzzy Hash: 7B21D17190E60E8FE358DF68D8293E97BE1EB95354F5000BED00AD32D6CBB51405CB90
                Function 00007FF848CD75C1 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3f4426b46d685230706c116ec4439ea253ab764f4997d0f8351c4e3290a7dd6
                • Instruction ID: 2cec9fadf5b641b6eb15d1cd4a9022ac4a7963954f64e395979330eceab8299b
                • Opcode Fuzzy Hash: a3f4426b46d685230706c116ec4439ea253ab764f4997d0f8351c4e3290a7dd6
                • Instruction Fuzzy Hash: 0C118535A4C94E8FEBA1FB6888492FE77E1FF19340F000472E408D7092EB38A5108B55
                Function 00007FF848CD2807 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fa1e311bcd0b592f2126089679c863d621cb6001821c7a2e57d75a6b8f83700d
                • Instruction ID: f09347baa447b4efb90f0508acd791018fef2350dcb002c57e8b2a1a6690b0e1
                • Opcode Fuzzy Hash: fa1e311bcd0b592f2126089679c863d621cb6001821c7a2e57d75a6b8f83700d
                • Instruction Fuzzy Hash: 4A11D03184E6898FEB96AB309C151F97BF0EF06340F1544FBD449CB4A3DB286545CB61
                Function 00007FF848CC0F2E Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7bd578ffad066087f6de7532aed9070a83c38e6dc6305f733995e054c92d0bf2
                • Instruction ID: 2a8066127b60c7f86c4318207d3e23d9f64f413d5bc81b2fc94bf1cef8ba47eb
                • Opcode Fuzzy Hash: 7bd578ffad066087f6de7532aed9070a83c38e6dc6305f733995e054c92d0bf2
                • Instruction Fuzzy Hash: 56213C30D095098FEB95FB58C854BEDB7B1FF54340F104175D00AA7285CF38A985CB58
                Function 00007FF848CC0A01 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b1ef96e9afa62a43f82d3747ece10af280ebad95c91ce19a6b05cc85387b831
                • Instruction ID: 2623a81bbfe351e7c0099890e83f81e47a7e625824ef352cee816875fb08384b
                • Opcode Fuzzy Hash: 4b1ef96e9afa62a43f82d3747ece10af280ebad95c91ce19a6b05cc85387b831
                • Instruction Fuzzy Hash: A7114C71D1C94E9FEB80FB6888492BD7BE1FF58380F4055B6D409C7196EF38A9448B44
                Function 00007FF848CD6F51 Relevance: .1, Instructions: 67COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0ccb5d15f96b76886d8d757e75706391e3fe61c7a6702afc305ba4c6672bba29
                • Instruction ID: 0ab129f86cc292b73369c0cbd4b6ecf046c3ddff59f29f08e54da8e0e382085c
                • Opcode Fuzzy Hash: 0ccb5d15f96b76886d8d757e75706391e3fe61c7a6702afc305ba4c6672bba29
                • Instruction Fuzzy Hash: 5D11BE3090CA4E8FEBA8FF68845A6BD7BE0FF28341F0005BED419C6196DB34A454CB80
                Function 00007FF848CD25D1 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ac29848a5d595d91178baaa4b262e8e4180ec9ca2b282587177823f02fa88e6
                • Instruction ID: 60ff6187fd59673f5837c843ff68e6405e59db6dace7b72b2800b01a4e763588
                • Opcode Fuzzy Hash: 1ac29848a5d595d91178baaa4b262e8e4180ec9ca2b282587177823f02fa88e6
                • Instruction Fuzzy Hash: 0F118B7091DA498FEB98EF18C49A5E97BE1FF58345F0512BEE80E83291DB34B441CB85
                Function 00007FF848CD4905 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 467e0d191d457d1e9a0209d6f3bc517e5076247e953c07c317309da31bb0b239
                • Instruction ID: cecd0d4bf22690c4a2aa0ad988ebdf05ed03405ff0d58d1d1c99f1b2d07d859c
                • Opcode Fuzzy Hash: 467e0d191d457d1e9a0209d6f3bc517e5076247e953c07c317309da31bb0b239
                • Instruction Fuzzy Hash: 8D119D3080CA4E9FEBD8FF68845A2BD7BE0FF58341F0001BAD409D6196CB34A444CB45
                Function 00007FF848CD7651 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c6dce66e4b70e66e09b16abc0fd03b20c5f9860a620ed7ee861ba21a194c7e94
                • Instruction ID: e61b500c8b099ba590dd0fef0fc1acabfdfc13189cdb69c4221b5a7c4fff537a
                • Opcode Fuzzy Hash: c6dce66e4b70e66e09b16abc0fd03b20c5f9860a620ed7ee861ba21a194c7e94
                • Instruction Fuzzy Hash: 2D113A3195C94E9FEBA1FB68C8896EE7BF4FF19341F0004B6E418C7151EB34A1568B54
                Function 00007FF848CD6FF5 Relevance: .1, Instructions: 64COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 74c48ea4628118266236208e2e6a05f7d5248eec6ada0ae8f46f0722be69884b
                • Instruction ID: 26ff9030249b7a82fe5986306dae0f4a7386510165c5f6cf9987880c317f47b4
                • Opcode Fuzzy Hash: 74c48ea4628118266236208e2e6a05f7d5248eec6ada0ae8f46f0722be69884b
                • Instruction Fuzzy Hash: 6E116D3094CA4E9FEBA9FF28845A2B97BE0FF58341F1045BED409C6192DB34A444CB81
                Function 00007FF848CC3595 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5d9671cbf30c0a997330bae5c927ccd55e7cfeaeb93d456d304e55c0536a79ea
                • Instruction ID: a10455a50caad5ae1aa147991b5ba5ae34cfe3ab2922dbcbf8735aacc2225e16
                • Opcode Fuzzy Hash: 5d9671cbf30c0a997330bae5c927ccd55e7cfeaeb93d456d304e55c0536a79ea
                • Instruction Fuzzy Hash: 7E114F7091C54E8FEBA5EF7898592F97BA0FF18340F4005BAE419C7191EF35A5508784
                Function 00007FF848CD4869 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d9a349faf9490c0fa6d1e23231e4af328cca37a51513091b0c448ffddad091f
                • Instruction ID: 98848514a257e6f9b6d6820af26b0424d6bb717c9aa935f63b8cb759064994d4
                • Opcode Fuzzy Hash: 0d9a349faf9490c0fa6d1e23231e4af328cca37a51513091b0c448ffddad091f
                • Instruction Fuzzy Hash: E321933090D68D9FEB95FF2888592B97BE0FF19341F1445BAD409C7592DB34A444CB81
                Function 00007FF848CD4E25 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 81cbb15a88ecd3d5fac875cc546406c6991efd7667a756861d95c371c84224e8
                • Instruction ID: 7cdb0d972ecb0548eca35350dcbd0776fb189888572fcd0944eb5429d8ff3095
                • Opcode Fuzzy Hash: 81cbb15a88ecd3d5fac875cc546406c6991efd7667a756861d95c371c84224e8
                • Instruction Fuzzy Hash: 3911C430D0D9899FEBA9FB64849A2B8BBE0FF15344F0500BEC109C7992DB386484CB45
                Function 00007FF848CC123D Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b84519bea2e6e563cd3be6668bd23081f4328227ac2e9f203e18efed409a0b5
                • Instruction ID: 1b4f7861534c19bc38d05230b945b40683377f69e178fdc7df4138bced02e8ea
                • Opcode Fuzzy Hash: 0b84519bea2e6e563cd3be6668bd23081f4328227ac2e9f203e18efed409a0b5
                • Instruction Fuzzy Hash: 3E11BF74D0D64A8EEBD9EB6984692B97BE0FF56340F0405BFD50AC60D2EF28A444C744
                Function 00007FF848CCCB20 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cca000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ab90d3b11248db68d4d09dd754c2be0ca54de114257da5614c76641b37ef04a6
                • Instruction ID: 6d616e8dae8f03d471c1224c7a85aa1ef15095c38800fe66ac0e3ec6a69919bc
                • Opcode Fuzzy Hash: ab90d3b11248db68d4d09dd754c2be0ca54de114257da5614c76641b37ef04a6
                • Instruction Fuzzy Hash: 08118B3090CA8E9EEB8AEBB488681B97BA0FF15341F0104BAD419C71A2DB346A40CB54
                Function 00007FF848CD5199 Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 184f59a64068ed93d8a9c6bc4f1368e7f38c38bc5e66a64cb6d859ae3c96c28b
                • Instruction ID: 9fded1b2a2fe003293b421bc3055167aa46198af2cb65a6d6380367b29683c99
                • Opcode Fuzzy Hash: 184f59a64068ed93d8a9c6bc4f1368e7f38c38bc5e66a64cb6d859ae3c96c28b
                • Instruction Fuzzy Hash: 9111587090DA8A8FEB99FB28886D2B97BF0FF19341F0404BAD419C6192DB39A544CB45
                Function 00007FF848CD29F1 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 97d6cac5ba592fa4e0279f60632ec241cfc5fe4dade21f72703bfaffc8e47c24
                • Instruction ID: e105b912c97064776c87a244239378c3406c1e3b443cac13c02f4b4e0b45861c
                • Opcode Fuzzy Hash: 97d6cac5ba592fa4e0279f60632ec241cfc5fe4dade21f72703bfaffc8e47c24
                • Instruction Fuzzy Hash: 05115B3091D94E9EEBA2FB6884895F97BE0EF1A340F0444B6D40CC6056EA34A5858B55
                Function 00007FF848CD4F4D Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da9a1b08389aeb76496f476ab3e3403086df83785721bfa60545edbc1d82c561
                • Instruction ID: 954e988ac3fc20850cf0828f336835b29c7049b97e05c1f6644b9b5c284cfba5
                • Opcode Fuzzy Hash: da9a1b08389aeb76496f476ab3e3403086df83785721bfa60545edbc1d82c561
                • Instruction Fuzzy Hash: F5118C7080D94A8FEBA8FB64C8596BEBBE0FF19340F0005BAD509C65A6DB38A544CB51
                Function 00007FF848CD712D Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8ad0ac6e609e4838427cb84f79b1afdd4e5cd00d4aa9febbed8ea0c85df625ae
                • Instruction ID: 6f97b10610dac2b23ebae6fafee8e74e54cf5865eecc35eb42919956b3731914
                • Opcode Fuzzy Hash: 8ad0ac6e609e4838427cb84f79b1afdd4e5cd00d4aa9febbed8ea0c85df625ae
                • Instruction Fuzzy Hash: 0111913094D54E8FEBA9FF24845A2BE7BE0FF59340F4051BAD40DC6192DB39A444CB81
                Function 00007FF848CD70AB Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2492a097088f9cba4cef0ba78ab74c76b9334862e850cb34dce087600ab1e340
