Edit tour

Windows Analysis Report
DVuCnBrdbI.exe

Overview

General Information

Sample name:	DVuCnBrdbI.exe renamed because original name is a hash value
Original sample name:	b321fbc4a5947b5e623708e11a166692.exe
Analysis ID:	1431406
MD5:	b321fbc4a5947b5e623708e11a166692
SHA1:	a47346617fe2b1dda2920a23179daf9b36bbb06e
SHA256:	d1396a1ec855bd2cd988d0473161c5fba7ac170ba8e2f31b00d2689b517a0f22
Tags:	DCRatexe
Infos:

Detection

DCRat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Schedule system process

Yara detected DCRat

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

C2 URLs / IPs found in malware configuration

Creates processes via WMI

Drops PE files with benign system names

Drops executable to a common third party application directory

Drops executables to the windows directory (C:\Windows) and starts them

Machine Learning detection for dropped file

Machine Learning detection for sample

Sigma detected: Files With System Process Name In Unsuspected Locations

Sigma detected: System File Execution Location Anomaly

Uses schtasks.exe or at.exe to add and modify task schedules

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

DVuCnBrdbI.exe (PID: 764 cmdline: "C:\Users\user\Desktop\DVuCnBrdbI.exe" MD5: B321FBC4A5947B5E623708E11A166692)

schtasks.exe (PID: 1608 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6368 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6976 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6924 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 6 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2032 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7144 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 13 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6924 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\windows multimedia platform\qJBfikDNRbrkF.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1608 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Program Files (x86)\windows multimedia platform\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2032 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\windows multimedia platform\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7144 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 13 /tr "'C:\Users\Default\Desktop\qJBfikDNRbrkF.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5460 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Users\Default\Desktop\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7144 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 8 /tr "'C:\Users\Default\Desktop\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7184 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 14 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7200 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7216 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 12 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7232 cmdline: schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 13 /tr "'C:\Windows\TAPI\WmiPrvSE.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7248 cmdline: schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Windows\TAPI\WmiPrvSE.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7264 cmdline: schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 8 /tr "'C:\Windows\TAPI\WmiPrvSE.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7284 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 8 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7300 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7316 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 13 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7332 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 11 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7348 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7364 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 7 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7380 cmdline: schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 7 /tr "'C:\Recovery\wininit.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7396 cmdline: schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\Recovery\wininit.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7412 cmdline: schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 13 /tr "'C:\Recovery\wininit.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7428 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 14 /tr "'C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7452 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7476 cmdline: schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 14 /tr "'C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7508 cmdline: schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\Idle.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7544 cmdline: schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\Idle.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7568 cmdline: schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\Idle.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

qJBfikDNRbrkF.exe (PID: 7436 cmdline: C:\Recovery\qJBfikDNRbrkF.exe MD5: B321FBC4A5947B5E623708E11A166692)

qJBfikDNRbrkF.exe (PID: 7460 cmdline: "C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe" MD5: B321FBC4A5947B5E623708E11A166692)

wininit.exe (PID: 7492 cmdline: C:\Recovery\wininit.exe MD5: B321FBC4A5947B5E623708E11A166692)

wininit.exe (PID: 7500 cmdline: C:\Recovery\wininit.exe MD5: B321FBC4A5947B5E623708E11A166692)

WmiPrvSE.exe (PID: 7528 cmdline: C:\Windows\TAPI\WmiPrvSE.exe MD5: B321FBC4A5947B5E623708E11A166692)

WmiPrvSE.exe (PID: 7560 cmdline: C:\Windows\TAPI\WmiPrvSE.exe MD5: B321FBC4A5947B5E623708E11A166692)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://axmahr.github.io/posts/asyncrat-detection/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"i\":\"%\",\"6\":\".\",\"b\":\" \",\"0\":\"#\",\"H\":\"&\",\"9\":\"-\",\"v\":\")\",\"S\":\"(\",\"d\":\"~\",\"m\":\"@\",\"L\":\",\",\"W\":\"_\",\"N\":\">\",\"5\":\"$\",\"A\":\"^\",\"Z\":\";\",\"C\":\"*\",\"y\":\"`\",\"I\":\"|\",\"e\":\"!\",\"J\":\"<\"}", "PCRT": "{\"D\":\"*\",\"E\":\"(\",\"Q\":\"<\",\"U\":\"^\",\"R\":\"&\",\"F\":\"-\",\"0\":\"@\",\"V\":\"%\",\"1\":\",\",\"I\":\"$\",\"W\":\"_\",\"j\":\";\",\"Z\":\">\",\"n\":\")\",\"v\":\"!\",\"d\":\"|\",\"p\":\"`\",\"w\":\" \",\"J\":\".\",\"B\":\"#\",\"N\":\"~\"}", "TAG": "", "MUTEX": "shddsfhdsfhsdfhdsfuidshfkjdshhjodsghdshfjklsdhfljkdshkjldsfhglskdhglfsdjkhgldshglsdfjhgldjfhdlhnvudfhgkldjfhgkjldfshglkfdhgjkdfhvdkghkdfjhgsldfkhgidsfhggggjrbufdngvklhgkdfhgs", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false, "H1": "http://golovkcc.beget.tech/@==gbJBzYuFDT", "H2": "http://golovkcc.beget.tech/@==gbJBzYuFDT", "T": "0"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1684981326.0000000003735000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001F.00000002.1755394202.00000000026D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001F.00000002.1755394202.000000000270D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000026.00000002.1755435217.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001D.00000002.1750646364.0000000002971000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001D.00000002.1750646364.00000000029AF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000021.00000002.1754740131.000000000291D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000021.00000002.1754740131.00000000028E1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000026.00000002.1755435217.0000000002E2D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000022.00000002.1748954073.0000000002591000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000024.00000002.1755299818.0000000003051000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.1686893087.0000000012F31000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: DVuCnBrdbI.exe PID: 764	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: qJBfikDNRbrkF.exe PID: 7436	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: qJBfikDNRbrkF.exe PID: 7460	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: wininit.exe PID: 7492	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: wininit.exe PID: 7500	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: WmiPrvSE.exe PID: 7528	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: WmiPrvSE.exe PID: 7560	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Click to see the 15 entries

Sigma Signatures

System Summary

Sigma detected: Files With System Process Name In Unsuspected Locations

Source: File created

Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\DVuCnBrdbI.exe, ProcessId: 764, TargetFilename: C:\Windows\TAPI\WmiPrvSE.exe

Sigma detected: System File Execution Location Anomaly

Source: Process started

Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: C:\Recovery\wininit.exe, CommandLine: C:\Recovery\wininit.exe, CommandLine|base64offset|contains: , Image: C:\Recovery\wininit.exe, NewProcessName: C:\Recovery\wininit.exe, OriginalFileName: C:\Recovery\wininit.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Recovery\wininit.exe, ProcessId: 7492, ProcessName: wininit.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Recovery\wininit.exe, CommandLine: C:\Recovery\wininit.exe, CommandLine|base64offset|contains: , Image: C:\Recovery\wininit.exe, NewProcessName: C:\Recovery\wininit.exe, OriginalFileName: C:\Recovery\wininit.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Recovery\wininit.exe, ProcessId: 7492, ProcessName: wininit.exe

Persistence and Installation Behavior

Sigma detected: Schedule system process

Source: Process started

Author: Joe Security: Data: Command: schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 7 /tr "'C:\Recovery\wininit.exe'" /f, CommandLine: schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 7 /tr "'C:\Recovery\wininit.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\DVuCnBrdbI.exe", ParentImage: C:\Users\user\Desktop\DVuCnBrdbI.exe, ParentProcessId: 764, ParentProcessName: DVuCnBrdbI.exe, ProcessCommandLine: schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 7 /tr "'C:\Recovery\wininit.exe'" /f, ProcessId: 7380, ProcessName: schtasks.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: DVuCnBrdbI.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\Default\Downloads\upfc.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Windows Photo Viewer\en-GB\Idle.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Users\user\3D Objects\WmiPrvSE.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Recovery\Registry.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Users\user\AppData\Local\Temp\vgX27OamF2.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Windows\Downloaded Program Files\lsass.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Recovery\wininit.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984

Found malware configuration

Source: 00000000.00000002.1686893087.0000000012F31000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: DCRat {"SCRT": "{\"i\":\"%\",\"6\":\".\",\"b\":\" \",\"0\":\"#\",\"H\":\"&\",\"9\":\"-\",\"v\":\")\",\"S\":\"(\",\"d\":\"~\",\"m\":\"@\",\"L\":\",\",\"W\":\"_\",\"N\":\">\",\"5\":\"$\",\"A\":\"^\",\"Z\":\";\",\"C\":\"*\",\"y\":\"`\",\"I\":\"|\",\"e\":\"!\",\"J\":\"<\"}", "PCRT": "{\"D\":\"*\",\"E\":\"(\",\"Q\":\"<\",\"U\":\"^\",\"R\":\"&\",\"F\":\"-\",\"0\":\"@\",\"V\":\"%\",\"1\":\",\",\"I\":\"$\",\"W\":\"_\",\"j\":\";\",\"Z\":\">\",\"n\":\")\",\"v\":\"!\",\"d\":\"|\",\"p\":\"`\",\"w\":\" \",\"J\":\".\",\"B\":\"#\",\"N\":\"~\"}", "TAG": "", "MUTEX": "shddsfhdsfhsdfhdsfuidshfkjdshhjodsghdshfjklsdhfljkdshkjldsfhglskdhglfsdjkhgldshglsdfjhgldjfhdlhnvudfhgkldjfhgkjldfshglkfdhgjkdfhvdkghkdfjhgsldfkhgidsfhggggjrbufdngvklhgkdfhgs", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false, "H1": "http://golovkcc.beget.tech/@==gbJBzYuFDT", "H2": "http://golovkcc.beget.tech/@==gbJBzYuFDT", "T": "0"}

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	ReversingLabs: Detection: 81%
Source: C:\Program Files (x86)\Windows Photo Viewer\en-GB\Idle.exe	ReversingLabs: Detection: 81%
Source: C:\Program Files\Common Files\qJBfikDNRbrkF.exe	ReversingLabs: Detection: 81%
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	ReversingLabs: Detection: 81%
Source: C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe	ReversingLabs: Detection: 81%
Source: C:\ProgramData\Packages\qJBfikDNRbrkF.exe	ReversingLabs: Detection: 81%
Source: C:\Recovery\Registry.exe	ReversingLabs: Detection: 81%
Source: C:\Recovery\qJBfikDNRbrkF.exe	ReversingLabs: Detection: 81%
Source: C:\Recovery\wininit.exe	ReversingLabs: Detection: 81%
Source: C:\Users\Default\Desktop\qJBfikDNRbrkF.exe	ReversingLabs: Detection: 81%
Source: C:\Users\Default\Downloads\upfc.exe	ReversingLabs: Detection: 81%
Source: C:\Users\user\3D Objects\WmiPrvSE.exe	ReversingLabs: Detection: 81%
Source: C:\Windows\Downloaded Program Files\lsass.exe	ReversingLabs: Detection: 81%
Source: C:\Windows\SchCache\csrss.exe	ReversingLabs: Detection: 81%
Source: C:\Windows\TAPI\WmiPrvSE.exe	ReversingLabs: Detection: 81%
Source: C:\Windows\Temp\Crashpad\reports\WmiPrvSE.exe	ReversingLabs: Detection: 81%

Multi AV Scanner detection for submitted file

Source: DVuCnBrdbI.exe

ReversingLabs: Detection: 81%

Machine Learning detection for dropped file

Source: C:\Users\Default\Downloads\upfc.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Windows Photo Viewer\en-GB\Idle.exe	Joe Sandbox ML: detected
Source: C:\Users\user\3D Objects\WmiPrvSE.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Joe Sandbox ML: detected
Source: C:\Recovery\Registry.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Joe Sandbox ML: detected
Source: C:\Windows\Downloaded Program Files\lsass.exe	Joe Sandbox ML: detected
Source: C:\Recovery\wininit.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: DVuCnBrdbI.exe

Joe Sandbox ML: detected

Source: DVuCnBrdbI.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Directory created: C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Directory created: C:\Program Files\Windows Mail\6ed216578b75a5	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Directory created: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Directory created: C:\Program Files\Internet Explorer\6ed216578b75a5	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Directory created: C:\Program Files\Common Files\qJBfikDNRbrkF.exe	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Directory created: C:\Program Files\Common Files\6ed216578b75a5	Jump to behavior

Source: DVuCnBrdbI.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: http://golovkcc.beget.tech/@==gbJBzYuFDT

Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000003759000.00000004.00000800.00020000.00000000.sdmp

String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\TAPI\WmiPrvSE.exe	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\TAPI\WmiPrvSE.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\TAPI\24dbde2999530e	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\Downloaded Program Files\lsass.exe	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\Downloaded Program Files\lsass.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\Downloaded Program Files\6203df4a6bafc7	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\SchCache\csrss.exe	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\SchCache\csrss.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\SchCache\886983d96e3d3e	Jump to behavior

Source: DVuCnBrdbI.exe	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: qJBfikDNRbrkF.exe.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: WmiPrvSE.exe.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: qJBfikDNRbrkF.exe0.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: WmiPrvSE.exe0.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970

Source: DVuCnBrdbI.exe, 00000000.00000002.1689297652.000000001B920000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs DVuCnBrdbI.exe
Source: DVuCnBrdbI.exe, 00000000.00000002.1689528002.000000001BEA4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs DVuCnBrdbI.exe
Source: DVuCnBrdbI.exe, 00000000.00000000.1631738070.0000000000D58000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs DVuCnBrdbI.exe
Source: DVuCnBrdbI.exe, 00000000.00000002.1689251818.000000001B900000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs DVuCnBrdbI.exe
Source: DVuCnBrdbI.exe, 00000000.00000002.1691078613.000000001C486000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs DVuCnBrdbI.exe
Source: DVuCnBrdbI.exe	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs DVuCnBrdbI.exe

Source: DVuCnBrdbI.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: DVuCnBrdbI.exe, B3PiA5SFPK5Zw4KAPEo.cs	Cryptographic APIs: 'CreateDecryptor'
Source: DVuCnBrdbI.exe, B3PiA5SFPK5Zw4KAPEo.cs	Cryptographic APIs: 'CreateDecryptor'
Source: DVuCnBrdbI.exe, KXjbPlwRN4DQenO4GDH.cs	Cryptographic APIs: 'TransformBlock'
Source: DVuCnBrdbI.exe, KXjbPlwRN4DQenO4GDH.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@36/54@0/0

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe

File created: C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe

Jump to behavior

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe

File created: C:\Users\Default\Desktop\qJBfikDNRbrkF.exe

Jump to behavior

Source: C:\Windows\TAPI\WmiPrvSE.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\b646ff99111bcf432bf796ccea30e257e4449700

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe

File created: C:\Windows\Temp\Crashpad\reports\WmiPrvSE.exe

Jump to behavior

Source: DVuCnBrdbI.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: DVuCnBrdbI.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: DVuCnBrdbI.exe

ReversingLabs: Detection: 81%

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe

File read: C:\Users\user\Desktop\DVuCnBrdbI.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\DVuCnBrdbI.exe "C:\Users\user\Desktop\DVuCnBrdbI.exe"
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe'" /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 6 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 13 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Users\Default\Desktop\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 14 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 12 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 13 /tr "'C:\Windows\TAPI\WmiPrvSE.exe'" /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Windows\TAPI\WmiPrvSE.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 8 /tr "'C:\Windows\TAPI\WmiPrvSE.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 8 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 13 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 11 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 7 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 7 /tr "'C:\Recovery\wininit.exe'" /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\Recovery\wininit.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 13 /tr "'C:\Recovery\wininit.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 14 /tr "'C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe'" /f
Source: unknown	Process created: C:\Recovery\qJBfikDNRbrkF.exe C:\Recovery\qJBfikDNRbrkF.exe
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe "C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe"
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 14 /tr "'C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Recovery\wininit.exe C:\Recovery\wininit.exe
Source: unknown	Process created: C:\Recovery\wininit.exe C:\Recovery\wininit.exe
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\Idle.exe'" /f
Source: unknown	Process created: C:\Windows\TAPI\WmiPrvSE.exe C:\Windows\TAPI\WmiPrvSE.exe
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\Idle.exe'" /rl HIGHEST /f
Source: unknown	Process created: C:\Windows\TAPI\WmiPrvSE.exe C:\Windows\TAPI\WmiPrvSE.exe
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\Idle.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Recovery\wininit.exe	Section loaded: mscoree.dll
Source: C:\Recovery\wininit.exe	Section loaded: kernel.appcore.dll
Source: C:\Recovery\wininit.exe	Section loaded: version.dll
Source: C:\Recovery\wininit.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Recovery\wininit.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\wininit.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\wininit.exe	Section loaded: uxtheme.dll
Source: C:\Recovery\wininit.exe	Section loaded: windows.storage.dll
Source: C:\Recovery\wininit.exe	Section loaded: wldp.dll
Source: C:\Recovery\wininit.exe	Section loaded: profapi.dll
Source: C:\Recovery\wininit.exe	Section loaded: cryptsp.dll
Source: C:\Recovery\wininit.exe	Section loaded: rsaenh.dll
Source: C:\Recovery\wininit.exe	Section loaded: cryptbase.dll
Source: C:\Recovery\wininit.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: mscoree.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: apphelp.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: uxtheme.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: windows.storage.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: wldp.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: profapi.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: cryptsp.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: rsaenh.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: cryptbase.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: mscoree.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: uxtheme.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: windows.storage.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: wldp.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: profapi.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: cryptsp.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: rsaenh.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: cryptbase.dll
Source: C:\Windows\TAPI\WmiPrvSE.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Directory created: C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Directory created: C:\Program Files\Windows Mail\6ed216578b75a5	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Directory created: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Directory created: C:\Program Files\Internet Explorer\6ed216578b75a5	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Directory created: C:\Program Files\Common Files\qJBfikDNRbrkF.exe	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Directory created: C:\Program Files\Common Files\6ed216578b75a5	Jump to behavior

Source: DVuCnBrdbI.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: DVuCnBrdbI.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: DVuCnBrdbI.exe

Static file information: File size 1063936 > 1048576

Source: DVuCnBrdbI.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x100200

Source: DVuCnBrdbI.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: DVuCnBrdbI.exe, B3PiA5SFPK5Zw4KAPEo.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: DVuCnBrdbI.exe, YDCBNdBCBGBEhtCfgSo.cs	.Net Code: bvb8Ula62E System.AppDomain.Load(byte[])
Source: DVuCnBrdbI.exe, YDCBNdBCBGBEhtCfgSo.cs	.Net Code: bvb8Ula62E System.Reflection.Assembly.Load(byte[])
Source: DVuCnBrdbI.exe, YDCBNdBCBGBEhtCfgSo.cs	.Net Code: bvb8Ula62E

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Code function: 0_2_00007FFD9BAB00BD pushad ; iretd	0_2_00007FFD9BAB00C1
Source: C:\Recovery\qJBfikDNRbrkF.exe	Code function: 29_2_00007FFD9BABC7F7 push ebp; retf	29_2_00007FFD9BABC816
Source: C:\Recovery\qJBfikDNRbrkF.exe	Code function: 29_2_00007FFD9BABC7D7 push ebx; retf	29_2_00007FFD9BABC7E6
Source: C:\Recovery\qJBfikDNRbrkF.exe	Code function: 29_2_00007FFD9BAB8CCA push ebx; retf	29_2_00007FFD9BAB8CCB
Source: C:\Recovery\qJBfikDNRbrkF.exe	Code function: 29_2_00007FFD9BAB00BD pushad ; iretd	29_2_00007FFD9BAB00C1
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Code function: 31_2_00007FFD9BAD00BD pushad ; iretd	31_2_00007FFD9BAD00C1
Source: C:\Recovery\wininit.exe	Code function: 33_2_00007FFD9BAC00BD pushad ; iretd	33_2_00007FFD9BAC00C1
Source: C:\Recovery\wininit.exe	Code function: 34_2_00007FFD9BA900BD pushad ; iretd	34_2_00007FFD9BA900C1
Source: C:\Windows\TAPI\WmiPrvSE.exe	Code function: 36_2_00007FFD9BAC00BD pushad ; iretd	36_2_00007FFD9BAC00C1
Source: C:\Windows\TAPI\WmiPrvSE.exe	Code function: 38_2_00007FFD9BAC00BD pushad ; iretd	38_2_00007FFD9BAC00C1