                • Instruction ID: ab8031507ca3d81fdc54caa6ef8f6e07eda17abb0ffb8dc289c43f7a323d7044
                • Opcode Fuzzy Hash: 2492a097088f9cba4cef0ba78ab74c76b9334862e850cb34dce087600ab1e340
                • Instruction Fuzzy Hash: 4D11CE30D4D94E8EEBE9FB2494AA2B87AE0FF18300F0000BED40DC21D2DF35A414CA45
                Function 00007FF848CD6239 Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9b56ef3aa25673cafefbdf7678adbe01e58bec98c04b7c839b055483fc08e82a
                • Instruction ID: cb680e81762be4063b60c0ee5bdba5c8033c583bcc9f0d1354231e0b3da41781
                • Opcode Fuzzy Hash: 9b56ef3aa25673cafefbdf7678adbe01e58bec98c04b7c839b055483fc08e82a
                • Instruction Fuzzy Hash: FB114F31D0D68A9FE791FB64885D6B97BE0FF19340F0505B6D408C71A2DB38A544CB95
                Function 00007FF848CCBE05 Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cca000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d74f45fb095ef60869d2451ad8882975b3d156bb415f6710bf8f4cf27ab36e80
                • Instruction ID: 9b8109e95449601efbac00afe9a1d068ba1aca9cb077b4bc67bc062e6ea28ac8
                • Opcode Fuzzy Hash: d74f45fb095ef60869d2451ad8882975b3d156bb415f6710bf8f4cf27ab36e80
                • Instruction Fuzzy Hash: 0F11397091DA4E8FEB85EFA484992B97BE0FF18301F1004BED509C6592DB75A550CB44
                Function 00007FF848CD510D Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 286dac028075f1b8c8bd996f186ffff34b5c3fe616b5b4e755cb54721ea66d59
                • Instruction ID: c60264a7f27b05609c94bccda33b1c9c15d8a479f3968ecb7e5f5fc3ff73c5da
                • Opcode Fuzzy Hash: 286dac028075f1b8c8bd996f186ffff34b5c3fe616b5b4e755cb54721ea66d59
                • Instruction Fuzzy Hash: A7119E3090DA8A8FEB98FB28845A6BD7BF0FF18341F0414BAD419C6196DF35A544CB45
                Function 00007FF848CCD7FD Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cca000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd5f9c11577a537d1f01283560573b91925f30184e1822f6eec039b8fca1f597
                • Instruction ID: 6a51fb2a9833fc0976210b2db926bdc30e3a2327c1a778c12244e7831fc31da3
                • Opcode Fuzzy Hash: bd5f9c11577a537d1f01283560573b91925f30184e1822f6eec039b8fca1f597
                • Instruction Fuzzy Hash: 15113570919A4E8FEB98FF6884592B9BBE1FF28305F4104BAD50AC6591EB35A540CB80
                Function 00007FF848CD2461 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f8f78dbf54b7537aab672e3ca294fca9847e84c5b159b28f1e6376184753da31
                • Instruction ID: 266506d480dca070f04762d96e4708116893deed349441ed1a61a7da613a3d5d
                • Opcode Fuzzy Hash: f8f78dbf54b7537aab672e3ca294fca9847e84c5b159b28f1e6376184753da31
                • Instruction Fuzzy Hash: 4001B13084D6499FEBA9FF24C4592B97BE0FF59344F0104BEE80AC6092DB35B540CB40
                Function 00007FF848CC05D8 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 608ae4a7d69fd8603ef52e9ddfaec300edb648a8bba84b5f247a1eb91cc97152
                • Instruction ID: e7deefdae61705012e41eeef80078bec55c2861ba4ade9f31a6e5ab95aec6255
                • Opcode Fuzzy Hash: 608ae4a7d69fd8603ef52e9ddfaec300edb648a8bba84b5f247a1eb91cc97152
                • Instruction Fuzzy Hash: A4014C3091890E8EEB88FF25C4596BA77A1FF58344F50457AE81EC2195CB35A561CB48
                Function 00007FF848CC2EF1 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4e5c9b8c7604fd6f1c624124a119ff699cca8894f47f14fd7770de0c1d99e670
                • Instruction ID: 1e49dfe725005c85b7b09cbdc42ab796ffa4cbb15f272f249abe28bc428ecc52
                • Opcode Fuzzy Hash: 4e5c9b8c7604fd6f1c624124a119ff699cca8894f47f14fd7770de0c1d99e670
                • Instruction Fuzzy Hash: 45018B3091DA5E8FE791FB24885E1B97BE0FF59340F4519BAD40CC70AAEB38E4448745
                Function 00007FF848CC28CD Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6d384c7dce16af2f284b4426e9dfa41ddeefffc0a97e0873bf76cd49480a2585
                • Instruction ID: 86c507ac2c949023264acc6e9531c35a4530d55b6c4c4f4f1bca548af098e937
                • Opcode Fuzzy Hash: 6d384c7dce16af2f284b4426e9dfa41ddeefffc0a97e0873bf76cd49480a2585
                • Instruction Fuzzy Hash: E2017871D1CA4E8FEBD1FB2488896B9BBE0FF19340F0515B6D408C60A2EB38E5848745
                Function 00007FF848CD7D99 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8bfbb48277b071ed79245fb04c530ab24fc0e1e2137323b153b187a100d415a1
                • Instruction ID: adb7a05c55d5735add4966156c43d7e72527b26983076d87b181fd55627a7be9
                • Opcode Fuzzy Hash: 8bfbb48277b071ed79245fb04c530ab24fc0e1e2137323b153b187a100d415a1
                • Instruction Fuzzy Hash: 96018C3084E6898FEB9AFB2484A91B97BE0FF1A344F0104FED40AC60A2DF35A544CB41
                Function 00007FF848CD7E0D Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fb99ea66f4fc959df3c6827143b90ca3237cabb6231b0767e1c9301f72460eea
                • Instruction ID: 886e7c9dde0c0fd5a6692105765f38a6a7a13456bcb621cf287b5fbc0cf5ede6
                • Opcode Fuzzy Hash: fb99ea66f4fc959df3c6827143b90ca3237cabb6231b0767e1c9301f72460eea
                • Instruction Fuzzy Hash: B701B13094D64D9FEB99FF24C4991BA7BE0FF19344F0004BED409C7592DB35A850CA44
                Function 00007FF848CCAC09 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cca000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: df606da27a7a5691d2eb1aed2b4adf849c085c4cc36cb24ddc50f90a2ee6cb63
                • Instruction ID: 7e9889584c9668cf4114aac62bddd7da1f8993c6436fddc1ef73f3046659221f
                • Opcode Fuzzy Hash: df606da27a7a5691d2eb1aed2b4adf849c085c4cc36cb24ddc50f90a2ee6cb63
                • Instruction Fuzzy Hash: 5101A27090D64D8FE791FB34888D1E97BF0FF0A340F0545B2D408C70A2EF29A4848754
                Function 00007FF848CC2F69 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1279b8002bc49292874fae0c17f302d56dd6ec99592a18d7dd3ff5adb32beee9
                • Instruction ID: 5fbc1d64972340501317beae4a406bbe97d4b7bb3cfaa4e5323da11eb473d845
                • Opcode Fuzzy Hash: 1279b8002bc49292874fae0c17f302d56dd6ec99592a18d7dd3ff5adb32beee9
                • Instruction Fuzzy Hash: 6D018F3090D69E9FE792FB7888591A97BE0EF5A340F0504F7D408CB0AAEF28A444C751
                Function 00007FF848CD77D9 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3a10ad3c9f6d41b65c15137a09d92f60471f83f800fbe4c6b1bb31fd6fdca740
                • Instruction ID: 5861dc63c9b4cb52990c822df064c554f53b237e21ff941309a7ad47febda267
                • Opcode Fuzzy Hash: 3a10ad3c9f6d41b65c15137a09d92f60471f83f800fbe4c6b1bb31fd6fdca740
                • Instruction Fuzzy Hash: E8018F3195D6895FE792FB3888491A97BE0EF1A340F0549F7D408C74A2EB38A444CB51
                Function 00007FF848CC1C9D Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a0959789fb17c3a21aef9a88373acc8c8ad67bda89e176219c13a2a734d7b26
                • Instruction ID: dabd521b831820cacbf21c61bd0b07650726acfe078c958d31c43b07a0938196
                • Opcode Fuzzy Hash: 2a0959789fb17c3a21aef9a88373acc8c8ad67bda89e176219c13a2a734d7b26
                • Instruction Fuzzy Hash: 0B018C7080D68E8FEB98EF2588556BA3BA0FF55340F4001BAE909C6182DB759960CB88
                Function 00007FF848CC0610 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cbbec5558979db4925130075e8851cb50d9a6e95c3f7d0e675fcac864e1cd69d
                • Instruction ID: 73559855b4551c7592f37497a3d79abd85a2ae91f540488c6c50372da732f84b
                • Opcode Fuzzy Hash: cbbec5558979db4925130075e8851cb50d9a6e95c3f7d0e675fcac864e1cd69d
                • Instruction Fuzzy Hash: 7F016931919A0EDEEB98FB6484592B972A0FF18349F50087EE40EC65D5DF35A590CA04
                Function 00007FF848CC0608 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 678898db80daf95b9cca18b20d1267d7683dbd1afe4cffbdef2f953bdf60eed9
                • Instruction ID: c82e4cd1f71da92d521736fe3aaf3fbbe9d5945e349233c6bf61b4165522ac6c
                • Opcode Fuzzy Hash: 678898db80daf95b9cca18b20d1267d7683dbd1afe4cffbdef2f953bdf60eed9
                • Instruction Fuzzy Hash: D7018C3181CA0E9FEB99FB24C4592BA73A0FF18345F10087EE40EC25D5DF35A550CA44
                Function 00007FF848CC1250 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce94cc153953625c42c1f480756677ebf5b0a2cf500345c4b550ebeb9db4313d
                • Instruction ID: e1235a3340dc7eb6a39f7762c989c529402cee44d3170042ceb0f6379d28a33e
                • Opcode Fuzzy Hash: ce94cc153953625c42c1f480756677ebf5b0a2cf500345c4b550ebeb9db4313d
                • Instruction Fuzzy Hash: 52F08C34E1D55B8EFBD8EB6A94182BA77E4FB56254F00053BD50EC20D0EF2855548644
                Function 00007FF848CC05D0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3bf1f8b3f8bb6af38f3d267fecca66f9d8b0d34360ca4a1e899440897c574249
                • Instruction ID: 771b39291412c0e7714837fe31e9b31130a98b2129f4cf25e5b866c196d72763