Source: DVuCnBrdbI.exe, RIptap8U06SPwBwNiUH.cs	High entropy of concatenated method names: 'EcymbsH0ls', 'Qttm9nC5bd', 'OtFmqrlnpn', 'ALUmo8Hq94', 'UKOJAjlWVaYO9EgANM5', 'xCHXK3lh7AJqTyC1X01', 'vqKYEAlrUOSqMgGJugG', 'WNJTfhlPbDHfMoyfDFh', 'SgFswbljhIj4N4HZVJ6', 'nvbngllGY12uPOn9uTw'
Source: DVuCnBrdbI.exe, PiJ5AZwybNDDwdXiLT9.cs	High entropy of concatenated method names: 'odTp1BxMy5', 'MKdp3HOEPe', 'e6ipyIUYc1', 'XiPpt3a6HE', 'BCtprAO4yC', 'BK2Nx7opwWkYb27w70F', 'ym4PeBoqbNgx5iwmRvh', 'PAoqoVokoLArI7sHVjd', 'fvyseaozDfRgfdeMgot', 'keI4NT3vrhldegFqvrp'
Source: DVuCnBrdbI.exe, DGw84fJ93U16kRNDZa.cs	High entropy of concatenated method names: '_88Z', 'YZ8', 'ffV', 'G9C', 'M1LnQ7R84t7cs3nc29s', 'VDMmuNRg29P9bexd6wp', 'nnlCODR0Cr30IlByb3i', 'jnOEvCROBJwIpWqeBTd', 'eCxeoDR9kDlSMXEGtuy', 'xeddr9R16BKZgkxneEP'
Source: DVuCnBrdbI.exe, yyd2HDVCSYIOeJ1qXMB.cs	High entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'kdqsZZssPXED1eDnRmM', 'LWeFsrsa4LL5Rtc3GjI', 'SeZu8Dsmj4plcfYY2Sx', 'bi6ZQ9sidoweAfEHrBJ', 'wQo5GcsEBvDrknS77Oa', 'y67lFosZcSbRFiRU8an'
Source: DVuCnBrdbI.exe, Lv9D5r8jNHiLwMkW2am.cs	High entropy of concatenated method names: 'MUSCOjqdDM', 'rLBCE4CBmF', 'oJZCHTHXkP', 'vLscIdHCHWOGYftbq3w', 'l1GefAH3h9SwUuZZkUs', 'rv7uEyHtHs2tfm8rgHf', 'O2RWqnH8NRH03PTFBYj', 'lPsCwlKM6i', 'vpgCSDSWom', 'DEaCmMfosV'
Source: DVuCnBrdbI.exe, TsJXVGB1pi8XV69VHsV.cs	High entropy of concatenated method names: 'rHb4FutkGm', 'UPB4Uvn0V0', 'qWLx9BIMfYU1stKQmkL', 'DjM1KPI54ZVPl8oKMbC', 'SyRtdJIygFuKmMGSUhC', 'YsfYifI7O1dTdEBadxG', 'IoyMa6IevjRKIZqfrv8', 'dc5hlxIA2sA4A67BCgJ', 'zhVc09I41aiZfvT4QN3', 'oXmoerIBSbPmJG37ZmT'
Source: DVuCnBrdbI.exe, RMjLB443CBmFEJZTHXk.cs	High entropy of concatenated method names: 'SKmQIlAyv1', 'jIKQn9hvRp', 'C95QMKvehv', 'j5uQZdiLSI', 'v60Qhplu9r', 'bW9S3TehnGViAabEuu5', 'cCXfDuerU5N1JfCdqJl', 'hnGL8OejUrvvjLs2vlp', 'caRQb5eW3GeY27HXDYH', 'PQhqh7eG7wsIaLv5aig'
Source: DVuCnBrdbI.exe, oX9EytVQtZh52H4sZXh.cs	High entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'RPyce7sAvAtcZxJU4Aa', 'zW9n0Ls4Q6gLivsIDMH', 'r3oevbsB0lDnKhqkaVd', 'd9gb7ysDpve7nZEQHH7', 'UFntiKsKvxRlJuBfA2f', 'WXsxOssPxCJVfKfJd88'
Source: DVuCnBrdbI.exe, givdP48zX9266M1M3yn.cs	High entropy of concatenated method names: 'WxpsYEw7me', 'n83s5Ofc7q', 'pINsWNftv3', 'qyAO3ZM3jqMkSISRZ2k', 'kVHpKvMtgW2745X3oVu', 'ApKgDPMS9lA5WAphWZ9', 'TEyGnlMoVffHpEHTnpQ', 'Y8NGu5MCKpRMit1XeMd', 'aupPBVM8lJAh821morD', 'oTUeJuMgGMLUxgoCSh3'
Source: DVuCnBrdbI.exe, rlmZAJ84kmg5MhqKxAO.cs	High entropy of concatenated method names: 'nEHSlda3bk', 'T77SbG1jDH', 'tqLS96MnCX', 'sYMSqM91rw', 'kDeSo3h1Lb', 'giySaKkEJx', 'Q3KRQ7TBQLOJNfU3b0G', 'Pkm4u3TAuFxDJHcv4ul', 'lkYcv5T4joHb52dsjcC', 'Lr9hHOTDg5XwEs8MfkN'
Source: DVuCnBrdbI.exe, fS9lV0NALvr0R00Zpp.cs	High entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'IfYTux8xs', 'SLxoWebTybBTMVCM5Rv', 'jGHDY1bcvyG7wmG2vFE', 'qmGpLlblOopdxkbtrUW', 'XaxLOYbHGIyIXYJNGFG', 'QToU9HbyKIDi4tOnLCR'
Source: DVuCnBrdbI.exe, YFeStGVDPL3qTJhpYK3.cs	High entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'OfFcUEElfXA7470jVpX', 'RTrBisEH56HqVZxMOtX', 'QgnZJ8EyFluQefwrB93', 'W7hhN2E7J1lFFapqXys', 'LiA2qLEMX9cBHBKt71i', 'sgTpeRE5GQwFarJWhkW'
Source: DVuCnBrdbI.exe, iR6DIcvK6Br1GVeoF18.cs	High entropy of concatenated method names: 'PVWP42J0uQ', 'goGPvuge3n', 'FmOPwAvVWc', 'YQqPSSspZy', 'imBPmdk3QM', 'Op1PCcU8P6', 'gE2PsUWk1p', 'wx5Pf5Ffh6', 'uPXPeUPta1', 'pNVPQCgMrJ'
Source: DVuCnBrdbI.exe, LSV1q98sQGeJU21BfXC.cs	High entropy of concatenated method names: 'FmwmImEhS4', 'e4CmnFyHJo', 'VSYmM9CDTv', 'o1QrjNl6a1Qm9Ad6vWh', 'nybKsZlxxRElgYbjiOp', 'F2q3fYlUaWXacUxXRce', 'xdMZnGlIEfGXfpNoB6G', 'JqHmOtJtqr', 'otemEVyaGt', 'U6imHYlX3f'
Source: DVuCnBrdbI.exe, cvjduLzXfg3obMTxRn.cs	High entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'DWY8UvnJEOvPnXr6oWk', 'B7TO7anVs7oiWBhHkCs', 'S30OvPnRI2xSMi7UFDu', 'lBjDcinn3sTgg5X0cof', 'asGEtKnsdAKAkNEZ6hw', 'G14TGGnawo8b8VXT05b'
Source: DVuCnBrdbI.exe, QtO5xPVXrrnxoHlMU9E.cs	High entropy of concatenated method names: 'lprBVJQUum', 'VPqBByTOcT', 'PAjB8WpmNV', 'rw33n4iLgNUI5fMKCxE', 'ethcFgiFyi8OMaqhGaA', 'O8jYoNi9rTc7cDqqFnt', 'TuMWdqi1BIxhmFUy3BY', 'NTPq6xi2cb60c1TKeRs', 'GCWSk2ifj1HvBtfykYb', 'TFXn2wiwUhrtXwMhGYT'
Source: DVuCnBrdbI.exe, vyQecCAsSDJC5cC4ag.cs	High entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'wfRVYRRIXrdZbBRXgeI', 'Apl7yNRdBYJO9wmi9Mh', 'VEi9whRY479nJSEwOKP', 'dPnZp1RQhpTFTTOqd9Z', 'lqFwbvRNjLTSNPBdGxt', 'I2IajsRT34lccZhJU4U'
Source: DVuCnBrdbI.exe, yEw7me4LO83Ofc7qHIN.cs	High entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
Source: DVuCnBrdbI.exe, ALU8Hq4C942vGx2Bcp4.cs	High entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
Source: DVuCnBrdbI.exe, hgUJYtlCsnx0meOsyo.cs	High entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'dFwYNLVE6BBg6OBu96P', 'ScJB8FVZ6goqS6TGf5j', 'GU0ebLVxZ2MsrlaQtHf', 'ehFBZWVU7Zl1CeGK6fv', 'I4OmfqV6oSoCeilmDyq', 'QZDwfrVIXmjw8aQjfTZ'
Source: DVuCnBrdbI.exe, rHxUoRw7o4aviqc5OaG.cs	High entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
Source: DVuCnBrdbI.exe, LQ4siXVrB9PucdpOnLG.cs	High entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'cvWt3sahuB2gH8DSOK9', 'JySWqoarGrwUdiOdPAl', 'tAqO5xaGxC7ksCc6UsV', 'GfT7CpaX7UDXbgKk3fa', 'mBS96saSM2fqsimKTet', 'ClWDdlaodqeagnUFe4b'
Source: DVuCnBrdbI.exe, NkQLRMtKijBjITN1cD.cs	High entropy of concatenated method names: 'coCkEvsOZ', 'TphP16iVQ', 'xTMprxNYv', 'Xay7nKLfZ', 'N7pYLJmwY', 'cHQ5G0uVe', 'uurWxBxC4', 'HiDdQhuakc5TBGwU5HO', 'GXFUZwum7c3e17bAC2B', 'bHdhBpui9hDCJKQT6FH'
Source: DVuCnBrdbI.exe, MordIxv7o9STdbW4EpU.cs	High entropy of concatenated method names: 'o2WkiH3K8a', 'vTfkTIYrpT', 'Mc5kXxXIsZ', 'vuIklpo4Yf', 'tt9kbegNPw', 'jQIr04G4YsGTwSLVtOf', 'GcvAEHGewUbA5RlY3QC', 'V80RIgGAkE49HBTAtHb', 'dKnlAaGBngqWquhhiTD', 'YqrfujGDOfC9Fmfgohq'
Source: DVuCnBrdbI.exe, hc3iAEw58Cj1gLtoEe5.cs	High entropy of concatenated method names: 'bM87CiUYZi', 'GbV7sFs0ic', 'Dnx7filbU8', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'Tpn7ei722W'
Source: DVuCnBrdbI.exe, ku0MBMV0giKJuSYtAMH.cs	High entropy of concatenated method names: 'SrBVqsbVpr', 'puxC8LibaRTunG5HDTZ', 'RDIXEniJWO5k2rYXMZ4', 'Mr8cUAiviF0f9IFxCbA', 'Cr64RtiuvrLAWWBKHht', 'X3NDWIiVFVqH4AdhWUi', 'rV7pIRiR1H1SksdXwvW', 'oy9XtminWMAjE5e3k26', 'TCsVaSDJC5', 'dqCPBkimlsCUWeLYACS'
Source: DVuCnBrdbI.exe, tndxQ74fIiv7SPqqLkE.cs	High entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
Source: DVuCnBrdbI.exe, jEXlMPv8UHtCOIqOJCJ.cs	High entropy of concatenated method names: 'GJytyrjyHeADGLkIwlY', 'wVv5Adj7lxJ4BKyLsF7', 'dTrolDjlwxqj2IkwNuH', 'F0deKMjH9g0jUoNKpRP', 'aEZ1kneNJB', 'J7slrRjeN3mcsVREemb', 'pNUB41jA8YbPRwXqkcx', 'aIx3sGjMTRrUJ2AOXfw', 'FvIEQQj5yDB4Bjj1AJO', 'IfWTigj4mhcIISgYg6D'
Source: DVuCnBrdbI.exe, qPld2gVvHQZC3t2t83Y.cs	High entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'RawbVKngOLB7mbC8qb8', 'xXTePrn0SmreFBm7yTV', 'ti31IAnO3yBdgCyXeZ4', 'NBt2RBn9IgvII8Lh1yW', 'HAvcaln1Nv0FI8UKljd', 'UPyi29nLKX3eqi071hd'
Source: DVuCnBrdbI.exe, H0QrRZVjPVk0W0fdZuH.cs	High entropy of concatenated method names: 'AtCVWsnx0m', 'P0gyA5aQYpELnkRaZlT', 'nE7BxHaN7bJZGrDSDZH', 'UAhOkvadkbtRyrRkSfk', 'EgDPH7aYKgGbtav6ZIq', 'An1WDLaT8MlV4vjejgi', 'GmItuEacEurUA27b3TB', 'BGeTj5alxolYWjfnLhN', 'JKvoaUaHnDUuT4KgItG', 'f28'
Source: DVuCnBrdbI.exe, yiR6J68lAuKTplAkGy7.cs	High entropy of concatenated method names: 'sg9', 'GegX24Sd1c', 'daiCLwfgAE', 'SOdXJ7i4uP', 'acSy9MyOSu04mTYMNdU', 'tpYqlWy9gmXnolQuO23', 'RZs40Ky1jhIDOJFC76U', 'T9ngpxygSsNTWFFDr0d', 'M6sMWOy0jVamxNKZ11H', 'TVREuXyLT1BEI3D1RRY'
Source: DVuCnBrdbI.exe, SGtS6GBngGbWqofnHDI.cs	High entropy of concatenated method names: 'CAGvWtS6Gg', 'DdZUXEYqrheDTvyTAij', 'lQE0sdYkViHPgff6dWs', 'eH9eDZYwEjw5WCdqTjd', 'OLMNwWYp5dk5ySyDihy', 't44Bo1YzIaABJQ6c1fE', 'q25AS7QvRZTLkWApsqq', 'IeatifQu6ZmaqqWnyMH', 'pmlBtgQbVLmdyvmqCPE', 'ctcuvNQJ4YE5GLaBOUv'
Source: DVuCnBrdbI.exe, sHcJnfVEgiZPHfdDGRd.cs	High entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'I3wKKYsFFaAdeab10LA', 'AFkPjHs2eju6rxqdc5O', 'x6caIXsfYNYVyB3BCn6', 'no70vGswnR2N2snMRHm', 'eCMg4NspJb0UHZatJqH', 'hQQ9G6sqfQ3FZxEDfVu'
Source: DVuCnBrdbI.exe, gVQRl04vLDrtRti3n9Y.cs	High entropy of concatenated method names: 'vLTeHy7oiU', 'qEZrxr5NDo4SaDf06P9', 'DSpeLn5TlSZwk3JVXmM', 'hmGQrU5YowvUa9Uf4pU', 'QRo21K5QPipHhY4U3If', 'Ih6s017KVo', 'EcKsNKFI50', 'JkEsgG5cDX', 'NoYsIM2h7b', 'XcLsnwu1GT'
Source: DVuCnBrdbI.exe, qoojHgVofb3ALJ41uLS.cs	High entropy of concatenated method names: 'Oc1BfsECpT', 'VpcBeuH6G7', 'nUEBPyEZXUBsOwb9WqX', 'nEJHONEiTXWYbbRYKkm', 'hXXjibEEGKXuaxMRE3j', 'gm5FPLExjBgDsLwRW6T', 'vIBR1LEUfI3jnuxSpP0', 'H7QJCiE6M8cEKUAiCvb', 'mEDsagEILc1vtCYmbfG', 'NgCZfrEdLbnFmuqm8Tu'
Source: DVuCnBrdbI.exe, X05Xnlv0RaSYmk2k2Hq.cs	High entropy of concatenated method names: 'XIXkaKxmZO', 'fRVkDfVj7P', 'MwCk6Xmt8g', 'xKjCvjGoxxcgdYTMpqR', 'D9WLqpGXU54cmhODmNZ', 'dSUK6DGSKGNBd6bU0Ba', 'OD7JcfG3qh5IWLtZZUI', 'epmcUJGtxlvDR4h43Za', 'wOSIlPGCXU6ZE6EksE8', 'da9o0lG8si7xYWkThyp'
Source: DVuCnBrdbI.exe, pxKvak4dWUvW3R9TSi1.cs	High entropy of concatenated method names: '_7zt', 'oAEQjOtwkp', 'k5YQ1BEpKm', 'ct8Q3bLtnR', 'olUQyfnj3p', 'LYqQtnL24T', 'JTgQrFuZ5h', 'EC9DM0eyCSwEOAGFGjQ', 'Cad9cke7XSjIY4hStFU', 'FMbF2relZjLpX1c2h1u'
Source: DVuCnBrdbI.exe, GVgtPs472aDxRxCkP69.cs	High entropy of concatenated method names: 'cgAFINx4ot', 'Q5IFnqulrd', 'ub4FM0TD1c', 'u1tFZcR9tW', 'D4RFhE9Mme', 'FQvnjGATrhs68DgZVke', 'WoXkKrAQN0FfRQny8Oy', 'UPliOUANFS8nHxyspcn', 'gFuWraAc1XRdSriDuiS', 'JD3nGmAlrw3swIv3y3u'
Source: DVuCnBrdbI.exe, F0ZwPa8obhBRGd6MvZt.cs	High entropy of concatenated method names: 'oYo', '_1Z5', 'hToX0BtyGs', 'Ok6s4JAuRF', 'UPxX70NTJG', 'Lvnu0b7Ucle48dZ3Vec', 'YugiKR76lRpU8iADX1i', 'cRHftb7IKLwgolc1RhC', 'h3envg7dtpvp5vnqfre', 'uXEi2T7YKJetI8G61sy'
Source: DVuCnBrdbI.exe, xslKM64HitpgDSWomNE.cs	High entropy of concatenated method names: 'wamQ4OfUk4', 'O7vQvPo51U', 'ghyQw5myI5', 'fkMrHoeYU6hiFeHTvwl', 'mw2RdGeQkfpQf3EuvP0', 'ftkVX1eIrI3hajPgHf3', 'Na2UGEedBCEiuVFTh8H', 'sKH0QqeNKtaxJhsCQT3', 'dnWy8PeTsuNwxE4pqdY', 'bCqwSXecOKbyV7pwhcM'
Source: DVuCnBrdbI.exe, w7Byry4xl2Gv3GCYMSC.cs	High entropy of concatenated method names: 'BLqUL0O9Cx', 'ApZUnC2pYD', 'MNMUMNfWIm', 'OEBUZajgNY', 'RJFUhHQm5P', 'nMtUiyjH4K', 'Yw3UTlf6YR', 'GNiUXE2m4T', 'qvPUlUgULe', 'LaNUbsci1L'
Source: DVuCnBrdbI.exe, BKmBCNwaqyfMR0cEu2Q.cs	High entropy of concatenated method names: 'jHR', 'B92', 'gwbWxdCkSM79QEtCLqR', 'B1PPVmCzWPUVASIZoTW', 'I4klJc8vp6DeYXE2pVe', 'uPMowD8usZ7KLyqILfy'
Source: DVuCnBrdbI.exe, YO7ZWZVSHisLDSV9L9d.cs	High entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'fTop7JnfxLQek279AQb', 'dNj2AYnw6HSC0ens1LI', 'KeZSIhnpPwxMk3DRLD6', 'Ew7pvOnqErA4cpNEnJ4', 'xPpxn4nkAnqwtBgxKgO', 'PdYgkDnz0sgkxwSQbmH'
Source: DVuCnBrdbI.exe, VPw0KGp6XdNFDHOFwY.cs	High entropy of concatenated method names: 'hcVnJYb5c', 'F3cMhHUCp', 'hphZsNIwi', 'qfGXgQuXKkpjVBqYNCg', 'PPZZ3furNPNId5PcjqD', 'YBYsjeuGx3vAiP8SZFd', 'ebedDruSM55gA8qeWOA', 'Uts6Oouot0Tj2PBCOZO', 'u0NXqYu3N2U3240rQwO', 'oFsknautWvOVk9ROQCK'
Source: DVuCnBrdbI.exe, ivQgfOvu9WBfdrHvID2.cs	High entropy of concatenated method names: 'SgwPYrUg2Z', 'Q1yP5EDlyV', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'KtdPWdUH4s', '_5f9', 'A6Y'
Source: DVuCnBrdbI.exe, JBmFAhVnNJQD3goIYHj.cs	High entropy of concatenated method names: 'FoDVxJJvQD', 'ILFXDLiMk06Cnlf6j7D', 'IYFXpLi5m0DfjnZbfjR', 'GSOmqGiygnbCQQdl3Yj', 'HEhXjti7MI5u8qPDhJx', 'skx7HOieF2ZnhZKoLjM', 'QLw', 'YZ8', 'cC5', 'G9C'
Source: DVuCnBrdbI.exe, BkaNGtwNtHcvnsjC0AQ.cs	High entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'DVR7PkyGZU', 'pxL7pmK0eR', 'rmd7789uuh', 'ctW7YXJbQA', 'dBs75Q1I4N', 'eXO7WbNXfc', 'STOmCftGoRIo3gDQukh'
Source: DVuCnBrdbI.exe, mBPngCVhH19ZSlocmdy.cs	High entropy of concatenated method names: 'm16VLkRNDZ', 'YRUJpdiGTux5Xj7rBLI', 'jkVueIiXeYXMHZmJLSX', 'IPCn34ihHKSaIghnwrS', 'a6YVduirmfYJSNWIgOY', 'QAMeMDiSY3uPv7dDQCZ', '_3Xh', 'YZ8', '_123', 'G9C'
Source: DVuCnBrdbI.exe, lgQLEmLFprJQUumKPq.cs	High entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'HT45sWR2T7RT9HZEBe2', 'fV84FoRfFIhXDbPAxUv', 'bQuWewRwbLZqQIkdEux', 'W5SqTvRplkLhGJ7R2Yx', 't8PZJ8RqwdchAoXEEpA', 'fdg2WlRkxANPx0xN6fa'
Source: DVuCnBrdbI.exe, aSVc2nVynko4Mai6AE5.cs	High entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'chpglJaMiKfr2U6gryo', 'M6VOWwa5NTGwgRxeAns', 'VWBXl2aexWMZ6ruhSPO', 'BspyZWaAVjdk9oGTIsw', 'si4Y3Ta4Uh6bJ8wgUYp', 'YQ2NFraBlSWGUpsxnce'
Source: DVuCnBrdbI.exe, hSGtHB9U8l7pUja4CK.cs	High entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'lZ8GV3VQ9aXUnufaOkf', 'o7q7EcVN060RPrve7e3', 'K4oG5EVTHHCAjmwEKF8', 'q6CirMVc18PQgfJJoMv', 'FN22WqVlsawb91FHwsO', 'VayVC1VHUs2UEqMZ3VS'
Source: DVuCnBrdbI.exe, gfBTFgDDcun2u6c0JV.cs	High entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'BClhCSRnTAiNFQvRH3l', 'JdHAXdRsFO3eP3pssX7', 'XYB9qCRaAvweJXU3qgA', 'SfVlknRmcUhiBtf7FUg', 'Ng56DkRiuSRQxZCPaDd', 'py6HRUREF0nVshX6kTw'
Source: DVuCnBrdbI.exe, XE18VcIBm554oCfhNR.cs	High entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'FIZbAXSDp', 'aoBPodbh8Sf3olZibvO', 'rxBaITbrAuLnLA4Z5QD', 'p60c6gbGVORp5ccX33s', 'pGl8dVbXmlxngpBgu5V', 'GmwX9obSoGAGkDEsEvJ'
Source: DVuCnBrdbI.exe, QO0x1mVPygoruqtH8yc.cs	High entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'gULc71a0xCtaJ9dEGqc', 'MFLBCbaOtsBtQWSOpwY', 'wcvVHRa987CvCnaVY5Y', 'CvgpIja13IN6ecppYPL', 'L7qf7jaLBe6rVsaTgiu', 'XUKsumaFBkEL4y2PFgv'
Source: DVuCnBrdbI.exe, A5llBkV7iDdTyDnupOP.cs	High entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'rTVvKUakQJJDnVbONLj', 'I97X3mazGsuU2djpBYY', 'jxDKipmv1OhSnaIMjvH', 'g7wOfKmuIUumYox6TXc', 'BosXhNmbDq7oVVHUIL8', 'OGgafQmJ1vH4i3PM1xF'
Source: DVuCnBrdbI.exe, YtfqWG8yoa8OD2c3ToD.cs	High entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'cEdjUryU8mZPtsLASSt', 'X8As9Vy6HyeUNn8BD75', 'dW734myIBI1JCFJwMwf', 'Ux7oHkydmq4BWMIOq4V'
Source: DVuCnBrdbI.exe, y4X2xBv2mc5BoR8DQTs.cs	High entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'UEePrsH3kh', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
Source: DVuCnBrdbI.exe, XHf1ZIxRb4YIoDJJvQ.cs	High entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'r1B2HiR4qBnYWmPoYVO', 'EH2YNQRBZ2hslNeRsUB', 'x0far7RDYRkfgqoLuKR', 'E9LVhURKLwsUrbhRyyi', 'KgfJQNRPuDBkhThsCZ2', 'QaqMK8RjM6NbsgRgr2q'
Source: DVuCnBrdbI.exe, AybnK3w9obygkWjGk9F.cs	High entropy of concatenated method names: 'PJ1', 'jo3', 'LcEWChBtRg', 'wPDWs5r71Z', 'y3wWfDx1dn', 'EC9', '_74a', '_8pl', '_27D', '_524'
Source: DVuCnBrdbI.exe, d5iYKX4JtrggK2b3fOB.cs	High entropy of concatenated method names: 'T1cOPDBNTI', 'NItO77aLqo', 'FCnOFtOfbS', 'X6AOU36JuN', 'k7jOOki5na', 'X8cOEZMxTN', 'AjIOHyiYsc', 'H7tOGnaZXQ', 'q7POd0F7sc', 'N5nOjh3A0f'
Source: DVuCnBrdbI.exe, iIOZt9VUUfC8Y3HBLGR.cs	High entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'TxLXwdsSYkjSG8gXTAB', 'WUJDKbsoqBQn2ZbBRA6', 'TsBaS2s3SpFthLhW0TE', 'uFB4HQst9PfHJw3loAF', 'zDDOGPsC1Xed7fCGFE6', 'c5Q7D0s8GJoVRhZZJtb'
Source: DVuCnBrdbI.exe, eRp095wrKvehvf5udiL.cs	High entropy of concatenated method names: 'IGD', 'CV5', 'xVxpkqc0dK', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
Source: DVuCnBrdbI.exe, Ace7My8QAUUI2GccLFD.cs	High entropy of concatenated method names: '_223', 'cW7n3elQX2UCQ4QH9rL', 'acGlBLlNiKv2Tfk0l0V', 'sxmvCIlTs4aweBNcnGr', 'VVnLm4lc9i8r88iFFfG', 'gYpeUcllqGwR352IHhO', 'fOQnm9lHdAgbtn9LFnp', 'OKuOellykUoUo2b1D7u', 'qkZyU9l7mtiPn6TGk3D', 'YxCsmFlMvKYCA3e1VnC'
Source: DVuCnBrdbI.exe, moFQNWvn5UIetFHchWk.cs	High entropy of concatenated method names: 'YpjPRObhyE', 'l324EfGp6JepmBAGx3c', 'T530aIGfgd6Kpsbb2J3', 'xO05JCGw25svUEF9QPi', 'byGLZnGqcvH6yvHW8ya', 'coBgGrGkgsAr4j5VN6r', 'IJ9XUHGzRgrpkL6RYQT'
Source: DVuCnBrdbI.exe, LuKqOT8xM1iqHtJtqrE.cs	High entropy of concatenated method names: '_269', '_5E7', 'y2cXk1R2RP', 'Mz8', 'csZXNHBHDP', 'NMo8Q67LBUpTRuEw5Mq', 'KgI6aO7Ftl3DK772PpN', 'Yqqh2l72flc8YtPKyFG', 'KlG9Uw7fuI2ZQZcJSxf', 'ggDisY7wqyFIDqxcmkc'
Source: DVuCnBrdbI.exe, R8bZRPVJKwFaypbPDbH.cs	High entropy of concatenated method names: 'NcvBjXuO7Z', 'FNIehEZng5PO9eSoxQg', 'QAavXLZsd2FhTNKcC0r', 'YcmAn6ZVEH5FY6hN2rg', 'fGMWyEZRSPqfNiYqWDH', 'jjkKNKZaVNsAM7M7ARG', '_5q7', 'YZ8', '_6kf', 'G9C'
Source: DVuCnBrdbI.exe, aWXw25wIBEfCACPUfrB.cs	High entropy of concatenated method names: 'Dyx6HqCVbWciNfIkDRw', 'ravZqmCR4FVAu7LpKiR', 'UAaWQjCblZ9WauR1cKA', 'AQi1JmCJxIjSaZ44MiA', 'AHx7nTkntV', 'WM4', '_499', 'TV67MgPJJE', 'FR97ZLEJJE', 'aEL7hCiAfu'
Source: DVuCnBrdbI.exe, NU7Fk9wZcq5aJy9xgVf.cs	High entropy of concatenated method names: 'UTb5hRgJdJ', 'o7d3yOCD7jWPKorTQeK', 'iSXmgQCKbltqNRKLnDo', 'k0KymwC4mbH4wDdDLIw', 'HOusp9CBEejmIqVl7B6', '_1fi', 'o5PYA3G6pl', '_676', 'IG9', 'mdP'
Source: DVuCnBrdbI.exe, YDCBNdBCBGBEhtCfgSo.cs	High entropy of concatenated method names: 'QRt8gnFMvO', 'K778IqdBZd', 'Mat8nO5xPr', 'wnx8MoHlMU', 'NE68ZL63Wt', 'sGS8hV6DtS', 'lLF8i5fSgv', 'KjXGelUMBF99hBhVFpc', 'nHU3ORUyDfJpbqOPmBq', 'snXc5uU7n97u8xYsjYb'
Source: DVuCnBrdbI.exe, Uch4a9Btkm015d75762.cs	High entropy of concatenated method names: 'mlW43OI9Zt', 'my64yMKpBm', 'upZ4t7Bsg7', 'FUO4rCXQJC', 'jZw4kjbhsT', 'vP6FredvBDXD7hSMieJ', 'sRkqoGdubYI9cOnpxUD', 'zlwsaXIkdZ4xFfIcHxW', 'gspUEhIz9cj5CZFse1L', 'YglAOldbZ7ycQ9UWsCO'
Source: DVuCnBrdbI.exe, YOnnoOBT0pWYipfXwJr.cs	High entropy of concatenated method names: 'CB4wmIQHsG', 'dFIwCWN61B', 'Ou5g79QfTchXL4CUMaB', 'obQ6usQwu1ZmwBkwyZj', 'U8Mbe9QFBXD3xO6fpNe', 'RvRSjkQ26qZDVWdkU82', 'MH4wHeqhOi', 'SdYV2nNvynA6kfrAHLU', 'TLRtZLNuAvEZvSTP56g', 'oYt0aEQkYdVqsCG73am'
Source: DVuCnBrdbI.exe, xlMCeKVGHCd3cj8LArO.cs	High entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'fmNtimav9pYaXsOWh0D', 'AUEAYYau3pVTdeGqZsu', 'g58OtNabjV3YaVeIyli', 'HSq6CIaJlpgeYREdvkr', 'oSg1V8aVYrRKjIqdYeO', 'a7NDnUaRjfXSZ7VyJlN'
Source: DVuCnBrdbI.exe, XCudnwV5CdAXMdDg2Yp.cs	High entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'GXOr3TmrpkyagUirK8v', 'l7dqmNmGBVYrwCwyQXv', 'uWeRiSmX1tqNCAxaw27', 'SqliGTmS7ZayQX4k0pq', 'wyhHxvmoKVJkaw51c2B', 'LtaUMim3h6PIjQ3Sk1s'
Source: DVuCnBrdbI.exe, Dvak0T8Jon5xyKol11T.cs	High entropy of concatenated method names: 'N2hOfPMGM4bjVMABE5C', 'Qt9WXLMXdM48C5AR4Wy', 'BWPbt7MhVtPqkkHEoyd', 'cL4irMMrJ9160Gry6ur', 'IWF', 'j72', 'EpusHQR0c3', 'S7ssG3M3Qu', 'j4z', 'RwIsdplgl2'
Source: DVuCnBrdbI.exe, AYUEweT4hC6RErnDpY.cs	High entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'U4GbxBJwMupiGkl3Jv7', 'ObvQlKJp1QwHFfxTIGK', 'VPCYDyJqEFhu8L8v6Ns', 'vJ7LXsJkCrpp6Jo5G0w', 'fVAULVJzXOQq1VnBPXT', 'v0tMFkVv8tsVh16hGob'
Source: DVuCnBrdbI.exe, Q3gY0ehxGaSsvRk9b8.cs	High entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'h87MLiJr2VuGDPKXgO8', 'ICHOg5JGBAwWm6hmc4N', 'C2gIgcJXBh3vkJcelLW', 'yjqegnJSYkDROGV7OaW', 'lKoR22JoMXhecUImvU2', 'R73Z5pJ3Lw7s5g5SbwP'
Source: DVuCnBrdbI.exe, BXYVq8V8OZ0E49RC78R.cs	High entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'JaTiumnDCSKnmSXPES6', 'nmbgrpnKGoNMSJlUNEh', 'Kv1i2JnPSpAnTMDn389', 'j5E83NnjcsPM1ZmdOhe', 'zvwsa1nWlOd30QGn8y5', 'NwiH7knhVRrKOcxVEsN'
Source: DVuCnBrdbI.exe, LPc6tMvCS3kp5hQ8dXL.cs	High entropy of concatenated method names: 'SUlk1vTrr4', 'Ixsk30WaA3', 'z7mg0vr2WM3QeAyFWKL', 'DIW8pGrfJR8qB6xRuW6', 'ufIXjlrwKLhN3h9ijrd', 'ml1JmDrpCZ3SdtynCpj', 'KBK7jWrqPPtLjdOU9U4', 'EZJo59rkOBoJAhGiqDN', 'it89FHrzFZeMurS7xZr', 'B1BjhJGvArTnZIe7LrT'
Source: DVuCnBrdbI.exe, zKthyiSfTkptl7SJs7d.cs	High entropy of concatenated method names: 'PvpYPdFFYsYw2', 'Crc9i3gIaSSswWONZeW', 'YCsLklgd658B7qhQ4Tb', 'LKfl4ZgY7fYuKrjhHJU', 'XflHJNgQOnhbwcWh6P2', 'taNTb4gNEv2wWoKbUTT', 'bhuxQFgUy0eNuUhWF5i', 'ctVhv6g6TC4OoqTnJMq', 'NHd1KYgTkJm2PBhNwXB', 'j8WKQWgc5snmvaSd1sO'
Source: DVuCnBrdbI.exe, IQjosh8GjRSZcWFuvk5.cs	High entropy of concatenated method names: 'Fivmc7SPqq', 'YkEmxaXb3R', 'mFsmK7bSKK', 'h3XmJ9HxDi', 'Onsm2eWdOa', 'Xr3cXbHn76yymmWvAqx', 'yqJd3iHsdEffVFZlZWF', 'VigZHsHVjsmE9meumPT', 'RFWYdbHRW40fiViKLVq', 'Ri9i3VHaTQvoTvyoROV'
Source: DVuCnBrdbI.exe, WF99MA466yNsjBSgpuQ.cs	High entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'gJsUO7d9ao', 'cOZUE6JOhS', 'r8j', 'LS1', '_55S'
Source: DVuCnBrdbI.exe, syVu7owweJKHQlr4gkP.cs	High entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
Source: DVuCnBrdbI.exe, uC4PdPBHNJh03HyKHgO.cs	High entropy of concatenated method names: 'tAM8L8hJS6', 'xAV8uSuDCV', 'vaM12q6T5mVA6ZFKweW', 'SxTkpY6cZ0hcRtAoNmQ', 'yOYMoW6lZtQ519AsVU3', 'Y2IlhP6HJvYPQe3jlhV', 'F9qRsN6y4ytF9tu1XIa', 'QvmVaA676fAtL1nPYjc', 'KyGAP96M08TSPBesRkM', 'JtpYTy65LSLIEkrMWKB'
Source: DVuCnBrdbI.exe, nuXIZB8kx1c0t9bruaD.cs	High entropy of concatenated method names: 'fn8CgvBiAO', 'Rp2CIhrLJq', 'sc7EMayNkqG7nmrYCYR', 'fF12IRyTW4R7h5uuL9t', 'OQWHTcyYP09nImwcBZf', 'bEn4JSyQZJJuFHCSsCI', 'xGpbduycGmvXNbFyrMs', 'CThp5oylSYZwQfrC3nN'
Source: DVuCnBrdbI.exe, KmsbOA4kD2lnvCOV3iq.cs	High entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'aWXFRw25BE', '_3il', 'jCAFVCPUfr', 'b2LFBNewX0', '_78N', 'z3K'
Source: DVuCnBrdbI.exe, pxDiqn4QseWdOa1yu8l.cs	High entropy of concatenated method names: 'RSGeM32XWV', 'MifeZTqLbZ', 'xsvehQgfO9', 'CBfeidrHvI', 'Q2XeTyIPhm', 'Dx9WhE5kJsVAIyREdm8', 'CrKemj5z8dl3BDvXvSw', 'EdnlXL5pXEw77mXufYx', 'b8Zywb5qijS1Okk35yg', 'DxKFIVevjBvC2jjyhAM'
Source: DVuCnBrdbI.exe, Q9LpeJo2QG4IU5K7SQ.cs	High entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'kPxgooVCApfeD1ovmUb', 'XWNoQuV8TZYZ25YGCrP', 'bArkBuVgfRhr9GuKoI4', 'aOrdraV0HvqUrwpMC9V', 'TtkQPaVOuixZmoUTNB4', 'Hv0H2dV9ScHUMdnnC8S'
Source: DVuCnBrdbI.exe, eHNF7JB5hRA82TIHbTV.cs	High entropy of concatenated method names: 'lh54LvUuD0', 'fua4uH09fP', 'Ycs4zJXVGp', 'J8XvRV69VH', 'iVJvV7tcRx', 'h7KvBEum9A', 'C9xv84jFth', 'OrDv42gkLy', 'wsWvvjxch4', 'RGFNpYdfJUjYKUexnO9'
Source: DVuCnBrdbI.exe, YtkGmxBRPBvn0V08G7R.cs	High entropy of concatenated method names: 'QbiBPjdDxV', 'uuLBpeCn31', 'Tr4B7Macf3', 'uLtMXWZj7MDgorn4eVR', 'TU5ouNZWZi83aRQ8aio', 'WYn64gZhXfFsHNT91Vk', 'elTP19Zr2rce15SOrbC', 'owl8heZGLvR2WNRkcdG', 'PfNVrpZXZDWCyfSnWnA', 'LPObXhZKIZ7RVpTLHgS'
Source: DVuCnBrdbI.exe, ClH4eqBuhOiwBRlawos.cs	High entropy of concatenated method names: 'yIZSPc8xH5', 'PHXQkPN19RlwwTv8kkb', 'TKQvq0NOLxdA9BnS0tn', 'jr882xN9LIbWD25VX9v', 'PnyFtBNLIfSmagT5SpP', 'RspgUfNFaxIFPZsooDP', 'fSbSdjKIVS', 'FKjSjq7FBL', 'obQS1s9JwU', 'QoNS3x9PNE'
Source: DVuCnBrdbI.exe, Tr4MacVff3TSVPP3wLK.cs	High entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'RruDjpsTGpb8nOaayH1', 'LHALnFscDNpd1PulnEn', 'TTyZlcslOe4DV0mhThB', 'eaQI1IsHu7X25QFyod1', 'WcFadksyvg3N4x3tCly', 'cibqims7SFQH3DG1Z51'
Source: DVuCnBrdbI.exe, JKwKEnYLHcTrtV2mxA.cs	High entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'CVKHVFbEocTrYs6TKVq', 'QJLGhxbZr38rR87hHB8', 'onOGxqbxuwSXfTWlC68', 'G2wn3YbULvFwRc3sDwd', 'oHOaDQb6x66jQXFBdI2', 'YPPN5abIrBJ90KqA6fr'
Source: DVuCnBrdbI.exe, KP73KMSPcc0Kh1HxNhX.cs	High entropy of concatenated method names: 'ymSNkEw1Om', 'xXJNPbLFeD', 'oPfNp24JKQ', 'CRNN71pbO2', 'JvGNYueoVb', 'yGpN53j0p3', 'z7DNWXoBAm', 'xVfN0kCBTQ', 'UNSNN7ArfX', 'OmaNgOI8aA'
Source: DVuCnBrdbI.exe, e1h076Bd96rshehvd6Z.cs	High entropy of concatenated method names: 'dpl8zKpV5r', 'YYD4RGrSoK', 'VF14VeqMd0', 'HVK4B1Qed6', 'dpS48Rdm68', 'MZR44PKwFa', 'upb4vPDbHP', 'HwA4wf3Egy', 'c3m4S3CkNB', 'Qhy4mq8mWj'
Source: DVuCnBrdbI.exe, jKlBYXvgHY7L5EWBbd5.cs	High entropy of concatenated method names: 'dFakcVHPPN', 'stkkxrlaQK', 'MeTkKVDRHF', 'V63kJlX56J', 'zFUk2NC2CM', 'DFlkLH1VoI', 'oUufSIGO0lVXDVaq4kV', 'rSiRwEGg7OIOJGDup33', 'OYPoCtG0jtiehVYjWFk', 'aDvKaDG9T7tFn1wbAf7'
Source: DVuCnBrdbI.exe, kPIDtbVuosvAXS9GxpK.cs	High entropy of concatenated method names: 'CjYBt10rpy', 'r2HBrDSYIO', 'kJ1BkqXMBD', 'Nu9O9ZZEddYvID40Ybg', 'bqtgovZmsGRciRhyn9A', 'fBTdtaZiMGarEx1gQr4', 'jSHAVkZZTqE5pAbdEhP', 'm0qpWHZxhjTo2Gs1X4J', 'cV37rUZUtXVXGuXWO6q', 'lMqLoNZ6WeVPjFK2mbW'
Source: DVuCnBrdbI.exe, WjwVLVwPWy8E0J76RDX.cs	High entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
Source: DVuCnBrdbI.exe, nlibF7Bha9YwnkuUxJP.cs	High entropy of concatenated method names: '_0023Nn', 'Dispose', 'tegvnLg554', 'rrrvM6Olib', 'm7avZ9Ywnk', 'YUxvhJPuwG', 'fTIviFKoE4', 'KjEBBGQmKu0JCin7dDa', 'JFTS4vQifJ5VjdAXoM9', 'FV4P19QsSwHR6SrwHgd'
Source: DVuCnBrdbI.exe, kx9L55Melm6QQwomkp.cs	High entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'OuNlRLbq4Ihx2qaj3aq', 'Qf2ZrObk7gkuWMSNMYD', 'SfRjpObzO01CHX2jKB1', 'IobrKSJvFlQqd9U4N0d', 'ALlWHsJu2xD1FGFGH92', 'KSfNUnJbRhBKvckeTTZ'
Source: DVuCnBrdbI.exe, pBRLJWVAs7w0PoMx3AM.cs	High entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'lSGb0QEPU8noiFLrxJo', 'F5FyvVEjV24Uk7sEvM5', 'UwbtELEWQCNuBpZU0FV', 'Ap53ksEhcZ88FOslRlf', 'GQnrTTErdXDIgE9yQ7X', 'rHMnSHEGqFETt6DmeoT'
Source: DVuCnBrdbI.exe, B3PiA5SFPK5Zw4KAPEo.cs	High entropy of concatenated method names: 'w6Dq2IgeavecmOQCemB', 'PS7SIHgAZsVYivxyHrv', 'TI0DbQgM9r3oUAcrPE6', 'ihGnUqg5nPAUH3nHjR3', 'h7oNUvV0uk', 'PifjgpgDQsYEu3OvgC9', 'Ve4Af0gKvmhMTVFiPqZ', 'b0ygtygP6bHPQheD6VK', 'zVXUExgjL4pHNSO3tYt', 'JLEBBhgW68iVF9SKSRv'
Source: DVuCnBrdbI.exe, KXjbPlwRN4DQenO4GDH.cs	High entropy of concatenated method names: 'awvPqFdncj', 'P8EPoMGj9J', 'A4NPaY9kT7', 'Pw3PD9ViZQ', 'm62P65ADvb', 'ckCPAE91vT', '_838', 'vVb', 'g24', '_9oL'
Source: DVuCnBrdbI.exe, vDVjqVSwxVPV4PrQdj.cs	High entropy of concatenated method names: 'ajqFVwxVP', 'uNRbLSjZh7ldYmik76', 'hNdDu5KcnYZb7v13PH', 'T2iUUKPbo6BdH8jtl8', 'mFY7mmWJsE0ESWpNvW', 'lPimxrhEv1hSpca6UW', 'O6jBM52fY', 'Ftw8beuVX', 'Xh34yDqg3', 'p1NvF2YtP'
Source: DVuCnBrdbI.exe, AkQ0f2VVwG2Mb7ZZLSw.cs	High entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'YpVB1RnTROB28BWNUyA', 'i0RPXWncDEotQkDGxDy', 'Pthb3pnlaLyXgrwA7Fu', 'neDCW9nHfgiBOScMPwt', 'Hgn2hwny2RgWCAZEcE8', 'KYvyKKn7TtWISCykTpt'
Source: DVuCnBrdbI.exe, nLdkIevc5rQ5Yojxgvf.cs	High entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
Source: DVuCnBrdbI.exe, mJ48Al8DSB49fNR3GdB.cs	High entropy of concatenated method names: '_9YY', '_57I', 'w51', 'KuAXjYyw48', '_168', 'Rh00SI75KQWX7u2l4TJ', 'z29grc7evowulhBaEMC', 'ciTNCZ7AqSBpi947BpQ', 'jNJUNe74iNJ7rNaSLBN', 'xiDpcw7BQg6SHypLXXQ'
Source: DVuCnBrdbI.exe, aWQMws8AKTDeyeKVHTK.cs	High entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'TGpsfYb4po', 'TkCXipivWX', 'lk8seoAl5l', 'PdCX6t3WGN', 'Tb1PYX7XIsrKv1bPR23', 'mdKEib7S8gisHxW2Qjy', 'xCjxoK7reQsd7jqPXDF'
Source: DVuCnBrdbI.exe, EJFUu0w6m79CLJX5DOy.cs	High entropy of concatenated method names: 'AY0WtwZPUl', '_1kO', '_9v4', '_294', 'g0YWrsjHpQ', 'euj', 'yrsWkLWANB', 'UcxWPSqYPi', 'o87', 'pGHWpaTSXO'
Source: DVuCnBrdbI.exe, Gy70XvBUvHsHbjTtgrF.cs	High entropy of concatenated method names: 'qqH8JBRLJW', 'ypv3GB6JARsaNTpSNYC', 'dTfCtw6VhtFTiGg1xHs', 'oSRFEw6u7YjlhFdWffh', 'AhFuud6bZ3fmLQj1kTn', 'bQU5Nh6RTlKF2IgXDVX', 'AIevcF6n3jE3y4aOF5D', 'OcMFBc6sARpGdLnOJvq', 'NUO72c6agb2itVfhcJn', 'hJZbuC6mqlbvyIW5S1E'
Source: DVuCnBrdbI.exe, x9P2cy8E4RtymtUqNoo.cs	High entropy of concatenated method names: 'dOXmDvIwyH', 'eClm6VcGoe', 'T43mAndxQ7', 'LJ5qU4lgyWDUm9O6cxV', 'j5Qvj0l0v1AfcnCecTl', 'EoVh8YlOwFPHHtbOHIm', 'SoTF2rl9aYBgp12iSuk', 'dnmJ1ml1Q7HV3lJswah', 'pyHsqRlLvbwrj47X952', 'PqNsSRlF4N5PfriGjSN'
Source: DVuCnBrdbI.exe, zbF9E6wBfrMO0MnM4Z2.cs	High entropy of concatenated method names: 'fqFpm1d3nD', 'w1JpCKfolH', '_8r1', 'K2VpsW8MPK', 'jPjpfeIMdc', 'hKTpetr22v', 'ut8pQHFMsZ', 'KZMLHZodka40UYj14vH', 't00GGxoYEaIq5S5H9Fd', 'aGd96QoQZXcEURvWrWd'
Source: DVuCnBrdbI.exe, q950kq8VfS4H4FbWdCq.cs	High entropy of concatenated method names: 'fn3SWqZtEW', 'ulsS0PIBif', 'upcSNMMDXT', 'z06SgtKJtB', 'j7V9ONNzsv3Je4T7NjN', 'TxjflANqRnnDrpyqU7X', 'yPXHRbNkTkidcc9pr2X', 'GgjJa6TvVF2HNBXorQX', 'SBTZkrTu1fq0HU25POq', 'todvNATbJ79nkvNs6ij'
Source: DVuCnBrdbI.exe, pUrZPC89AykTmtxbUMP.cs	High entropy of concatenated method names: '_5u9', 'eitXLyD5ta', 'iobsRFS5m7', 'il2Xoh9YKP', 'FPeZjkypFW4e3RknEZR', 'DBtbX1yqKm5CG95SYns', 'eLGTfOykc2e9E4Y2eKo', 'u4hsS3yfvQwKK6bsSYM', 'Y8torjywgy2ZFOa0Xko', 'y6IP1vyzgeV1fSLT3rq'
Source: DVuCnBrdbI.exe, zdo7FbBBcekCrsqxGvs.cs	High entropy of concatenated method names: 'cMoBaMgP8j', 'B1ZBD0QrRZ', 'xVkB60W0fd', 'HuHBAAUW5C', 'MAGBckrvJW', 'ir2BxbW520', 'amfWHJxQ2voCgYDkvQi', 'R0j7hJxNUAYOEg296jm', 'JD3b7Jxd7VyR2ibZdpJ', 'McHJZfxYTM9iTIa2Tas'
Source: DVuCnBrdbI.exe, y4ifx24tXPdD84aeaEd.cs	High entropy of concatenated method names: 'aiHvjGe8m2O5vhoLrRf', 'FpVOwaeghcD2i4CtZI9', 'QwGl4Me0YBdtGP5KiHb', 's2AVyoetjRm1PGagNWs', 'D7tr4HeClk3nPIc8Wnu'