                • Opcode Fuzzy Hash: 3bf1f8b3f8bb6af38f3d267fecca66f9d8b0d34360ca4a1e899440897c574249
                • Instruction Fuzzy Hash: B5F06D3091DA4E8FEB84FF2994556FA77A4FF15344F50057AE90DC2181CB35A960CB88
                Function 00007FF848CC27E9 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 259737e81061414abc59ae1a37898c94c940964c6382058f7983b0ca53ea5afc
                • Instruction ID: 8434aced3f6d870721b285a6c11e04dffe53541ee3a3c34d9b52d43e4483e10e
                • Opcode Fuzzy Hash: 259737e81061414abc59ae1a37898c94c940964c6382058f7983b0ca53ea5afc
                • Instruction Fuzzy Hash: BEF0627180E78D8FEB9AEB2488551B93B60FF46201F4504BAD409C65D3DB699458C741
                Function 00007FF848CCB35A Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cca000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3e225690d2cb6ae017bdd83fb34876fd0c0864c0a943f066e3a870e809745708
                • Instruction ID: e9b976ae96d00e4444488883f4f32dc04e50a9c17e9442ae7aa297159f76e4ab
                • Opcode Fuzzy Hash: 3e225690d2cb6ae017bdd83fb34876fd0c0864c0a943f066e3a870e809745708
                • Instruction Fuzzy Hash: 63F01971D1D55D8FEB95EB288845BE9B7B0FF68300F1041E6940DE3146CB34A981CB84
                Function 00007FF848CC285D Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cc0000_smss.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9a43b2b82b7b69dee8d90c1217b4dc80f1522f02b850afa58c8f4ec07643b1ef
                • Instruction ID: a804630e059ba2f007614c4002034affe9b8df7923f3abb85639883366c112a1
                • Opcode Fuzzy Hash: 9a43b2b82b7b69dee8d90c1217b4dc80f1522f02b850afa58c8f4ec07643b1ef
                • Instruction Fuzzy Hash: ECF09A7280EA8ECFEB99AF2488592B93BA0FF15205F4005BAE809C55D2EB389454CA40

                Non-executed Functions

                Function 00007FF848CD13B5 Relevance: 6.4, Strings: 5, Instructions: 105COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000022.00000002.2315054054.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_34_2_7ff848cd1000_smss.jbxd
                Similarity
                • API ID:
                • String ID: "$($)$[${
                • API String ID: 0-3792314275
                • Opcode ID: 9323ad6aad34b87d08506ceccf9305bec752188546782b66a1e027dcfd5e32a4
                • Instruction ID: 26e65f5b820f98de5e5823512b751a78d75bf03676f420aab7c13f34c8b262c8
                • Opcode Fuzzy Hash: 9323ad6aad34b87d08506ceccf9305bec752188546782b66a1e027dcfd5e32a4
                • Instruction Fuzzy Hash: A341C570D0922A8EEBA8EF55D8597FDB6F1BF44355F1040BED04DA6281CB386A84DF08

                Executed Functions

                Function 00007FF848CE06C0 Relevance: .2, Instructions: 227COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cfeabd3192960b0f435f63bbbe0c46c60374657e345b0d6054363b3147b7e7fd
                • Instruction ID: 05bda031afc2de6e6d48b9c107681360fd05944229cabd7a667564bef94bd59b
                • Opcode Fuzzy Hash: cfeabd3192960b0f435f63bbbe0c46c60374657e345b0d6054363b3147b7e7fd
                • Instruction Fuzzy Hash: 53611612E0E9C69FE395B63C68191B96BE0FF527A1F0942F7D088874D7DD1C980683D8
                Function 00007FF848CE1DC2 Relevance: .2, Instructions: 217COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: afe3bd2810c0c266bc0afef33aa92d751f632022c3dba2ff4ca6dab0c298e0cd
                • Instruction ID: 8c559ce722d117a87945b2acaaa107878482fb432adaa8ee905e760243bd62e9
                • Opcode Fuzzy Hash: afe3bd2810c0c266bc0afef33aa92d751f632022c3dba2ff4ca6dab0c298e0cd
                • Instruction Fuzzy Hash: 71618E31A0CA498FDB89EE1C98655B977E2FFD8745F14416EE44AC3286CF38A812C785
                Function 00007FF848CF5440 Relevance: .2, Instructions: 173COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b0116b64386c092c365a2a6cffebebc41fc9723a8e463119e4ffe9cd9b293bdc
                • Instruction ID: 78dcf3823af73c3b464fb7f85e72aa9c554a5f25e006b2f4a5a50ef2db6ee2f7
                • Opcode Fuzzy Hash: b0116b64386c092c365a2a6cffebebc41fc9723a8e463119e4ffe9cd9b293bdc
                • Instruction Fuzzy Hash: 42510870D1891D8FEB94EB68D859BADBBF1FF58341F1000AAD10DE7296DF3468818B44
                Function 00007FF848CE31F5 Relevance: .2, Instructions: 169COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f3d84f04fb13c07e1cf79c7bd28eb6bcc6b7173f4ff7b0e388af85c4e72751c0
                • Instruction ID: 47bec05034188ccac3dfd43a47124b3b60ef433f630597e117a77231b0cece3d
                • Opcode Fuzzy Hash: f3d84f04fb13c07e1cf79c7bd28eb6bcc6b7173f4ff7b0e388af85c4e72751c0
                • Instruction Fuzzy Hash: CC511471D0860D8FEB94EBA8C444AFDBBF1EF58341F504079D009E7292DB38A945CB54
                Function 00007FF848CE2135 Relevance: .1, Instructions: 141COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d852cc78f54a794d751c9bc8a350fe9c4d7c61314f1644f8170c23b86bf98577
                • Instruction ID: a27832c61dd1268b28be64120873325a72c387aaed31a18aa4fd9b5bbba45898
                • Opcode Fuzzy Hash: d852cc78f54a794d751c9bc8a350fe9c4d7c61314f1644f8170c23b86bf98577
                • Instruction Fuzzy Hash: 03413B3190DA8A4FE785EB3C98452B87BE0EF46391F0545BBE40DC71A3DF2CA8418745
                Function 00007FF848CE363B Relevance: .1, Instructions: 136COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9954bfd5f8b2832c303c8effacde545f9fdb9e03e33a41cb31c9255122ecd21f
                • Instruction ID: 27dd37c8f7bff0ef6cd1544b39a1ad456d73e92a6e7d399ac0dc8d65033ebaa3
                • Opcode Fuzzy Hash: 9954bfd5f8b2832c303c8effacde545f9fdb9e03e33a41cb31c9255122ecd21f
                • Instruction Fuzzy Hash: CB41AB31E1D94E9FEB88EB2CD8696B9BBE0FF59340F440079D00DD7292CF2868018B94
                Function 00007FF848CEB08A Relevance: .1, Instructions: 90COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c6d069e86b7fbf9975ef1c79daa92c71da9e0264fa8143ec10262a3df3f8890
                • Instruction ID: c2f1244c5dcb9aaf1e75d6c4fa020c2f172121e631ddbbac67ef1a983a06da11
                • Opcode Fuzzy Hash: 3c6d069e86b7fbf9975ef1c79daa92c71da9e0264fa8143ec10262a3df3f8890
                • Instruction Fuzzy Hash: 25318B70D1C90E8FEB91FB68D4492B976E0FF49390F0008B6D41CE70A6EF38A5808B45
                Function 00007FF848CE0805 Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 61aa6dad1487061d8f677b4326d677eeedd386102042e6949f6d363ab2f4f511
                • Instruction ID: b3d0368ce857103ede150c1935bc24f34d08722a9b345e2ce7f66080c03bb37e
                • Opcode Fuzzy Hash: 61aa6dad1487061d8f677b4326d677eeedd386102042e6949f6d363ab2f4f511
                • Instruction Fuzzy Hash: 8A216822E1D9869FE755B77CA85A1F87BD0FF122A8F084177D088C9883DE0C9456C2D9
                Function 00007FF848CE33FC Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9b633c546c9be809753f9f6b37b45f076588df5f7d6819afb9b27df05580ed18
                • Instruction ID: afd1f6033ed8d55d82565830e16cac8299a33455d3076d2ef416995eae68b2aa
                • Opcode Fuzzy Hash: 9b633c546c9be809753f9f6b37b45f076588df5f7d6819afb9b27df05580ed18
                • Instruction Fuzzy Hash: A2215C3184D68A8FE782EB7888586A97FF0FF1A350F0505FAD449CB062DB3CA545CB51
                Function 00007FF848CE3814 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b5f1859a0beac4e0f1d8de700cd02ce01d1b9107175c95098a1ff3418a99724
                • Instruction ID: d003534e69e6ef4fc6d855467328116f0ed91521a5c26c45c3ae7c06eb4aa428
                • Opcode Fuzzy Hash: 0b5f1859a0beac4e0f1d8de700cd02ce01d1b9107175c95098a1ff3418a99724
                • Instruction Fuzzy Hash: 0321F37190E64A8FE398DF68C8293F97BE1EB86354F5000BEC40DD72D6CBB914098B40
                Function 00007FF848CE0A01 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ea0f0ae31d61da7d4d27137ef3e55dad5b3c8e32421d892cc631fd8abf56902c
                • Instruction ID: 6b8ab84611e57d0fa7c50f3cb325371c2bc75e760cbf8b40999af68bd1b3f528
                • Opcode Fuzzy Hash: ea0f0ae31d61da7d4d27137ef3e55dad5b3c8e32421d892cc631fd8abf56902c
                • Instruction Fuzzy Hash: 99118F31D1DA4E9FE7D0FB6888491BD77E1FF58380F4445BAD408C6592EF38A5448B84
                Function 00007FF848CE0F2E Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dfe4f810338bb9203893f0179b6e195820be2ea0c4981d1fca82e8a314e3a36e
                • Instruction ID: 02b8a73f2204937bfb3995e199356c748a92bdd0df32f4b05f511c232c7c5602
                • Opcode Fuzzy Hash: dfe4f810338bb9203893f0179b6e195820be2ea0c4981d1fca82e8a314e3a36e
                • Instruction Fuzzy Hash: 39212A30D095098FEB95FB58C854BFDB7B1FB54340F144279D00AA7695CF38A985CB88
                Function 00007FF848CE123D Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ea8834d9f0188a54284e7f9c4303fa06a6f875d22fb1fdc5cbb6d7a63a74efab
                • Instruction ID: 500bfad3af092ab762cccc777cc809187d1e3e21bf7d0398de8b826c36ff611f
                • Opcode Fuzzy Hash: ea8834d9f0188a54284e7f9c4303fa06a6f875d22fb1fdc5cbb6d7a63a74efab
                • Instruction Fuzzy Hash: AD118E70D0D64A8FEB99EB6888596B97BE0FF56342F0405BFD409C6091EB295450C744
                Function 00007FF848CE3595 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d36fd6c55b82c632d7f06a6c8acac27645e459a1e6107e6726a3a13cd07c71db
                • Instruction ID: e8cc693f49c773b8a63511e020659002311d5fd0032c171e652e56187336147e
                • Opcode Fuzzy Hash: d36fd6c55b82c632d7f06a6c8acac27645e459a1e6107e6726a3a13cd07c71db
                • Instruction Fuzzy Hash: EE114C7091D54E8FEB99EF7888592FA7BA0FF18340F4005BAE41EC7291DF39A5508B84
                Function 00007FF848CE05D8 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a85bfd91c5dc28763150a9096ad3aec87c64338f751084e2aea68ab4ee927a44
                • Instruction ID: f79fb060232616670ecfbb48c9ad9602be5174fa5f922976fcb6dfa54a9b65b6
                • Opcode Fuzzy Hash: a85bfd91c5dc28763150a9096ad3aec87c64338f751084e2aea68ab4ee927a44
                • Instruction Fuzzy Hash: 75015E3091890E8FEB98EF24C4596BA77E1FF58345F50457ED81EC2195CF39A5A0CB48
                Function 00007FF848CE2EF1 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c13aebe0eccce831d8904ad3fad4923df866355945e460901ce94695002bf48f
                • Instruction ID: e7d3bdc9735033b17f1cb91ee98884d3fdf480cd02b1dfb51077566475d6ebe3
                • Opcode Fuzzy Hash: c13aebe0eccce831d8904ad3fad4923df866355945e460901ce94695002bf48f
                • Instruction Fuzzy Hash: 5A017C3091D65D8FE791FB24844E6B97BE0FF59340F4515B6E408C60A6EB38A4448645
                Function 00007FF848CE28CD Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fdf1707141d54cdabdcb14eadd682375216e26dc3b4373b131cbe91fea478561
                • Instruction ID: 2399f081992e52dab61402adc951aa0da737258f1e019124d0ead6106c45c3c4
                • Opcode Fuzzy Hash: fdf1707141d54cdabdcb14eadd682375216e26dc3b4373b131cbe91fea478561
                • Instruction Fuzzy Hash: A2018F31D1D64D8FE791FB2484496B97BE0FF19340F0515B6E408C60A2EF38E584C745
                Function 00007FF848CEAC09 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce18380f3ed9ff181b6507ca7d62df4881b0a704bd694a7acaffe422ee766b48
                • Instruction ID: aa54ad220d79fd83920425f3be896287cbed180b6b30071b833f91834cca7c6d
                • Opcode Fuzzy Hash: ce18380f3ed9ff181b6507ca7d62df4881b0a704bd694a7acaffe422ee766b48
                • Instruction Fuzzy Hash: 46014F3195D68D9FE791FB3488491B97BE0FF6A340F4649B2D408C70A2EB39A4848755
                Function 00007FF848CE2F69 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c49cfefb876a91d36dfe34b819e39816c8f02a3d1efe9cfa162431973e3fad3
                • Instruction ID: 0fa169b931c17a7bcd8ec4c90a07bdb0d3e02ac19020fbec94ed0b2e58ff97be
                • Opcode Fuzzy Hash: 9c49cfefb876a91d36dfe34b819e39816c8f02a3d1efe9cfa162431973e3fad3
                • Instruction Fuzzy Hash: 6201DF3090D6898FE792FB74885D2B97BE0EF4A340F0508F7E408CB0AAEB2CA4448711
                Function 00007FF848CE1C9D Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5bb48f61669838ed8b769402cc55c8ff34f6e626cb702c72a262c5d0c69f888c
                • Instruction ID: bd23f3037748d2cb39bb8de5ecd985c058801ec075505e91eb173122f12a5902
                • Opcode Fuzzy Hash: 5bb48f61669838ed8b769402cc55c8ff34f6e626cb702c72a262c5d0c69f888c
                • Instruction Fuzzy Hash: 4701813080D68E8FEB98EE2484556FA3BE0FF55341F40057AE809C6191DB399560C784
                Function 00007FF848CE0610 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3aa4af9370de1272c4844d66fed0281842fbdce24ef308899e45cd7831f54201
                • Instruction ID: 7d875ef592d91d46747435d7d061747930d80f39783ab8de310ab2b1f7c49987
                • Opcode Fuzzy Hash: 3aa4af9370de1272c4844d66fed0281842fbdce24ef308899e45cd7831f54201
                • Instruction Fuzzy Hash: 14016931919A0E9FEBA8EB6484592B972A0FF18349F50187EE40EC65D5DF39A590CA04
                Function 00007FF848CE0608 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eac73538dbe81fcad61d61bc442e8057b656e164627c59bc7def397f4822ad6b
                • Instruction ID: f81d409628524d7865bbf904c9fdbaa6c8fb7ac6622eeb38e21cbc1405ffca6d
                • Opcode Fuzzy Hash: eac73538dbe81fcad61d61bc442e8057b656e164627c59bc7def397f4822ad6b
                • Instruction Fuzzy Hash: DD018C3181CA0E9FEBA9FB24C4492BA73A1FF18345F10087EE40EC25D5DF39A550CA44
                Function 00007FF848CE1250 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cb51dade0340071ef2fb0a67b15d692905fe7cfe3a0374df72c940563c5558e7
                • Instruction ID: dbfc9cef543771f2dc111c5562dbd8a2848b90257c6be0c79b354a325b08d50b
                • Opcode Fuzzy Hash: cb51dade0340071ef2fb0a67b15d692905fe7cfe3a0374df72c940563c5558e7
                • Instruction Fuzzy Hash: FCF08C70D1D65F8EEBD8EB6898186BA77E4FB56256F00067BD40DC20D0EF2C15248644
                Function 00007FF848CE05D0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0651a0587ec659f014aaf949f548471fd69152ea3156715bca72c9961b517d72
                • Instruction ID: d9d65747c48ae79b3c6db325be11f1caa2d0effd1517bf99e005a4baf76fd3e7
                • Opcode Fuzzy Hash: 0651a0587ec659f014aaf949f548471fd69152ea3156715bca72c9961b517d72
                • Instruction Fuzzy Hash: 19F06D3091DA4E8FEB94EF2894556FA77E4FF15345F50057AE81DC2181CB39A9A0CB88
                Function 00007FF848CE27E9 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1a008a8d554ebaf8bd1dab98e9e7a9683d2d476c4b464780b0a12da45d243d76
                • Instruction ID: 4fb543f6610821b9a43cd0981d438ae8f622da051ae5bab77e94620c40eae6ec
                • Opcode Fuzzy Hash: 1a008a8d554ebaf8bd1dab98e9e7a9683d2d476c4b464780b0a12da45d243d76
                • Instruction Fuzzy Hash: 00F0623280E78D8FEBAAEB3488552B93B60EF46241F4504BBE409C61D3DB3D9454C741
                Function 00007FF848CEB35A Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cf4cb6a3c93b8001cfe0db83bd5bcefc3736defb2e567744edb4785e7e9262c2
                • Instruction ID: 6d7a3540249da681000f3621425d6e4fa1f01f2b9bc57670b2b43b2742d66b29
                • Opcode Fuzzy Hash: cf4cb6a3c93b8001cfe0db83bd5bcefc3736defb2e567744edb4785e7e9262c2
                • Instruction Fuzzy Hash: D9F01971D1D9598FEBA1EB288845BB9B7B1FF58300F1042E6940DE3146CB38A985CF44
                Function 00007FF848CE285D Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000023.00000002.2316745518.00007FF848CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CE0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_35_2_7ff848ce0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ff08717cf0301f3ed3e5e1b35af66a778985e1e94edf0416a4a74c59e81fa0e8
                • Instruction ID: 7baaa202d86b9ad2f55801c3340b8c8af23ca09d5780953bf5ecd881a8cd7e49
                • Opcode Fuzzy Hash: ff08717cf0301f3ed3e5e1b35af66a778985e1e94edf0416a4a74c59e81fa0e8
                • Instruction Fuzzy Hash: DBF09A3280EA8ECFEBA9AF2488592F93BA0FF15245F4015BAE809C55D2EB3D9450C740

                Executed Functions

                Function 00007FF848CCFCFA Relevance: 3.9, Strings: 3, Instructions: 119COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCF000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848ccf000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID: .$S$k
                • API String ID: 0-3539048334
                • Opcode ID: 00631c89a6dae09900aca480f5b0b09541cd66b100de29da41cd2ccc82e303ab
                • Instruction ID: 09723e63b0f24561ffb0d21c1df395f9b165c42667f9dc77dcde81ed31502ec4
                • Opcode Fuzzy Hash: 00631c89a6dae09900aca480f5b0b09541cd66b100de29da41cd2ccc82e303ab
                • Instruction Fuzzy Hash: 8F414970D18A598FEBA9EF18C8597A8B7B5FB18741F0041EAD40EE3291CB746E81CF01
                Function 00007FF848CCFAC0 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCF000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848ccf000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID: .$k
                • API String ID: 0-3860523918
                • Opcode ID: f9835fb27c0eb7212924e1faaa7d497e5c1584d983bb56e3d5ee525c30435441
                • Instruction ID: c5223929a217773202d242b00e26e81c1faf88cf7bf50d4a35bfacebdb219ff6
                • Opcode Fuzzy Hash: f9835fb27c0eb7212924e1faaa7d497e5c1584d983bb56e3d5ee525c30435441
                • Instruction Fuzzy Hash: C3413970D18A598FEBA9EF1888997A8B7B5FB58741F0041EAD40DE3291CF746E818F41
                Function 00007FF848CD101F Relevance: 2.6, Strings: 2, Instructions: 52COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID: +$-
                • API String ID: 0-2137968064
                • Opcode ID: fc8ea596da609b1ee72fdc1320a31b47e42c8af39a9d27c25d8040d2a6a4f033
                • Instruction ID: 489dfec1458721bd9d443b8e272a6c310bd9f211fe676842fc111e39dcefdc0f