Persistence and Installation Behavior

Creates processes via WMI

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Drops PE files with benign system names

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\Downloaded Program Files\lsass.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\SchCache\csrss.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Recovery\wininit.exe	Jump to dropped file

Drops executable to a common third party application directory

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe

File written: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe

Jump to behavior

Drops executables to the windows directory (C:\Windows) and starts them

Source: unknown

Executable created and started: C:\Windows\TAPI\WmiPrvSE.exe

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Users\user\3D Objects\WmiPrvSE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Users\Default\Downloads\upfc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Recovery\qJBfikDNRbrkF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\Downloaded Program Files\lsass.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Recovery\Registry.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\SchCache\csrss.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\TAPI\WmiPrvSE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Program Files\Common Files\qJBfikDNRbrkF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Recovery\wininit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\Temp\Crashpad\reports\WmiPrvSE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\ProgramData\Packages\qJBfikDNRbrkF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Users\Default\Desktop\qJBfikDNRbrkF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Program Files (x86)\Windows Photo Viewer\en-GB\Idle.exe	Jump to dropped file

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe

File created: C:\ProgramData\Packages\qJBfikDNRbrkF.exe

Jump to dropped file

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\Downloaded Program Files\lsass.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\SchCache\csrss.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\TAPI\WmiPrvSE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File created: C:\Windows\Temp\Crashpad\reports\WmiPrvSE.exe	Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe

Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe'" /f

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\wininit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Memory allocated: 1590000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Memory allocated: 1AF20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Memory allocated: B50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Memory allocated: 1A970000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Memory allocated: BB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Memory allocated: 1A6D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Recovery\wininit.exe	Memory allocated: FC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Recovery\wininit.exe	Memory allocated: 1A8E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Recovery\wininit.exe	Memory allocated: 880000 memory reserve \| memory write watch
Source: C:\Recovery\wininit.exe	Memory allocated: 1A590000 memory reserve \| memory write watch
Source: C:\Windows\TAPI\WmiPrvSE.exe	Memory allocated: 1520000 memory reserve \| memory write watch
Source: C:\Windows\TAPI\WmiPrvSE.exe	Memory allocated: 1B050000 memory reserve \| memory write watch
Source: C:\Windows\TAPI\WmiPrvSE.exe	Memory allocated: 1400000 memory reserve \| memory write watch
Source: C:\Windows\TAPI\WmiPrvSE.exe	Memory allocated: 1ADF0000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Recovery\wininit.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Recovery\wininit.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\TAPI\WmiPrvSE.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\TAPI\WmiPrvSE.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Window / User API: threadDelayed 1656	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Window / User API: threadDelayed 548	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Window / User API: threadDelayed 369	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Window / User API: threadDelayed 369	Jump to behavior
Source: C:\Recovery\wininit.exe	Window / User API: threadDelayed 367	Jump to behavior
Source: C:\Recovery\wininit.exe	Window / User API: threadDelayed 365
Source: C:\Windows\TAPI\WmiPrvSE.exe	Window / User API: threadDelayed 365

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe TID: 5772	Thread sleep count: 1656 > 30	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe TID: 5772	Thread sleep count: 548 > 30	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe TID: 648	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe TID: 7972	Thread sleep count: 369 > 30	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe TID: 7680	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe TID: 7872	Thread sleep count: 369 > 30	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe TID: 7732	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Recovery\wininit.exe TID: 8104	Thread sleep count: 367 > 30	Jump to behavior
Source: C:\Recovery\wininit.exe TID: 7832	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Recovery\wininit.exe TID: 7856	Thread sleep count: 365 > 30
Source: C:\Recovery\wininit.exe TID: 7652	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\TAPI\WmiPrvSE.exe TID: 8128	Thread sleep count: 365 > 30
Source: C:\Windows\TAPI\WmiPrvSE.exe TID: 7860	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\TAPI\WmiPrvSE.exe TID: 8096	Thread sleep count: 345 > 30
Source: C:\Windows\TAPI\WmiPrvSE.exe TID: 7740	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Recovery\wininit.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Recovery\wininit.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\TAPI\WmiPrvSE.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\TAPI\WmiPrvSE.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Recovery\wininit.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Recovery\wininit.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\TAPI\WmiPrvSE.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\TAPI\WmiPrvSE.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: jC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: pC:\Windows\WinSxS\amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.867_none_b57fce26790eec13
Source: DVuCnBrdbI.exe, 00000000.00000002.1691493456.000000001C55B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}g?
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_4373d0692dcd3a06
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_en-gb_71570953289cd4d0
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: lC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.2006_none_ab6b7b2814133920
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: sC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid.resources_31bf3856ad364e35_10.0.19041.1_en-us_447494df1222bcd8
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dC:\Windows\WinSxS\amd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.19041.1741_none_1bf0e7c12b78479b
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.19041.1_none_25a2ff96aac272dd
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: lC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.1741_none_a3a0448c191b2fda
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: fC:\Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1889_none_46e4953b6f70cc79
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: oC:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a11c7040
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.19041.1_en-us_d314f4eb3925c8b5
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.19041.1_en-us_fc0cba9450a52790
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: mC:\Windows\WinSxS\amd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.19041.1_none_d7dfb451bd621127
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: wC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.19041.1741_none_4fe99c993cb84326
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: mC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.19041.1741_none_78a9b11b7a3cc41b
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: cC:\Windows\WinSxS\amd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.19041.1_none_93cc37f483916b61
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.19041.746_none_6fbcad1699b89a67
Source: DVuCnBrdbI.exe, 00000000.00000002.1690891623.000000001C43F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_ddaeabc80a3525d6
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: pC:\Windows\WinSxS\amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.19041.1_none_a87cce111f2d21d5
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: hC:\Windows\WinSxS\amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.19041.1_none_34b87765e20dcc15
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: aC:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.19041.1_none_555170071aa29c2c
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.19041.1_en-us_8e6d1518accc0bf5
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: sC:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.2006_none_a526c6e91aabcb1b
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.1_none_97e0d8d7edeea164
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_6ca4b4247e291981
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.19041.1_none_43a9017744e82ca8
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: pC:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dC:\Windows\WinSxS\amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.19041.1_none_fc5d2e67adee5611
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: rC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.19041.1_none_a2ace16370124ff4
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_en-gb_7788797720472f2d
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.19041.423_en-us_f14a4bbefe65ac87
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3e0d97c4c052586
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: mC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.19041.928_none_d35bf07ab5380c24
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.19041.1_none_50b60ffc14c70fb2
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.964_none_3542494c595902f8
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: lC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1949_none_a9b86d6c1534dc66
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: hC:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.19041.1_none_a7bb53746630ebd3
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: sC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.19041.1741_none_b365912b94b35a98
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: eC:\Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1889_none_e7d7bde611c8c141
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: wC:\Windows\WinSxS\amd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.19041.1741_none_b62736d427ac1a0c
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f0441379
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: sC:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_50c23e4c771f203a
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2edb07518552135
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: wC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.2006_none_f93d3f541072d580
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ccb9f4751718744
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1741_none_7543ca68a
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: nC:\Windows\WinSxS\wow64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.1_none_97e0d8d7edeea164
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: lC:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.19041.1645_none_fe1307608fa06d8c
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_299ac5951a49c2de
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: hC:\Windows\WinSxS\amd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.19041.1_none_b6d8bfc73f89cc96
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: lC:\Windows\WinSxS\amd64_microsoft-hyper-v-bpa.resources_31bf3856ad364e35_10.0.19041.1_en-us_168291f09487ebd5
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-debug.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ee8ada67d246bda
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tC:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp.resources_31bf3856ad364e35_10.0.19041.1_en-us_369e8b635061fdb3
Source: DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: uC:\Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b3d1ef0d088d6955

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Recovery\wininit.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Recovery\wininit.exe	Process token adjusted: Debug
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process token adjusted: Debug
Source: C:\Windows\TAPI\WmiPrvSE.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe

Process created: unknown unknown

Jump to behavior

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe	Queries volume information: C:\Users\user\Desktop\DVuCnBrdbI.exe VolumeInformation	Jump to behavior
Source: C:\Recovery\qJBfikDNRbrkF.exe	Queries volume information: C:\Recovery\qJBfikDNRbrkF.exe VolumeInformation	Jump to behavior
Source: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	Queries volume information: C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe VolumeInformation	Jump to behavior
Source: C:\Recovery\wininit.exe	Queries volume information: C:\Recovery\wininit.exe VolumeInformation	Jump to behavior
Source: C:\Recovery\wininit.exe	Queries volume information: C:\Recovery\wininit.exe VolumeInformation
Source: C:\Windows\TAPI\WmiPrvSE.exe	Queries volume information: C:\Windows\TAPI\WmiPrvSE.exe VolumeInformation
Source: C:\Windows\TAPI\WmiPrvSE.exe	Queries volume information: C:\Windows\TAPI\WmiPrvSE.exe VolumeInformation

Source: C:\Users\user\Desktop\DVuCnBrdbI.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected DCRat

Source: Yara match	File source: 00000000.00000002.1684981326.0000000003735000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.1755394202.00000000026D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.1755394202.000000000270D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.1755435217.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.1750646364.0000000002971000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.1750646364.00000000029AF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.1754740131.000000000291D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.1754740131.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.1755435217.0000000002E2D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.1748954073.0000000002591000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.1755299818.0000000003051000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1686893087.0000000012F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: DVuCnBrdbI.exe PID: 764, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: qJBfikDNRbrkF.exe PID: 7436, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: qJBfikDNRbrkF.exe PID: 7460, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wininit.exe PID: 7492, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wininit.exe PID: 7500, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WmiPrvSE.exe PID: 7528, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WmiPrvSE.exe PID: 7560, type: MEMORYSTR

Remote Access Functionality

Yara detected DCRat

Source: Yara match	File source: 00000000.00000002.1684981326.0000000003735000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.1755394202.00000000026D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.1755394202.000000000270D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.1755435217.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.1750646364.0000000002971000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.1750646364.00000000029AF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.1754740131.000000000291D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.1754740131.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.1755435217.0000000002E2D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.1748954073.0000000002591000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.1755299818.0000000003051000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1686893087.0000000012F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: DVuCnBrdbI.exe PID: 764, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: qJBfikDNRbrkF.exe PID: 7436, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: qJBfikDNRbrkF.exe PID: 7460, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wininit.exe PID: 7492, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wininit.exe PID: 7500, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WmiPrvSE.exe PID: 7528, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WmiPrvSE.exe PID: 7560, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Windows Management Instrumentation	1 Scheduled Task/Job	11 Process Injection	323 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Obfuscated Files or Information	Cached Domain Credentials	14 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
DVuCnBrdbI.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
DVuCnBrdbI.exe	100%	Avira	HEUR/AGEN.1323984
DVuCnBrdbI.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\Default\Downloads\upfc.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Windows Photo Viewer\en-GB\Idle.exe	100%	Avira	HEUR/AGEN.1323984
C:\Users\user\3D Objects\WmiPrvSE.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	100%	Avira	HEUR/AGEN.1323984
C:\Recovery\Registry.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	100%	Avira	HEUR/AGEN.1323984
C:\Users\user\AppData\Local\Temp\vgX27OamF2.bat	100%	Avira	BAT/Delbat.C
C:\Windows\Downloaded Program Files\lsass.exe	100%	Avira	HEUR/AGEN.1323984
C:\Recovery\wininit.exe	100%	Avira	HEUR/AGEN.1323984
C:\Users\Default\Downloads\upfc.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Windows Photo Viewer\en-GB\Idle.exe	100%	Joe Sandbox ML
C:\Users\user\3D Objects\WmiPrvSE.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	100%	Joe Sandbox ML
C:\Recovery\Registry.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	100%	Joe Sandbox ML
C:\Windows\Downloaded Program Files\lsass.exe	100%	Joe Sandbox ML
C:\Recovery\wininit.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files (x86)\Windows Photo Viewer\en-GB\Idle.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files\Common Files\qJBfikDNRbrkF.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\ProgramData\Packages\qJBfikDNRbrkF.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Recovery\Registry.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Recovery\qJBfikDNRbrkF.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Recovery\wininit.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Users\Default\Desktop\qJBfikDNRbrkF.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Users\Default\Downloads\upfc.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Users\user\3D Objects\WmiPrvSE.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Windows\Downloaded Program Files\lsass.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Windows\SchCache\csrss.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Windows\TAPI\WmiPrvSE.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Windows\Temp\Crashpad\reports\WmiPrvSE.exe	82%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus

Name	Malicious	Antivirus Detection	Reputation
http://golovkcc.beget.tech/@==gbJBzYuFDT	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	DVuCnBrdbI.exe, 00000000.00000002.1684981326.0000000003759000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431406
Start date and time:	2024-04-25 01:56:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	41
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	DVuCnBrdbI.exe renamed because original name is a hash value
Original Sample Name:	b321fbc4a5947b5e623708e11a166692.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@36/54@0/0
EGA Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): Conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target DVuCnBrdbI.exe, PID 764 because it is empty
Execution Graph export aborted for target WmiPrvSE.exe, PID 7528 because it is empty
Execution Graph export aborted for target WmiPrvSE.exe, PID 7560 because it is empty
Execution Graph export aborted for target qJBfikDNRbrkF.exe, PID 7436 because it is empty
Execution Graph export aborted for target qJBfikDNRbrkF.exe, PID 7460 because it is empty
Execution Graph export aborted for target wininit.exe, PID 7492 because it is empty
Execution Graph export aborted for target wininit.exe, PID 7500 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: DVuCnBrdbI.exe

Simulations

Behavior and APIs

Time	Type	Description
00:56:55	Task Scheduler	Run new task: qJBfikDNRbrkF path: "C:\Recovery\qJBfikDNRbrkF.exe"
00:56:55	Task Scheduler	Run new task: qJBfikDNRbrkFq path: "C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe"
00:56:55	Task Scheduler	Run new task: wininit path: "C:\Recovery\wininit.exe"
00:56:55	Task Scheduler	Run new task: wininitw path: "C:\Recovery\wininit.exe"
00:56:55	Task Scheduler	Run new task: WmiPrvSE path: "C:\Windows\TAPI\WmiPrvSE.exe"
00:56:55	Task Scheduler	Run new task: WmiPrvSEW path: "C:\Windows\TAPI\WmiPrvSE.exe"
00:56:57	Task Scheduler	Run new task: csrss path: "C:\Windows\SchCache\csrss.exe"
00:56:57	Task Scheduler	Run new task: csrssc path: "C:\Windows\SchCache\csrss.exe"
00:56:57	Task Scheduler	Run new task: Idle path: "C:\Program Files (x86)\windows photo viewer\en-GB\Idle.exe"
00:56:57	Task Scheduler	Run new task: IdleI path: "C:\Program Files (x86)\windows photo viewer\en-GB\Idle.exe"
00:56:57	Task Scheduler	Run new task: lsass path: "C:\Windows\Downloaded Program Files\lsass.exe"
00:56:57	Task Scheduler	Run new task: lsassl path: "C:\Windows\Downloaded Program Files\lsass.exe"
00:56:57	Task Scheduler	Run new task: Registry path: "C:\Recovery\Registry.exe"
00:56:57	Task Scheduler	Run new task: RegistryR path: "C:\Recovery\Registry.exe"
00:56:57	Task Scheduler	Run new task: upfc path: "C:\Users\Default User\Downloads\upfc.exe"
00:56:58	Task Scheduler	Run new task: upfcu path: "C:\Users\Default User\Downloads\upfc.exe"

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with very long lines (763), with no line terminators
Category:	dropped
Size (bytes):	763
Entropy (8bit):	5.880074817565839
Encrypted:	false
SSDEEP:	12:TZEVhih0adnQIIEoRSwN8mCkedbO9pHJgLffOoUJwidmAH8ew1c6SkAiZ+Mou9+z:TyV0h8LhRSwCJCppEffOoUJtdVwrSsEd
MD5:	FBB5D214C9EA262F2F9E0185E96A5F98
SHA1:	3D33625C1D224EDC4EEC00AF128142D6D1801C29
SHA-256:	51E06EDAABC60CBA4960A72F3011B89DDEA781BB2852BF429F391363956E652D
SHA-512:	C91B42D98831DE700D075CC6375B25EA8DBABFB9E0201D16B1F6D95A69333026F7A904BBBD44DCC8FE8E1CA3498FE1C17D7EE56BBB69FCB8E010F199E740C873
Malicious:	false
Preview:	RHx2osjlLx1S8RufSwR45REibD4TVYINknrZTRMCySbLFdH6jr6GeIz9CPalyQPxoorVkUMBjOGn03c867uobBscyrWD0lOiCngbvwVOf5hQCLJJwcp0flVn5Pg27IK79hkMWANJlgJgecZmiNRY6YCbS2gfPdQWujQek6wwPfO8czJcz4Uu1wBlfJ4der4IPwv4L4ClaeJaJD9ctDpVIge8ip9bCSRhlFtpDOR52sTWmkbbJbubBjAsRxWf5kjINlzEUUZfvucZNHV7OiRki0gBFAXQ1v9RILJBuWGzCOpQGkfJbZRWS9jXFy9T6In9uLRC8UM1bchTKP5efNzcen8Jlv56Xx24lpf5TdLGMZ50cQMz2eysTKfHMHaMYQdojmset9LBCtQErIqVjGD39KlaKYsLC8r56RQzhrF3Swqk4bZDbFnSMkpZBSUVRA9EBUIa21x1AKkMdBfs8pu7UYtVl1xPXumSxlijS8LjRwSBAc5AwlWlQBtmlwyADieQiSY2c6aAdKpiGrVJ6xcvXABv258fJLgsSCdrDDh0LWIGWLf4bpEPGs2iQn9g740Sn6QEOnF2PmjB25ZraEEeGQmjJ4baDB2RfzcZ5apykLAdJ0qVNSG3zWMWUq4TMozOuSfCcAw9YQ34QIaTOGNv58bJnGEOgWl6Wwt0Un2MgHfjcRGLQlEGaDTv0VZW5hdBo7ieZj8kNAPyc1qWA384RffSd7A8OgQ8ne5ftlvqmd2ZyeS8pDWCjitJbPA

C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files (x86)\Windows Photo Viewer\en-GB\6ccacd8608530f

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	17
Entropy (8bit):	3.8521687236032816
Encrypted:	false
SSDEEP:	3:HlJNn:HlD
MD5:	7C8FD90CC5C103C775246A4FAAD37A9C
SHA1:	C2BD83188E7DAFB610854AF5B528378E58ADC35E
SHA-256:	FB6B6B487955B819E24625D29EF76CACC699E57B70B5B7DA8685F04D4125E90E
SHA-512:	317F47FCD0713238A665F89A8D4EB20A5D94102F6FBF2F285CE14548EAAD8B653671FFCDAF1058EDA93EBE65C5D4A962448D324C70FF36F12D417DFB3BC7480D
Malicious:	false
Preview:	yFQDEtSZV2kypuOZh

C:\Program Files (x86)\Windows Photo Viewer\en-GB\Idle.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Windows Photo Viewer\en-GB\Idle.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Common Files\6ed216578b75a5

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.809829890995944
Encrypted:	false
SSDEEP:	6:NNigisnPREdnZFRCkuCWAu82ZOlKOfqgh/vWUm/XBWWHkgIj/k1rr7n30hc:NNifsnsHRsuu82Zmxfqk/O/xWWHkgIjA
MD5:	4CD419E91A65B05B881E13DCC0AE23AF
SHA1:	0B05582DD526E3369AA4022429B037B5B89D178F
SHA-256:	5182789F48BE16C2805B9A16BB96193BB33B4701C5189CA6D06FEC9824C2517A
SHA-512:	E98C4E4D71A68AC4A18C530FD30A6AC05EC780DA0F66A8923A9F6D7CB90F6B96DD33B9658CD3053D535228E7D5586BAFFA96FEB99EF96AF9EE9FF70E26FD06F9
Malicious:	false
Preview:	pwM1GiNSEbhOrLsSvTePgromxkHDnWzl0jeEwGa4gR3CRDQg7rMsr1u7HkDgbKosm5XHrogp3jsOymUuTlG6JG49zg6MC3dWnKaVpIySLhyHIfIfPTMzEsifBYSKsTm9FWloL9EKwxumRw0TYb7trnS5l4UR0ok14zCw4eTQOBDQ76OPh8wRW3SbDqCRoxUIM3rcuDY3HqepkB7pqFt12TeAgksNcClbr5DEOveej2JpYm1CsXkjEcQ3Yq5KULbFFD8p72a4kPS9Jym4tqeFbBXPpKqhzUJYaDkV

C:\Program Files\Common Files\qJBfikDNRbrkF.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\qJBfikDNRbrkF.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Internet Explorer\6ed216578b75a5

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	74
Entropy (8bit):	5.293582588455744
Encrypted:	false
SSDEEP:	3:f0DUOxY8jkxwFpXpih8t:AfYxwPN
MD5:	661C212D80089B0EC5BDD1CC73110CEC
SHA1:	B2A39D76D8C500C0AE95DE4B79F45699548969EC
SHA-256:	DDA0FD419B9FFD90AC38D0484CA1D34817355A11E670D6FBDB3FA22B324036A2
SHA-512:	999DB191E0D7F34599CDF33371C05EA8B1D5D58BE9D987C070405719FBCFEA4EF695AC423B36B19EB388D4FD23CA780DD1D1824E548A3A2AC13159473F7B447C
Malicious:	false
Preview:	jF68HMUZPQfA8slTj9u0iY3AATps2reVlNA7P7mm2kmecxGjO2RHVWfKM57yhmghvKYvroDlWH

C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Windows Mail\6ed216578b75a5

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with very long lines (824), with no line terminators
Category:	dropped
Size (bytes):	824
Entropy (8bit):	5.902989124742097
Encrypted:	false
SSDEEP:	24:Urxh0OECXAqdvx4jyLVUk5/iQrvyACRNb+PDuYSbZ:U70O7x/N/TKb+CYk
MD5:	4025AAAB2C3AAE71E35ED701E81B55B7
SHA1:	A69A0207A568E532BF84683906A8DC9A25DF9E91
SHA-256:	FC30B5542DE2D42C0F8B000002E31C6D8622FFD3003EB782CD258C1E982A69E9
SHA-512:	DE4A783B25998899B3DED892C193D180A5CB03AD8D93925833695EFF3CD4061C0FC46D4DBC74C6B19DCDDDD6BFC726CD8B65F23F26AA77307AF9B9A08B8F2A79
Malicious:	false
Preview:	qIlwKiEosPzzTJXt74kuARQNlGQaPx44ABVcoWQoOVKasC4x3lOaBeyY1XKESnY4V4ySy5Fkn6foGzfjLchoje3fM7kQMMVl6QFxNm98fnwE9JRB2l2zGtU1ASF0UzYak3s0urVidjJ5rzgCpiXkTgeM5Ow5hInqPVeFbbRLPUVhkZJLwCLvbxHEYf4g5aBV5cpVValORMU9K7mgEkIe72OcOZq6gvQzSAmHty0Wb7ePcH4b2XbURhYCNNH5torf5frJVexQuwC9Y99HfPDJT6ivmj3fq5nwP8T7ZuGXjLjeeYoON9adliL966hvkSjzJPuZpCrvJpjIWDQN4pSrfJLrxTAdMUwRmuVOoPiKSoU59Dn2pT15A2UAEDlWCNiz2RflsCjoGHY0zQrtpHy3d1RuaUKkoMIEGfCriBKmuMz2deLyV1q5ZpWB9vLX28A48UtTNALn7LIQBYQ6JVPwfNobJBrw0wuvL53Ju1kVpC8OgF9kePOgtOYvpRKMSYxKaXEGeHLSu4GdPa5DBGSliOB7gIddqYCQPxxIA2GWE5vyI5gOVGKLGMmMVHkWnrlW1zNbnwDIA5gmcMzllOHkO1KCKkx3StsWUZ7SrEliDBKKp9uIS9vYjBHAoLQC9J0RMKSCPg3gnigMq9XK0olT8UwSR6ngxij3L38err2vFOvAe4TpxGMVigS2X9vS2XsF9mBxB2dIvzOtiwyXm8srVNUokFHs6k2rfqA13go4mDjtSiTlLXp4oAtwRWM5vuML6gO2v6dGUyFRolWBvfhi48Df6OjgUsJ21YwwUb0O3jk05bIqAKJPNnR8

C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\ProgramData\Packages\6ed216578b75a5

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	128
Entropy (8bit):	5.5622926801821135
Encrypted:	false
SSDEEP:	3:hnMIW47p0uXY1WSUyBQfViRQUTuqkus93Lbdw:hnk4d0uocSrMUTupR99w
MD5:	37DA2F401A74775C66863C529097D088
SHA1:	0454A59E53FC2C4F0F14A8DFC02E87EFD1D80362
SHA-256:	BCB5DAD068144AD172FACFEDD8652E58DC33D02DF9EF2B4F68946E206170332C
SHA-512:	C2BB76014727ACC65609078145546DFCB68D7BF100CEAA6FEB54496CF16D967FB600D02B57EE2344DAD43B6F0E2657C7DA44B5AD460965A89694972A8236FBFE
Malicious:	false
Preview:	YKJD13tliBq4spOx2N3KvmvzLb65QNoIg6UIPRArEEMMsmpJJ6tOOWWwYT2Z6yVVXiXvUGhkMMFqZjHivxvTda3Jkhu6ZkuQs1zKO4yDZJBCQpXyMToJCB17oNKxVlKl

C:\ProgramData\Packages\qJBfikDNRbrkF.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Packages\qJBfikDNRbrkF.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Recovery\56085415360792

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	74
Entropy (8bit):	5.256354378967048
Encrypted:	false
SSDEEP:	3:wjwk06PAXzZqRQPQaxp5fxJdS:bkDPAjgWIarS
MD5:	798170CE669CFDB4BD3ECFCDD3D4F25C
SHA1:	501EE9FA5C961A10188B7CC001DE5D12E1158670
SHA-256:	A40920A8949E097904750B67F29D766857F50E37BE38196706513878C04F5505
SHA-512:	4B94677A2678807591171618803911887F5A59FBE5EDB20266B08039FB8717A9137908C5F5115A4365F88BF993F76A3176D8315186CE4535C1E75599D3930F17
Malicious:	false
Preview:	v3cGF4ZxHsQ8Hcpm5mVjerV0pQmzu5xgJ4cx16yQSofftjDiQo8yY7jDilbyRkCM5uzN91v8yF

C:\Recovery\6ed216578b75a5

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with very long lines (420), with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.861046751561667
Encrypted:	false
SSDEEP:	12:VCSaQm8tvXpSSx8QI01JWab+Pt0uEQxriQ0cK:VFxma5Cq1bbA7xriz
MD5:	6ED7E027FCB6C1842F7697A0C37EE2FD
SHA1:	FBC3E7D523B210E6A3923FD124203DDCD9FBEBCD
SHA-256:	452E890D7DEAC005D7F73C13410214AFEC3C44CC45BFD757E6D65645CA039A94
SHA-512:	6F06940D565EE162B6799C086D7C0839223526D75657139C2FF07C394470DE9D6B162972EBAA2EC3D2D4C9CF8EBE3D38ED95DEB87AD45CDF865D97F6C0C4A3E9
Malicious:	false
Preview:	PGa5tixYeDcEnesZpDGA3r44GFgLYhSGkGX0vrIqHvp7GUG2ICbZx7ghMfynBl96uWegH2o74Z2HC6yv9nDWG2SnkznQ3fofwsMt0kvQYdfXEYfPqCoYimz1D15ROXEZuXVTuE5Y2w7nX4iLUYj01Q6J3Uq9odBAZFnqDMfmHPgwoMdISt70yNheaMZZY5tYv7ORR1IH27tluKeq0hr4gKMLiIQ0wGNMfHAr8M1alz70e6tQrti1Nz1kuCtIlRVwtgFmJxsopQTqNVqlZ9JDhW8qPZ65csyTeKH70HG4A3L6fLXZWHtlISOWiZWu0wM7cAMCOsvS3PCoLBLEChjU8NLM5uZbuVDOrNef8VKnWbr3PkLhNRsSN18OyAGdTThhLy77gpGrW67gfR6Vj1NcnvBzOPq8OrTC4Krb

C:\Recovery\Registry.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Recovery\Registry.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Recovery\ee2ad38f3d4382

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with very long lines (634), with no line terminators
Category:	dropped
Size (bytes):	634
Entropy (8bit):	5.881430182800482
Encrypted:	false
SSDEEP:	12:Gpm2oiQXmME5UcbFlSs3JlmXwNDnHg6S5s5cWV74hBtd71uwdbl+CPgAsCh:GpPeXmMo12sXuwNDn4+ABtd71u6bl+Cd
MD5:	756591E6226C5D4DCA72E071DA6ED1E3
SHA1:	AA7C434A9DDB5712599AE8F400283AA25DA4778B
SHA-256:	94058A26B38A4955F8E31464209B130168F8758CDE17D78E372EBF3ACAE90803
SHA-512:	96E484FE8528038AB139D9A2D2E5004E5CBD16D6EBE96F19830794F9EBDF35962848E895CFFC0842CFF517BBCE6E8A65EF53E93AA5B59CD97C161CC19F188D6E
Malicious:	false
Preview:	fDjObWN4uo2wCLRMxbuDuxuMr3wixvgHt3GTUazSSKMC8QjlsE9Fvi2sTXghkoG9HuDIE81WmcukkrNaUK0tvbVKAY973RroDN5ONahtMncTyRHlJGNayXNqY2Hp94dVuGhXw9M3mGgI8CWsRXxwDRzq9O0UT2uSJHiruuzK3Uxr0FsVgYYlGqRdR0XhJ1kuVN80do8him2tdHz4gex4dJLdzEa3WRBCuCWmG111a1Dexi9JBdBoDpQMCfBZOEKQl09bvMxpm5dmFrpQEQ23QW8EvJkl0cnWqw26jiYzpWCHMoGU0uU8LQAO25pmlMyJSH6Tysrg2DN4U01HCQvFIoKawoDo2vNdh2zErxfHDxGICF4CDijVbsAo6ggKoCnGzuXbBwZOunCUiBXqtBlUM2By2LHLRVcAK9TRsdBQJVlxppF5I0bnbT47sij0oN7YLCKirF7QAUK1QOIMFMDa4yj0FWjK4Kl5XMlnfgND2KnGIDqeaWucKgeXdTdVgxWztPdEmeqj89itLcsCpEuhaIv0rOKLD2hExxW3jm15pLeK7vLAlapbDzYkdmWYUffGce5YFycDMy1Pok26DJkmMFA8YwZ6PdkKpXrdzx4w7lPO7J62uaUK433Xd6

C:\Recovery\qJBfikDNRbrkF.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Recovery\qJBfikDNRbrkF.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Recovery\wininit.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Recovery\wininit.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\Default\Desktop\6ed216578b75a5

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with very long lines (948), with no line terminators
Category:	dropped
Size (bytes):	948
Entropy (8bit):	5.909324116244462
Encrypted:	false
SSDEEP:	24:TDMUCWPDBkunJDXAS+aKUzwpgYc8T4d4y7:X99/J0SRKUzyjc86b
MD5:	64AD8A0E892FC54E338906FD5E706383
SHA1:	D2E37BCEB8DA350DD28BC3DBC31F445045B2B426
SHA-256:	AB9C2766CA6EFC87442A0676427A87506C4C4546FEF84B7A047C215972840FE6
SHA-512:	E952CC64DEAAE2C49270089AC76C38AD59E67D0CB5AF512DD74596C34EC247D5D150E45AC6AA7418A244B30302543636B9B69E620DA1D14C24F8E2DA6BC1B110
Malicious:	false
Preview:	LmYHRSymGe8oBTLJOYFuvEelUHmHLphUUCda85RP5hVuCwiqKhf1EOLGIxxKqqba7nU9zvLTG0yNttihj56nKpQF0XRLHHjPG4xZcj0ZWLvOZ7XZOPkutxQRXOIcdAL9QjHy6JFAFgQ84Bq39262gyfSofCNaX6VAv7zzjcFKkoNhRXViPdlETcbEzJaG2jrk58IE1DaZ0s6KRvXIrpL4URrTfuAZC8SB6mlTOQqLDMNlgRwEwSZNXxPnRziGCAX1Z4NpJD3a890IDGwO76ntiFnJW8CZskICyVLlEH4sY9OY6HkLCUJGXnSURESLBerY0yTr4LJzB4Vj0PMPY1XXaCpLD0UAztr4R0hIx2Q0KTEcSteC1CwKHT7yIIoE1JARNaR9sDcflgNG7M3TVRIw6gx73s9pNL9ATxP1cfUykRjlG006OVsjBOUqnTF9EwRZgMxK6B107ULp7M1D1Da2ca9FcjOIZUuy9JE4Cq9Nd2lrCosbcCHBWZ6GNsrXwsankXqyH7ALDNZkySCx0xqXMsckM8qU9mavc8Ho84TfB68IAWR5p3g9CCa15GlJQqMawnI0KXz6eLVQuTk0qvoFGbsZiQt2SKOVuhWWObuREjf1rKGmfvceBGUU5sS4o6oU69fN6OlPBWAg61sXKHWgruUnNBafJznH5L4ro2pRJMdoFxYDA4uhkHmLp194xFGLt3kv6AsRbEXeRphZmXfOFGhxisBx2ueDGR5MMnH9LdFfuH4ATkSak2FnWxMN95YrkTY9tVM8PfCmBBDayAdScDdOLS0Zb3APEY4at5Q8YTKEzdmUtvZ8cGOg0KxbfwhWfwhmGnr3tf4J3YZsqfqqeBx8JXkjHzdlvyiC59NFDfO7MFnbvFv9F11e9jdtCIw4BSXF0WwrRkm8x0wEuJyBEdf46EDWfeD5tU53rhkYTEsfP3qIxZ8

C:\Users\Default\Desktop\qJBfikDNRbrkF.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\Default\Desktop\qJBfikDNRbrkF.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\Default\Downloads\ea1d8f6d871115