                • Opcode Fuzzy Hash: fc8ea596da609b1ee72fdc1320a31b47e42c8af39a9d27c25d8040d2a6a4f033
                • Instruction Fuzzy Hash: 9221B874D082298FDBA8EF54D8947FDB6B1BF54341F1041AED04EAB281CB38AA84DF44
                Function 00007FF848CD3AAF Relevance: 1.6, Strings: 1, Instructions: 322COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID: "#
                • API String ID: 0-515942874
                • Opcode ID: b2d6e1a727eb02af3818fd7f25b7fda632a1296e40752c4f546ad1477e5d78cc
                • Instruction ID: 7ffe0a7dc050ce003f0d774c2a47cf4b036bd234862dfa9edb12e7126f150989
                • Opcode Fuzzy Hash: b2d6e1a727eb02af3818fd7f25b7fda632a1296e40752c4f546ad1477e5d78cc
                • Instruction Fuzzy Hash: A5810727B0D6659ED311BBBCB8491E97FD4EF813B6F08457BC288CA053DA146449CBE8
                Function 00007FF848CD3AD3 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID: "#
                • API String ID: 0-515942874
                • Opcode ID: f43c8318b2da7a75451f6ea91a01003e5d78de64c077fba411e68739078df40a
                • Instruction ID: c809a501721527752b1ef972177e6a8def8f9c88ec841e450367c6517e0f32f2
                • Opcode Fuzzy Hash: f43c8318b2da7a75451f6ea91a01003e5d78de64c077fba411e68739078df40a
                • Instruction Fuzzy Hash: 67715927B0D6619FD311B77CB8491E97FD4EF813B6B08457BC288CA053DA146449C7E9
                Function 00007FF848CCC93D Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cca000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID: {{N
                • API String ID: 0-777276013
                • Opcode ID: 651039c5dafce1d6e7305b9f9dfcf0cddcf17af9e6725911bb10cc526b0c6159
                • Instruction ID: 9b81da6f66efbde0e1ddea6b6cae07073c8947cf11465217028251bf58e8d34e
                • Opcode Fuzzy Hash: 651039c5dafce1d6e7305b9f9dfcf0cddcf17af9e6725911bb10cc526b0c6159
                • Instruction Fuzzy Hash: FB71D127B0D5265EE352B7ACB8191F97B94EF813B5F048177D24CCA093DE18689982EC
                Function 00007FF848CD19D5 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID: -
                • API String ID: 0-2547889144
                • Opcode ID: bbed58909c14204895f7d07f167b45d0b26698de4b89993f2b883815a5dcdb55
                • Instruction ID: e87cc3d27cdca32476ad69790fd7fb7c81fdca250d218da45386f1f3a95506fa
                • Opcode Fuzzy Hash: bbed58909c14204895f7d07f167b45d0b26698de4b89993f2b883815a5dcdb55
                • Instruction Fuzzy Hash: 3B010874D082298FDBA8EF50D8947FDB6B1AF41341F1040BED04E6A280CB78A980DF04
                Function 00007FF848CD34E8 Relevance: .5, Instructions: 463COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca7c21a0ff9393909e09d8b18d8b9628485ca4bcb3fb57e0ec00bb50f2eddca1
                • Instruction ID: bab39b18eb6d005440f9f2562d3d5d18b1dce4b67c10797e182376acfb7b263d
                • Opcode Fuzzy Hash: ca7c21a0ff9393909e09d8b18d8b9628485ca4bcb3fb57e0ec00bb50f2eddca1
                • Instruction Fuzzy Hash: 6921A92090E6C59FE792F77888591697FF0FF16340F0944FBD088C70A3EA289444C795
                Function 00007FF848CCDB09 Relevance: .4, Instructions: 408COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cca000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9144d8948785fdbd24db9be4370f51f0b980948f2fab7df521dd2fc8329812c6
                • Instruction ID: 6b814d778d4d3edca213b386946d2d6fd888f19bfbb31bbfdd3c50653b40ad26
                • Opcode Fuzzy Hash: 9144d8948785fdbd24db9be4370f51f0b980948f2fab7df521dd2fc8329812c6
                • Instruction Fuzzy Hash: 4DE14A30D1965A9FEB98EB68C8957B8B7B2FF58340F0440BAD00DD3296CB386885DB55
                Function 00007FF848CCC9BD Relevance: .2, Instructions: 226COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cca000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b0c8a26083adba2bdaef138fbaa1e5d1644cbe89f5c1f379a1fa3e5c63b947e4
                • Instruction ID: 9e60b63e50bb5ce98bed0b214608cb79473f528e668a1ee12301b5112237f32e
                • Opcode Fuzzy Hash: b0c8a26083adba2bdaef138fbaa1e5d1644cbe89f5c1f379a1fa3e5c63b947e4
                • Instruction Fuzzy Hash: 7F51B123B0D5269EE752BAACB8191F97794EF813B1F148137D24CCA083DB18789586EC
                Function 00007FF848CC1DC2 Relevance: .2, Instructions: 217COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7a0273d0fb3211f736ba8576dcbc67ae5082ccfed70ebf5f73e325e20aeb5554
                • Instruction ID: 294f21cdf316c7bc44f72b17bb9f46a973cd4d2513cfac3f08b4896eebe91dfa
                • Opcode Fuzzy Hash: 7a0273d0fb3211f736ba8576dcbc67ae5082ccfed70ebf5f73e325e20aeb5554
                • Instruction Fuzzy Hash: F7619B31A0CA498FDB89EE1C98A55A977E2FFD8744F14456ED54AC3286CF34E8028789
                Function 00007FF848CD2A71 Relevance: .2, Instructions: 214COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 583b6783227b9f251c14b95ea9463f60f2c82a8b0a15edb63d3aa6c1530282b9
                • Instruction ID: 16c98e6262bc22dc813f2b5929b2405e27791f8772bc9fec5f29d68d7ad3ab8c
                • Opcode Fuzzy Hash: 583b6783227b9f251c14b95ea9463f60f2c82a8b0a15edb63d3aa6c1530282b9
                • Instruction Fuzzy Hash: 2881D370D0891D8EEBA4EF68C8997ECB6F1EF59341F5041BAD00DE3292DF3869858B54
                Function 00007FF848CD542D Relevance: .2, Instructions: 179COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 95949fd8f589f28dad28c1da34b504d508426bea97b0865e5f6ac472e4a60ceb
                • Instruction ID: c577daca70caf87b37d435cd936a2ece67e338c9befb8209f47930cfa7fc24d1
                • Opcode Fuzzy Hash: 95949fd8f589f28dad28c1da34b504d508426bea97b0865e5f6ac472e4a60ceb
                • Instruction Fuzzy Hash: D9510B70D0895D8FEBA4FB68D8596ADB7F1FF58341F5000AAD00DE7296DF3468818B45
                Function 00007FF848CD3BD3 Relevance: .2, Instructions: 176COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65504f0058e22346e2701df0bfd189b76144369be86c1866e69fb26369cd7de9
                • Instruction ID: 98407651cea4700631b80425bd9734dbd2eb2960b7a5a8c511a159116f695fb1
                • Opcode Fuzzy Hash: 65504f0058e22346e2701df0bfd189b76144369be86c1866e69fb26369cd7de9
                • Instruction Fuzzy Hash: 3541252770DAA59FD361B77CBC591EA7F90EF823B2B0804BBC248CA053DA545449C7E5
                Function 00007FF848CC31F5 Relevance: .2, Instructions: 168COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 296b075124921366c8d73b255200ab56f33dc3891ace8bd71b41563ce9c31f63
                • Instruction ID: 811b8dfa8b251e408cc9eaf02d98f5079c31768154660eb89ecfbffa6e311fa9
                • Opcode Fuzzy Hash: 296b075124921366c8d73b255200ab56f33dc3891ace8bd71b41563ce9c31f63
                • Instruction Fuzzy Hash: 00511570D0C60D8FEBA4EBA8D4846ECBBF1EF58340F54407AD009E7292DB38A945CB58
                Function 00007FF848CD5440 Relevance: .2, Instructions: 159COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e2c91e520e0b08cffb43f13a4fa822631afb1b2d0d3ffbda22ee155e9e52dbbc
                • Instruction ID: 37097810d8d766a2de0ac6c27467671b973a0d9bc0c0f16d1b40c71190264117
                • Opcode Fuzzy Hash: e2c91e520e0b08cffb43f13a4fa822631afb1b2d0d3ffbda22ee155e9e52dbbc
                • Instruction Fuzzy Hash: 5651E870D1891D8FEBA4EB68D859BADBBF1FB58341F4001AAD00DE3296DF3468818B45
                Function 00007FF848CD71B9 Relevance: .1, Instructions: 148COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65bc455bbe41cf215af3b63a22529df8bff6d7a5a307221627d0920c033bcc05
                • Instruction ID: 29941ea41ac1c59102a2974b1da6bfb4e50f298469f7920a365d3bfd413b68d5
                • Opcode Fuzzy Hash: 65bc455bbe41cf215af3b63a22529df8bff6d7a5a307221627d0920c033bcc05
                • Instruction Fuzzy Hash: DD517631D4C64ACEEBA4FBA4D8452EDB7F1EF59340F10413AE409E7296DB38A9448B84
                Function 00007FF848CD62C5 Relevance: .1, Instructions: 146COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 14f389e7adde347b319c841da2827e62078ba7aea1e8dfeff2356c655573e1ea
                • Instruction ID: 779d67448bd4b428d0741e1ff6715acd827e32eeeea1c7f4da81d0820eaa8a52
                • Opcode Fuzzy Hash: 14f389e7adde347b319c841da2827e62078ba7aea1e8dfeff2356c655573e1ea
                • Instruction Fuzzy Hash: AA510470D0C6198EEBA4FB64C859BA9B6F1FF58341F5041BAD04DE7282DB386988CF45
                Function 00007FF848CC2135 Relevance: .1, Instructions: 141COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f0550bda018585cb5caadabe07aefeb989daa0d0915e37fa7643e6aafa9f65ce
                • Instruction ID: 8b89502187f9a5a659f7f71b0bacafd68bf23b62a329759f857dca558ff77539
                • Opcode Fuzzy Hash: f0550bda018585cb5caadabe07aefeb989daa0d0915e37fa7643e6aafa9f65ce
                • Instruction Fuzzy Hash: F4412831E0DA4A8FE799EB3898451B9BBE0EF86390F0545BBD40DC7193DF28AC418755
                Function 00007FF848CC363B Relevance: .1, Instructions: 136COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: effe6f5571b8a2f5c623d8c3b9d398f8dba99d0988f3dcd3cbda559a4b1f4138