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with very long lines (563), with no line terminators
Category:	dropped
Size (bytes):	563
Entropy (8bit):	5.870584412697868
Encrypted:	false
SSDEEP:	12:Pe5umS6Rh3auN7N01Fv6cI+UXlmT7E4lWZSzdYCSkG2d:m4aRhquNxGMSg4k0zd1x
MD5:	F63894FB9F47870243A91C632C0B3C72
SHA1:	4635EA0E59969F318777B1F94D85633EF5D3EACA
SHA-256:	62C68CCEE6034F25E6E66D17864DE751A68FBF14FFB06AF5CACD6D052A3057D7
SHA-512:	99F75918B8B7DCBC5DC7E947C57B7B233AEECE9D12846BAC0C04C9ADF4E6B3A525090E83DD15BF0F7D26C468416F517C740F7E24020D3EC04AF035E9A410226C
Malicious:	false
Preview:	kSsLybDrf5QUHuNmGF9ilytX9PPQ5vl8JJGv0gyNjAqf6MfCzBgRgr6vjVLiLwwtTSK7obwkRw9lHNbxuNb3PTccMUMeUPBwN6LnBhXXP6AtrVnW4Yx8V3eAzsvUPRPBvNXLBxvNzDnSTsu1q0k6cCbUbLxTwDI8q88e7cUHmkJRQMrH73oZqTjsvDtz9cbv5omUuQ3NfdT13JDPeqV2ZsSWZQs4seHKIXVmjWWrAa4NArzl9eVSGiWNWP5eh8fAVItfxbpIUn29xEWraG4NJyDjAIQUa2JB44228TyiyN8cqXZR3ODbDR0gEJepKVrbe0E3MetGSWZ60l3nt8bMzs7mDVxyzIXdgh8zSfFYe6Ir24qdQ05M4emw3b00q4RJ85aSmDUO2Cr2jQuJpUi8NLjB4M61oPsko9s7dX0MgrT1wtMmrqKWVT6xWYYaGdjnUHNjhxpSdVcf1rPK9TJ7FVPVD4kE9ZGCIqhpgmE4B2290a6oJNbxTli811gnMlSDPZXLJkoWOP6McPem865w8SsgIixoGbrajzubDueiiEiEoVgmW4o

C:\Users\Default\Downloads\upfc.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\Default\Downloads\upfc.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\3D Objects\24dbde2999530e

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with very long lines (682), with no line terminators
Category:	dropped
Size (bytes):	682
Entropy (8bit):	5.858337525164033
Encrypted:	false
SSDEEP:	12:3yXzc3sT5ECLgZvIX/AQ5M4W6GfJM6VoPe5/GGMlwaYYY+aYQw/vKRV8+Ab5aB8/:3sBT5EagZAI4M4Wbv6Pe5OGMya9Y6NKa
MD5:	C82942D4E7DA781DA602C02BD3A2B9CB
SHA1:	3A4BFAF441F446D11094E17EE7994EC099E42467
SHA-256:	A45F7CC82B3B32401452CD5B38E77CD1CC0B5E2DA2048694B897518D8216E8EE
SHA-512:	96C84A461E8168A0A90EF13FD527D3B029B91C7806F584F692F8CD86992C6C3C897161CC24E0314B5CA372CE55E32DCB0C440BFCADFC30D578D32F0D82F83C5E
Malicious:	false
Preview:	tAxM2EPF3iFOQPhmoIvBiFYaHdy3fsEZgp5LQnElttQrnUyv3BBN3CHolWFZQWkKdqslUWVADKSzyrwwoCAdr1gdhRj4ipUXIGN7mNbgqAKtuSz4jTuOWHdmJODDxbbYz5qrdyJbkdxqrxtOboUP5FABmkyXJXtOiv3ymHavJTn2Tw5VeymIGMdt4pF3AvRNtiH544mTOjGmcIrzoc2UvlHWSJ46ChuXBaIupAbkMS3hG1Rv7POh37bIavmuApQqyskB96KoBSIcrkQb2I9xTNeE9AT4XrjgCNtXQPwAEkfky8b0eL11qdXkOgC9mQQUslae03KmW8ssr4PAjcZMzs0izIJtNxXyUL1Ni6AlAPervp3URBZK0EfAv2ortaZjk3YgCBcmcxLjNIxKPycLXN7Qq1cqST1k05H1QWRPjxrD25wmEeb48NLW5IzKjwUJ5ltRB533hNljg4XuEzly16lmuu5IgGpxdiHRMelJkiXvlm0AuFGtLgR99GhQ9vWahyG7xFijObNSi0AH34XbA5m7QHSF7UJyM7Nxg2NohgftS9aIGZXEX4ZlMIrpxdm3SZGlnNlArt4ea2pRrJ8h7EbRillXLh0D3lb32zf3xWXoA4LTda7oeF6N7yCBlOzK20lybwY2oFtlrxRnaS3ujMjypN5DwdRjgNvJTW1rBF

C:\Users\user\3D Objects\WmiPrvSE.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\3D Objects\WmiPrvSE.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\DVuCnBrdbI.exe.log

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1740
Entropy (8bit):	5.36827240602657
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkhHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkhtpaqZ4x
MD5:	B28E0CCD25623D173B2EB29F3A99B9DD
SHA1:	070E4C4A7F903505259E41AFDF7873C31F90D591
SHA-256:	3A108902F93EF9E952D9E748207778718A2CBAEB0AB39C41BD37E9BB0B85BF3A
SHA-512:	17F5FBF18EE0058F928A4D7C53AA4B1191BA3110EDF8E853F145D720381FCEA650A3C997E3D56597150149771E14C529F1BDFDC4A2BBD3719336259C4DD8B342
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WmiPrvSE.exe.log

Download File

Process:	C:\Windows\TAPI\WmiPrvSE.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\qJBfikDNRbrkF.exe.log

Download File

Process:	C:\Recovery\qJBfikDNRbrkF.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\wininit.exe.log

Download File

Process:	C:\Recovery\wininit.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Temp\fKhYlTVFkp

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.023465189601647
Encrypted:	false
SSDEEP:	3:uX/Wzn:uX/Wz
MD5:	255B9149120B341F6AA935BE56AB19DD
SHA1:	34B6376D4D0549E59AC95E143239D201C47E94DC
SHA-256:	04943BA88F56228769B08A31A3B3DD368CF0DE4766B0492976D905192A08C49B
SHA-512:	50C9C190ED5D32FD7ACEE0B81A530BF2CAF16B92F35A8E90BECBC13D5ED2539D731F0FAFA06D62B5D0642CBDF833277496EC27B7A1C50F00725505B5F0ACFE10
Malicious:	false
Preview:	RwJN0UGKyKFeBHUEaMseNKdUs

C:\Users\user\AppData\Local\Temp\vgX27OamF2.bat

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	193
Entropy (8bit):	5.188613503302655
Encrypted:	false
SSDEEP:	3:mKDDBEIFK+KdTVpM3No+HK9ATScyW+jn9mVxIPdASBktKcKZG1t+kiE2J5xAI8pq:hITg3Nou11r+DEbIKOZG1wkn23fNH
MD5:	37916A7BC9EE8477B1449B742C7ED9FD
SHA1:	E03ACC5A207BBA53330506BCD57201AD5432216A
SHA-256:	41D5F93F3A4A8B42DBA6185E8785117786118BD0FC2494D85C4A985F77888972
SHA-512:	2FC93A387217CA211AC98D8311F803FAC88EC176B25AAB722AA56B57553B5E7D6055BBCFBDF02A3A01B5E41E0EC17FD882DE72E08B468B946C264B8CC9053AC9
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 1>nul..start "" "C:\Windows\TAPI\WmiPrvSE.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\vgX27OamF2.bat"

C:\Windows\Downloaded Program Files\6203df4a6bafc7

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with very long lines (577), with no line terminators
Category:	dropped
Size (bytes):	577
Entropy (8bit):	5.849053877388583
Encrypted:	false
SSDEEP:	12:4a//TOkNWMCN4EheJfQ29oDRtP/zzgMZi:4yLVN5iIfoRtP3gMk
MD5:	BB104C6CE0E0E073F135428CC99E12A0
SHA1:	21F8BDB68DDCFA09220CF5637CFFA2C69FBA86AF
SHA-256:	79650ADA3D6BF2F9BF02478F7ED4BE739BE20FFD6A2EC5CB95819E9203FAA56B
SHA-512:	C9097EB9DC97620311D268BB6B3CB10E42FAFBB8A76649E53BDF5507D1C01EDE457BB27A60DF8DC291C57DB9731EFA84C55C41A7FD753E7EB9671E631A7B77BF
Malicious:	false
Preview:	Q3ZHPOxolzwBOzhMzIaQveUA2ylXbxgAQkp9USE5GORhr5ud1T9jxaxwiZObnaNyTvvoKh1gDeJhMwS7DHfHx6Mzw2b5DnSqBdO5JGSUccfTRQjwGRYf4FAWi61RG5caMdfshWx7zLpUb3igTozwOww6d2XNOAOhAEHxv0Otebqsap4pXU8bGqMZriPp9ksy7IUWwuvcaFSxGDfx7rz4CwaT2rGMljt4t2vSUi2njfAAYYTnDbrSuyvKrAdEni11WYEORNdZyLUgva5dYcJJ2bJ5GklTFy9AoJnAUEW08SdidPYQF9qLZs94OJHrlJTAMT2lx5ITGSLj7lb0LVOFHyk5KsvL7pOy8dWKXxcJ1WEGhZ6nrRfQ4O2Xs6bEJ7WbEWleORdY2EOvudYvvIdqJ84tk9bbVYA3AnCLybYaxGXzAHmOhpSAdqRGb14PzCCeEUuHbN7UuD2DlEtdWM3qF9aUV6t6hIkuD2vqWfxTs8QaxNfXIb3nIWYE3avfeBwlcHAsSCG0Yk7HtAgHbVxFP7mqerw6uSzrLp7pNwEGVCOiYRU33oDINqVffTNlPKGGv

C:\Windows\Downloaded Program Files\lsass.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Downloaded Program Files\lsass.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\SchCache\886983d96e3d3e

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with very long lines (707), with no line terminators
Category:	dropped
Size (bytes):	707
Entropy (8bit):	5.872241343091053
Encrypted:	false
SSDEEP:	12:2rxnsyaBRSXlu6yHmY+zutcsTVfpJg2o900+inp2uJRpfTUcwuMnw7AQ:21syaB0Xlu6Y+Ec4XJPoCripNguew7AQ
MD5:	7F1BD316F4F501FA10F59512AA9B53B0
SHA1:	E6D51128D2B707BCD75572E19E9BB60794289155
SHA-256:	E339720A0012B3F24EB6B136BE090C16F9BC2B66A8949B7088DE6BD2577EEBE2
SHA-512:	3F67074CD16B0A93AAE870ACB6FA873B6E31FEF9AD3C97E80D037C6C9A576CA9FC260F4956F15EF569948F27D90AFB59843B21AB590EE20C86300E7EBA294576
Malicious:	false
Preview:	uNsDRMW3CFOqdfTcK3ic0K5IxIWQ0CuZ1f5IwcCBPVHA1Ewaujq9Fy1jRkPJ0FD9Vzz8jLqr1hNeC4QtV5fQWuUCoV0MM2KJSIpCPy0j39HhlWgWTgy4kwnlewTNVee9WEL4PNdgF6XWmwbRzd2qEQjgfDicenNZeIKgLmHGDRznZQ9sVCY1my4GepZMpACbs71dl4GMWvnxa5HOEzHcPWxqNECfN4bCOY4bYfGb5Lf0KHpihKHz3kMWKLPh2k8bUliCBqzjtqgD06fGYd8DwlIoMiQNPjiVMDfjimh1UiGNEIgNpJIZm5otc40camTKHL0wa6iw5HsOf5kDCCiGbJtRZwHnwEbsP5F2RtxtlWdeMaNhUxaXEMs7cjXoz490qA8jzrvSPyfEpOE9jjT8oDnCNIasWI4qWnyMbnsnBIIPqoSNfYEPkBMmW5WrQD5G4ysBZ2h51q7f5YVjzMN8EoGVbLzfRBW8MBV25Qyn0JY4Dqr8jx1Dz7CPsXkNCBn0T8S3CdnjYkH4QLRud16eJTIP9FJhpkkyfhlFXy5GJRpPzH8gGztLFJq9zD36TG3x9SZskMXp5zU1o3a2Hnb01ZtV1lPU48wDY1PgrP64cEQPzyV6mBzqoD6kjD197Cu6DQdwo4K1rhXxIdgCPSr3JGZU5o6nX76ZTTMiUjSs079HpJbFhztoV1w71J097gduk7e

C:\Windows\SchCache\csrss.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\SchCache\csrss.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\TAPI\24dbde2999530e

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	235
Entropy (8bit):	5.736662402792605
Encrypted:	false
SSDEEP:	6:DQOd61mebsEzWTuhY8crw9aRyA3JaNoxjqz3RhLn:Dtd6Z0i+juqx3JLjqjnn
MD5:	780328A5E4411CC82D078C59BBDA397A
SHA1:	E71CF7C5E8711A3CE00CC9ABCE959204FC5ACBF6
SHA-256:	3BD78245C60C9601B3E6E83CE194B1BCFF4ADFA1E0956E3C0525F353FCD316C1
SHA-512:	90F5BE7ADC9C6F4001F160B58F9E87592BA694D9285BBFDF82F447516058ADA10EEC3E2889F7A87ECCB88159E5E105203504EB9F53063F5843374857263AA810
Malicious:	false
Preview:	lh8xbsiSaJdKCt22RndXho0XyXim627IGI1duIv3vrdxeX6ATgrsaor7rk9DJ5WhMUD32ZHJ1kmzKC3aaiTZLOsca3vKIstzU6kJTDH3Yh1zC1woqimlm6V8mld9o6AJ0wfOcuGXaZBoW2ajHGejFINXkmgsjIPchs9PWhM5bPKM5rltL31hcaEsiHnzNYxSKjGo3KNj4iI08Ac3AwgqRr9GnRqP3WsDb2BWk60BqSn

C:\Windows\TAPI\WmiPrvSE.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\TAPI\WmiPrvSE.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\Temp\Crashpad\reports\24dbde2999530e

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	104
Entropy (8bit):	5.485980463104572
Encrypted:	false
SSDEEP:	3:RXkJkXfHXfiSowUKEj0G3v6pTRsY/KpuWHHU+uLCn:isfXfxo3KE7f6ptCpuWnUH2
MD5:	19DC14C2429BC548C1E84BB4B1A4DF9C
SHA1:	41804EC18D8D86EBF48DA44C417612A73584E24D
SHA-256:	A0309DAD4A9BAED23483C970088CFE1D872371B658BD608F10AD56A9353E56CD
SHA-512:	6565E5F1D644D8C04092F153355C809A7396530DB6B80F07653D4F60714F82417FA6DD7E32D21B5064055D0AAE9DD31CAAC898B7788833CB62436018EDF32189
Malicious:	false
Preview:	6lNrA1fAtArx8akbrzEQAwJUHgixUPna2Eo0lQh2aSI8AGV8QcNU0cFKb3kdTsqdWR54vtzaRMzroLUAKkg2CTjZ8eZsqEjsmomsLbNg

C:\Windows\Temp\Crashpad\reports\WmiPrvSE.exe

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1063936
Entropy (8bit):	6.66331526987461
Encrypted:	false
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
MD5:	B321FBC4A5947B5E623708E11A166692
SHA1:	A47346617FE2B1DDA2920A23179DAF9B36BBB06E
SHA-256:	D1396A1EC855BD2CD988D0473161C5FBA7AC170BA8E2F31B00D2689B517A0F22
SHA-512:	6CBDBF2300C23D8026CC9A821C0D54F120589B9FEE26EFACA720250632A76E30CDFFF9CE3B02063DC622F2B46D8E54383CBDCB9B9B13048307B78B78A8AB20EA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6....... ... ...@....@.. ....................................@.................................. ..K.................................................................................... ............... ..H............text........ ...................... ..`.sdata.../...@...0..................@....rsrc................6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\Crashpad\reports\WmiPrvSE.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\DVuCnBrdbI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.66331526987461
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	DVuCnBrdbI.exe
File size:	1'063'936 bytes
MD5:	b321fbc4a5947b5e623708e11a166692
SHA1:	a47346617fe2b1dda2920a23179daf9b36bbb06e
SHA256:	d1396a1ec855bd2cd988d0473161c5fba7ac170ba8e2f31b00d2689b517a0f22
SHA512:	6cbdbf2300c23d8026cc9a821c0d54f120589b9fee26efaca720250632a76e30cdfff9ce3b02063dc622f2b46d8e54383cbdcb9b9b13048307b78b78a8ab20ea
SSDEEP:	24576:AOi7d/ahrZdwX405yXNI90r0JI3jX0OcsrBW:AOiW9qFc0O7
TLSH:	273538017E44CE11F41913B7C2EF464887B098916AA6E32B7CBA77AE15163973C8DDCB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....rb.....................6....... ... ...@....@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x5020ee
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6272A3D7 [Wed May 4 16:03:35 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1020a0	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x108000	0x218	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x10a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1000f4	0x100200	664672638b50d6ebaa21f86b0c593089	False	0.6081415477061981	data	6.700597879848089	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.sdata	0x104000	0x2fdf	0x3000	c38d31f50e14a3c0950c2f45979618bf	False	0.3101399739583333	data	3.242568439257861	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x108000	0x218	0x400	5eb484eaeccc80f00d16297b92d5256f	False	0.2626953125	data	1.8344366501290008	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x10a000	0xc	0x200	65380f6ed4b0acdeba7711d3bb88095f	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x108058	0x1c0	ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970	English	United States	0.5223214285714286

Imports

DLL	Import
mscoree.dll	_CorExeMain

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	01:56:52
Start date:	25/04/2024
Path:	C:\Users\user\Desktop\DVuCnBrdbI.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\DVuCnBrdbI.exe"
Imagebase:	0x7ff7699e0000
File size:	1'063'936 bytes
MD5 hash:	B321FBC4A5947B5E623708E11A166692
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1684981326.0000000003735000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1686893087.0000000012F31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1684981326.0000000002F21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	01:56:53
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	01:56:53
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	01:56:53
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	01:56:53
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 6 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	01:56:53
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	01:56:53
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 13 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	01:56:53
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\windows multimedia platform\qJBfikDNRbrkF.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	01:56:54
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Program Files (x86)\windows multimedia platform\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0xbc0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	01:56:54
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\windows multimedia platform\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	01:56:54
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 13 /tr "'C:\Users\Default\Desktop\qJBfikDNRbrkF.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	01:56:54
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Users\Default\Desktop\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	01:56:54
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 8 /tr "'C:\Users\Default\Desktop\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	01:56:54
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 14 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	01:56:54
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	01:56:54
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 12 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	01:56:54
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 13 /tr "'C:\Windows\TAPI\WmiPrvSE.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	01:56:54
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Windows\TAPI\WmiPrvSE.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	01:56:54
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 8 /tr "'C:\Windows\TAPI\WmiPrvSE.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	01:56:54
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 8 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	01:56:54
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	01:56:54
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 13 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 11 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 7 /tr "'C:\Recovery\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 7 /tr "'C:\Recovery\wininit.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\Recovery\wininit.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 13 /tr "'C:\Recovery\wininit.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 14 /tr "'C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Recovery\qJBfikDNRbrkF.exe
Wow64 process (32bit):	false
Commandline:	C:\Recovery\qJBfikDNRbrkF.exe
Imagebase:	0x5f0000
File size:	1'063'936 bytes
MD5 hash:	B321FBC4A5947B5E623708E11A166692
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001D.00000002.1750646364.0000000002971000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001D.00000002.1750646364.00000000029AF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 82%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkF" /sc ONLOGON /tr "'C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe"
Imagebase:	0x490000
File size:	1'063'936 bytes
MD5 hash:	B321FBC4A5947B5E623708E11A166692
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001F.00000002.1755394202.00000000026D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001F.00000002.1755394202.000000000270D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 82%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "qJBfikDNRbrkFq" /sc MINUTE /mo 14 /tr "'C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Recovery\wininit.exe
Wow64 process (32bit):	false
Commandline:	C:\Recovery\wininit.exe
Imagebase:	0x680000
File size:	1'063'936 bytes
MD5 hash:	B321FBC4A5947B5E623708E11A166692
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000021.00000002.1754740131.000000000291D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000021.00000002.1754740131.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 82%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Recovery\wininit.exe
Wow64 process (32bit):	false
Commandline:	C:\Recovery\wininit.exe
Imagebase:	0x320000
File size:	1'063'936 bytes
MD5 hash:	B321FBC4A5947B5E623708E11A166692
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.1748954073.0000000002591000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\Idle.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Windows\TAPI\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\TAPI\WmiPrvSE.exe
Imagebase:	0xdf0000
File size:	1'063'936 bytes
MD5 hash:	B321FBC4A5947B5E623708E11A166692
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000024.00000002.1755299818.0000000003051000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 82%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\Idle.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Windows\TAPI\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\TAPI\WmiPrvSE.exe
Imagebase:	0xad0000
File size:	1'063'936 bytes
MD5 hash:	B321FBC4A5947B5E623708E11A166692
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000026.00000002.1755435217.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000026.00000002.1755435217.0000000002E2D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	01:56:55
Start date:	25/04/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows photo viewer\en-GB\Idle.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 00007FFD9BAB05ED Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8de468b24bbe6d0d833008d08e2211e5a9cd934b47add7eed1f812f871fb83dc
Instruction ID: e133d2acf3289351f7edfb0abd6e88958f7efe4b455899ab86ad291cb87a9f10
Opcode Fuzzy Hash: 8de468b24bbe6d0d833008d08e2211e5a9cd934b47add7eed1f812f871fb83dc
Instruction Fuzzy Hash: AA915803B0F6E50BE33163ED6C751E96F50EF91769B0D42F7E0A8890E7EC546A46C688

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB05A0 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c95b7c5ba162cc00e5dd727064a145bd52025b9d09f6a85e725bdd037dfa354
Instruction ID: cb8ea012bc0e391fef9d8a59e12f13256a506b0e857c773b9e0f8e6dfb285890
Opcode Fuzzy Hash: 6c95b7c5ba162cc00e5dd727064a145bd52025b9d09f6a85e725bdd037dfa354
Instruction Fuzzy Hash: 32813703B0FAE50BE33163ED2C751E96F50EF51769B0942F7E0A8890E7EC546646C789

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0615 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1119dcf378a87281ca6bea1d01e5a4dfe3061b551292854699616dcbe91a80c
Instruction ID: 3717a776a3a81640c1aaeedc94bbd659a10a722ce0f02d92c39ffd9d08eae40c
Opcode Fuzzy Hash: b1119dcf378a87281ca6bea1d01e5a4dfe3061b551292854699616dcbe91a80c
Instruction Fuzzy Hash: 84814803B0FAE50BE33163ED2C751E96F50EF51769B0942F7E0A8890E7EC546A46C684

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0638 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d87e5b3a53d7087557463bc7ec59224b344e6239dc9684f31ef618b18dfbb8e1
Instruction ID: ed7174e8e1d1220069f1d8a0bec9dcaa6e497b73a840a4f159320deeb4485a5f
Opcode Fuzzy Hash: d87e5b3a53d7087557463bc7ec59224b344e6239dc9684f31ef618b18dfbb8e1
Instruction Fuzzy Hash: 11815712B0FAD50BE33563EC6C651E97F90EF51365B0942F7E0A8CA0EBEC54A646C784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB1688 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b41c5ca2fd6a014785d6f95ed7bb979973fb78243aad2aea10a5160433a253e2
Instruction ID: 3d8f86345f37ff06bb6b710f10a9e1c44ece2eae8da0e807bd152667ac3d1f14
Opcode Fuzzy Hash: b41c5ca2fd6a014785d6f95ed7bb979973fb78243aad2aea10a5160433a253e2
Instruction Fuzzy Hash: 4081DD31B29A594BDB58DF5888605B977E2EFE8300F15416AE46DC32A6DE70AD02CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB060D Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a110b98291ba63882a7bfe72008b01630c473516f0fd34f3b682f0616843bce1
Instruction ID: 32b0d58c0e305a0b4bb2b3665cb106b01136dba6181b7eb58dbab7ddc9fad30f
Opcode Fuzzy Hash: a110b98291ba63882a7bfe72008b01630c473516f0fd34f3b682f0616843bce1
Instruction Fuzzy Hash: 96815803B0FAD50BE33563ED2C751E96F50EF51769B0941FBE0A8890E7EC54A646C788

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0640 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0370e4f0a5a7bc902cca6aa33a7287e267b281593314e61477cf43d966d9265
Instruction ID: 57101ccb14c81446171961d1182ea2a0ff57fb46fac6c43c6fe032facbefa4b0
Opcode Fuzzy Hash: f0370e4f0a5a7bc902cca6aa33a7287e267b281593314e61477cf43d966d9265
Instruction Fuzzy Hash: A3715A03B0FAD50BE33163ED2C751E96F50EF51769B0941F7E0A88A0E7EC54A646C788

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB35FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 655680ee0bb10a9735ea742a93b72747a4a49295b0d1fe27344f4d8ed597af70
Instruction ID: dbf72d2bd76700aba08501b64550acede6ea6ca17e9ede4a48c8e0b6fce3d8df
Opcode Fuzzy Hash: 655680ee0bb10a9735ea742a93b72747a4a49295b0d1fe27344f4d8ed597af70
Instruction Fuzzy Hash: EB71B272A1994D8FE798DB68D8657AD7BE1FF5A324F4002BED01DC72DACBB424018B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB1CCD Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 409451d532567073f24ef504f226e933f29c4a783ea6fe67e90a37df357f72ec
Instruction ID: 92c6894c53222e9f1e948056a0b9b28fb0dc1cc5760eefc76ff27e4949faa114
Opcode Fuzzy Hash: 409451d532567073f24ef504f226e933f29c4a783ea6fe67e90a37df357f72ec
Instruction Fuzzy Hash: D251C131B18A994FDB58DF5888645B977E2FFE8300F15417EE46AC7296DE70E802CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC4E80 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1a9f71598ec9f3e8a1317e7d809f6d3fc5794fb10ebe5c857486287e8fade28
Instruction ID: 508c3b34e4cc4f5407d08bcf83115997b4af5d430d0c23f2e4cb3d4a928ba050
Opcode Fuzzy Hash: c1a9f71598ec9f3e8a1317e7d809f6d3fc5794fb10ebe5c857486287e8fade28
Instruction Fuzzy Hash: C2512C70E19A1D8FEBA4EBA8C859BADB7F1FF58300F01016ED00DE72A5DE7569418B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB20E5 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9185fe874e122a0d658cc69d91f5c1745ec2cfe39f16300a7813a9d9f40d7bd1
Instruction ID: 4c3740bdd8192d1319fa83af144a97be102d4f74e6414eb162d94bbeb6e13d29
Opcode Fuzzy Hash: 9185fe874e122a0d658cc69d91f5c1745ec2cfe39f16300a7813a9d9f40d7bd1
Instruction Fuzzy Hash: 33416B31F0E65E0FE765DBB8A8651B87BD0EF45310F0605B7E02CC71E6DD68A9418B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB31E1 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 741878aaa496347687441c35b4e6f61f688be98a106b180ac0db941eb61c14a4
Instruction ID: 9cf369de20c12ce648a1e67a7004e5228bc378e3cb4bde44b32cda813cc94756
Opcode Fuzzy Hash: 741878aaa496347687441c35b4e6f61f688be98a106b180ac0db941eb61c14a4
Instruction Fuzzy Hash: 85513A31E0961D8FEB64EB98D4646EDBBF1EF59300F51417AD019E72A1DA78AA44CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0805 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca2456a5adc69a729d6514f3009b95c356ecfd46c37c162ded7aa0f5588568ed
Instruction ID: 9706fb0df71a9c6b1044cdb34e6a7e26d962a417787e860b1347ab3fe7419a5b
Opcode Fuzzy Hash: ca2456a5adc69a729d6514f3009b95c356ecfd46c37c162ded7aa0f5588568ed
Instruction Fuzzy Hash: EE21BB22B0E69A5BE73567FD9C391E97B90FF11318F0945B7E0ACCA093ED04A256C684

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB3575 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38107501a9c56d4a6e55f7cb9acc918c8a8273c8fda9ba6aa2c89e2220d82564
Instruction ID: df4d86d04c9eed8f376233607be68a98adae8b7a622fb60aa77f3f34939fac68
Opcode Fuzzy Hash: 38107501a9c56d4a6e55f7cb9acc918c8a8273c8fda9ba6aa2c89e2220d82564
Instruction Fuzzy Hash: E021B030A0A65E4FEB68EB64C865AF977E1FF58304F0105BAC02ED70E5DF69A5058B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB33D8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c70d16c9bc13283166fab5ed4e8d3bfc78d014d008e46bc71b584dfc2076a52e
Instruction ID: 7013fde3b1fd1fae4e2bc050b1dd6a279167a54e54c33d1401f67bd1eecaf2c7
Opcode Fuzzy Hash: c70d16c9bc13283166fab5ed4e8d3bfc78d014d008e46bc71b584dfc2076a52e
Instruction Fuzzy Hash: 7521FF3094E29E4FD743ABB488685A97FF0EF4B301F0A04F7D458CB0B2DA689586CB11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0A01 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73536f299856aa320536df664c4ce6053c701a18e94bfdbe8910933ab88b8cd1
Instruction ID: 04d7a10f851ba165517e59dafdc228eb3f24f12a6e86669ada11708bc05f02a9
Opcode Fuzzy Hash: 73536f299856aa320536df664c4ce6053c701a18e94bfdbe8910933ab88b8cd1
Instruction Fuzzy Hash: 7E11C431E1951E4FE7A0EBA8C8695FD7BE0FF58700F4149BAD42CC70A6EE74A6408B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB112D Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a2a4ef7612eefd8dd07efbb2d0da32d565cebfdb843368459d197edd5419b25
Instruction ID: 1bbbf969161a54818f82e1ca253dd59b4265b899882cf84be8bcb6d5a7ef730a
Opcode Fuzzy Hash: 7a2a4ef7612eefd8dd07efbb2d0da32d565cebfdb843368459d197edd5419b25
Instruction Fuzzy Hash: C2110870E1965E4FEB699BA8D4782B97BE0FF66300F4101BFD029C60E2DE756500CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB34F5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef1ea290e6d42e42000b5af6237488d2897581a77d34b84afdc10d62e59f3c55
Instruction ID: 0e69fd2f0e095b3b54f325452a52d8845984282b1b2606a2be88dcea22d3393b
Opcode Fuzzy Hash: ef1ea290e6d42e42000b5af6237488d2897581a77d34b84afdc10d62e59f3c55
Instruction Fuzzy Hash: 69115270A0969E8FDB58EFA4C869ABD7BE0FF18300F4105BFD429D71A1DB75A5408B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB2E81 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2443d4d2bf91cb661086054a78c15a884fd33ebdb847280a55f534a2bb95e7ad
Instruction ID: c24b4c772acb49da84ff0451bf6aaf18152e6346cad1f5cb95887d86d02b460b
Opcode Fuzzy Hash: 2443d4d2bf91cb661086054a78c15a884fd33ebdb847280a55f534a2bb95e7ad
Instruction Fuzzy Hash: 70017131A1A65E4FE761EBA488985A97FE0EF59300F0645B7D428C70A6EA74E5448B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB05D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c9f91f2aa05f15a4da928ca24d62f931fd0f88ed9211e1162fadd741b37d780
Instruction ID: b6c746f0895b80b29dc07a64f5e8666d73f23be0b084cccf9146f269fe2f90d8
Opcode Fuzzy Hash: 8c9f91f2aa05f15a4da928ca24d62f931fd0f88ed9211e1162fadd741b37d780
Instruction Fuzzy Hash: 99019230A1551E8FDB98EF64C0A46B977A1FF69304F61447ED41EC31A4CA71A650CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB285D Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5334a021e37d28c88c982a7631822eb0a6243314357066150a4e6729cd09f65
Instruction ID: 5e57049fc884c8877b84435b95ba1f1290f83bcafb0e7e1019880025ab06ee09
Opcode Fuzzy Hash: f5334a021e37d28c88c982a7631822eb0a6243314357066150a4e6729cd09f65
Instruction Fuzzy Hash: D3018430A1A65E8FE761ABE484995E97FE0EF19300F4245B7D428C60B6EE74E1408B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0F2F Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce394d735dec543743e553782bc944ba7f15f921eee2d3de7562ee3faae378b4
Instruction ID: d2c67955a3595b8430f8418465e24c6e161be551325ed19c53f35b25a5b29eea
Opcode Fuzzy Hash: ce394d735dec543743e553782bc944ba7f15f921eee2d3de7562ee3faae378b4
Instruction Fuzzy Hash: E1019231B0981D8AEB68EB94C865FED7761FF54300F114275901DD71AACE34A9418F80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB2EF9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab65bba8d3bb80ac34ccccfcd267ef4dc235ba0b3c2c222cfd1de69982af08b0
Instruction ID: 1d02e62f223bd114c088083710a94605ed05bb62f7741b60974d2ab536595c2e
Opcode Fuzzy Hash: ab65bba8d3bb80ac34ccccfcd267ef4dc235ba0b3c2c222cfd1de69982af08b0
Instruction Fuzzy Hash: E5018430E1D75E4FD752ABB484695A97FE0EF0A304F4648F3D41CCB0B6DA78A5548B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 306f5d496c01ff1d2cde98b20a3eb47802c1fafc02c4abeac2c8ad49e3bdb9af
Instruction ID: 02cacc47d19eb8c852834a22c5f375dc9e0d15e8dad566a0114b6482a6ada3ef
Opcode Fuzzy Hash: 306f5d496c01ff1d2cde98b20a3eb47802c1fafc02c4abeac2c8ad49e3bdb9af
Instruction Fuzzy Hash: C8018630A1560E8FDB59EFE4D4685B977A0FF18305F11447ED42EC61E5DF75A550CA00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef3588c75ba4cdba85580717df88d5d9c1ecadefb265077344202106120e19c2
Instruction ID: ab83a0bc3c7fb14a8016a2113fa962ff965742b5db6e8ad04e5e6499d7318e78
Opcode Fuzzy Hash: ef3588c75ba4cdba85580717df88d5d9c1ecadefb265077344202106120e19c2
Instruction Fuzzy Hash: AD018130A1961E8EEB59EFA4D4686BA77A0FF18305F11087ED42EC21E5DE75A290CE01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB1C4D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d1fa7fb1c682072356758bbd22e39074f6820b764d3d1aa961b0b7df342df18
Instruction ID: 968150925a9efb1e5545c88738aed97fa7bea90165cb142487c53be95fbf90b4
Opcode Fuzzy Hash: 6d1fa7fb1c682072356758bbd22e39074f6820b764d3d1aa961b0b7df342df18
Instruction Fuzzy Hash: B601F93091A64E8FDBA8DF54C4652F97BA0FF66300F51007EE81CC31A1DBB59550CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB1140 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57187a8b10ecb305e732779d36fee088fe683706259ec64d59af31833a5cc0da
Instruction ID: 5de61c57f1f3216d28a4f286cf0b785c843b0560eb32e5fba2cb49f21f6adedc
Opcode Fuzzy Hash: 57187a8b10ecb305e732779d36fee088fe683706259ec64d59af31833a5cc0da
Instruction Fuzzy Hash: 42F0A970E2966E49FB645B9898643BA77E0FF65315F00017FD42DC10E1DE7412148A40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 274c55d3a452552f58e9bcc41da469368e8d577383378d8a5cc5ae3ba1ae3922
Instruction ID: c5a87800d8ff05ca923f8278b0a8c06b7cb6bc141d6901563d823bfcfa46346e
Opcode Fuzzy Hash: 274c55d3a452552f58e9bcc41da469368e8d577383378d8a5cc5ae3ba1ae3922
Instruction Fuzzy Hash: DEF0FC30A1A55E8FEBA4EF6484655F97790EF65309F51407AE81DC30E1CB75A560CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB2779 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e8dc89a7cecace8b7b15754a6f2c694d5ac6ef56fdefb4d58876028092c3ecb
Instruction ID: d1ba5fa8f813d576aa565389befc3312df3a1f9ee07e97b7182c77ae36d03b3e
Opcode Fuzzy Hash: 6e8dc89a7cecace8b7b15754a6f2c694d5ac6ef56fdefb4d58876028092c3ecb
Instruction Fuzzy Hash: B9F09631D1E38E8FDB569FA498781A93B60BF05304F4204BBD419C60E2DB38A594CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB27ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2409e209c74af0a55ca4f1eb4d9f0680392e8e6c3712068b1d092e5bb0085e70
Instruction ID: d5aaef14363c7c9a572dbb2b770060ec4d4bd011575062b15aa4b565e76d500b
Opcode Fuzzy Hash: 2409e209c74af0a55ca4f1eb4d9f0680392e8e6c3712068b1d092e5bb0085e70
Instruction Fuzzy Hash: CCF0F030A1E78E8FEB699FA088252B93FA0FF15304F0104BAD42CC60E6DB799550CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB6532 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1692484505.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9bab0000_DVuCnBrdbI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2358ec0273479f814d3d2455d31ca6c90b2b36a02af6faf863bb779323ca33f4
Instruction ID: 72b73a0b2c73c47292b5fb8397f85be422b5cf5a5069ef32f089f576b69c4b47
Opcode Fuzzy Hash: 2358ec0273479f814d3d2455d31ca6c90b2b36a02af6faf863bb779323ca33f4
Instruction Fuzzy Hash: A1E0ECB0D1992D8EDBB4DF4884A4B6CB6B1EB04300F5104FDC11DD3290CE305A808F04