                • Instruction ID: 00e335e6500fa8ee1b03f523c8c4c5dd2a7598d4de5b305d03968abcd777245e
                • Opcode Fuzzy Hash: effe6f5571b8a2f5c623d8c3b9d398f8dba99d0988f3dcd3cbda559a4b1f4138
                • Instruction Fuzzy Hash: E941AE31D1C94A9FEB98EB2CE8696B8BBE0FF59350F440079D00DD7296CF2468418B54
                Function 00007FF848CD2CBD Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5b33e5eee3dd997e503cad58b6f2c650fe89128e72ad387cd5200b382ffcd678
                • Instruction ID: 5ea0eaef8ce5a526e14f92eceb0f281a80e3ed10431ec8072d4baceee5523b79
                • Opcode Fuzzy Hash: 5b33e5eee3dd997e503cad58b6f2c650fe89128e72ad387cd5200b382ffcd678
                • Instruction Fuzzy Hash: D441C470E186298EEBA0EFA8C8857EDB7B1FF59340F1041A9D40CE3292DB346985CF45
                Function 00007FF848CCC3B2 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cca000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2598bdb9c962896acf3976e95f09a324278a421dcf0d5b867f6055a3709d9a37
                • Instruction ID: d1b52ee5d711e9fe69de9aee4ee49e5e805583ff6f833ad50249b9782a9e9649
                • Opcode Fuzzy Hash: 2598bdb9c962896acf3976e95f09a324278a421dcf0d5b867f6055a3709d9a37
                • Instruction Fuzzy Hash: FE317074E1C91D8FEBD8FBA89895ABCB7B1FF99340F505029D00DE3292DE3468819B44
                Function 00007FF848CD21E5 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dab81b6ee124a51100898ac8754ce39c0c9eb6fa4fb00a6af1cabf862ef9d966
                • Instruction ID: 8573ec6399481778a028217e2cc6da09c14fad819507522f19f8118427582bea
                • Opcode Fuzzy Hash: dab81b6ee124a51100898ac8754ce39c0c9eb6fa4fb00a6af1cabf862ef9d966
                • Instruction Fuzzy Hash: 3031A670A09A198FEB94EB28C895BA9B7F2FF58344F1041A9D44DD3292DB35AD81CF05
                Function 00007FF848CCC420 Relevance: .1, Instructions: 93COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cca000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 70311843cfb6e696425864d308d5514cbdb57803f613b649821d3667780e323b
                • Instruction ID: 3196291a11377541d6732315367594a6b63c7578bcd9cf384fe9957ffea9cf08
                • Opcode Fuzzy Hash: 70311843cfb6e696425864d308d5514cbdb57803f613b649821d3667780e323b
                • Instruction Fuzzy Hash: 0A21B370E1C91D8FEB94FBA89899ABCBBB1FF99340F505129D00DE3292CF3468419B44
                Function 00007FF848CCB08A Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cca000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b2a8780072cbb745de7f161b4a6658b14f8cae061bb1e4957471b592b8855b2
                • Instruction ID: 5b34e6cedc058eae0df97a8c42b3480fc6b15283ed9111e183bd18fd958469f6
                • Opcode Fuzzy Hash: 0b2a8780072cbb745de7f161b4a6658b14f8cae061bb1e4957471b592b8855b2
                • Instruction Fuzzy Hash: D0215C70D1C90E9EEB91FBA898492BD76E0FF49381F0048B6D41DD7196EF38A5848B45
                Function 00007FF848CCBF26 Relevance: .1, Instructions: 81COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cca000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5fc2288aebfa9478ec6fdc2fd2727c796151feed748f692bc705f60b6edd5a89
                • Instruction ID: d7850fd04ed5ce508662d7780aa6dbbbcadb8b29f887069e1cb532ed1ba8ce5f
                • Opcode Fuzzy Hash: 5fc2288aebfa9478ec6fdc2fd2727c796151feed748f692bc705f60b6edd5a89
                • Instruction Fuzzy Hash: 7531B2B4D0861E8FDB88EF94D4986EDB7B1FF18351F10003AE409E7291DB786880CB54
                Function 00007FF848CC33FC Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c0173606985f80f91a846132a09fd676a8fd601243da910c5584f505331cde3d
                • Instruction ID: da2b2a2aa300a41c6ae02ad7c3cbe497f05936be0a7271ca257c0ac700bc59f3
                • Opcode Fuzzy Hash: c0173606985f80f91a846132a09fd676a8fd601243da910c5584f505331cde3d
                • Instruction Fuzzy Hash: 9E217F7084D68A8FE793EB7888586A97FF0FF16350F0505FAD449CB0A2DB389545CB51
                Function 00007FF848CC084D Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d5863b8f81efb2d0d07a6e181274128489f0450a48d055c3e21076838d37d979
                • Instruction ID: 55bfedcf3dbbcf838c5180d1e52ec7ee2ec93a66c658b73ab12f3745956e9d38
                • Opcode Fuzzy Hash: d5863b8f81efb2d0d07a6e181274128489f0450a48d055c3e21076838d37d979
                • Instruction Fuzzy Hash: DF112071D1CA8A8FFB85FB78885A1F97BE0FF15344F0584B6C049CA092EF24A445C294
                Function 00007FF848CC3814 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fb919911933e5e14d1ed83e0c2960472268e8bf660c425cbf953146c6ff4967e
                • Instruction ID: 2708b294ec894d40ffea375a2ddd040de480639c41caf0b866e7058125faf28e
                • Opcode Fuzzy Hash: fb919911933e5e14d1ed83e0c2960472268e8bf660c425cbf953146c6ff4967e
                • Instruction Fuzzy Hash: 8321F37190E60A8FE358DF68D8293F97BE1EB95354F5000BEC00ED32D6CBB524058B50
                Function 00007FF848CD75C1 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3f4426b46d685230706c116ec4439ea253ab764f4997d0f8351c4e3290a7dd6
                • Instruction ID: 2cec9fadf5b641b6eb15d1cd4a9022ac4a7963954f64e395979330eceab8299b
                • Opcode Fuzzy Hash: a3f4426b46d685230706c116ec4439ea253ab764f4997d0f8351c4e3290a7dd6
                • Instruction Fuzzy Hash: 0C118535A4C94E8FEBA1FB6888492FE77E1FF19340F000472E408D7092EB38A5108B55
                Function 00007FF848CD2807 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fa1e311bcd0b592f2126089679c863d621cb6001821c7a2e57d75a6b8f83700d
                • Instruction ID: f09347baa447b4efb90f0508acd791018fef2350dcb002c57e8b2a1a6690b0e1
                • Opcode Fuzzy Hash: fa1e311bcd0b592f2126089679c863d621cb6001821c7a2e57d75a6b8f83700d
                • Instruction Fuzzy Hash: 4A11D03184E6898FEB96AB309C151F97BF0EF06340F1544FBD449CB4A3DB286545CB61
                Function 00007FF848CC0F2E Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 03f85d7a95c715f1e9331d7826cc413836fce588f09b23cadb5377e6b4e743c6
                • Instruction ID: 34f24cb28d2e2dbb26ddd73a7e85bbf45e85aef82193cd82246a7460e880ed8c
                • Opcode Fuzzy Hash: 03f85d7a95c715f1e9331d7826cc413836fce588f09b23cadb5377e6b4e743c6
                • Instruction Fuzzy Hash: A0213C30D096098FEB95FB58C854BEDB7B5FF54340F104175D00AA7285DF38A985CB58
                Function 00007FF848CC0A01 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2be756543959094d43b823cb887e904986c0c1336cb3dd595d62c77011fd32a4
                • Instruction ID: f315a68623e6717aeac508d68f37aaa8faa792a3d2f42c5b0bfdd16954593073
                • Opcode Fuzzy Hash: 2be756543959094d43b823cb887e904986c0c1336cb3dd595d62c77011fd32a4
                • Instruction Fuzzy Hash: 6D118C70D1C94E9FEB80FB6888492BD7BE0FF58380F4055B6D409C7192EF38A9448B44
                Function 00007FF848CD6F51 Relevance: .1, Instructions: 67COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0ccb5d15f96b76886d8d757e75706391e3fe61c7a6702afc305ba4c6672bba29
                • Instruction ID: 0ab129f86cc292b73369c0cbd4b6ecf046c3ddff59f29f08e54da8e0e382085c
                • Opcode Fuzzy Hash: 0ccb5d15f96b76886d8d757e75706391e3fe61c7a6702afc305ba4c6672bba29
                • Instruction Fuzzy Hash: 5D11BE3090CA4E8FEBA8FF68845A6BD7BE0FF28341F0005BED419C6196DB34A454CB80
                Function 00007FF848CD25D1 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ac29848a5d595d91178baaa4b262e8e4180ec9ca2b282587177823f02fa88e6
                • Instruction ID: 60ff6187fd59673f5837c843ff68e6405e59db6dace7b72b2800b01a4e763588
                • Opcode Fuzzy Hash: 1ac29848a5d595d91178baaa4b262e8e4180ec9ca2b282587177823f02fa88e6
                • Instruction Fuzzy Hash: 0F118B7091DA498FEB98EF18C49A5E97BE1FF58345F0512BEE80E83291DB34B441CB85
                Function 00007FF848CD4905 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 467e0d191d457d1e9a0209d6f3bc517e5076247e953c07c317309da31bb0b239
                • Instruction ID: cecd0d4bf22690c4a2aa0ad988ebdf05ed03405ff0d58d1d1c99f1b2d07d859c
                • Opcode Fuzzy Hash: 467e0d191d457d1e9a0209d6f3bc517e5076247e953c07c317309da31bb0b239
                • Instruction Fuzzy Hash: 8D119D3080CA4E9FEBD8FF68845A2BD7BE0FF58341F0001BAD409D6196CB34A444CB45
                Function 00007FF848CD7651 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c6dce66e4b70e66e09b16abc0fd03b20c5f9860a620ed7ee861ba21a194c7e94
                • Instruction ID: e61b500c8b099ba590dd0fef0fc1acabfdfc13189cdb69c4221b5a7c4fff537a
                • Opcode Fuzzy Hash: c6dce66e4b70e66e09b16abc0fd03b20c5f9860a620ed7ee861ba21a194c7e94
                • Instruction Fuzzy Hash: 2D113A3195C94E9FEBA1FB68C8896EE7BF4FF19341F0004B6E418C7151EB34A1568B54