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: qJBfikDNRbrkF.exePID: 7436, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9BABF047 Relevance: 3.8, Strings: 3, Instructions: 65COMMON

Download Yara Rule

Strings

k, xrefs: 00007FFD9BABF147
B, xrefs: 00007FFD9BABF863
{, xrefs: 00007FFD9BABF05B

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9babf000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID: B$k${
API String ID: 0-3120343438
Opcode ID: 5cf6094c6ae0fa30997da4f64a96a1235b089e1c3e46e54f3e632f96d629e3c1
Instruction ID: 9f363df9a73316ed235c970d836e699c60bd70f20ba696bfeea3edcd55188d1c
Opcode Fuzzy Hash: 5cf6094c6ae0fa30997da4f64a96a1235b089e1c3e46e54f3e632f96d629e3c1
Instruction Fuzzy Hash: 8F311670E0962E8EEB78DF54C8607A9B6B2FF54301F0501FAD05D96292DBB96A80DF01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABDA45 Relevance: 2.5, Strings: 2, Instructions: 42COMMON

Download Yara Rule

Strings

\, xrefs: 00007FFD9BABDB6D
;7, xrefs: 00007FFD9BABDA4F

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9baba000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID: \$;7
API String ID: 0-1127756331
Opcode ID: 7a9c379fc744515e733beb383147c1cecb8ac571f36a723532df277862603699
Instruction ID: 623a49703ae2b3f0a4d4fe49c4f9e33c3473c0c886012d059a2e1bd0e876119c
Opcode Fuzzy Hash: 7a9c379fc744515e733beb383147c1cecb8ac571f36a723532df277862603699
Instruction Fuzzy Hash: 6111CC71E0911D8FEB14DFC0D4E06FCBBB1EF54315F25002AD05AA66A0CAB96981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC2F38 Relevance: .5, Instructions: 462COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eca3e42e194dd9372866be6cde2a6d688615e7d996d24b436baa51d471cd61ae
Instruction ID: 8a1e3f8a715ba0270fd727d3aa551a47d136fecfdb8e29c4f96fd078db7b1894
Opcode Fuzzy Hash: eca3e42e194dd9372866be6cde2a6d688615e7d996d24b436baa51d471cd61ae
Instruction Fuzzy Hash: 6321A721A0E6CE4FEB52BB7488695B97FF0AF16304B0645FBD468CB0A7D964A504C742

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABD559 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9baba000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad7810c330559ed812317061ce43240881f50abe88f17f5a61b2537f2b565a6b
Instruction ID: 1aa2ec43685dd7abcfea3d71199941d69d74b03bfe585d42f60ad3c40741e40e
Opcode Fuzzy Hash: ad7810c330559ed812317061ce43240881f50abe88f17f5a61b2537f2b565a6b
Instruction Fuzzy Hash: E4E16D71E19A5D8FEB68DF98C8A4BA8B7A1FF58304F0041BAD05DD72A2CE746941CF01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB05ED Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85bc951ada64738d3d8e32fd11f6348ff8a3dd5309b937b1fd5ecff051fcd3eb
Instruction ID: e133d2acf3289351f7edfb0abd6e88958f7efe4b455899ab86ad291cb87a9f10
Opcode Fuzzy Hash: 85bc951ada64738d3d8e32fd11f6348ff8a3dd5309b937b1fd5ecff051fcd3eb
Instruction Fuzzy Hash: AA915803B0F6E50BE33163ED6C751E96F50EF91769B0D42F7E0A8890E7EC546A46C688

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB05A0 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9293681fc23135744f616b19b2f50b257dcf9003ce4f6dd11264a1e2303aa06a
Instruction ID: cb8ea012bc0e391fef9d8a59e12f13256a506b0e857c773b9e0f8e6dfb285890
Opcode Fuzzy Hash: 9293681fc23135744f616b19b2f50b257dcf9003ce4f6dd11264a1e2303aa06a
Instruction Fuzzy Hash: 32813703B0FAE50BE33163ED2C751E96F50EF51769B0942F7E0A8890E7EC546646C789

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0615 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6845c08e97caafe6e3f17ef733dca335c75270a1f5d9bd7c70fd1b1143d6ef1
Instruction ID: 3717a776a3a81640c1aaeedc94bbd659a10a722ce0f02d92c39ffd9d08eae40c
Opcode Fuzzy Hash: e6845c08e97caafe6e3f17ef733dca335c75270a1f5d9bd7c70fd1b1143d6ef1
Instruction Fuzzy Hash: 84814803B0FAE50BE33163ED2C751E96F50EF51769B0942F7E0A8890E7EC546A46C684

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0638 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53aabdb67b825504e326aca6e0ebc5ec20e1ffd6c75ff2ca676f22bbb367f4ed
Instruction ID: ed7174e8e1d1220069f1d8a0bec9dcaa6e497b73a840a4f159320deeb4485a5f
Opcode Fuzzy Hash: 53aabdb67b825504e326aca6e0ebc5ec20e1ffd6c75ff2ca676f22bbb367f4ed
Instruction Fuzzy Hash: 11815712B0FAD50BE33563EC6C651E97F90EF51365B0942F7E0A8CA0EBEC54A646C784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB1688 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b41c5ca2fd6a014785d6f95ed7bb979973fb78243aad2aea10a5160433a253e2
Instruction ID: 3d8f86345f37ff06bb6b710f10a9e1c44ece2eae8da0e807bd152667ac3d1f14
Opcode Fuzzy Hash: b41c5ca2fd6a014785d6f95ed7bb979973fb78243aad2aea10a5160433a253e2
Instruction Fuzzy Hash: 4081DD31B29A594BDB58DF5888605B977E2EFE8300F15416AE46DC32A6DE70AD02CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB060D Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81c444a8595be473f148839d3cb3739a00fe9e8a0952209b2618b04bc445967a
Instruction ID: 32b0d58c0e305a0b4bb2b3665cb106b01136dba6181b7eb58dbab7ddc9fad30f
Opcode Fuzzy Hash: 81c444a8595be473f148839d3cb3739a00fe9e8a0952209b2618b04bc445967a
Instruction Fuzzy Hash: 96815803B0FAD50BE33563ED2C751E96F50EF51769B0941FBE0A8890E7EC54A646C788

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0640 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 585320a09f7b2275e850f770e867c7b5cd7f990f7e33605de3959d8e6641e06b
Instruction ID: 57101ccb14c81446171961d1182ea2a0ff57fb46fac6c43c6fe032facbefa4b0
Opcode Fuzzy Hash: 585320a09f7b2275e850f770e867c7b5cd7f990f7e33605de3959d8e6641e06b
Instruction Fuzzy Hash: A3715A03B0FAD50BE33163ED2C751E96F50EF51769B0941F7E0A88A0E7EC54A646C788

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC35FA Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6c756f76af75277f6004eb14b777ac13bbebbf7a2a2502cda0b63924c7057e9
Instruction ID: 05c94ab8e2b7f2c3633d186b99b206965e2b3317a0f8ff6d2d48e4fc04c73e4c
Opcode Fuzzy Hash: e6c756f76af75277f6004eb14b777ac13bbebbf7a2a2502cda0b63924c7057e9
Instruction Fuzzy Hash: 3C515A2370A95D1AE720FB6CFC658F9BB90EF82377B0407B7E198CA092DD2164498790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB35FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09e641f397cd31a3e8b18a935abaf553a66f907af14894d99426a05616b918cd
Instruction ID: 31f468c4a64d27b2ca0f3401b0b2d036c240d9c7b4662b7f0c5772f389f173cb
Opcode Fuzzy Hash: 09e641f397cd31a3e8b18a935abaf553a66f907af14894d99426a05616b918cd
Instruction Fuzzy Hash: 4771A272A1994D8FE798DB6CD8657AD7BE1EF99314F4002BED01CD72DACBB428018B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC3795 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1242f484d0e841d130979afb2d17ae8a18410a724a96d4cff95d387c27c736c8
Instruction ID: 59d85c5926bd000e60cd05178107109271004a795087c719e0ed0b3b0dd0e2f0
Opcode Fuzzy Hash: 1242f484d0e841d130979afb2d17ae8a18410a724a96d4cff95d387c27c736c8
Instruction Fuzzy Hash: 9C81C870E0961D8EEBA4EBA8C8657FDB7F1FF58300F5141AAD00DE7291DE785A848B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABBD59 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9baba000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cb57239ef0bb41d4294bb99a2e2abeb30c7841d24758a54588102c8265ab770
Instruction ID: c385ffbe9fc048e17e2aaff0b953d41cac1f06dec05528e8acd291a8a0cad538
Opcode Fuzzy Hash: 0cb57239ef0bb41d4294bb99a2e2abeb30c7841d24758a54588102c8265ab770
Instruction Fuzzy Hash: 33711D70E0952D8EEBA4EBA8C4657EDB7F1EF58300F51417AD01DD32A2DE786A458F40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB1CCD Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 409451d532567073f24ef504f226e933f29c4a783ea6fe67e90a37df357f72ec
Instruction ID: 92c6894c53222e9f1e948056a0b9b28fb0dc1cc5760eefc76ff27e4949faa114
Opcode Fuzzy Hash: 409451d532567073f24ef504f226e933f29c4a783ea6fe67e90a37df357f72ec
Instruction Fuzzy Hash: D251C131B18A994FDB58DF5888645B977E2FFE8300F15417EE46AC7296DE70E802CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABAA70 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9baba000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09e70d5af16a7309486f549b73cf3135e3ba166b07380ea1ae39cc8314b007f0
Instruction ID: a95cd2ffddceecfe381270996727f62c60c968adf72c41d60ec263663ea65cc6
Opcode Fuzzy Hash: 09e70d5af16a7309486f549b73cf3135e3ba166b07380ea1ae39cc8314b007f0
Instruction Fuzzy Hash: E3511431B0EA5E4FE712ABB8C8681A97BE0FF51314F0545BAC068C70A3EE65A945CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC1C4A Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9da46e6f82d9201757bcf12becc56d79bbf620ae025197fd6af8c0bca57208c
Instruction ID: 6df0c840b38a9657e493d4c20b6ae1a1592e293e939d08db33135cde76fa6f51
Opcode Fuzzy Hash: f9da46e6f82d9201757bcf12becc56d79bbf620ae025197fd6af8c0bca57208c
Instruction Fuzzy Hash: 4561BA70E0951D8FDB95EF98C894BA9B7F2FF69300F5041A9E00DE7296CE75A981CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABAA50 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9baba000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382553a47e311dd34961568d7252eb8d2c887475e0d758d7ab5844687dd3a253
Instruction ID: 3b457a88ff3f9ce76943a023c2ca010edf92da707cf9676ca23170d754ba1bad
Opcode Fuzzy Hash: 382553a47e311dd34961568d7252eb8d2c887475e0d758d7ab5844687dd3a253
Instruction Fuzzy Hash: C7414A32E0E6AF5BE312ABBCD8351E97BA0FF11219F0942BBC0788A0D3ED556945C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABC4D3 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9baba000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 169a384b1f4519e94415c06b0b7d92c4d47ba5aac3271c580a4a94c69679840e
Instruction ID: 6328b97ffe5c765b3cd7ab46077001d2cdc7c2d79c1f2a13e62957eed134af8e
Opcode Fuzzy Hash: 169a384b1f4519e94415c06b0b7d92c4d47ba5aac3271c580a4a94c69679840e
Instruction Fuzzy Hash: 6C41F426B4E67B0AE725BBACA821CF87B50EF5533AF040377E528C90D3ED58254486A1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB20E5 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 369ec27e1146dfce9a9bd98c312f9770deb777bbe49f840f1762ab0406336d28
Instruction ID: d337ee4715d8aaee039c6f1febe1dfc4390fb5c573a7d1f2d73f4fbb229f3b82
Opcode Fuzzy Hash: 369ec27e1146dfce9a9bd98c312f9770deb777bbe49f840f1762ab0406336d28
Instruction Fuzzy Hash: 55415831F0E65A0FE765EBB8A8651B87BD0EF85310F0605B7E02CC71E6DE68A9418B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB31E1 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ccde6c127990e7129549c9dbd742d10997602c99990397e8f3c93ea1d33aba2
Instruction ID: 90e8a4c5aae1d46d8445532c6de4f3ff9e1b248ad17e543430df2c51522b7758
Opcode Fuzzy Hash: 3ccde6c127990e7129549c9dbd742d10997602c99990397e8f3c93ea1d33aba2
Instruction Fuzzy Hash: 0E512A71E0961D8FEB64EB98D4646EDBBF1EF58300F51417AD019E72A1DA786A44CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABAA88 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9baba000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73bf86bbde81c515fcaf8d6cac3cb6d8a3fc13d1bbd9b225ff4595b04c61d206
Instruction ID: 0d652b5f871a307cf1ea1e8a04aa030db4346563c3f6703eb0b7e4591c3ba931
Opcode Fuzzy Hash: 73bf86bbde81c515fcaf8d6cac3cb6d8a3fc13d1bbd9b225ff4595b04c61d206
Instruction Fuzzy Hash: 92412672B0EAAF5BE3129BBC88251A97BA0FF51214F0946BBC078860D3ED55690A8650

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABAA98 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9baba000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fa5f60ce13f273d7e1a953c684ac6d89dbe30138b02d839a96d04cc96ed7b4c
Instruction ID: fbcb99cdabc8baeb32642d22cfd8ef2cc717163a79207208cc74fe70dad06800
Opcode Fuzzy Hash: 1fa5f60ce13f273d7e1a953c684ac6d89dbe30138b02d839a96d04cc96ed7b4c
Instruction Fuzzy Hash: 1F312B72F0F9AF5BE7125BBC88241A57B90FF61214F0945BBC078870E3ED556906C650

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC239D Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a516c67d7ca3631e5864aa736af8fdc0550c6ef07f6f8e5fadf5267724a9bbcc
Instruction ID: 4cf6575933bcce645017ae22a4e838a457658c50c873a74976b01c38e42706da
Opcode Fuzzy Hash: a516c67d7ca3631e5864aa736af8fdc0550c6ef07f6f8e5fadf5267724a9bbcc
Instruction Fuzzy Hash: 6B414930E1965D8FEB94EBD8D865AFDB7B1FF58305F00017AE019E72A6CA7469418B80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0805 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55b2ae86a8198a96c46f0cc4bcbcfda4a252a21f690ba4f8b910c2860ca1ec69
Instruction ID: 9706fb0df71a9c6b1044cdb34e6a7e26d962a417787e860b1347ab3fe7419a5b
Opcode Fuzzy Hash: 55b2ae86a8198a96c46f0cc4bcbcfda4a252a21f690ba4f8b910c2860ca1ec69
Instruction Fuzzy Hash: EE21BB22B0E69A5BE73567FD9C391E97B90FF11318F0945B7E0ACCA093ED04A256C684

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC7295 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84b67489ceec11628ee6b6ee6fc962174500875ad016b17495a3e242ead45a59
Instruction ID: 669a80f5af0463d7dbcacf05ea02905ec5d1f8f3afb6660a910bd422c36ae401
Opcode Fuzzy Hash: 84b67489ceec11628ee6b6ee6fc962174500875ad016b17495a3e242ead45a59
Instruction Fuzzy Hash: B331CE30B0A50E8FEB64EFA4C4646FD77E1FF19310F1145BAD41AD72A6DEB8A9448B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB23A7 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbe36399c393ef9bbf1130fd9ece628a5fedcf85ac476a0289547835fce1f911
Instruction ID: 3e13ef7ec85cb15554dc62ae9149e3437e25fc035df13b45b2fdabe8d7531695
Opcode Fuzzy Hash: bbe36399c393ef9bbf1130fd9ece628a5fedcf85ac476a0289547835fce1f911
Instruction Fuzzy Hash: 06313B31E0A23E8EEB749F91D8207FCB6B0AF15311F0141BAD06D961A1DEB86A84DF50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC70A1 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8df6da4795f01e2e2705bd979b0b1cc8c94ff2a565c211443e85ae876aa83825
Instruction ID: 0880d7cbba1367eef8c3a340dd1fd8a86e0bc6499c22f7ffb2acfa2fa00b8df8
Opcode Fuzzy Hash: 8df6da4795f01e2e2705bd979b0b1cc8c94ff2a565c211443e85ae876aa83825
Instruction Fuzzy Hash: 84214130A1A55E9FEBA1EFA8C8586BD7BF4FF1A301F0548B6D45CD3061DA74AA408B50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC2571 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7b6bbbe14f56cc41c3db21783dd8308396bfd51c083e7d2f33655ab7a165d29
Instruction ID: dc7ca784f267d4185d1d5f8214c0eb57e8d30e125369c2126e8e1ad4f0b7f3c5
Opcode Fuzzy Hash: f7b6bbbe14f56cc41c3db21783dd8308396bfd51c083e7d2f33655ab7a165d29
Instruction Fuzzy Hash: 40314D70E0965E8BEB68EBD0C8657FD76E1BF48314F11017AC00AA72E1DBBD6A44CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB3575 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38107501a9c56d4a6e55f7cb9acc918c8a8273c8fda9ba6aa2c89e2220d82564
Instruction ID: df4d86d04c9eed8f376233607be68a98adae8b7a622fb60aa77f3f34939fac68
Opcode Fuzzy Hash: 38107501a9c56d4a6e55f7cb9acc918c8a8273c8fda9ba6aa2c89e2220d82564
Instruction Fuzzy Hash: E021B030A0A65E4FEB68EB64C865AF977E1FF58304F0105BAC02ED70E5DF69A5058B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB33D8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c70d16c9bc13283166fab5ed4e8d3bfc78d014d008e46bc71b584dfc2076a52e
Instruction ID: 7013fde3b1fd1fae4e2bc050b1dd6a279167a54e54c33d1401f67bd1eecaf2c7
Opcode Fuzzy Hash: c70d16c9bc13283166fab5ed4e8d3bfc78d014d008e46bc71b584dfc2076a52e
Instruction Fuzzy Hash: 7521FF3094E29E4FD743ABB488685A97FF0EF4B301F0A04F7D458CB0B2DA689586CB11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0A01 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3160dc72e40b9bab413f6e9be677d59292a820d80ef732d3877861a7f18c0ba1
Instruction ID: 7cde207b9edfb6668f7458ab0cf2e2b9102ea8850e046e5598dcea70c49879c4
Opcode Fuzzy Hash: 3160dc72e40b9bab413f6e9be677d59292a820d80ef732d3877861a7f18c0ba1
Instruction Fuzzy Hash: C711C831E1955E4FE7A0EBA8C8595FD7BE0FF58700F41497AD42CC70A6DE74A5408B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC6921 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ae7866182b1e029f462a716293c3a87d9bfb5b04d508ecd4e117d470dfd87ae
Instruction ID: 3fd1cc32b6bc80da29558e370bcce1298a457fa637e8b6c43f12c31e1516186a
Opcode Fuzzy Hash: 2ae7866182b1e029f462a716293c3a87d9bfb5b04d508ecd4e117d470dfd87ae
Instruction Fuzzy Hash: 7211B431A0964E8FDBA8EF6884692BD7BE0FF68300F0105BED41DC71A2DA74A140CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC2DD9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a25fd8599bec7cbad0fc681e4c7734d518fff981b3c724d466616e2e7bc8111
Instruction ID: 2dcb98e78db742edcb0feed04a8bfc740968999f3ff2b5f369bdc50b68befb15
Opcode Fuzzy Hash: 1a25fd8599bec7cbad0fc681e4c7734d518fff981b3c724d466616e2e7bc8111
Instruction Fuzzy Hash: 0111D53090E68A4FE752EBB488686B97FF0EF5A310F0545B6E45CC7063CB289654C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC4345 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34ba7a2d22194b8e301359f40fbf8d33661888237944cfdf1abaaaaaf7330b1c
Instruction ID: 8f9f0142bb254e4db08bf07ba56670dfff38ba880fe14e40974061edbfac200f
Opcode Fuzzy Hash: 34ba7a2d22194b8e301359f40fbf8d33661888237944cfdf1abaaaaaf7330b1c
Instruction Fuzzy Hash: DE11AF30A0964E8FDB58EFA484692B977E0FF68305F0105BED41DC72A2CE74A140CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC2307 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d190662d722ec47e1bacabfcd73b9746dbe3dcaa0d44bbdb02400b8f0117c0e9
Instruction ID: 48e887e1d62e326b31917ca9a2122228a9379ee839445723d33287e18b474bc9
Opcode Fuzzy Hash: d190662d722ec47e1bacabfcd73b9746dbe3dcaa0d44bbdb02400b8f0117c0e9
Instruction Fuzzy Hash: A921903094E38A4FDB5AAB7088691F9BFB0BF06214F0604EBD459CB0A3DAA95A45C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC20F1 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a835aafff2b60e23d472ba874acb36c097e2fafcc1f7ee3d85e7cd2d56b3704
Instruction ID: b18514319a4fdd6bcd0c081bda0eab87260081963efd7949eb085920be4db179
Opcode Fuzzy Hash: 2a835aafff2b60e23d472ba874acb36c097e2fafcc1f7ee3d85e7cd2d56b3704
Instruction Fuzzy Hash: 7B11AC30A0934D8BDB58EF68C4A65F97BA1FF59304F0102BEE80E83291CB74A540CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC69C5 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f786a4eff4b13499387ef58dd9ab2dbcdbb1967ddee45935f0e96b2133e22ca
Instruction ID: 0ad1b29a64e07180d2cf0f870610f744f0b47852e0fda9e6864649e66cf85cab
Opcode Fuzzy Hash: 5f786a4eff4b13499387ef58dd9ab2dbcdbb1967ddee45935f0e96b2133e22ca
Instruction Fuzzy Hash: 4F117230A0964E8FEB58EF68846A6B97BF0FF68311F0145BED41DC71A2DA75A540C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC4865 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77d2d15926852bae3a7640ba163c3dbe4b92ce15e94f740ea7a41044aa98cf5c
Instruction ID: b849ce6d30f366795fba49e716fe366e70cdff532fa805f32f9bc07b146bce89
Opcode Fuzzy Hash: 77d2d15926852bae3a7640ba163c3dbe4b92ce15e94f740ea7a41044aa98cf5c
Instruction Fuzzy Hash: 9111B231A0EA8D8BEB68EBA488B52B87BD0EF15304F0500BED01DC75B2DE656550C709

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC42A9 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a42084f693a7e6b07f7962f40994413b4433e1f2345a8ad93c3cddc64b5d3e3b
Instruction ID: e169ae04c4f225720b5685a7359b0424cd7683b031e315f921eb2ae8123c6971
Opcode Fuzzy Hash: a42084f693a7e6b07f7962f40994413b4433e1f2345a8ad93c3cddc64b5d3e3b
Instruction Fuzzy Hash: CA21C030A0A64E8FEBA9EF6884652B97BE0FF69301F4501BFD419C71B2CE75A540CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB112D Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a2a4ef7612eefd8dd07efbb2d0da32d565cebfdb843368459d197edd5419b25
Instruction ID: 1bbbf969161a54818f82e1ca253dd59b4265b899882cf84be8bcb6d5a7ef730a
Opcode Fuzzy Hash: 7a2a4ef7612eefd8dd07efbb2d0da32d565cebfdb843368459d197edd5419b25
Instruction Fuzzy Hash: C2110870E1965E4FEB699BA8D4782B97BE0FF66300F4101BFD029C60E2DE756500CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABC5A0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9baba000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2c4b8480c760f3990299c0de9d87eeadf5d6252e3be1d82d74e91f42d54d774
Instruction ID: 44965b2ff6e071eaf9eaa6ed8f67d1da16c7b219325683a6a92db1c1a25b2357
Opcode Fuzzy Hash: d2c4b8480c760f3990299c0de9d87eeadf5d6252e3be1d82d74e91f42d54d774
Instruction Fuzzy Hash: 6511B23090E69E5FDB56EF64C8689F97BB0FF09304F0105BBD429C60A2DE785640CB11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC6AE9 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 304a2a0bf71328e5f71ad1ee139e32790ae1fca68e140c009ed0c168709cae22
Instruction ID: 39d524932f4a8ecf8f388fab7ded5940dc934946e61972b453d80d2636c38c31
Opcode Fuzzy Hash: 304a2a0bf71328e5f71ad1ee139e32790ae1fca68e140c009ed0c168709cae22
Instruction Fuzzy Hash: 0611D631A0EA8D4FDB69EB9888762B87BA0EF25304F0640BED45DC74A2DE656504C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC783D Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d7292163ea7cd8761e69184073b5d8b53e3c2a181e298c76b00a7de428a224d
Instruction ID: d0da8cc4777093b06f01d42f6cd74024b77558f4299cbc6e5665d582d06be4f4
Opcode Fuzzy Hash: 5d7292163ea7cd8761e69184073b5d8b53e3c2a181e298c76b00a7de428a224d
Instruction Fuzzy Hash: F4119130A4A64E8BDB6AAF64C8755BD3BA0EF15304F0204BED51EC74E2DE65AA90C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC6B7D Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08b5a17f3cf3eb1dca93ccd29e74ea87f2850e7d2da716a7d7b478d7591d25d1
Instruction ID: 847d17896d97f61c21e77a6237ed3a05061b862c62baf9bf2727d91a00212b06
Opcode Fuzzy Hash: 08b5a17f3cf3eb1dca93ccd29e74ea87f2850e7d2da716a7d7b478d7591d25d1
Instruction Fuzzy Hash: F511E330A4A64E4FEB68EF98C4696F97BA0FF69300F0141BAD41DC71A2DE75A644C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC4BD9 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f28a228062f122b010837e80a41e6c3599577bf6ea83bd95e5de1741406896a
Instruction ID: dca5f6080e7a03fc52f2e4163723da95e8ce4ceda9103e7196a72e30407a1797
Opcode Fuzzy Hash: 4f28a228062f122b010837e80a41e6c3599577bf6ea83bd95e5de1741406896a
Instruction Fuzzy Hash: 15119330A0E68E4FEB69EB6488692B97BE0FF19301F0204BED41DC71B3DE7555408701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC498D Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c38c306e639af2b4f34882528ad8d7801586a8ee8c75971720d48e16c3db8abe
Instruction ID: f781b50d61cc4e04aaf53a5a9c34890dd5ff14ab4462144ae421663c5bb083e1
Opcode Fuzzy Hash: c38c306e639af2b4f34882528ad8d7801586a8ee8c75971720d48e16c3db8abe
Instruction Fuzzy Hash: 5F119131A0A64E8FEB98EFA488A96BD7BE0FF29304F0505BED41DC71B6DE7565408701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC24F1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1a8cf5986989fb7f7ab7e7ccfa040c3f47b945bcf04ecb53a0ffc58c780d8f1
Instruction ID: da1e4d4f2ca92e1ae1e0fbe495551174bbd4137f7e76bb69a6e6ac0d56838d03
Opcode Fuzzy Hash: a1a8cf5986989fb7f7ab7e7ccfa040c3f47b945bcf04ecb53a0ffc58c780d8f1
Instruction Fuzzy Hash: FD01AD30A0964E8EEB51FBB884A85FA7BE0EF49300F0149B2D41CC3066DA78A6448B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC5C79 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f80e85823fb92d57ef96f18c5bcdd235a783c039a3b3b893a1886e4f8dd50b63
Instruction ID: 67e417b9532f2c9dfb951fb3f8b40c4af20905c896730ea1c4ffe80ee803bd24
Opcode Fuzzy Hash: f80e85823fb92d57ef96f18c5bcdd235a783c039a3b3b893a1886e4f8dd50b63
Instruction Fuzzy Hash: CB11A331A0E64E4FE791FBA488695B97FE0FF19300F4645B6E45CC71B3EA74A5448701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABBCD9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9baba000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 669934cb6f114bf0e7579e7e68baca260fb4c95db910603be31155e9a4a2a288
Instruction ID: 0b36e0ac00410f74782e62c589afb6c8f7b6945b50ba81ad6d3a0e1691d50ff8
Opcode Fuzzy Hash: 669934cb6f114bf0e7579e7e68baca260fb4c95db910603be31155e9a4a2a288
Instruction Fuzzy Hash: E3118630A0A65D4FEB55EF64C8682BD7BF0FF19300F5204BBD419C61A2DE79A540CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC4B4D Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 912a91e6a01f18b315fbaac00056ad92a56137427b666a1f392bd8b571f1e45a
Instruction ID: 5861be29f1dffcb15ea21083b399a2df28593bf620202b044bcc4e813c3d185b
Opcode Fuzzy Hash: 912a91e6a01f18b315fbaac00056ad92a56137427b666a1f392bd8b571f1e45a
Instruction Fuzzy Hash: FC118231A0954E8FEBA8EB6488696B97BE0FF18304F4505BED419C71A2DE656540C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB34F5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef1ea290e6d42e42000b5af6237488d2897581a77d34b84afdc10d62e59f3c55
Instruction ID: 0e69fd2f0e095b3b54f325452a52d8845984282b1b2606a2be88dcea22d3393b
Opcode Fuzzy Hash: ef1ea290e6d42e42000b5af6237488d2897581a77d34b84afdc10d62e59f3c55
Instruction Fuzzy Hash: 69115270A0969E8FDB58EFA4C869ABD7BE0FF18300F4105BFD429D71A1DB75A5408B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABB885 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9baba000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51ce367e89cc944764ff71197e0fb72350ed1e4a588ec4f56bd83d5529907207
Instruction ID: b0c5c18ad7b80804e1af66d99eb17e852968e160d321c9954e7cd2612f2d3cde
Opcode Fuzzy Hash: 51ce367e89cc944764ff71197e0fb72350ed1e4a588ec4f56bd83d5529907207
Instruction Fuzzy Hash: 18116170A0A65E8FDB59EFA4C8A92BD7BE0FF18301F4104BAD429C61A1DF75A644CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB2E81 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2443d4d2bf91cb661086054a78c15a884fd33ebdb847280a55f534a2bb95e7ad
Instruction ID: c24b4c772acb49da84ff0451bf6aaf18152e6346cad1f5cb95887d86d02b460b
Opcode Fuzzy Hash: 2443d4d2bf91cb661086054a78c15a884fd33ebdb847280a55f534a2bb95e7ad
Instruction Fuzzy Hash: 70017131A1A65E4FE761EBA488985A97FE0EF59300F0645B7D428C70A6EA74E5448B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB05D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c9f91f2aa05f15a4da928ca24d62f931fd0f88ed9211e1162fadd741b37d780
Instruction ID: b6c746f0895b80b29dc07a64f5e8666d73f23be0b084cccf9146f269fe2f90d8
Opcode Fuzzy Hash: 8c9f91f2aa05f15a4da928ca24d62f931fd0f88ed9211e1162fadd741b37d780
Instruction Fuzzy Hash: 99019230A1551E8FDB98EF64C0A46B977A1FF69304F61447ED41EC31A4CA71A650CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC1F85 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51a229e94c84409f9f3e1d450048a87e19539ceb346a978d757c737f08e0cecd
Instruction ID: 08b257b854fc2346418b3c5c26a62e2de151070f54e484d64bac74f3e3504c5a
Opcode Fuzzy Hash: 51a229e94c84409f9f3e1d450048a87e19539ceb346a978d757c737f08e0cecd
Instruction Fuzzy Hash: 84019230A0954D8FDB68EF64C4655B93BA0EF25304F4104BED41AC71E2DB75A654C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB285D Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5334a021e37d28c88c982a7631822eb0a6243314357066150a4e6729cd09f65
Instruction ID: 5e57049fc884c8877b84435b95ba1f1290f83bcafb0e7e1019880025ab06ee09
Opcode Fuzzy Hash: f5334a021e37d28c88c982a7631822eb0a6243314357066150a4e6729cd09f65
Instruction Fuzzy Hash: D3018430A1A65E8FE761ABE484995E97FE0EF19300F4245B7D428C60B6EE74E1408B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0F2F Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c26efaaab5ce462b539f0f9b5da330142afe47cced407e1cd2b98d0db88baa86
Instruction ID: 3146a7658fb97c28d2a8a751fd61a4b259ac97a99ad735e05a0ba37a2f9631e7
Opcode Fuzzy Hash: c26efaaab5ce462b539f0f9b5da330142afe47cced407e1cd2b98d0db88baa86
Instruction Fuzzy Hash: 5B015231B1591D8AEBA8EB98C865FED7761FF54304F114275901DD71AACE3469418F80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABA6B9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9baba000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f83de2696540f07b95d03c085ef116d1b4063e76893364462cf998e9bab30bf9
Instruction ID: fc0869b3465050737dc5649654b6bcc29b485e3bf25ffb0a2de2ec2c7245504c
Opcode Fuzzy Hash: f83de2696540f07b95d03c085ef116d1b4063e76893364462cf998e9bab30bf9
Instruction Fuzzy Hash: 8601A730A4E64E5FD751EBB4C8695A97BF0EF1A304F0648F3D418C70B2EE74A5848B11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC77C9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dae073f51d86fa8289cb4add10fb2039aed797a93865401fa9e1a06595957ab
Instruction ID: e930c27fcbe53b0c0b6a34d34ce4be41a1c6d97e684f17622fb9fb4e1aab520d
Opcode Fuzzy Hash: 2dae073f51d86fa8289cb4add10fb2039aed797a93865401fa9e1a06595957ab
Instruction Fuzzy Hash: E401C030A0A28D4FDB5AEF64C8691B93BA0FF15304F0204BAD01AC70E2DA65A940C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC3A08 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd657c37168704acb2d3c8fa4b872af2f0bfbe7a9b84183028cb84991ff28387
Instruction ID: 76cc28c1e66a16cdf83e9013fc1dbd629bf16d3094d782fea4b8ec47d84b2550
Opcode Fuzzy Hash: fd657c37168704acb2d3c8fa4b872af2f0bfbe7a9b84183028cb84991ff28387
Instruction Fuzzy Hash: B211D670E0562D8EDB60EFA5C4592FCB7F0EF58301F5181BAE409E72A1DE786A858F50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB2EF9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab65bba8d3bb80ac34ccccfcd267ef4dc235ba0b3c2c222cfd1de69982af08b0
Instruction ID: 1d02e62f223bd114c088083710a94605ed05bb62f7741b60974d2ab536595c2e
Opcode Fuzzy Hash: ab65bba8d3bb80ac34ccccfcd267ef4dc235ba0b3c2c222cfd1de69982af08b0
Instruction Fuzzy Hash: E5018430E1D75E4FD752ABB484695A97FE0EF0A304F4648F3D41CCB0B6DA78A5548B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC7229 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08baaba080974ed3cd02f76b61b50cb5c782036e4b4744c154a1b7f7b182fc6c
Instruction ID: d9183833075451fcb9b51d0b72aff1027f77a21741fcd8b14dfeaa0ba3c90b2b
Opcode Fuzzy Hash: 08baaba080974ed3cd02f76b61b50cb5c782036e4b4744c154a1b7f7b182fc6c
Instruction Fuzzy Hash: A8018431E0E68E4FE761BF7488695B97BE0EF56300F0644F7E408C70A6DE74A9448701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 306f5d496c01ff1d2cde98b20a3eb47802c1fafc02c4abeac2c8ad49e3bdb9af
Instruction ID: 02cacc47d19eb8c852834a22c5f375dc9e0d15e8dad566a0114b6482a6ada3ef
Opcode Fuzzy Hash: 306f5d496c01ff1d2cde98b20a3eb47802c1fafc02c4abeac2c8ad49e3bdb9af
Instruction Fuzzy Hash: C8018630A1560E8FDB59EFE4D4685B977A0FF18305F11447ED42EC61E5DF75A550CA00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef3588c75ba4cdba85580717df88d5d9c1ecadefb265077344202106120e19c2
Instruction ID: ab83a0bc3c7fb14a8016a2113fa962ff965742b5db6e8ad04e5e6499d7318e78
Opcode Fuzzy Hash: ef3588c75ba4cdba85580717df88d5d9c1ecadefb265077344202106120e19c2
Instruction Fuzzy Hash: AD018130A1961E8EEB59EFA4D4686BA77A0FF18305F11087ED42EC21E5DE75A290CE01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB1C4D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d1fa7fb1c682072356758bbd22e39074f6820b764d3d1aa961b0b7df342df18
Instruction ID: 968150925a9efb1e5545c88738aed97fa7bea90165cb142487c53be95fbf90b4
Opcode Fuzzy Hash: 6d1fa7fb1c682072356758bbd22e39074f6820b764d3d1aa961b0b7df342df18
Instruction Fuzzy Hash: B601F93091A64E8FDBA8DF54C4652F97BA0FF66300F51007EE81CC31A1DBB59550CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB1140 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57187a8b10ecb305e732779d36fee088fe683706259ec64d59af31833a5cc0da
Instruction ID: 5de61c57f1f3216d28a4f286cf0b785c843b0560eb32e5fba2cb49f21f6adedc
Opcode Fuzzy Hash: 57187a8b10ecb305e732779d36fee088fe683706259ec64d59af31833a5cc0da
Instruction Fuzzy Hash: 42F0A970E2966E49FB645B9898643BA77E0FF65315F00017FD42DC10E1DE7412148A40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 274c55d3a452552f58e9bcc41da469368e8d577383378d8a5cc5ae3ba1ae3922
Instruction ID: c5a87800d8ff05ca923f8278b0a8c06b7cb6bc141d6901563d823bfcfa46346e
Opcode Fuzzy Hash: 274c55d3a452552f58e9bcc41da469368e8d577383378d8a5cc5ae3ba1ae3922
Instruction Fuzzy Hash: DEF0FC30A1A55E8FEBA4EF6484655F97790EF65309F51407AE81DC30E1CB75A560CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC4FDB Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d92d5b1098d4d592f0761683db2d9d67708551bc01c8d510a58dbf552e453b52
Instruction ID: 76857a6b76f4698c24fe28ce2c042c3fbd6aba0f82c3060079eeb43a7ffdba08
Opcode Fuzzy Hash: d92d5b1098d4d592f0761683db2d9d67708551bc01c8d510a58dbf552e453b52
Instruction Fuzzy Hash: BEF0C435A0992D8EEFA4EB98C8956ECB7B1FF58200F4041B9D40DE3251DE34A9418B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB2779 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e8dc89a7cecace8b7b15754a6f2c694d5ac6ef56fdefb4d58876028092c3ecb
Instruction ID: d1ba5fa8f813d576aa565389befc3312df3a1f9ee07e97b7182c77ae36d03b3e
Opcode Fuzzy Hash: 6e8dc89a7cecace8b7b15754a6f2c694d5ac6ef56fdefb4d58876028092c3ecb
Instruction Fuzzy Hash: B9F09631D1E38E8FDB569FA498781A93B60BF05304F4204BBD419C60E2DB38A594CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABB4BF Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9baba000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1a52c2d676abfd6b9912bc7cfe5f2601b33ab455ab2b17375e121d8c8d9c954
Instruction ID: e006f08f97575486a147b8ed7639ce01e93c5f9c267ea018c57816a8e1c50940
Opcode Fuzzy Hash: f1a52c2d676abfd6b9912bc7cfe5f2601b33ab455ab2b17375e121d8c8d9c954
Instruction Fuzzy Hash: 0EF03C70A1992D4FDBA4EB14C496BE9B7B1FF58340F5042BA940DD2166DF74AA818F40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB27ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2409e209c74af0a55ca4f1eb4d9f0680392e8e6c3712068b1d092e5bb0085e70
Instruction ID: d5aaef14363c7c9a572dbb2b770060ec4d4bd011575062b15aa4b565e76d500b
Opcode Fuzzy Hash: 2409e209c74af0a55ca4f1eb4d9f0680392e8e6c3712068b1d092e5bb0085e70
Instruction Fuzzy Hash: CCF0F030A1E78E8FEB699FA088252B93FA0FF15304F0104BAD42CC60E6DB799550CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC25FB Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7894d27bff20a25fc3c660e328f0b617bb2d2cc75b2a8ba20b9f44b7310c9812
Instruction ID: 8d62c0ba0edfdbe7ecec0d07d527123408917a6c9dc034f0aad9f8f8ff7a95a2
Opcode Fuzzy Hash: 7894d27bff20a25fc3c660e328f0b617bb2d2cc75b2a8ba20b9f44b7310c9812
Instruction Fuzzy Hash: 98F0D030E0962D8BEF65EB94C865AEC72A5FB55310F1105B9C119E32A1DFBC6A808F90

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAB6532 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bab0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49442e0f337c83bdc29a40d19227f874f2e64fd2903195af5fb51e167b120e45
Instruction ID: b414cb66ca0ac83e31edec457cf7803e598eb309661fa751267eecc48ac1825a
Opcode Fuzzy Hash: 49442e0f337c83bdc29a40d19227f874f2e64fd2903195af5fb51e167b120e45
Instruction Fuzzy Hash: 10E0BDB0A1992D8EDBA4EB4888A0BA8B6B1EB08300F5004FE811DD3290CE306A808F04

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FFD9BAC12A8 Relevance: 8.9, Strings: 7, Instructions: 145COMMON

Download Yara Rule

Strings

", xrefs: 00007FFD9BAC1195
", xrefs: 00007FFD9BAC119F
{, xrefs: 00007FFD9BAC13C2
[, xrefs: 00007FFD9BAC1467
(, xrefs: 00007FFD9BAC13CB
., xrefs: 00007FFD9BAC1474
/, xrefs: 00007FFD9BAC13E3

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BAC1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9bac1000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID: "$"$($.$/$[${
API String ID: 0-580553742
Opcode ID: 80d2efecb674ef06700abf9f7fbd1367464730be71deaad3c7a7200760e0e858
Instruction ID: 297b535746ea6c338d66bbbc8a505a43597c0943d529e7ebdfc86845bcfcb3d4
Opcode Fuzzy Hash: 80d2efecb674ef06700abf9f7fbd1367464730be71deaad3c7a7200760e0e858
Instruction Fuzzy Hash: 1061D470E0522D8EEB78DF95C8A47FDB6B1AF54304F0181BAD05DA7291CBB85A84CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABF0A8 Relevance: 6.3, Strings: 5, Instructions: 84COMMON

Download Yara Rule

Strings

k, xrefs: 00007FFD9BABF147
R, xrefs: 00007FFD9BABFDE9
Q, xrefs: 00007FFD9BABFE2C
/, xrefs: 00007FFD9BABF0A8
A, xrefs: 00007FFD9BABF11B

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9babf000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID: /$A$Q$R$k
API String ID: 0-3601821991
Opcode ID: 36355d0e56e28b08cd1ade8d0590588a54254d200d713fa4d458e01f23afc1f0
Instruction ID: 7342e284245ba4b4a71aad316bf13f9521021edc8ab4109c82f74ab24aee88ae
Opcode Fuzzy Hash: 36355d0e56e28b08cd1ade8d0590588a54254d200d713fa4d458e01f23afc1f0
Instruction Fuzzy Hash: 7531B574E0962E8BDB68DF54C8A47A9B7B1FB54301F1041EDD41EA3291CB745A808F44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BABFC23 Relevance: 5.0, Strings: 4, Instructions: 50COMMON

Download Yara Rule

Strings

k, xrefs: 00007FFD9BABF147
;, xrefs: 00007FFD9BABFCAD
F, xrefs: 00007FFD9BABFC6C
[, xrefs: 00007FFD9BABFCA0

Memory Dump Source

Source File: 0000001D.00000002.1754702759.00007FFD9BABF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BABF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_7ffd9babf000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID: ;$F$[$k
API String ID: 0-414671953
Opcode ID: 8e92cc741e25637788c83c59404f421dd53a1caa218c4636f6eb7dcfdef572e4
Instruction ID: c9888ae90abee25c4844af9dd0607bebb5b4ace001b99faa6ec39dbc35a25358
Opcode Fuzzy Hash: 8e92cc741e25637788c83c59404f421dd53a1caa218c4636f6eb7dcfdef572e4
Instruction Fuzzy Hash: 39111974E0922E8FEB68DF54D8A07AAB7B2FB54300F0445A9E50E96291CB785A81CF05

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: qJBfikDNRbrkF.exePID: 7460, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9BAD1688 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dee4f545222ae02cd3836ee362d25593406c842a43bfe2fece2bfd57aee6291
Instruction ID: fd3ba6e9488f09665474cc51ee5b032ec8eb74f56cb6b0153ed3b6dd1364f110
Opcode Fuzzy Hash: 4dee4f545222ae02cd3836ee362d25593406c842a43bfe2fece2bfd57aee6291
Instruction Fuzzy Hash: 9081DE31B0DA494FDB58DF5C88615B977E2EFE8304B15426EE49EC32A6DE70AD02C781

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD35FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cfd02dd429754b2685859ba634a58304ccd53ec1e782acd5b011e8475a130af
Instruction ID: a258e81ce7fff66ccad36eac384781914cd37a995e761f5e3c0ebdf4daf186e5
Opcode Fuzzy Hash: 3cfd02dd429754b2685859ba634a58304ccd53ec1e782acd5b011e8475a130af
Instruction Fuzzy Hash: 0E71A172A1994D8FE798DB68D8657AD7BE1FF99314F4003B9D04CC72DACBB428018B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD1CCD Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7f3a541378a63d39827492aefd20b93910ccb35b168e0feaaf8bfdc4d1f2a8d
Instruction ID: 64c5e9dc41d95b09c98fd7e6160338c8d0f1f91bb1bd135068790349095a94aa
Opcode Fuzzy Hash: c7f3a541378a63d39827492aefd20b93910ccb35b168e0feaaf8bfdc4d1f2a8d
Instruction Fuzzy Hash: B151D031B08A8D4FDB58DF4888645BA77E2FFE8700B15427EE45EC7296DE30E8028781

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD20E5 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b667c5eab0000b9d72415fda06f99f984f878288d76a6bee8c7d991275c0e69
Instruction ID: e13407f4f32901e89ffa4ece2a104c36fd72cd7b68e556e61c32d9a20ac25642
Opcode Fuzzy Hash: 1b667c5eab0000b9d72415fda06f99f984f878288d76a6bee8c7d991275c0e69
Instruction Fuzzy Hash: D7411531B0E64E4FE7659BB8C8651B877D0EFC5710B0686BBE41CC71E6DE68A941C341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD31E1 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbb12b9d7b01f73c39c1d689cd5e11dfd506f87397c244be7d0f1400073a5755
Instruction ID: d3f968437d06988a416f4a52b22975d9c96341020c20f81393d1a555f9419a80
Opcode Fuzzy Hash: cbb12b9d7b01f73c39c1d689cd5e11dfd506f87397c244be7d0f1400073a5755
Instruction Fuzzy Hash: 5E513B71E0A60D8FEB64EB98D5646EDB7F1FF99300F51427AD009E72A5DB786A40CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD32B1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7587f9a56a708c601b4944a5819bb36b1f042e818822ff33de740d02305ed85b
Instruction ID: 6d923b208288bde329fa54023253f31a244e86bf7fa8916ffb2ce9a33e5a282c
Opcode Fuzzy Hash: 7587f9a56a708c601b4944a5819bb36b1f042e818822ff33de740d02305ed85b
Instruction Fuzzy Hash: 2721EA71E0961D8FDB64EF98C5646ECB7F1FF98301F51417AD009E72A5CAB46A40CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD3575 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2af7db0cd26c98756d724a6623e67ca91cd6c1e20b1547e40b99d0e8140189cd
Instruction ID: 548038b7a23c74f07d6309648854eaf2b0b7a4cb883bfa7db8a7f4884e96373e
Opcode Fuzzy Hash: 2af7db0cd26c98756d724a6623e67ca91cd6c1e20b1547e40b99d0e8140189cd
Instruction Fuzzy Hash: ED219231A0A64E4FEB68ABA4C4656F977E1FF99304F010579C01ED70E1DF69A605C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD084D Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71b4eebc10a39f262fb8d410083103f33f0b71fb9d8e2b8b976cb6dbfd117fb6
Instruction ID: 7e9b8832ad8f4341054576d2fcd55e262863acb2060774f72e614aa46cc66baa
Opcode Fuzzy Hash: 71b4eebc10a39f262fb8d410083103f33f0b71fb9d8e2b8b976cb6dbfd117fb6
Instruction Fuzzy Hash: CC115731F0E54E8FE771ABB884791ED7BE0FF95700F0646B6C049C70A2ED60A554C284

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD0A01 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a221f90bab4a2de66fe85ff4496fba2dbc40c904ec10a9087fd85c2142993c98
Instruction ID: 230d212cd0bafbeb52312fb53ac387854076ffd2f8c4a9a08bb1e62a48c4921b
Opcode Fuzzy Hash: a221f90bab4a2de66fe85ff4496fba2dbc40c904ec10a9087fd85c2142993c98
Instruction Fuzzy Hash: 7D119031A0950E4FE7A0EBA888691BD7BE0FF98700F4146B6D41CC61B6EE74A640C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD112D Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b51a1dfbde8bd54666447af449b1d34f888ff0d056ac35ab3b2a10aff38199ab
Instruction ID: f45d6bd60f193b6328f0a3db16be488cba76630e3752028191177419e9d207da
Opcode Fuzzy Hash: b51a1dfbde8bd54666447af449b1d34f888ff0d056ac35ab3b2a10aff38199ab
Instruction Fuzzy Hash: 5611B670A0964E4EEB699BA8C4792B97BE0FFAA310F4106BFE41DC61E2DA756540C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD34F5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4993e54d04e470a57448912191d5ce3e8e3ed08651de2add14f40f2fbd21819
Instruction ID: 37c5a7bddee651042dd14768d10f674c32aabf05f6cb2fd0f3de137e8bce46bd
Opcode Fuzzy Hash: f4993e54d04e470a57448912191d5ce3e8e3ed08651de2add14f40f2fbd21819
Instruction Fuzzy Hash: E7115E71A0968E8FDB98EFA4C8696BE7BE0FF58300F4109BED419D71A1DB75A640C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD2E81 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 933240bf4ec5e60efc3133bf309707ec047b38551d3148606e4299f14c30f6dd
Instruction ID: b11238d07e42cdf35e6c6e9b149bc18c4763d84dbee0e8079038c7d9eefb08e5
Opcode Fuzzy Hash: 933240bf4ec5e60efc3133bf309707ec047b38551d3148606e4299f14c30f6dd
Instruction Fuzzy Hash: EA017131A1A64E4FE761EBA4C8685A97FE0EF99300F0646BAD408C70A6EE74E544CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD05D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a17d91a6d43704484f408f559d230467c7ea4e5adb948d6460d0dd3d6d13b4a
Instruction ID: c908cbb35dbfe42c4ff2453698a60e5e5e4738315c67511536e4e1e074dd9782
Opcode Fuzzy Hash: 6a17d91a6d43704484f408f559d230467c7ea4e5adb948d6460d0dd3d6d13b4a
Instruction Fuzzy Hash: 0F01B530A0550E8FDB98EF64C0A46B977A1FFA8304F91457ED41EC31A4CF71A650CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD285D Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c7cdf437a14010e7d537db8006e8c57db28aba0af80e571abb5ccefc6ef6602
Instruction ID: 45eef009d631f37acf683c3e7af3969f1e33a8ff97060f1eed92a08f2f193c3c
Opcode Fuzzy Hash: 5c7cdf437a14010e7d537db8006e8c57db28aba0af80e571abb5ccefc6ef6602
Instruction Fuzzy Hash: 16018430B0A64E8FE761ABA4C4A95AD7BE0EF59300F4246B6D418C70A5EE74E240C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD0F2F Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9da0ce69e7ae981891bc7d49f72c34e72826f5b0e4c8ed678d4a9c1b46fe904
Instruction ID: ff7784598471b6842a7cdf40ea569078e6e3e64b84a7a0ff65604197146aeff4
Opcode Fuzzy Hash: d9da0ce69e7ae981891bc7d49f72c34e72826f5b0e4c8ed678d4a9c1b46fe904
Instruction Fuzzy Hash: A2017531E0590D8AEB68EB94C865FEE7761FF98304F114375D00DD71AACE346941CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD340A Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e14d8d3d10e1f18765549a66f970d7da0a20e326f6b61f586e508dd2c2bcfa01
Instruction ID: 9581c3fe8a6d9530427c640231eb42f504e4e7967be52da0448af9c2a9b46cef
Opcode Fuzzy Hash: e14d8d3d10e1f18765549a66f970d7da0a20e326f6b61f586e508dd2c2bcfa01
Instruction Fuzzy Hash: E2018F70E1990E8EEB91EFA8C45C5B97BE0FF58301F0149B6D41CC3065EB74E2408B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD2EF9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 285293caaddf652301d1e9764339aeb5a1d5968ba88aa30e62c1c70439de8e65
Instruction ID: 3ac875464df40d33a198a81610a32093a6c7171252e78da20966436f0d664b0d
Opcode Fuzzy Hash: 285293caaddf652301d1e9764339aeb5a1d5968ba88aa30e62c1c70439de8e65
Instruction Fuzzy Hash: 88018430A1A74D4FD752A7B4C8695A97BE0EF4A300F0649B7D41CC70B6DA78B658CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b54277069ee6d84337e85aa2ed2f612d541c68faa24472d05ecfbd6f69d5295c
Instruction ID: 6df50e93980057a7cc5e54653cb3abea12fc4eee575724f7a9264e42fea49970
Opcode Fuzzy Hash: b54277069ee6d84337e85aa2ed2f612d541c68faa24472d05ecfbd6f69d5295c
Instruction Fuzzy Hash: A501AD30A1960E8EEB68EBA4C4686BD72A0FF58308F10097ED41EC21E5DF75A250CA00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e94b2971fd83df7b1a905507d13fc51b64fa53833eabc48b7e5a0c520729260
Instruction ID: 26a6d2949dfda737cca16f3349d667e61a7b6367b447fd3565c19ac0d496b4c4
Opcode Fuzzy Hash: 4e94b2971fd83df7b1a905507d13fc51b64fa53833eabc48b7e5a0c520729260
Instruction Fuzzy Hash: 4B018630A1560E8EDB69EFA4C4685B973A0FF58305F11097ED41EC21E5DE75A250CA01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD1C4D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72c7d3a18e018ec70407ca03f73d5a80b3d3fdc34deea11804db0fb80a3d41cb
Instruction ID: 6ead370ec548e0ffb9c57504450aca5a713964fa20cb258f7ceb3e58c7997a3b
Opcode Fuzzy Hash: 72c7d3a18e018ec70407ca03f73d5a80b3d3fdc34deea11804db0fb80a3d41cb
Instruction Fuzzy Hash: CC01A930A0A64D8FEBA8DF54C4656F97BA1FFA5305F91417EE40CC31A1DBB59650C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD1140 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b59d4abe480b89a5cfea1c46dc863f00b96e53b0f8880276bdedcf6bc027108c
Instruction ID: 9bd1b98b76cb54bf57de93fd65f5dea74e667adbd51d61ca827980507659eb2c
Opcode Fuzzy Hash: b59d4abe480b89a5cfea1c46dc863f00b96e53b0f8880276bdedcf6bc027108c
Instruction Fuzzy Hash: 5CF0A470E1A65E49FBA89BA898683FA77E0EFA6315F00027FE41DC20E1DE741214C641

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 666dc6bb805aad56680aa8904b3ca7d8a0cb80aa4826d6d789250e5f18508785
Instruction ID: 21f00900943a02cc90807baa706a5a8c5cbc6c6d1e4acbc1ec15909ff91ed444
Opcode Fuzzy Hash: 666dc6bb805aad56680aa8904b3ca7d8a0cb80aa4826d6d789250e5f18508785
Instruction Fuzzy Hash: 6FF0FC30A0A54E8FEB64EF6484655F97790EFA5309F81417AE80DC20E1CB75A660C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD2779 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d14f44c6232019a83228867e367f88820ff75d1329d8155b1252fdcac5d829e
Instruction ID: 284f16e41a537ccdf3867fce0ffe9ee701ee4e4f6d9251e905aace501885cfc4
Opcode Fuzzy Hash: 4d14f44c6232019a83228867e367f88820ff75d1329d8155b1252fdcac5d829e
Instruction Fuzzy Hash: 29F0963090E38D8FDB6A9F64C8681A93B70FF46304F4605BED419C60E2DB78A554CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD27ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b72cd26cd73116a8b8736413b09c622a831cc6506c0c0ceed058ccbf0a4399e
Instruction ID: d71f34776aaeac34380b1e4998a7a9fda50c99e02f8423ce77f0cc3b2b1be7fe
Opcode Fuzzy Hash: 5b72cd26cd73116a8b8736413b09c622a831cc6506c0c0ceed058ccbf0a4399e
Instruction Fuzzy Hash: 11F0F030A0E78E8FEB699FA088252BD7BA0FF95304F4106BED408C61E6DB799510C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD6532 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1760435340.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9bad0000_qJBfikDNRbrkF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9db8023765df6f1972303198911895eb61cf468d8764f728e4f5613e253576d
Instruction ID: 39dd2c377ca1415df0a9cb1054b00610fc71ca6eaf528fde107825bf663cfa9d
Opcode Fuzzy Hash: e9db8023765df6f1972303198911895eb61cf468d8764f728e4f5613e253576d
Instruction Fuzzy Hash: D9E026B095991D8EDBA4DF4884A57AD76B1EB94301F5105FD810DD3290DE746AC09F14

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: wininit.exePID: 7492, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9BAC1688 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71318505108009dddd2cdbe20cf538ba86fe800a37ae519d9ff2d59a9f845695
Instruction ID: 8baf620b9e233c23fe47fe581973e84edb33b1adca2aae8cbe46f4a0783dff22
Opcode Fuzzy Hash: 71318505108009dddd2cdbe20cf538ba86fe800a37ae519d9ff2d59a9f845695
Instruction Fuzzy Hash: 2481EF31B1DA494FDB98EF5C88605B977E2EFE8300F15416AE45EC32A6DE70AD028781

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC06C0 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e36743e37b6bc038d830711894f3e117151cee73992a3410bda3ea50604a5bc
Instruction ID: 006d2795571bea86973e614c93a8dab0c2b5d5e5d88bd12758fb486d2e2beb81
Opcode Fuzzy Hash: 8e36743e37b6bc038d830711894f3e117151cee73992a3410bda3ea50604a5bc
Instruction Fuzzy Hash: 8D615A53B0FAC90FE73567AC58650B97B90EF5675070983F7E0988B0FBEC54AA058388

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC35FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9244e712067493d18e2c5c0190ecf540a3897907b42ca6b653e5f817a7c27957
Instruction ID: 4fe21fc4d6e8a45df05e4c6307b7a81deead8f50b311e4c33695a09dbadafac2
Opcode Fuzzy Hash: 9244e712067493d18e2c5c0190ecf540a3897907b42ca6b653e5f817a7c27957
Instruction Fuzzy Hash: 4B71D572A1894D8FE794EB6CD8257AD7BE1FF9A314F4002B9D00DC72DADBB414018741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC1CCD Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b6e17b7c30bdb62abe391a50422a1b1722a179916d5e976c0cd673abafae04a
Instruction ID: dd8b7f60965e2fff04d6fd228d602885ef6d3bbb0a593b98b4d2df2c5024e520
Opcode Fuzzy Hash: 6b6e17b7c30bdb62abe391a50422a1b1722a179916d5e976c0cd673abafae04a
Instruction Fuzzy Hash: 9E51E331B18B4D4FDB58EF4888645BA77E2FFE8300B15467EE45AC7296DE30E8028781

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC20E5 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95bf30903bd62db6286edb3853ea99aa72cb72a92ec759036979b6cde67665b1
Instruction ID: 10a3a6578852f0031716047cea572d8e238c06179857bba398b75a59ded63e87
Opcode Fuzzy Hash: 95bf30903bd62db6286edb3853ea99aa72cb72a92ec759036979b6cde67665b1
Instruction Fuzzy Hash: 00412631B0EA4E4FE765EBB888651B87BD0EF86310F0645B7E41CC71E6DE68A9418381

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC31E1 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 719f3e3c7f9576caef6142466495e951eaa0f91f9d51f73ab6217e4dcd47a7e0
Instruction ID: 720659a41e787cd8f953743c275769a524a37a67bdf1988b8f916d8ffb12150d
Opcode Fuzzy Hash: 719f3e3c7f9576caef6142466495e951eaa0f91f9d51f73ab6217e4dcd47a7e0
Instruction Fuzzy Hash: 83512870E0A60D8FEB64EB98D4656FDB7F1EF59300F51417AD009E72A2DB786A44CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0805 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 268367b276cb9e24770c57bcb03d9cee0a41adc32d33968cd64f377e3e5f7b87
Instruction ID: 07069c5ca8aea2ee2867c92ed87f25ab129496d21d709e92a0f55c418a803e72
Opcode Fuzzy Hash: 268367b276cb9e24770c57bcb03d9cee0a41adc32d33968cd64f377e3e5f7b87
Instruction Fuzzy Hash: 23216E12B0E58A57E73477BC9C751F97B90EF11719B098677E09CCA0D3DD04A155C389

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC32B1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1a4de3db8000d1440869310336ed503380c1da628df29330e98083ba2e6f28c
Instruction ID: e123ffdc8bba6cac0a528dc6d80ad02cdc9bda5da7e8330b93b5fca5b2fd0abe
Opcode Fuzzy Hash: b1a4de3db8000d1440869310336ed503380c1da628df29330e98083ba2e6f28c
Instruction Fuzzy Hash: B821C771E0961D8FDB64EB98C4A56FCB7F1FB98301F51417AD009E72A5DE786A40CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC3575 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1deff4083a7eee58458d23143e1dc58306f65553b77afddea3110403f346e2cf
Instruction ID: 20d75e63a0398c909a3a8fc1a81cd8ce0d806ca906fd68e8037d13e978f22206
Opcode Fuzzy Hash: 1deff4083a7eee58458d23143e1dc58306f65553b77afddea3110403f346e2cf
Instruction Fuzzy Hash: 3D218030A0AA4E4FEB69AB64C4666F973E1FF59304F11047AC01ED70E5DE79AA058701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0A01 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27385d6e76c3a769578582efa4e1980de9cf36d0265b6bf06f53ddfef2872652
Instruction ID: 1ccd81211ca71d98eee9b82c25d431a95adbe5d9c21bb2437e29dbdea0707e83
Opcode Fuzzy Hash: 27385d6e76c3a769578582efa4e1980de9cf36d0265b6bf06f53ddfef2872652
Instruction Fuzzy Hash: 6111B271E0A50E8FE7A0FBA8C8691BD7BE0FF58700F4146B6D41CC71A6EE78A6408740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC112D Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a8ec6e6cf2d6b633e72a1b1d4f4e48daee911491f8f54f9570dfc52b6ee0555
Instruction ID: 6319af855e01861fb9bbd7e403434edae6ad4e358ba43f4a7680150001063c18
Opcode Fuzzy Hash: 1a8ec6e6cf2d6b633e72a1b1d4f4e48daee911491f8f54f9570dfc52b6ee0555
Instruction Fuzzy Hash: 4311B670B0A64E8EEB69AFA8C4682B97BE0FF65310F4115BFD419C71E1DE796540C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC34F5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 637fb643d4636e2fc6a1be1c38da952d472287bd8d242a34762e6e700b489773
Instruction ID: 2731b95e21a6905f0b7cdb8b2022cf9c4033dd823d15c504cd9c79146ebf72ee
Opcode Fuzzy Hash: 637fb643d4636e2fc6a1be1c38da952d472287bd8d242a34762e6e700b489773
Instruction Fuzzy Hash: 4B115270A0968E8FDB99EFA8C46A6BE7BE0FF18300F4104BED41DD71A1DB75A5408700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC2E81 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 826b3fc09c8b3fc39956c62392983ff681768a4fd7272286760ba3e252be4abd
Instruction ID: b1f181cabf3d6a943296bc9edc9f3b07726bbf773521aeca92e409f5b93fa483
Opcode Fuzzy Hash: 826b3fc09c8b3fc39956c62392983ff681768a4fd7272286760ba3e252be4abd
Instruction Fuzzy Hash: C0017C31A1A74E4FE761FBA488A85F97FE0EF59300F0649B6D418D70A6EB74E6448B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC05D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29b7f11223079ac33318ae924e32a5b090d515f4d35ec31aa14e4a4e7eeca8a6
Instruction ID: b89f4594de6a6e18230766a18b28b88de7a4c748fbca65703fe5a8453f78f7dc
Opcode Fuzzy Hash: 29b7f11223079ac33318ae924e32a5b090d515f4d35ec31aa14e4a4e7eeca8a6
Instruction Fuzzy Hash: 54018030B0950E8FEB98EF64C0A46B977A1EF68304F51447AE40ED31A5CA71A661CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC285D Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3fe0983dd537483d18e4b573f3388431fd55d25cac7f11b816b7d07f05b9aa1
Instruction ID: b024800b920538937feec1fcdff9903dde5f08c093c2081cb44b214c9b905d62
Opcode Fuzzy Hash: d3fe0983dd537483d18e4b573f3388431fd55d25cac7f11b816b7d07f05b9aa1
Instruction Fuzzy Hash: D701A230E1A64E8FE761FBA488A95F97BE0FF19300F4245B6D408C70B6EE78E6408700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0F2F Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b47b34d02cdc557349bc29e3876fe56e68294977cd8597c02b92b97829d04d90
Instruction ID: 6828f9c18a27448625140bc805a3c48dc6510b62256cf2a832b18f7952e38f1f
Opcode Fuzzy Hash: b47b34d02cdc557349bc29e3876fe56e68294977cd8597c02b92b97829d04d90
Instruction Fuzzy Hash: 6D015231A0990D8BEB68EB58C865FBD77A1FF54304F1142B59009D71AACE7469858B80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC340A Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eb0bf78d270af5e5dd1bf41cf4affbf9ecdb4bcdf2985dc4943d8f3872f7a88
Instruction ID: 19e87c5e952b62223cf2b416e470557b0dafb04f7042013226241952811000ad
Opcode Fuzzy Hash: 0eb0bf78d270af5e5dd1bf41cf4affbf9ecdb4bcdf2985dc4943d8f3872f7a88
Instruction Fuzzy Hash: 30014F31E1994E8EEB91FBA8C55D5B97BE0FF18301F4549B6D41DC3065EB74E2448B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC2EF9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 606bf0db9f07ef94b3c7e45cb8ea21567af2ef63d82355e90eb3fc82906d89ed
Instruction ID: 3ba5d96bbcc1d16d78b4452dcfa7f7b04b03ea80c88c7105084eae916fed78f9
Opcode Fuzzy Hash: 606bf0db9f07ef94b3c7e45cb8ea21567af2ef63d82355e90eb3fc82906d89ed
Instruction Fuzzy Hash: E2018470A1A74D4FD752BBB488695B97BE0EF0A300F0644B3D40CCB0B6DE78A6588741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b6bfb7165e604d4f388f5f36ca3bcc06fc31ed21aff62b29b1b1a89d7af25f
Instruction ID: bca8f0651a82a55ddaed4290db3353b6cedd02d7279f3f9f845ce6c8bb2dd13c
Opcode Fuzzy Hash: b7b6bfb7165e604d4f388f5f36ca3bcc06fc31ed21aff62b29b1b1a89d7af25f
Instruction Fuzzy Hash: AC016D30A1960E8EEB69FBA4C4686B972A0FF18305F11487ED41EC61E5DF75A650CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acda80830b24ae418bbe5cf045f5bf0e242b3124b488e8424fe0ed8f15f09699
Instruction ID: d91645c0f756f6f79738d6825388887e31dd16e2c53d578acf315c851c955f82
Opcode Fuzzy Hash: acda80830b24ae418bbe5cf045f5bf0e242b3124b488e8424fe0ed8f15f09699
Instruction Fuzzy Hash: 47018630A1560E8EDB59FFA4C4A85B973A0FF18305F21087ED41EC71E5DE75A250CA01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC1C4D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2e6cfc608f36e52f762757b401f2956d19a99b85f7970197938e4bcf7cfca2c
Instruction ID: 9192cb24090203582be103db1ada1ff309cb71a8218f26570715f599894d644e
Opcode Fuzzy Hash: f2e6cfc608f36e52f762757b401f2956d19a99b85f7970197938e4bcf7cfca2c
Instruction Fuzzy Hash: 21018630A0E64D8FEBA8AF5484656B97BE4EF65305F51407AE408C31A2DBB59561C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC1140 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7edd30bae94e2f9d5ba58053a936abca9537a0e5f09a4b73a246dad3ea99d3b9
Instruction ID: c20a3d39935da790d0be4e332b2404f560de769109fe7a6006963b9e446a4320
Opcode Fuzzy Hash: 7edd30bae94e2f9d5ba58053a936abca9537a0e5f09a4b73a246dad3ea99d3b9
Instruction Fuzzy Hash: B3F08170B1A65E89FBA8AFA898682BAB7E0EF65215F01117FD419C20E1DE7812148640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0364ddc2c03a5550b86d4d2f5c373979aff7b0da8380433cd4f5ec6cdb2e8f69
Instruction ID: 673d43a1d099f3bcde4108d2714fa6a167d92b4c131d6a073bb1f1a7c771035e
Opcode Fuzzy Hash: 0364ddc2c03a5550b86d4d2f5c373979aff7b0da8380433cd4f5ec6cdb2e8f69
Instruction Fuzzy Hash: B0F0C830B0E54E8FEB64FF6484655F97790EF65309F41407AF80DC31A2CA75A560C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC2779 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16158cb3d18cedebe2127b96cfed9ac0773347449ce1d6b92c148dd1d77929df
Instruction ID: 4b54168dbc0442c9198d5cc8312fb91fd55bb67fe67c3659e340a97b92a4023b
Opcode Fuzzy Hash: 16158cb3d18cedebe2127b96cfed9ac0773347449ce1d6b92c148dd1d77929df
Instruction Fuzzy Hash: 43F0963090E38D8FDB5AAF6488681F93B70FF06304F4605BAD819C60E2DB789654CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC27ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04e0d48228483ba058eec874630ae14ae74cf8249ce94ce87f8841ae793425a
Instruction ID: 8b92147fe588574cb6b3c3ed859734bc9327c33a515c58090b4b858b7be2cd79
Opcode Fuzzy Hash: f04e0d48228483ba058eec874630ae14ae74cf8249ce94ce87f8841ae793425a
Instruction Fuzzy Hash: 01F0F030A0E78E8FEB69AFA088252B93BA0FF15304F0104BAD408C60E6DF799550C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC6532 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1759581336.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9bac0000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a76927c287c1a5e0f6bfcf54f377ea7e92f30a7fa0c1811e89c749ea049fdb4a
Instruction ID: 9988fdb8d949d8d28a3270dc296795f429d883d8f932af02921a861890d2cd02
Opcode Fuzzy Hash: a76927c287c1a5e0f6bfcf54f377ea7e92f30a7fa0c1811e89c749ea049fdb4a
Instruction Fuzzy Hash: 7BE02DB0A1992D8EDBA4EB4888A1BB9B6B1EB58301F5104FD810DD3290DE746A809F18