                Function 00007FF848CD6FF5 Relevance: .1, Instructions: 64COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 74c48ea4628118266236208e2e6a05f7d5248eec6ada0ae8f46f0722be69884b
                • Instruction ID: 26ff9030249b7a82fe5986306dae0f4a7386510165c5f6cf9987880c317f47b4
                • Opcode Fuzzy Hash: 74c48ea4628118266236208e2e6a05f7d5248eec6ada0ae8f46f0722be69884b
                • Instruction Fuzzy Hash: 6E116D3094CA4E9FEBA9FF28845A2B97BE0FF58341F1045BED409C6192DB34A444CB81
                Function 00007FF848CD4869 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d9a349faf9490c0fa6d1e23231e4af328cca37a51513091b0c448ffddad091f
                • Instruction ID: 98848514a257e6f9b6d6820af26b0424d6bb717c9aa935f63b8cb759064994d4
                • Opcode Fuzzy Hash: 0d9a349faf9490c0fa6d1e23231e4af328cca37a51513091b0c448ffddad091f
                • Instruction Fuzzy Hash: E321933090D68D9FEB95FF2888592B97BE0FF19341F1445BAD409C7592DB34A444CB81
                Function 00007FF848CD4E25 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 81cbb15a88ecd3d5fac875cc546406c6991efd7667a756861d95c371c84224e8
                • Instruction ID: 7cdb0d972ecb0548eca35350dcbd0776fb189888572fcd0944eb5429d8ff3095
                • Opcode Fuzzy Hash: 81cbb15a88ecd3d5fac875cc546406c6991efd7667a756861d95c371c84224e8
                • Instruction Fuzzy Hash: 3911C430D0D9899FEBA9FB64849A2B8BBE0FF15344F0500BEC109C7992DB386484CB45
                Function 00007FF848CC3595 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5d9671cbf30c0a997330bae5c927ccd55e7cfeaeb93d456d304e55c0536a79ea
                • Instruction ID: a10455a50caad5ae1aa147991b5ba5ae34cfe3ab2922dbcbf8735aacc2225e16
                • Opcode Fuzzy Hash: 5d9671cbf30c0a997330bae5c927ccd55e7cfeaeb93d456d304e55c0536a79ea
                • Instruction Fuzzy Hash: 7E114F7091C54E8FEBA5EF7898592F97BA0FF18340F4005BAE419C7191EF35A5508784
                Function 00007FF848CCCB20 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cca000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ab90d3b11248db68d4d09dd754c2be0ca54de114257da5614c76641b37ef04a6
                • Instruction ID: 6d616e8dae8f03d471c1224c7a85aa1ef15095c38800fe66ac0e3ec6a69919bc
                • Opcode Fuzzy Hash: ab90d3b11248db68d4d09dd754c2be0ca54de114257da5614c76641b37ef04a6
                • Instruction Fuzzy Hash: 08118B3090CA8E9EEB8AEBB488681B97BA0FF15341F0104BAD419C71A2DB346A40CB54
                Function 00007FF848CC123D Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b84519bea2e6e563cd3be6668bd23081f4328227ac2e9f203e18efed409a0b5
                • Instruction ID: 1b4f7861534c19bc38d05230b945b40683377f69e178fdc7df4138bced02e8ea
                • Opcode Fuzzy Hash: 0b84519bea2e6e563cd3be6668bd23081f4328227ac2e9f203e18efed409a0b5
                • Instruction Fuzzy Hash: 3E11BF74D0D64A8EEBD9EB6984692B97BE0FF56340F0405BFD50AC60D2EF28A444C744
                Function 00007FF848CD5199 Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 184f59a64068ed93d8a9c6bc4f1368e7f38c38bc5e66a64cb6d859ae3c96c28b
                • Instruction ID: 9fded1b2a2fe003293b421bc3055167aa46198af2cb65a6d6380367b29683c99
                • Opcode Fuzzy Hash: 184f59a64068ed93d8a9c6bc4f1368e7f38c38bc5e66a64cb6d859ae3c96c28b
                • Instruction Fuzzy Hash: 9111587090DA8A8FEB99FB28886D2B97BF0FF19341F0404BAD419C6192DB39A544CB45
                Function 00007FF848CD29F1 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 97d6cac5ba592fa4e0279f60632ec241cfc5fe4dade21f72703bfaffc8e47c24
                • Instruction ID: e105b912c97064776c87a244239378c3406c1e3b443cac13c02f4b4e0b45861c
                • Opcode Fuzzy Hash: 97d6cac5ba592fa4e0279f60632ec241cfc5fe4dade21f72703bfaffc8e47c24
                • Instruction Fuzzy Hash: 05115B3091D94E9EEBA2FB6884895F97BE0EF1A340F0444B6D40CC6056EA34A5858B55
                Function 00007FF848CD4F4D Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da9a1b08389aeb76496f476ab3e3403086df83785721bfa60545edbc1d82c561
                • Instruction ID: 954e988ac3fc20850cf0828f336835b29c7049b97e05c1f6644b9b5c284cfba5
                • Opcode Fuzzy Hash: da9a1b08389aeb76496f476ab3e3403086df83785721bfa60545edbc1d82c561
                • Instruction Fuzzy Hash: F5118C7080D94A8FEBA8FB64C8596BEBBE0FF19340F0005BAD509C65A6DB38A544CB51
                Function 00007FF848CD712D Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8ad0ac6e609e4838427cb84f79b1afdd4e5cd00d4aa9febbed8ea0c85df625ae
                • Instruction ID: 6f97b10610dac2b23ebae6fafee8e74e54cf5865eecc35eb42919956b3731914
                • Opcode Fuzzy Hash: 8ad0ac6e609e4838427cb84f79b1afdd4e5cd00d4aa9febbed8ea0c85df625ae
                • Instruction Fuzzy Hash: 0111913094D54E8FEBA9FF24845A2BE7BE0FF59340F4051BAD40DC6192DB39A444CB81
                Function 00007FF848CD70AB Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2492a097088f9cba4cef0ba78ab74c76b9334862e850cb34dce087600ab1e340
                • Instruction ID: ab8031507ca3d81fdc54caa6ef8f6e07eda17abb0ffb8dc289c43f7a323d7044
                • Opcode Fuzzy Hash: 2492a097088f9cba4cef0ba78ab74c76b9334862e850cb34dce087600ab1e340
                • Instruction Fuzzy Hash: 4D11CE30D4D94E8EEBE9FB2494AA2B87AE0FF18300F0000BED40DC21D2DF35A414CA45
                Function 00007FF848CD6239 Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9b56ef3aa25673cafefbdf7678adbe01e58bec98c04b7c839b055483fc08e82a
                • Instruction ID: cb680e81762be4063b60c0ee5bdba5c8033c583bcc9f0d1354231e0b3da41781
                • Opcode Fuzzy Hash: 9b56ef3aa25673cafefbdf7678adbe01e58bec98c04b7c839b055483fc08e82a
                • Instruction Fuzzy Hash: FB114F31D0D68A9FE791FB64885D6B97BE0FF19340F0505B6D408C71A2DB38A544CB95
                Function 00007FF848CD510D Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 286dac028075f1b8c8bd996f186ffff34b5c3fe616b5b4e755cb54721ea66d59
                • Instruction ID: c60264a7f27b05609c94bccda33b1c9c15d8a479f3968ecb7e5f5fc3ff73c5da
                • Opcode Fuzzy Hash: 286dac028075f1b8c8bd996f186ffff34b5c3fe616b5b4e755cb54721ea66d59
                • Instruction Fuzzy Hash: A7119E3090DA8A8FEB98FB28845A6BD7BF0FF18341F0414BAD419C6196DF35A544CB45
                Function 00007FF848CCBE05 Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cca000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d74f45fb095ef60869d2451ad8882975b3d156bb415f6710bf8f4cf27ab36e80
                • Instruction ID: 9b8109e95449601efbac00afe9a1d068ba1aca9cb077b4bc67bc062e6ea28ac8
                • Opcode Fuzzy Hash: d74f45fb095ef60869d2451ad8882975b3d156bb415f6710bf8f4cf27ab36e80
                • Instruction Fuzzy Hash: 0F11397091DA4E8FEB85EFA484992B97BE0FF18301F1004BED509C6592DB75A550CB44
                Function 00007FF848CCD7FD Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cca000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd5f9c11577a537d1f01283560573b91925f30184e1822f6eec039b8fca1f597
                • Instruction ID: 6a51fb2a9833fc0976210b2db926bdc30e3a2327c1a778c12244e7831fc31da3
                • Opcode Fuzzy Hash: bd5f9c11577a537d1f01283560573b91925f30184e1822f6eec039b8fca1f597
                • Instruction Fuzzy Hash: 15113570919A4E8FEB98FF6884592B9BBE1FF28305F4104BAD50AC6591EB35A540CB80
                Function 00007FF848CD2461 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f8f78dbf54b7537aab672e3ca294fca9847e84c5b159b28f1e6376184753da31
                • Instruction ID: 266506d480dca070f04762d96e4708116893deed349441ed1a61a7da613a3d5d
                • Opcode Fuzzy Hash: f8f78dbf54b7537aab672e3ca294fca9847e84c5b159b28f1e6376184753da31
                • Instruction Fuzzy Hash: 4001B13084D6499FEBA9FF24C4592B97BE0FF59344F0104BEE80AC6092DB35B540CB40
                Function 00007FF848CC05D8 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 608ae4a7d69fd8603ef52e9ddfaec300edb648a8bba84b5f247a1eb91cc97152
                • Instruction ID: e7deefdae61705012e41eeef80078bec55c2861ba4ade9f31a6e5ab95aec6255
                • Opcode Fuzzy Hash: 608ae4a7d69fd8603ef52e9ddfaec300edb648a8bba84b5f247a1eb91cc97152
                • Instruction Fuzzy Hash: A4014C3091890E8EEB88FF25C4596BA77A1FF58344F50457AE81EC2195CB35A561CB48
                Function 00007FF848CC2EF1 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4e5c9b8c7604fd6f1c624124a119ff699cca8894f47f14fd7770de0c1d99e670
                • Instruction ID: 1e49dfe725005c85b7b09cbdc42ab796ffa4cbb15f272f249abe28bc428ecc52
                • Opcode Fuzzy Hash: 4e5c9b8c7604fd6f1c624124a119ff699cca8894f47f14fd7770de0c1d99e670
                • Instruction Fuzzy Hash: 45018B3091DA5E8FE791FB24885E1B97BE0FF59340F4519BAD40CC70AAEB38E4448745
                Function 00007FF848CD7D99 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8bfbb48277b071ed79245fb04c530ab24fc0e1e2137323b153b187a100d415a1