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: wininit.exePID: 7500, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9BA91688 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6091a54e8289e9df7493f7ddd99a20b9afc352386f0b6de3a7cab41e7c9fbab
Instruction ID: 89b0fe1580ef0a37f12a8c7857084516f2c242ad34030f0d535b311fa93ed3ef
Opcode Fuzzy Hash: f6091a54e8289e9df7493f7ddd99a20b9afc352386f0b6de3a7cab41e7c9fbab
Instruction Fuzzy Hash: 6881EE31B0DA4D4FDBA8DF5C88615B977E2EFE8704B15416EE45EC32A6DE30AD028781

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA906C0 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba60589f3e0c73fb4cbf927ded834ff76b9b6632767cf688376e87b52ec219c8
Instruction ID: 038f9e04d14a4d36ce4f9ec4741471654d37fa609efd43cd5a56496fa3d28a6e
Opcode Fuzzy Hash: ba60589f3e0c73fb4cbf927ded834ff76b9b6632767cf688376e87b52ec219c8
Instruction Fuzzy Hash: D9613753B0FBC50FF73197AC68654B93BD0EF517A470A81F7E098CA0F7E854A9068299

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA935FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a4cde69b462990ab4a382478ac1d5bf4c05abba17647f3f55c6664c0b451444
Instruction ID: 6f16b7ec2c1d45f3754912fefece445ffc8f307ced2ba96154f6df61a03b2d12
Opcode Fuzzy Hash: 0a4cde69b462990ab4a382478ac1d5bf4c05abba17647f3f55c6664c0b451444
Instruction Fuzzy Hash: 5D71B572A1894D8FEB98DB6CD8657ED7BE1EF99324F4042B9D00DC72DACBB418018B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA91CCD Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c08252a3bf27f5a0b87d5ab30a563c5dcd77bb1444aac096345ca91df78d8e27
Instruction ID: c3a13d4d171d6a43c1ee66d715e9bcc91588ba9618c2815c2daa716d8ad32413
Opcode Fuzzy Hash: c08252a3bf27f5a0b87d5ab30a563c5dcd77bb1444aac096345ca91df78d8e27
Instruction Fuzzy Hash: 3151C031B18B8D4FDB58DF5888A45BA77E2FFE8704B15417EE45AC7296DE30A8028781

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA920E5 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb71daac79db6675ddfb0dd39cb61e98b8360b38dc1fc7cd2620e9105f496f3c
Instruction ID: 81c95da970f4a8dee7ae8d548417cff1e0720bb67e5d24ecd36694ad6cb15cb5
Opcode Fuzzy Hash: fb71daac79db6675ddfb0dd39cb61e98b8360b38dc1fc7cd2620e9105f496f3c
Instruction Fuzzy Hash: E9413731F0EA4E4FE769DBB898651B87BD0EF86350B0645B7E00CC71F6DE68A9418381

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA931E1 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 086256e5ba15af70e194f4a2a3efe374746997475f7fb18fdeb3f467aa2926f5
Instruction ID: 3e7c4398afde2e1f73c11aae43d85401003fcb21dd4c6349414e52fa5a8562be
Opcode Fuzzy Hash: 086256e5ba15af70e194f4a2a3efe374746997475f7fb18fdeb3f467aa2926f5
Instruction Fuzzy Hash: C0516A31E1A60D8FEB64EB98C4646EDB7F1EF58300F51417AD009E72A5DF786A40DB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA90805 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c907c1ca08a58764a3e3771b6e0aeb8c45ad75b5ce54f4b12896110c5e471ebb
Instruction ID: 9a676bb2f8370a850a38e3947e46209f938546a07e18e5b31c9e39036280defe
Opcode Fuzzy Hash: c907c1ca08a58764a3e3771b6e0aeb8c45ad75b5ce54f4b12896110c5e471ebb
Instruction Fuzzy Hash: 20218E22B0F5465BE73067BC987A5E93BD0FF11758B0945B7E09CCA0D3DD54A156C284

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA923A7 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbe36399c393ef9bbf1130fd9ece628a5fedcf85ac476a0289547835fce1f911
Instruction ID: d078f2f40264476af686a17705685e336292a207d09ac83d5b14e6b85fb29f16
Opcode Fuzzy Hash: bbe36399c393ef9bbf1130fd9ece628a5fedcf85ac476a0289547835fce1f911
Instruction Fuzzy Hash: 1D311C30E0A62ECEEB789F90C8607FDB2B0BF55311F0141B9D04D961A1DEB86A84EF54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA93575 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba667fd0f216d532dffa4195c749e6ab1002d9482455ec0ad0b8104ecf2c22a2
Instruction ID: 7918c31cbe845718753eeca880780596b9a9203ee8f3fcfa73cb7b9e2ea18927
Opcode Fuzzy Hash: ba667fd0f216d532dffa4195c749e6ab1002d9482455ec0ad0b8104ecf2c22a2
Instruction Fuzzy Hash: DA217F31A0AA4E8FEB68EB64C4656B977F1FF59304F0104B9C01AD71E1DE69A5058700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA933D8 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ee3c521ccec8c69905958e665ff5d011a21a595c432d68e4a534932dea1f1ca
Instruction ID: d25123b728fd2823df64bf6f56e27be084fc6cdb8f688670fd1cf1dd611367b0
Opcode Fuzzy Hash: 0ee3c521ccec8c69905958e665ff5d011a21a595c432d68e4a534932dea1f1ca
Instruction Fuzzy Hash: 7121C230A4E68E4FD743ABB488685A97FF4EF4B311B0A05F7D448CB0B2DA789545C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA90A01 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c86d3c1df708316049d85c3f623510c657ed594c2046b74a6c0a4a5366823678
Instruction ID: c2c7a6ad4ca86eea9ac12e9594bc20398a8743960420f48500cc9361a2b416b6
Opcode Fuzzy Hash: c86d3c1df708316049d85c3f623510c657ed594c2046b74a6c0a4a5366823678
Instruction Fuzzy Hash: B211C471E0950E4FEBA4EBA888995FD7BE0FF58740F4145B6D41CC70B6EE78A6409740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA9112D Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a0f166f99f396c4268331f33c10972b4686919d5a361610f9d14aa8b77d09db
Instruction ID: ac9d0f199a587666be98a6d0daa419cb8156fbf2d0f800ccd4ae15a732912004
Opcode Fuzzy Hash: 5a0f166f99f396c4268331f33c10972b4686919d5a361610f9d14aa8b77d09db
Instruction Fuzzy Hash: 4011E670A0964E6EEB699BA888682B97BE0FF65300F5100BFD019C60E1DF756500D700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA934F5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: facb839a6536adb8ec37ad1b957eb29d9dbc47d61742e5fef8f103d60bda282f
Instruction ID: 7f8fa39ec16cdee79bf350324e6425a39c06bd748a915fbe0d910c0f48181b27
Opcode Fuzzy Hash: facb839a6536adb8ec37ad1b957eb29d9dbc47d61742e5fef8f103d60bda282f
Instruction Fuzzy Hash: 78113070A0968E8FDB58EF6484695B97BF0FF18304F4104BAD419D61A1DA75A5448700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA92E7A Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03d6fb36e16ab86a4204aa1c5cd088df647054a4ebc13294d3dbc7b592df90ab
Instruction ID: 2f1c0db341baeaa728e1bd9307ddd6cef979fca69e199ca7097d3ca101759277
Opcode Fuzzy Hash: 03d6fb36e16ab86a4204aa1c5cd088df647054a4ebc13294d3dbc7b592df90ab
Instruction Fuzzy Hash: 2E015230A5E74E4FE765EBA488A85E97FF0FF56300F0685BAD408C70A6EA74A544DB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA905D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 113d4b7e076d0f9f385483cb909ec94ae4a33061a15c7acb683e254e09d65ab0
Instruction ID: 427c6a74320eb4306464c7cbf0fb47b4c2e3af71d4797fc6a71323399e28faad
Opcode Fuzzy Hash: 113d4b7e076d0f9f385483cb909ec94ae4a33061a15c7acb683e254e09d65ab0
Instruction Fuzzy Hash: 33019230A0550E9FDB98EF64C0A46B977A1FF68304F51447ED41EC61A4CA71A650CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA9285D Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 392017409ace416dff9767b4ac4666e77d024110bf081d5abc670f693c18ae90
Instruction ID: a1c18a8cb79bb003916b380afe1c24ff751d28bc55e07b4bdfa80fc1709cafc2
Opcode Fuzzy Hash: 392017409ace416dff9767b4ac4666e77d024110bf081d5abc670f693c18ae90
Instruction Fuzzy Hash: 1E01A731E0A64E8FE765EFA484995F97BE0FF19300F4285B6D408C70B5EE74E1449700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA90F2F Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f91e39b4323756fa83761cd90b975682070e77d1cbf45c7cff2dd10e3175edef
Instruction ID: 1bea0d8141c419faa45697b01b6c1c0a51899bcfbb70dc2d675ab99fb53ffdfe
Opcode Fuzzy Hash: f91e39b4323756fa83761cd90b975682070e77d1cbf45c7cff2dd10e3175edef
Instruction Fuzzy Hash: 88015231A0980D8AEB64EB94C865FEE77A1EF54304F114275900DE71A6CE346A41CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA92EF9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e3d01d90e66b5d345e0064c0fc951db619e22919e8628d12b1c947c63c7ad20
Instruction ID: 7d1eb27665e41e594196977a1195d02ac8be107078bcd00d4cb80da069a084fe
Opcode Fuzzy Hash: 8e3d01d90e66b5d345e0064c0fc951db619e22919e8628d12b1c947c63c7ad20
Instruction Fuzzy Hash: D2018430A1A74E4FD756A7B488695A97BE0EF0A300F0645F3D40CCB0B6DA78A658C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA90610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 469361d10ba031dde4031d93f1e3b0822a2841eebbb66b6b748450df36144795
Instruction ID: c2e218ea489e5a145c58e9b022d403c181962b04364834c1181d91ba24d3a7dd
Opcode Fuzzy Hash: 469361d10ba031dde4031d93f1e3b0822a2841eebbb66b6b748450df36144795
Instruction Fuzzy Hash: 80016D30A1960E8EEB6DEBA4C4686B972A0FF18305F11887ED41EC61E5DF75A650CA00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA90608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 606d0349ecf421d785ec3b7c4a4c22556eff3d0b1a996b2582c869f911c7306d
Instruction ID: b5dd554b3aa67b0274c839f729109a1ae377f5d5547d3e5b1b085d42387dba67
Opcode Fuzzy Hash: 606d0349ecf421d785ec3b7c4a4c22556eff3d0b1a996b2582c869f911c7306d
Instruction Fuzzy Hash: 13018130A1A60E8EEB5DEFA4C4686BA73A0FF18305F11087ED41ED21E5DE75A290CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA91C4D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb4fd3e07a3c91e008764a9c0268f1911a63aaf84635690e4ec43400d08a9a7
Instruction ID: 69c577b780662caecc413d625ebe5f34bf233103941318a43ac1a6672b951933
Opcode Fuzzy Hash: dbb4fd3e07a3c91e008764a9c0268f1911a63aaf84635690e4ec43400d08a9a7
Instruction Fuzzy Hash: F301F93090A64E8FEBA8DF5484651F97BA0FF65304F4200BAE41CC71A1DBB59550D740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA91140 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b43f8c47fa98a677a9c7feb8ba864740e3e526fc20419eaad46558767411a67
Instruction ID: 569c7e611b2caf6981c6bb4a9e5efbbbc42ee574f8d0b20bcf28bb223ff2460f
Opcode Fuzzy Hash: 7b43f8c47fa98a677a9c7feb8ba864740e3e526fc20419eaad46558767411a67
Instruction Fuzzy Hash: 4DF0F470E1A60E69FBA89BA888283BA77E4EF65350F10007FE41DC20E1DF7412109640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA905D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dce12bf6fa051657660e71268fa0ffb07126aa62b3b3aeeca52fac43227c650
Instruction ID: a6f60bb9a9a42132ed94e0adf9a0b0486c7d0eaa5bd772510e520cd830d14095
Opcode Fuzzy Hash: 7dce12bf6fa051657660e71268fa0ffb07126aa62b3b3aeeca52fac43227c650
Instruction Fuzzy Hash: D1F0FC30A0A54E9FEB64EF6484655F97790EF65309F41407AE81DC60E1CB75A560C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA92779 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 872ca96c757ffbf314014c41b3feccea04138914a177daee12451a4a48d2677b
Instruction ID: d1dd74dd5a68474fa98821d012cac79bfe882b42cb6247da9d18a7b04fffbc3a
Opcode Fuzzy Hash: 872ca96c757ffbf314014c41b3feccea04138914a177daee12451a4a48d2677b
Instruction Fuzzy Hash: BAF0963090E38D8FDB5A9F6488681A97B70FF06304F4605BAD419C60E2DB789554CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA927ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d08044f0e5a4297f061308844234d66033676b6d06d711d6b692a2426d320bb2
Instruction ID: a02f65595278446489945b84864ba4177bb23fec243de0e0323974ccf8231876
Opcode Fuzzy Hash: d08044f0e5a4297f061308844234d66033676b6d06d711d6b692a2426d320bb2
Instruction Fuzzy Hash: D4F0F030A0E78E8FEB6D9FA488252F93BA0FF15304F0144BAD408C60E6DB799514C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BA96532 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1752131615.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9ba90000_wininit.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bb335f21ebef5bd7b1a1de3adf1c59d11839de69545eac904b75f937d8edf17
Instruction ID: 9a0439dbfccd1dc710bb9f51830b06c8d87db8942d33ae00aaa39ee79e868c79
Opcode Fuzzy Hash: 0bb335f21ebef5bd7b1a1de3adf1c59d11839de69545eac904b75f937d8edf17
Instruction Fuzzy Hash: 5BE04CB0D1991D8EDBF8DF4884A176D76B1EB54345F5104FDC10DD3290DE745A809F14

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: WmiPrvSE.exePID: 7528, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9BACF047 Relevance: 3.8, Strings: 3, Instructions: 65COMMON

Download Yara Rule

Strings

{, xrefs: 00007FFD9BACF05B
k, xrefs: 00007FFD9BACF147
B, xrefs: 00007FFD9BACF863

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bacf000_WmiPrvSE.jbxd

Similarity

API ID:
String ID: B$k${
API String ID: 0-3120343438
Opcode ID: fb666a052dc1d3f53259dc2122ac2899390a0ec1f28d72e99a4bb94a25886d1e
Instruction ID: f1e3bb6068de8982f08d65dc62764fbafd6db62c688ef73264b127d690df1911
Opcode Fuzzy Hash: fb666a052dc1d3f53259dc2122ac2899390a0ec1f28d72e99a4bb94a25886d1e
Instruction Fuzzy Hash: 5D310670A0962E8EEB78EF54C8607B9B6B1FF54301F0101FAD04D97291DBB96A84DF41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACDA45 Relevance: 2.5, Strings: 2, Instructions: 42COMMON

Download Yara Rule

Strings

;7, xrefs: 00007FFD9BACDA4F
\, xrefs: 00007FFD9BACDB6D

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID: \$;7
API String ID: 0-1127756331
Opcode ID: 7a9c379fc744515e733beb383147c1cecb8ac571f36a723532df277862603699
Instruction ID: 90cf04618981cddf26e3ba089544107d0bd67dd49d1cde1cc2e20e5e2c018716
Opcode Fuzzy Hash: 7a9c379fc744515e733beb383147c1cecb8ac571f36a723532df277862603699
Instruction Fuzzy Hash: FC11C971E0910D8FDB28DF80D4E06FDBBB1EF54311F25002AD04AA72A0CAB86A81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD2F38 Relevance: .5, Instructions: 460COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1511502b98e3b07b0490e8670bf0677c273030bc5412a1f166c7bed21cc2253e
Instruction ID: 01bcb88990455aca34ac8b90f2d84701b97e946de930a790213735f25a199b0e
Opcode Fuzzy Hash: 1511502b98e3b07b0490e8670bf0677c273030bc5412a1f166c7bed21cc2253e
Instruction Fuzzy Hash: D721B320E0E7CE4FD752EB7488685A97FF0EF56304B0A45FBD468CB0A7D968A508C742

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACD559 Relevance: .4, Instructions: 395COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55879c88089579c0836a08f377e6f3d4dab5a8e4fe3747742f055a6a8bb2f4a7
Instruction ID: 3fda69e74351a746df611ed68f8909c10a5f8d224f7d2ce9a3d17337354c96c3
Opcode Fuzzy Hash: 55879c88089579c0836a08f377e6f3d4dab5a8e4fe3747742f055a6a8bb2f4a7
Instruction Fuzzy Hash: 7DE15A71E19A5D8FDBA8EF98C864BB8B7A1FF58304F0041BAD05DD72A6CE746941CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC1688 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71318505108009dddd2cdbe20cf538ba86fe800a37ae519d9ff2d59a9f845695
Instruction ID: 8baf620b9e233c23fe47fe581973e84edb33b1adca2aae8cbe46f4a0783dff22
Opcode Fuzzy Hash: 71318505108009dddd2cdbe20cf538ba86fe800a37ae519d9ff2d59a9f845695
Instruction Fuzzy Hash: 2481EF31B1DA494FDB98EF5C88605B977E2EFE8300F15416AE45EC32A6DE70AD028781

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC06C0 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e36743e37b6bc038d830711894f3e117151cee73992a3410bda3ea50604a5bc
Instruction ID: 006d2795571bea86973e614c93a8dab0c2b5d5e5d88bd12758fb486d2e2beb81
Opcode Fuzzy Hash: 8e36743e37b6bc038d830711894f3e117151cee73992a3410bda3ea50604a5bc
Instruction Fuzzy Hash: 8D615A53B0FAC90FE73567AC58650B97B90EF5675070983F7E0988B0FBEC54AA058388

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD35FA Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 704f8c903638f62495ffb8e1fea820f3dd8271705e1293e742fdd70a59b2dc37
Instruction ID: 74c33ed3984e6356a9dbbca954fdfa44335f3bf61bd72b78210c00e42eda6a8b
Opcode Fuzzy Hash: 704f8c903638f62495ffb8e1fea820f3dd8271705e1293e742fdd70a59b2dc37
Instruction Fuzzy Hash: 2A514B237099191AE330FBACFC668F93BA0EFC23B7B040677E298CA093D911544987D1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC35FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ade18b3ec5d51dfd74d287a00c1583d7a5509b8a935f2f115a57ccca5be8ef24
Instruction ID: 96b35f2eb51d5c2f76a376f920bcd7427ea60ba120e75091f2f2c4ab4b5278d6
Opcode Fuzzy Hash: ade18b3ec5d51dfd74d287a00c1583d7a5509b8a935f2f115a57ccca5be8ef24
Instruction Fuzzy Hash: 0271E771A1894D8FE794EB6CD8257AD7BE1FF99314F4002B9E00DC72DACBB524018B41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD3795 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b14ab609061ecdedf135116b3a085f52fbe0905f5b26a8df18a5e138cf65a134
Instruction ID: 536d48182c788df9d214875771bd2e992c1e8d15a6f41bcab2fbff4e81087cbe
Opcode Fuzzy Hash: b14ab609061ecdedf135116b3a085f52fbe0905f5b26a8df18a5e138cf65a134
Instruction Fuzzy Hash: 0F81BB70E1961D8FEBA4EB98C8557ADB7F1FF98300F5142BAD00DE7291DE745A848B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACBD59 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ad0beef142a0cade7a98e2adb919130afe2421e0e5e9bf2abeb3994dd9a80a5
Instruction ID: 9a88ea871428c9eecf432e1f6f448765844862ee08a0931d87edef14ddb2a82a
Opcode Fuzzy Hash: 5ad0beef142a0cade7a98e2adb919130afe2421e0e5e9bf2abeb3994dd9a80a5
Instruction Fuzzy Hash: EB713C70E0991D8EEBA4EBA8C4657FDB7F1EF58300F51417AD00DE32A2DE756A458B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC1CCD Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b6e17b7c30bdb62abe391a50422a1b1722a179916d5e976c0cd673abafae04a
Instruction ID: dd8b7f60965e2fff04d6fd228d602885ef6d3bbb0a593b98b4d2df2c5024e520
Opcode Fuzzy Hash: 6b6e17b7c30bdb62abe391a50422a1b1722a179916d5e976c0cd673abafae04a
Instruction Fuzzy Hash: 9E51E331B18B4D4FDB58EF4888645BA77E2FFE8300B15467EE45AC7296DE30E8028781

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACAA70 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7892eda8b5311319d695a3095b360ac2acc8aba875cf25f8fc7b914e55591907
Instruction ID: c478e4c9b982a5c449f4a87e6768b442cadca1d4e6539ea2af0a9d28bbbace45
Opcode Fuzzy Hash: 7892eda8b5311319d695a3095b360ac2acc8aba875cf25f8fc7b914e55591907
Instruction Fuzzy Hash: 7B510261B0E94F4FE712EBB8C8691F97BE0FF52314B0A45B6C058C70A7DE65A949C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD1C4A Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10cd526fc84706158dc4b18eb0844694b094ae175e04689aa48ade0afe015cbb
Instruction ID: 2c3b6d75f6fbb2037c08bfdff905dd57eb333e83dcbcd05c9dc653045eb57d1e
Opcode Fuzzy Hash: 10cd526fc84706158dc4b18eb0844694b094ae175e04689aa48ade0afe015cbb
Instruction Fuzzy Hash: 5261B970E0951D8FDB94EF98C494BA9B7F2FFA9300F5041A9E00DE7295CB75A981CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACAA50 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91a3b877cf023557163a878474d76e724cff91ab7436a1208a9495b81de70230
Instruction ID: 4a15d0fe57edad9819710127def62f26b1ab385458ac5652aa4ae54429c5cecb
Opcode Fuzzy Hash: 91a3b877cf023557163a878474d76e724cff91ab7436a1208a9495b81de70230
Instruction Fuzzy Hash: 6C414962E0E98F5FE312BBBC98290F97BA0FF11229B0941B7D09C8B0D7DD556949C381

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACC4D3 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 528c27919cfdf8bb152d877b22b322cf03de1adcf9431c3e098d54e6aa92107c
Instruction ID: dee40d0f6d1b20278e0dc4209fb2364da200de91f422890f540f387ef76ea8a0
Opcode Fuzzy Hash: 528c27919cfdf8bb152d877b22b322cf03de1adcf9431c3e098d54e6aa92107c
Instruction Fuzzy Hash: 05412626B4D66E4AE725B7ECBC214F87B50EF5533AB040177E50DCA0E3ED68298582D1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC20E5 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d35abddd2081105641322eaa2d2056214e16cd85a21066b54ffb607ba6c29e4
Instruction ID: 420779b34a041e62e01aed4aedb181aa9bc56096a07590653cfdc63ffe2a7208
Opcode Fuzzy Hash: 2d35abddd2081105641322eaa2d2056214e16cd85a21066b54ffb607ba6c29e4
Instruction Fuzzy Hash: 3B412731B0E64E4FE765FBB888651B87BD0EF85310F0641B7E41CC71E6DE68A9418341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC31E1 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 893f65d84485e00825e6105482e4766e1ddd9df5879587c6b2193caa74a08e99
Instruction ID: 1b796e4f5b6ee935e574d3356bea83b5ec9a759826b185be638e3073b2694403
Opcode Fuzzy Hash: 893f65d84485e00825e6105482e4766e1ddd9df5879587c6b2193caa74a08e99
Instruction Fuzzy Hash: 6F510830E1A60D8FEB64EB98C4696FDB7F1EF59300F51417AD009E72A6DA786A44CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACAA88 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 647fd541295730d63ea0ab27f4e84231b8cf13b4b3bde634dd7ee99d8d88b370
Instruction ID: fad5eaf990ebcc7ba657400e76996ce94c09a907a1c67450bddc31b4c7832973
Opcode Fuzzy Hash: 647fd541295730d63ea0ab27f4e84231b8cf13b4b3bde634dd7ee99d8d88b370
Instruction Fuzzy Hash: 50411762B0E98F5BE312ABB888291F97BA0FF51214B0945B6C05C870D7ED55691A8341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACAA98 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb6007023c8fb613b94ec95cfb43f9652a13a786903663eabc696147638e158d
Instruction ID: 815b334e94c42a0912f5b8fbfa4f87af14e6fefa260efe43984a83eb010b9dc0
Opcode Fuzzy Hash: cb6007023c8fb613b94ec95cfb43f9652a13a786903663eabc696147638e158d
Instruction Fuzzy Hash: 89315B62F0F98F4FE312ABBC88250B87BA0FF62254B0945BBC09C870E7ED556906C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD239D Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d2295de084223e0a81b86e2e764ebb2b7db2575150350ad2e4b02f76bc1c629
Instruction ID: a655cd5ec4e282009feedb487627f92564d327b52e11523ce5baabd82b97d262
Opcode Fuzzy Hash: 8d2295de084223e0a81b86e2e764ebb2b7db2575150350ad2e4b02f76bc1c629
Instruction Fuzzy Hash: BD414C30E19A0D8FEB58EBD8D865AEDB7B1FF58315F010279E009E72A6CE746941CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACC4A8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb594a06a627da43eb1e8f3ff4891de483786e39fe8f32a262f14f0e9445eeec
Instruction ID: d78ef3f07cf6631df8a4e43507cd98e92d6df9b47e8c9281e4e2a3a979a0f642
Opcode Fuzzy Hash: cb594a06a627da43eb1e8f3ff4891de483786e39fe8f32a262f14f0e9445eeec
Instruction Fuzzy Hash: B2318322E4E65E4AE775B7EC68214F83750AF1533AF0502B7E45D8A0E7ED6C294082D5

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD7295 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50c212544a4aef3da4db9dd6a8e3d247df93dbe0883c1a1a50f29843ec8c1972
Instruction ID: a94ecaadefc32fede4b33ce280be9b9a60c98c5b38e60fecddf4a939991bebaa
Opcode Fuzzy Hash: 50c212544a4aef3da4db9dd6a8e3d247df93dbe0883c1a1a50f29843ec8c1972
Instruction Fuzzy Hash: 3831F230F0A50E8FEB68EBA4C4A46FD33E1FF99310F11067AD419D71A5DE78AA408B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0805 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 268367b276cb9e24770c57bcb03d9cee0a41adc32d33968cd64f377e3e5f7b87
Instruction ID: 07069c5ca8aea2ee2867c92ed87f25ab129496d21d709e92a0f55c418a803e72
Opcode Fuzzy Hash: 268367b276cb9e24770c57bcb03d9cee0a41adc32d33968cd64f377e3e5f7b87
Instruction Fuzzy Hash: 23216E12B0E58A57E73477BC9C751F97B90EF11719B098677E09CCA0D3DD04A155C389