                • Instruction ID: adb7a05c55d5735add4966156c43d7e72527b26983076d87b181fd55627a7be9
                • Opcode Fuzzy Hash: 8bfbb48277b071ed79245fb04c530ab24fc0e1e2137323b153b187a100d415a1
                • Instruction Fuzzy Hash: 96018C3084E6898FEB9AFB2484A91B97BE0FF1A344F0104FED40AC60A2DF35A544CB41
                Function 00007FF848CD7E0D Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fb99ea66f4fc959df3c6827143b90ca3237cabb6231b0767e1c9301f72460eea
                • Instruction ID: 886e7c9dde0c0fd5a6692105765f38a6a7a13456bcb621cf287b5fbc0cf5ede6
                • Opcode Fuzzy Hash: fb99ea66f4fc959df3c6827143b90ca3237cabb6231b0767e1c9301f72460eea
                • Instruction Fuzzy Hash: B701B13094D64D9FEB99FF24C4991BA7BE0FF19344F0004BED409C7592DB35A850CA44
                Function 00007FF848CC28CD Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6d384c7dce16af2f284b4426e9dfa41ddeefffc0a97e0873bf76cd49480a2585
                • Instruction ID: 86c507ac2c949023264acc6e9531c35a4530d55b6c4c4f4f1bca548af098e937
                • Opcode Fuzzy Hash: 6d384c7dce16af2f284b4426e9dfa41ddeefffc0a97e0873bf76cd49480a2585
                • Instruction Fuzzy Hash: E2017871D1CA4E8FEBD1FB2488896B9BBE0FF19340F0515B6D408C60A2EB38E5848745
                Function 00007FF848CCAC09 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cca000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: df606da27a7a5691d2eb1aed2b4adf849c085c4cc36cb24ddc50f90a2ee6cb63
                • Instruction ID: 7e9889584c9668cf4114aac62bddd7da1f8993c6436fddc1ef73f3046659221f
                • Opcode Fuzzy Hash: df606da27a7a5691d2eb1aed2b4adf849c085c4cc36cb24ddc50f90a2ee6cb63
                • Instruction Fuzzy Hash: 5101A27090D64D8FE791FB34888D1E97BF0FF0A340F0545B2D408C70A2EF29A4848754
                Function 00007FF848CD77D9 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3a10ad3c9f6d41b65c15137a09d92f60471f83f800fbe4c6b1bb31fd6fdca740
                • Instruction ID: 5861dc63c9b4cb52990c822df064c554f53b237e21ff941309a7ad47febda267
                • Opcode Fuzzy Hash: 3a10ad3c9f6d41b65c15137a09d92f60471f83f800fbe4c6b1bb31fd6fdca740
                • Instruction Fuzzy Hash: E8018F3195D6895FE792FB3888491A97BE0EF1A340F0549F7D408C74A2EB38A444CB51
                Function 00007FF848CC2F69 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1279b8002bc49292874fae0c17f302d56dd6ec99592a18d7dd3ff5adb32beee9
                • Instruction ID: 5fbc1d64972340501317beae4a406bbe97d4b7bb3cfaa4e5323da11eb473d845
                • Opcode Fuzzy Hash: 1279b8002bc49292874fae0c17f302d56dd6ec99592a18d7dd3ff5adb32beee9
                • Instruction Fuzzy Hash: 6D018F3090D69E9FE792FB7888591A97BE0EF5A340F0504F7D408CB0AAEF28A444C751
                Function 00007FF848CC1C9D Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a0959789fb17c3a21aef9a88373acc8c8ad67bda89e176219c13a2a734d7b26
                • Instruction ID: dabd521b831820cacbf21c61bd0b07650726acfe078c958d31c43b07a0938196
                • Opcode Fuzzy Hash: 2a0959789fb17c3a21aef9a88373acc8c8ad67bda89e176219c13a2a734d7b26
                • Instruction Fuzzy Hash: 0B018C7080D68E8FEB98EF2588556BA3BA0FF55340F4001BAE909C6182DB759960CB88
                Function 00007FF848CC0610 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cbbec5558979db4925130075e8851cb50d9a6e95c3f7d0e675fcac864e1cd69d
                • Instruction ID: 73559855b4551c7592f37497a3d79abd85a2ae91f540488c6c50372da732f84b
                • Opcode Fuzzy Hash: cbbec5558979db4925130075e8851cb50d9a6e95c3f7d0e675fcac864e1cd69d
                • Instruction Fuzzy Hash: 7F016931919A0EDEEB98FB6484592B972A0FF18349F50087EE40EC65D5DF35A590CA04
                Function 00007FF848CC0608 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 678898db80daf95b9cca18b20d1267d7683dbd1afe4cffbdef2f953bdf60eed9
                • Instruction ID: c82e4cd1f71da92d521736fe3aaf3fbbe9d5945e349233c6bf61b4165522ac6c
                • Opcode Fuzzy Hash: 678898db80daf95b9cca18b20d1267d7683dbd1afe4cffbdef2f953bdf60eed9
                • Instruction Fuzzy Hash: D7018C3181CA0E9FEB99FB24C4592BA73A0FF18345F10087EE40EC25D5DF35A550CA44
                Function 00007FF848CC1250 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce94cc153953625c42c1f480756677ebf5b0a2cf500345c4b550ebeb9db4313d
                • Instruction ID: e1235a3340dc7eb6a39f7762c989c529402cee44d3170042ceb0f6379d28a33e
                • Opcode Fuzzy Hash: ce94cc153953625c42c1f480756677ebf5b0a2cf500345c4b550ebeb9db4313d
                • Instruction Fuzzy Hash: 52F08C34E1D55B8EFBD8EB6A94182BA77E4FB56254F00053BD50EC20D0EF2855548644
                Function 00007FF848CC05D0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3bf1f8b3f8bb6af38f3d267fecca66f9d8b0d34360ca4a1e899440897c574249
                • Instruction ID: 771b39291412c0e7714837fe31e9b31130a98b2129f4cf25e5b866c196d72763
                • Opcode Fuzzy Hash: 3bf1f8b3f8bb6af38f3d267fecca66f9d8b0d34360ca4a1e899440897c574249
                • Instruction Fuzzy Hash: B5F06D3091DA4E8FEB84FF2994556FA77A4FF15344F50057AE90DC2181CB35A960CB88
                Function 00007FF848CC27E9 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 259737e81061414abc59ae1a37898c94c940964c6382058f7983b0ca53ea5afc
                • Instruction ID: 8434aced3f6d870721b285a6c11e04dffe53541ee3a3c34d9b52d43e4483e10e
                • Opcode Fuzzy Hash: 259737e81061414abc59ae1a37898c94c940964c6382058f7983b0ca53ea5afc
                • Instruction Fuzzy Hash: BEF0627180E78D8FEB9AEB2488551B93B60FF46201F4504BAD409C65D3DB699458C741
                Function 00007FF848CCB35A Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCA000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cca000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 84faa287eb2584a28953633ccef591feb1592d78b87cd2b85245431d83fc6b0b
                • Instruction ID: 13dc8c82cda621dc8b4b0ec70b9ded6cd42c7cee36b49e4ef09aa12e26d4592c
                • Opcode Fuzzy Hash: 84faa287eb2584a28953633ccef591feb1592d78b87cd2b85245431d83fc6b0b
                • Instruction Fuzzy Hash: 93F01971D1D5598FEB95EB28C845BE9B7B0FF68340F1041E6940DE3146CB34A981CB44
                Function 00007FF848CC285D Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9a43b2b82b7b69dee8d90c1217b4dc80f1522f02b850afa58c8f4ec07643b1ef
                • Instruction ID: a804630e059ba2f007614c4002034affe9b8df7923f3abb85639883366c112a1
                • Opcode Fuzzy Hash: 9a43b2b82b7b69dee8d90c1217b4dc80f1522f02b850afa58c8f4ec07643b1ef
                • Instruction Fuzzy Hash: ECF09A7280EA8ECFEB99AF2488592B93BA0FF15205F4005BAE809C55D2EB389454CA40
                Function 00007FF848CC2447 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CC0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cc0000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50d81e611649cda780487fa3be04d4755d55121494de22a1668548da7c44f046
                • Instruction ID: 23cc7ef699662d669a9cb05983ccb949350be913b13e64867d2025ca8f6ae830
                • Opcode Fuzzy Hash: 50d81e611649cda780487fa3be04d4755d55121494de22a1668548da7c44f046
                • Instruction Fuzzy Hash: F3F0A5309085298FEBA5FB10C855BE973B1EB54341F0046BAC40ED72A2DF786A85CB44

                Non-executed Functions

                Function 00007FF848CD13B5 Relevance: 6.4, Strings: 5, Instructions: 105COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CD1000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848cd1000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID: "$($)$[${
                • API String ID: 0-3792314275
                • Opcode ID: 9323ad6aad34b87d08506ceccf9305bec752188546782b66a1e027dcfd5e32a4
                • Instruction ID: 26e65f5b820f98de5e5823512b751a78d75bf03676f420aab7c13f34c8b262c8
                • Opcode Fuzzy Hash: 9323ad6aad34b87d08506ceccf9305bec752188546782b66a1e027dcfd5e32a4
                • Instruction Fuzzy Hash: A341C570D0922A8EEBA8EF55D8597FDB6F1BF44355F1040BED04DA6281CB386A84DF08
                Function 00007FF848CCF28F Relevance: 5.1, Strings: 4, Instructions: 61COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000025.00000002.2316018157.00007FF848CCF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848CCF000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_37_2_7ff848ccf000_WmiPrvSE.jbxd
                Similarity
                • API ID:
                • String ID: J$\$`$k
                • API String ID: 0-1355168412
                • Opcode ID: 972d25dbfdb9a5cf88246dce1eb11bfbec83e937aa9c36e08bea10b3ac6cbe01
                • Instruction ID: 5e522d8a6a407a599e85e0925bc9b6e609e69f7b45119f021f39915d1b7205c9
                • Opcode Fuzzy Hash: 972d25dbfdb9a5cf88246dce1eb11bfbec83e937aa9c36e08bea10b3ac6cbe01
                • Instruction Fuzzy Hash: 1B219670D1D229CFDBA4EF14C8987E9B7B1BB54341F1041AAD80EA2291DBB85985CF49