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC23A7 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbe36399c393ef9bbf1130fd9ece628a5fedcf85ac476a0289547835fce1f911
Instruction ID: f9c4c8fdc519d61e772a783c1ee5e145b490cb1574f0fe589f883e701bfdafc5
Opcode Fuzzy Hash: bbe36399c393ef9bbf1130fd9ece628a5fedcf85ac476a0289547835fce1f911
Instruction Fuzzy Hash: AE311A30E0A62E8EEB74AF94C8207FDB2B0BF15311F4141B9D04D972A1DEB86A84DF54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD70A1 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4723518b4d68323964b8771e88413a0687a79b77e28a865de6fc20be1a810547
Instruction ID: 08a05456048b2a935a853649cb4533e0ab86b574e6d9aea0c9ace247f7e31652
Opcode Fuzzy Hash: 4723518b4d68323964b8771e88413a0687a79b77e28a865de6fc20be1a810547
Instruction Fuzzy Hash: 2F21B330A0A51E9FEB65EBA8C8586FD7BF4FF59301F0109B2D00CC30A1DB74AA408750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC32B1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 838a9f01b11c7f6d22d6c08699bc8cca6eb35dd0ea04a6dd978503305ad97a38
Instruction ID: 7d2c0615d1f097c21b48d8b9ca5642845d0c18a4abb8265e95274af0a4a06e91
Opcode Fuzzy Hash: 838a9f01b11c7f6d22d6c08699bc8cca6eb35dd0ea04a6dd978503305ad97a38
Instruction Fuzzy Hash: 7121C571A0961D8FEB64EB98C4A56FCB7F1FB58301F51417AD00AE72A5DE786A40CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD2571 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1266dc1b37964784b30716e5dd027f5ba9d12a02b27fea374818b5d6deedc97
Instruction ID: 10342881eeb5ea8cfa08a102012e8d5f3c31d2370f6b10fedb73b087ad1e9e7b
Opcode Fuzzy Hash: b1266dc1b37964784b30716e5dd027f5ba9d12a02b27fea374818b5d6deedc97
Instruction Fuzzy Hash: F8314F74E0960D8BEB68DBD0C865BFD77B1BF48314F010279C009A62E1DBB95644CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC3575 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1deff4083a7eee58458d23143e1dc58306f65553b77afddea3110403f346e2cf
Instruction ID: 20d75e63a0398c909a3a8fc1a81cd8ce0d806ca906fd68e8037d13e978f22206
Opcode Fuzzy Hash: 1deff4083a7eee58458d23143e1dc58306f65553b77afddea3110403f346e2cf
Instruction Fuzzy Hash: 3D218030A0AA4E4FEB69AB64C4666F973E1FF59304F11047AC01ED70E5DE79AA058701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACA171 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a74c1a14a9dbda958e2ffb0d1292c537cb5c7aea402ecc5a29c636427c1fba4
Instruction ID: 7d9e62a82c6ca239f7c7b8eda7dee3aa907d035df8dfb6d76d9a87ea07e3b88b
Opcode Fuzzy Hash: 0a74c1a14a9dbda958e2ffb0d1292c537cb5c7aea402ecc5a29c636427c1fba4
Instruction Fuzzy Hash: B6216D30A1464D8FCB88EF58C499AB93BF0FF28305F0145AAE819C32A5CB30A551CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD783D Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 873ad9a411968bf9d1cbdd1aa06ef0d45a94e3a665d208d832b18cf858414041
Instruction ID: 6ee48f758a7d8a7a81e49bbda16664da05318a13b4e6fc758ac087e9442e0dfe
Opcode Fuzzy Hash: 873ad9a411968bf9d1cbdd1aa06ef0d45a94e3a665d208d832b18cf858414041
Instruction Fuzzy Hash: F321BE30B4A50E4FDB5EEB64C8655BD3BA0EF59304F1205BED41EC74E2CE75AA80C640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0A01 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9a9bbd676a45054905fd7bc1175802041332c2f4aeda68de4aeb09a9a3a36ea
Instruction ID: 356eaec16e411e6303cbebea6c50e776336e6ea35de25785427702c9c99583bd
Opcode Fuzzy Hash: d9a9bbd676a45054905fd7bc1175802041332c2f4aeda68de4aeb09a9a3a36ea
Instruction Fuzzy Hash: C411B271E0A54E8FE7A0FBA8C8691BD7BE0FF58700F4146B6D41CC71A6EE74A5408740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD2DD9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3317b0658f195b6b71363d723e14c39e781b9d7067c2316c473d6b14a1229112
Instruction ID: 6298b1eff16de98b76071d409c2138ca5aac948e07083a36d58a185cbfd73b50
Opcode Fuzzy Hash: 3317b0658f195b6b71363d723e14c39e781b9d7067c2316c473d6b14a1229112
Instruction Fuzzy Hash: FD11D53090E28A4FE752EBB4C868AA97FF0EF5A310F0545FAE44CC7063CA289654C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD4345 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a40f480c75be1b850c789034028e768b6ec8bc675445fdf0a9dedd40ef28796f
Instruction ID: d315a06ee3a303ff767a4d5998f4194b591a918b3ee99123286749ed6a621356
Opcode Fuzzy Hash: a40f480c75be1b850c789034028e768b6ec8bc675445fdf0a9dedd40ef28796f
Instruction Fuzzy Hash: 82117F30A0964E8FDB98EFA884692F977A0FF58305F0106BED41DC61A6DE74A640C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD6921 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d110b0aa0e87686e505a6be75b755ffc4e4df07c238f6a30a62e0bb31d985fb7
Instruction ID: 4c520caaa92c84fe3aab05ce216c490343297b83c87fb69dcf88025304f7dade
Opcode Fuzzy Hash: d110b0aa0e87686e505a6be75b755ffc4e4df07c238f6a30a62e0bb31d985fb7
Instruction Fuzzy Hash: 9B11B430A0964E8FDB98EF6884652BD7BA0FF58300F0105BED41DC61A6DA74A240C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD2307 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da71070e516b5be8279a2dedcb596396ba655d761294402db73e9574125131d4
Instruction ID: f4c0b2c2421632b7152a4ba22d85816d89b302584acf7425770bb5374a0b8df0
Opcode Fuzzy Hash: da71070e516b5be8279a2dedcb596396ba655d761294402db73e9574125131d4
Instruction Fuzzy Hash: BA21D23094E3894FDB169B7088691F87FB0AF07300F0605EBD449CB0E3DA695A45C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD20F1 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1c208919cd2869f8d3f5ea8ac1a9215b80d35516f7b3145ab1821cce0be5542
Instruction ID: b5b5cb85e1438f08c806e9a3a394d3717a72bce508ea2ce6a56dfde937ec8675
Opcode Fuzzy Hash: f1c208919cd2869f8d3f5ea8ac1a9215b80d35516f7b3145ab1821cce0be5542
Instruction Fuzzy Hash: 4B117C30A0924D8FDB58DF64C4A65F93BA1FF99304F1242AEE85E83291CA74A541CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD69C5 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65c7f19e6035e43dc4313a0d3c5ab4d805be920a889a05414bd15c956d01f4c4
Instruction ID: f3119472cafc8a04c4d97e58b754d092eddf9f5b3dc0bbb78e613d19a37edc20
Opcode Fuzzy Hash: 65c7f19e6035e43dc4313a0d3c5ab4d805be920a889a05414bd15c956d01f4c4
Instruction Fuzzy Hash: 8511B430A0964E8FEB98EFA8846A6BD7BF0FF58300F0145BED45DC71A6DA756540C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD4865 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9e3ceae8f30cc809c96beb310c69fe040e11239b589dc07fcf09a014938958b
Instruction ID: 7bf7cd02ebbf8364e32c0de88d8891684989db00109f41506d817840aa34aa2a
Opcode Fuzzy Hash: e9e3ceae8f30cc809c96beb310c69fe040e11239b589dc07fcf09a014938958b
Instruction Fuzzy Hash: 4411C131B0EA8D4FEB69DBA488B52B87BD0EF59304F0501BED01DC65B2DE656550C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD42A9 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fd22751937ca7b1ab870772e6c8320e94c867481fa9ecf65b2cd59f7a22b295
Instruction ID: fe51b00f1494ef17c493cd4500c7a5ae53edbe7cc4d547831f7fccf93295ef8c
Opcode Fuzzy Hash: 8fd22751937ca7b1ab870772e6c8320e94c867481fa9ecf65b2cd59f7a22b295
Instruction Fuzzy Hash: D911DF30A0A64E8FDB99EF6884652B93BE0FF69300F0102BFD41DC71A2CE75A540CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC112D Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a8ec6e6cf2d6b633e72a1b1d4f4e48daee911491f8f54f9570dfc52b6ee0555
Instruction ID: 6319af855e01861fb9bbd7e403434edae6ad4e358ba43f4a7680150001063c18
Opcode Fuzzy Hash: 1a8ec6e6cf2d6b633e72a1b1d4f4e48daee911491f8f54f9570dfc52b6ee0555
Instruction Fuzzy Hash: 4311B670B0A64E8EEB69AFA8C4682B97BE0FF65310F4115BFD419C71E1DE796540C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACC5A0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96bf3a3908e8f912bdfaadff7ab13eb5cf6e56bf34ac1eeba3b43b889fffa31f
Instruction ID: f296d0c05f7342620763a1b3737998800fcc4cde3bb71481c479276cf6072f3c
Opcode Fuzzy Hash: 96bf3a3908e8f912bdfaadff7ab13eb5cf6e56bf34ac1eeba3b43b889fffa31f
Instruction Fuzzy Hash: 6011B23090E64E5FDB56EBA488685F97BB0FF09304F0104BBD419C71A2DE785940C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD6AE9 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eab4d0d46e1582ded78275625194161735c6ca89e7334f10116f24875c25bb75
Instruction ID: 350ff318f0f63124c9127b43f926168d34c3409f5ea2268d75637a31697b3f88
Opcode Fuzzy Hash: eab4d0d46e1582ded78275625194161735c6ca89e7334f10116f24875c25bb75
Instruction Fuzzy Hash: D4112630A0EA8D4FEBA9DBA888762B83BA0FF55300F0602BED05DC60E3DE656504C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD4BD9 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0df35820950a24fae441b2e69cd4a50394fa991e6cf0a5b95ee558344543aba1
Instruction ID: 6d541c2fb0ea183f2e126940865626310662ffaec65566bfee250b602704bc13
Opcode Fuzzy Hash: 0df35820950a24fae441b2e69cd4a50394fa991e6cf0a5b95ee558344543aba1
Instruction Fuzzy Hash: C511D330A0E68E4FEB59EB64C8696B97BE0FF59300F4105BED41DC70B2DE7465408701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD6B7D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 989a4bbc9947bee994fa5fe2732b0f6f00b997eb80dbc562d14d7e74ed6846a8
Instruction ID: b1aceb3ea83e9553bdd05fe0782690fcea23c0aab61e027ec3ce3699039ef4bf
Opcode Fuzzy Hash: 989a4bbc9947bee994fa5fe2732b0f6f00b997eb80dbc562d14d7e74ed6846a8
Instruction Fuzzy Hash: 3F110630A0A64E4FDB69EFA8C4692B97BA0FF58300F0142BED41DC21A6DE75A644C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD24F1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34df6e6a1170f7f956997241be041f40694c3216a3c576ebe00e63d143b8a1c3
Instruction ID: 9b87dda46598f48c61803e11fae5092cc96d1134d393a32a2d4c84f3be3bbacd
Opcode Fuzzy Hash: 34df6e6a1170f7f956997241be041f40694c3216a3c576ebe00e63d143b8a1c3
Instruction Fuzzy Hash: D6018030A4964E8FE751FBB8C8AD9F97BE0EF99300F0149B6D41DC7066DA78A245CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACBCD9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 833378189d4c00b2848a42709a437a74ffbb878c16c0bbd237806143510f59db
Instruction ID: 7752732e0ec89c6a2543928162b0cedec6155495d38cbf8f987a0878d4fdd087
Opcode Fuzzy Hash: 833378189d4c00b2848a42709a437a74ffbb878c16c0bbd237806143510f59db
Instruction Fuzzy Hash: 71117030A0A68D8FEB56EF64C8696BD7BB0FF19304F5244BBD419C71A2DA75A640C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD498D Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b2632cf09832c829b591a72406a0a41fe4f527568642e81cd58d96249f2a90d
Instruction ID: eb9bc6b0bc973d0acd5ab46891adde156fec8ab7a9ddeb72eb5fe556310e2e03
Opcode Fuzzy Hash: 9b2632cf09832c829b591a72406a0a41fe4f527568642e81cd58d96249f2a90d
Instruction Fuzzy Hash: 9B119130A0964E4FEB98EF6488A96BD7BE0FF58304F0106BED41DC61A6DE75A5408B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACB885 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 777bc330f525ebc70fd020031b73a1641510dd7dba26fe821371491aea311d14
Instruction ID: f299da3a3081c5e57546b9fc910ea5acb041928705f1c05de046662fa64d7a54
Opcode Fuzzy Hash: 777bc330f525ebc70fd020031b73a1641510dd7dba26fe821371491aea311d14
Instruction Fuzzy Hash: 2B115E74A0A64E8FDB59FF64C8A92BD7BE0FF18301F4144BAD419C71A5DA75A640CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD5C79 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fee241aa5b41d147adc9d18788d7230e59878580164fcb59bbd2a9ba16c4a04
Instruction ID: 7cfae9e067bccb11abfc7b1bc1527f08727ca39bed1a0b502f4947ab0339a7fd
Opcode Fuzzy Hash: 8fee241aa5b41d147adc9d18788d7230e59878580164fcb59bbd2a9ba16c4a04
Instruction Fuzzy Hash: 4511A030A0E64E4FE7A1FB6888685B97BE0FF59300F4645B6D418C71B7EA38A6448741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC34F5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 637fb643d4636e2fc6a1be1c38da952d472287bd8d242a34762e6e700b489773
Instruction ID: 2731b95e21a6905f0b7cdb8b2022cf9c4033dd823d15c504cd9c79146ebf72ee
Opcode Fuzzy Hash: 637fb643d4636e2fc6a1be1c38da952d472287bd8d242a34762e6e700b489773
Instruction Fuzzy Hash: 4B115270A0968E8FDB99EFA8C46A6BE7BE0FF18300F4104BED41DD71A1DB75A5408700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD4B4D Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd4154987adddd2445d5440a6cb3b10f3f22f9eb9d620fab0b9d443576d7b5d7
Instruction ID: 32dbbe689fd005e9d410baf237f21ea03e3895178de3af42a201fc66390a5638
Opcode Fuzzy Hash: cd4154987adddd2445d5440a6cb3b10f3f22f9eb9d620fab0b9d443576d7b5d7
Instruction Fuzzy Hash: CE11A330A0964E4FEBA9EF6488696F97BE0FF68304F0106BED41DC61E2DE75A540C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC2E81 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 826b3fc09c8b3fc39956c62392983ff681768a4fd7272286760ba3e252be4abd
Instruction ID: b1f181cabf3d6a943296bc9edc9f3b07726bbf773521aeca92e409f5b93fa483
Opcode Fuzzy Hash: 826b3fc09c8b3fc39956c62392983ff681768a4fd7272286760ba3e252be4abd
Instruction Fuzzy Hash: C0017C31A1A74E4FE761FBA488A85F97FE0EF59300F0649B6D418D70A6EB74E6448B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC05D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29b7f11223079ac33318ae924e32a5b090d515f4d35ec31aa14e4a4e7eeca8a6
Instruction ID: b89f4594de6a6e18230766a18b28b88de7a4c748fbca65703fe5a8453f78f7dc
Opcode Fuzzy Hash: 29b7f11223079ac33318ae924e32a5b090d515f4d35ec31aa14e4a4e7eeca8a6
Instruction Fuzzy Hash: 54018030B0950E8FEB98EF64C0A46B977A1EF68304F51447AE40ED31A5CA71A661CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD1F85 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc3fc134cc8052854080373d72630a91dad1020ff10d28e4f253b856fd2843e4
Instruction ID: 5b20b56d947343463aa445f23efe4fab66d6faaefed71cbdb9c637f786f79da8
Opcode Fuzzy Hash: fc3fc134cc8052854080373d72630a91dad1020ff10d28e4f253b856fd2843e4
Instruction Fuzzy Hash: 2901B130A0924D8FDB59EF64C4699F93BA0EF59304F0205BED40EC61E2DB75A644C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC285D Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3fe0983dd537483d18e4b573f3388431fd55d25cac7f11b816b7d07f05b9aa1
Instruction ID: b024800b920538937feec1fcdff9903dde5f08c093c2081cb44b214c9b905d62
Opcode Fuzzy Hash: d3fe0983dd537483d18e4b573f3388431fd55d25cac7f11b816b7d07f05b9aa1
Instruction Fuzzy Hash: D701A230E1A64E8FE761FBA488A95F97BE0FF19300F4245B6D408C70B6EE78E6408700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACA6B9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e93c5a25a8910c54abc5ec90071e93d6cb61cc3164eeaba53ba53cac96975841
Instruction ID: c3fc4cd1c191af2a5499c90193689a038d876c73cb235b7bba7fafd9b68c48cf
Opcode Fuzzy Hash: e93c5a25a8910c54abc5ec90071e93d6cb61cc3164eeaba53ba53cac96975841
Instruction Fuzzy Hash: 25018F30A4E64E5FD752BBB4C8685B97BF0EF1A304F0648B3E408C70B6EE78A6448711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD77C9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd8ae953b192e3b9e3cdc258cdf900f72a3109ea8f8be6e05b79d285ff7bcc5f
Instruction ID: 6602148457a14b85cb13659a7eef2a1c22061702be3cb8eb3d88b4936da50a52
Opcode Fuzzy Hash: fd8ae953b192e3b9e3cdc258cdf900f72a3109ea8f8be6e05b79d285ff7bcc5f
Instruction Fuzzy Hash: 4901D230A0A28D4FDB5ADB64C8795BD3BA0FF56304F0209FED40AC60E2DE75A940C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0F2F Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 001560adf76a96e4ce75ed5d2f830c228e42f06e53020c1dcd52e19af479a555
Instruction ID: cc4e9de1fdfd56809c735bf25a77883bfe5827440dbc19e13cc4f558da8a721c
Opcode Fuzzy Hash: 001560adf76a96e4ce75ed5d2f830c228e42f06e53020c1dcd52e19af479a555
Instruction Fuzzy Hash: 7A015231A1990D8BEB68EB58C865FBD77A1FF54304F1142B59009D71AACE3469858B80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD3A08 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd657c37168704acb2d3c8fa4b872af2f0bfbe7a9b84183028cb84991ff28387
Instruction ID: d29a4fefd2d524615d451f05702fdaab0295527e01d371fae5f9116d00781e03
Opcode Fuzzy Hash: fd657c37168704acb2d3c8fa4b872af2f0bfbe7a9b84183028cb84991ff28387
Instruction Fuzzy Hash: 8F11DA70E0561D8FDB60DFA5C5582ECB7F0EF94301F5142BAD009E72A1DE785A858F50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC340A Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eb0bf78d270af5e5dd1bf41cf4affbf9ecdb4bcdf2985dc4943d8f3872f7a88
Instruction ID: 19e87c5e952b62223cf2b416e470557b0dafb04f7042013226241952811000ad
Opcode Fuzzy Hash: 0eb0bf78d270af5e5dd1bf41cf4affbf9ecdb4bcdf2985dc4943d8f3872f7a88
Instruction Fuzzy Hash: 30014F31E1994E8EEB91FBA8C55D5B97BE0FF18301F4549B6D41DC3065EB74E2448B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC2EF9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 606bf0db9f07ef94b3c7e45cb8ea21567af2ef63d82355e90eb3fc82906d89ed
Instruction ID: 3ba5d96bbcc1d16d78b4452dcfa7f7b04b03ea80c88c7105084eae916fed78f9
Opcode Fuzzy Hash: 606bf0db9f07ef94b3c7e45cb8ea21567af2ef63d82355e90eb3fc82906d89ed
Instruction Fuzzy Hash: E2018470A1A74D4FD752BBB488695B97BE0EF0A300F0644B3D40CCB0B6DE78A6588741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD7229 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 885b71e1613e314bce4ea9008441a8e3cf5b4c7c3d472d39d2ffe0c96b2ec940
Instruction ID: b71b36ef13795062e2fccd2e04e8a40e0fa0981d8cf34931b7f24bbcdba5103d
Opcode Fuzzy Hash: 885b71e1613e314bce4ea9008441a8e3cf5b4c7c3d472d39d2ffe0c96b2ec940
Instruction Fuzzy Hash: 0E01A731E0E68E4FE765EB7488695A97BF0EF56300F0645F7E408C70B6DE74A9448701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b6bfb7165e604d4f388f5f36ca3bcc06fc31ed21aff62b29b1b1a89d7af25f
Instruction ID: bca8f0651a82a55ddaed4290db3353b6cedd02d7279f3f9f845ce6c8bb2dd13c
Opcode Fuzzy Hash: b7b6bfb7165e604d4f388f5f36ca3bcc06fc31ed21aff62b29b1b1a89d7af25f
Instruction Fuzzy Hash: AC016D30A1960E8EEB69FBA4C4686B972A0FF18305F11487ED41EC61E5DF75A650CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acda80830b24ae418bbe5cf045f5bf0e242b3124b488e8424fe0ed8f15f09699
Instruction ID: d91645c0f756f6f79738d6825388887e31dd16e2c53d578acf315c851c955f82
Opcode Fuzzy Hash: acda80830b24ae418bbe5cf045f5bf0e242b3124b488e8424fe0ed8f15f09699
Instruction Fuzzy Hash: 47018630A1560E8EDB59FFA4C4A85B973A0FF18305F21087ED41EC71E5DE75A250CA01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC1C4D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2e6cfc608f36e52f762757b401f2956d19a99b85f7970197938e4bcf7cfca2c
Instruction ID: 9192cb24090203582be103db1ada1ff309cb71a8218f26570715f599894d644e
Opcode Fuzzy Hash: f2e6cfc608f36e52f762757b401f2956d19a99b85f7970197938e4bcf7cfca2c
Instruction Fuzzy Hash: 21018630A0E64D8FEBA8AF5484656B97BE4EF65305F51407AE408C31A2DBB59561C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC1140 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7edd30bae94e2f9d5ba58053a936abca9537a0e5f09a4b73a246dad3ea99d3b9
Instruction ID: c20a3d39935da790d0be4e332b2404f560de769109fe7a6006963b9e446a4320
Opcode Fuzzy Hash: 7edd30bae94e2f9d5ba58053a936abca9537a0e5f09a4b73a246dad3ea99d3b9
Instruction Fuzzy Hash: B3F08170B1A65E89FBA8AFA898682BAB7E0EF65215F01117FD419C20E1DE7812148640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD4FDB Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a82068aadc9be4ddcaf506d6dcc51406a5ebcec8b88c564e16dc824b9a4c1c3
Instruction ID: afa388b03a64908f03b72487f9eaddff009f07b31d9c6ca3ebc68041801b0eb6
Opcode Fuzzy Hash: 1a82068aadc9be4ddcaf506d6dcc51406a5ebcec8b88c564e16dc824b9a4c1c3
Instruction Fuzzy Hash: 2DF0E735E0992D8EDFA4EBA8C8957ECB7B1FF98200F4441B5D44DE3262DE3469458B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0364ddc2c03a5550b86d4d2f5c373979aff7b0da8380433cd4f5ec6cdb2e8f69
Instruction ID: 673d43a1d099f3bcde4108d2714fa6a167d92b4c131d6a073bb1f1a7c771035e
Opcode Fuzzy Hash: 0364ddc2c03a5550b86d4d2f5c373979aff7b0da8380433cd4f5ec6cdb2e8f69
Instruction Fuzzy Hash: B0F0C830B0E54E8FEB64FF6484655F97790EF65309F41407AF80DC31A2CA75A560C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACB4BF Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a09875babf9480ff082bc07d543d172def1bc1455b5de772a323fe100262104b
Instruction ID: 051d0b77d190d2a73ceb6233921dc898332359e9e6cd3bcf4d47c3f84241c529
Opcode Fuzzy Hash: a09875babf9480ff082bc07d543d172def1bc1455b5de772a323fe100262104b
Instruction Fuzzy Hash: A4F03C70E0991D8FDBA4EB14C496BE9B3B1FF58340F5082AA900DD31A6DF75AA818F40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC2779 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16158cb3d18cedebe2127b96cfed9ac0773347449ce1d6b92c148dd1d77929df
Instruction ID: 4b54168dbc0442c9198d5cc8312fb91fd55bb67fe67c3659e340a97b92a4023b
Opcode Fuzzy Hash: 16158cb3d18cedebe2127b96cfed9ac0773347449ce1d6b92c148dd1d77929df
Instruction Fuzzy Hash: 43F0963090E38D8FDB5AAF6488681F93B70FF06304F4605BAD819C60E2DB789654CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC27ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04e0d48228483ba058eec874630ae14ae74cf8249ce94ce87f8841ae793425a
Instruction ID: 8b92147fe588574cb6b3c3ed859734bc9327c33a515c58090b4b858b7be2cd79
Opcode Fuzzy Hash: f04e0d48228483ba058eec874630ae14ae74cf8249ce94ce87f8841ae793425a
Instruction Fuzzy Hash: 01F0F030A0E78E8FEB69AFA088252B93BA0FF15304F0104BAD408C60E6DF799550C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD25FB Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7894d27bff20a25fc3c660e328f0b617bb2d2cc75b2a8ba20b9f44b7310c9812
Instruction ID: 45c7a0a6a45ffbdec7a3853384c4ca28a487e191d357e9d9bb908289fd2c81d9
Opcode Fuzzy Hash: 7894d27bff20a25fc3c660e328f0b617bb2d2cc75b2a8ba20b9f44b7310c9812
Instruction Fuzzy Hash: 55F0D030E0951E8BDF65EB90C865AEC72A5FB55310F1106B5C109E32A1DFBC6A808B84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC6532 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40e4e6298c95936c81fad98a77f0f9a23c2fc8f89888b684b02fdfa2b3405b95
Instruction ID: 0b84008d08d7061b6b087330e52c2f73c0a7e1fdc0a34bbf08f405d0f2024c76
Opcode Fuzzy Hash: 40e4e6298c95936c81fad98a77f0f9a23c2fc8f89888b684b02fdfa2b3405b95
Instruction Fuzzy Hash: 78E026B091991D8EDBA4EB4884A177976B1AB54305F5104FD810DD3290DE745A809F14

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FFD9BAD12A8 Relevance: 8.9, Strings: 7, Instructions: 145COMMON

Download Yara Rule

Strings

{, xrefs: 00007FFD9BAD13C2
/, xrefs: 00007FFD9BAD13E3
(, xrefs: 00007FFD9BAD13CB
", xrefs: 00007FFD9BAD1195
", xrefs: 00007FFD9BAD119F
., xrefs: 00007FFD9BAD1474
[, xrefs: 00007FFD9BAD1467

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID: "$"$($.$/$[${
API String ID: 0-580553742
Opcode ID: 80d2efecb674ef06700abf9f7fbd1367464730be71deaad3c7a7200760e0e858
Instruction ID: cf220b8dd584be942922fda0c36bbc6c546932907fecb99b6aaa72744a1e387e
Opcode Fuzzy Hash: 80d2efecb674ef06700abf9f7fbd1367464730be71deaad3c7a7200760e0e858
Instruction Fuzzy Hash: E461D574E0522D8EEB78DF94C8A47FDB6B1BF94304F0142BAD04DA6291CBB85A84CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACF0A8 Relevance: 6.3, Strings: 5, Instructions: 84COMMON

Download Yara Rule

Strings

A, xrefs: 00007FFD9BACF11B
Q, xrefs: 00007FFD9BACFE2C
R, xrefs: 00007FFD9BACFDE9
/, xrefs: 00007FFD9BACF0A8
k, xrefs: 00007FFD9BACF147

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bacf000_WmiPrvSE.jbxd

Similarity

API ID:
String ID: /$A$Q$R$k
API String ID: 0-3601821991
Opcode ID: 36355d0e56e28b08cd1ade8d0590588a54254d200d713fa4d458e01f23afc1f0
Instruction ID: edaa8eab372a3e9eb43e06ff9e95f63e42e010c090868cbe7b69a9e9506ab3c2
Opcode Fuzzy Hash: 36355d0e56e28b08cd1ade8d0590588a54254d200d713fa4d458e01f23afc1f0
Instruction Fuzzy Hash: 4231B574A0962E8BDBA8EF14CCA57A9B7B1FB54301F1041EDD40EA3291CB745A848F44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACFC23 Relevance: 5.0, Strings: 4, Instructions: 50COMMON

Download Yara Rule

Strings

;, xrefs: 00007FFD9BACFCAD
F, xrefs: 00007FFD9BACFC6C
k, xrefs: 00007FFD9BACF147
[, xrefs: 00007FFD9BACFCA0

Memory Dump Source

Source File: 00000024.00000002.1759610582.00007FFD9BACF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ffd9bacf000_WmiPrvSE.jbxd

Similarity

API ID:
String ID: ;$F$[$k
API String ID: 0-414671953
Opcode ID: a6b5958dce4cf848a47b256ee85a28e21dbf18955e0732cf46fa5ecd27e1b030
Instruction ID: 4ad878680c7745b5f519cd7f52f81fb3c1e155a0d2ddc5c56eedcdc2a991e218
Opcode Fuzzy Hash: a6b5958dce4cf848a47b256ee85a28e21dbf18955e0732cf46fa5ecd27e1b030
Instruction Fuzzy Hash: CA111974E0921E8FDB68EF54D8A07BAB7B2FB54300F0041A9E50E97295CF785A85CF05

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: WmiPrvSE.exePID: 7560, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9BACF047 Relevance: 3.8, Strings: 3, Instructions: 65COMMON

Download Yara Rule

Strings

k, xrefs: 00007FFD9BACF147
{, xrefs: 00007FFD9BACF05B
B, xrefs: 00007FFD9BACF863

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bacf000_WmiPrvSE.jbxd

Similarity

API ID:
String ID: B$k${
API String ID: 0-3120343438
Opcode ID: fb666a052dc1d3f53259dc2122ac2899390a0ec1f28d72e99a4bb94a25886d1e
Instruction ID: f1e3bb6068de8982f08d65dc62764fbafd6db62c688ef73264b127d690df1911
Opcode Fuzzy Hash: fb666a052dc1d3f53259dc2122ac2899390a0ec1f28d72e99a4bb94a25886d1e
Instruction Fuzzy Hash: 5D310670A0962E8EEB78EF54C8607B9B6B1FF54301F0101FAD04D97291DBB96A84DF41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACDA45 Relevance: 2.5, Strings: 2, Instructions: 42COMMON

Download Yara Rule

Strings

\, xrefs: 00007FFD9BACDB6D
;7, xrefs: 00007FFD9BACDA4F

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID: \$;7
API String ID: 0-1127756331
Opcode ID: 7a9c379fc744515e733beb383147c1cecb8ac571f36a723532df277862603699
Instruction ID: 90cf04618981cddf26e3ba089544107d0bd67dd49d1cde1cc2e20e5e2c018716
Opcode Fuzzy Hash: 7a9c379fc744515e733beb383147c1cecb8ac571f36a723532df277862603699
Instruction Fuzzy Hash: FC11C971E0910D8FDB28DF80D4E06FDBBB1EF54311F25002AD04AA72A0CAB86A81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD2F38 Relevance: .5, Instructions: 460COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1511502b98e3b07b0490e8670bf0677c273030bc5412a1f166c7bed21cc2253e
Instruction ID: 01bcb88990455aca34ac8b90f2d84701b97e946de930a790213735f25a199b0e
Opcode Fuzzy Hash: 1511502b98e3b07b0490e8670bf0677c273030bc5412a1f166c7bed21cc2253e
Instruction Fuzzy Hash: D721B320E0E7CE4FD752EB7488685A97FF0EF56304B0A45FBD468CB0A7D968A508C742

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACD559 Relevance: .4, Instructions: 395COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55879c88089579c0836a08f377e6f3d4dab5a8e4fe3747742f055a6a8bb2f4a7
Instruction ID: 3fda69e74351a746df611ed68f8909c10a5f8d224f7d2ce9a3d17337354c96c3
Opcode Fuzzy Hash: 55879c88089579c0836a08f377e6f3d4dab5a8e4fe3747742f055a6a8bb2f4a7
Instruction Fuzzy Hash: 7DE15A71E19A5D8FDBA8EF98C864BB8B7A1FF58304F0041BAD05DD72A6CE746941CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC1688 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71318505108009dddd2cdbe20cf538ba86fe800a37ae519d9ff2d59a9f845695
Instruction ID: 8baf620b9e233c23fe47fe581973e84edb33b1adca2aae8cbe46f4a0783dff22
Opcode Fuzzy Hash: 71318505108009dddd2cdbe20cf538ba86fe800a37ae519d9ff2d59a9f845695
Instruction Fuzzy Hash: 2481EF31B1DA494FDB98EF5C88605B977E2EFE8300F15416AE45EC32A6DE70AD028781

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC06C0 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e36743e37b6bc038d830711894f3e117151cee73992a3410bda3ea50604a5bc
Instruction ID: 006d2795571bea86973e614c93a8dab0c2b5d5e5d88bd12758fb486d2e2beb81
Opcode Fuzzy Hash: 8e36743e37b6bc038d830711894f3e117151cee73992a3410bda3ea50604a5bc
Instruction Fuzzy Hash: 8D615A53B0FAC90FE73567AC58650B97B90EF5675070983F7E0988B0FBEC54AA058388

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD35FA Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 704f8c903638f62495ffb8e1fea820f3dd8271705e1293e742fdd70a59b2dc37
Instruction ID: 74c33ed3984e6356a9dbbca954fdfa44335f3bf61bd72b78210c00e42eda6a8b
Opcode Fuzzy Hash: 704f8c903638f62495ffb8e1fea820f3dd8271705e1293e742fdd70a59b2dc37
Instruction Fuzzy Hash: 2A514B237099191AE330FBACFC668F93BA0EFC23B7B040677E298CA093D911544987D1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC35FE Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67da6b3c0b166f6228634a9df9d531bcb3dedc7d0c4802ea8e8eff98a516bbf9
Instruction ID: c38ac0712e6f40c714a8d91b9fbe8cded6c328880c37f6d103cfe82e81bf01f2
Opcode Fuzzy Hash: 67da6b3c0b166f6228634a9df9d531bcb3dedc7d0c4802ea8e8eff98a516bbf9
Instruction Fuzzy Hash: 5771B572A1894D8FEB94EB6CD8657AD7BE1EF99314F9102B9D00CD73DACBB414018741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD3795 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4eaa957e9b982557abaf46679139d7d581603d642d203c165715b86a12ae1ac
Instruction ID: 5096d3934ae0180154403b2ec3657ff784d81de95c40385193780ec3211fa694
Opcode Fuzzy Hash: b4eaa957e9b982557abaf46679139d7d581603d642d203c165715b86a12ae1ac
Instruction Fuzzy Hash: 1E81CB70E1961D8FEBA4EB98C8557ADB7F1FF98300F5142BAD00DE7291DE745A848B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACBD59 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ad0beef142a0cade7a98e2adb919130afe2421e0e5e9bf2abeb3994dd9a80a5
Instruction ID: 9a88ea871428c9eecf432e1f6f448765844862ee08a0931d87edef14ddb2a82a
Opcode Fuzzy Hash: 5ad0beef142a0cade7a98e2adb919130afe2421e0e5e9bf2abeb3994dd9a80a5
Instruction Fuzzy Hash: EB713C70E0991D8EEBA4EBA8C4657FDB7F1EF58300F51417AD00DE32A2DE756A458B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC1CCD Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b6e17b7c30bdb62abe391a50422a1b1722a179916d5e976c0cd673abafae04a
Instruction ID: dd8b7f60965e2fff04d6fd228d602885ef6d3bbb0a593b98b4d2df2c5024e520
Opcode Fuzzy Hash: 6b6e17b7c30bdb62abe391a50422a1b1722a179916d5e976c0cd673abafae04a
Instruction Fuzzy Hash: 9E51E331B18B4D4FDB58EF4888645BA77E2FFE8300B15467EE45AC7296DE30E8028781

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACAA70 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bb2c1a9118dda9c4e1fd21e63f07599c85cf7d100e85b0ebbfa9d49aca26cfd
Instruction ID: 1779ce0d8101c4d80f7b7cbc6dcea453a28466a3e89ddea7565ce4668f933e44
Opcode Fuzzy Hash: 7bb2c1a9118dda9c4e1fd21e63f07599c85cf7d100e85b0ebbfa9d49aca26cfd
Instruction Fuzzy Hash: 58510261B0E94F4FE712ABB8C8691F97BE0FF52314B0A45B6C058C70A7DE65A949C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD1C4A Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10cd526fc84706158dc4b18eb0844694b094ae175e04689aa48ade0afe015cbb
Instruction ID: 2c3b6d75f6fbb2037c08bfdff905dd57eb333e83dcbcd05c9dc653045eb57d1e
Opcode Fuzzy Hash: 10cd526fc84706158dc4b18eb0844694b094ae175e04689aa48ade0afe015cbb
Instruction Fuzzy Hash: 5261B970E0951D8FDB94EF98C494BA9B7F2FFA9300F5041A9E00DE7295CB75A981CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACAA50 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8fc61a0b52598bbd3517f35387041ae6d3ac2341182a20cabb66141359c0bd6
Instruction ID: 05c337f0c64e40cd8d750cb860958852cb26202e161e206e81b65c5fb6e07251
Opcode Fuzzy Hash: b8fc61a0b52598bbd3517f35387041ae6d3ac2341182a20cabb66141359c0bd6
Instruction Fuzzy Hash: D8414A62E0E98F5BE312BBBCD8290F97BA0FF11219B0941B7D05C8B0D7DD556949C381

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACC4D3 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 528c27919cfdf8bb152d877b22b322cf03de1adcf9431c3e098d54e6aa92107c
Instruction ID: dee40d0f6d1b20278e0dc4209fb2364da200de91f422890f540f387ef76ea8a0
Opcode Fuzzy Hash: 528c27919cfdf8bb152d877b22b322cf03de1adcf9431c3e098d54e6aa92107c
Instruction Fuzzy Hash: 05412626B4D66E4AE725B7ECBC214F87B50EF5533AB040177E50DCA0E3ED68298582D1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC20E5 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ebe7eaac331d230c7e76f5fe021f2e72c0724d9af64353ba9c9761ff72b4681
Instruction ID: aed52119f26ae11f780fa535db95e64821be7d40d9bf51cc5a8f740031ecd242
Opcode Fuzzy Hash: 7ebe7eaac331d230c7e76f5fe021f2e72c0724d9af64353ba9c9761ff72b4681
Instruction Fuzzy Hash: B3412631B0EA4E4FE765EBB898651B87BD0EF86310F0645B7E41CC71E6DE68A9418381

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC31E1 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 392c3f18729e6458de5fe435f3bd29b7584ca59546c3bb436f7a4c4cee0904a6
Instruction ID: 4d37db6406e9ce543f13015df9959750eb75a4733753b3efecae3dd98e413780
Opcode Fuzzy Hash: 392c3f18729e6458de5fe435f3bd29b7584ca59546c3bb436f7a4c4cee0904a6
Instruction Fuzzy Hash: 8C512870E0A60D8FEB64EB98D4656FDBBF1EF58300F51417AD009E72A6DA786A44CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACAA88 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fd3f1caf3d3b42c3871af241e549b6171c61f338f2ad2e5ce467e2da675bc52
Instruction ID: 89a1207834465f55b447185dc804a6bb18c5d29c776b5448be320f28f8e27d17
Opcode Fuzzy Hash: 5fd3f1caf3d3b42c3871af241e549b6171c61f338f2ad2e5ce467e2da675bc52
Instruction Fuzzy Hash: 91411762B0E98F5BE312ABB888291F97BA0FF51214B0945B6C05C870D7ED55691A8341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACAA98 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c0223646b415e1aca3253257565e121b1695af322570ee7e75b19ab1605280c
Instruction ID: 5e857af0c3827f4c678c7a81dde79da2dede2d85b9708c4e5bc75349c071b355
Opcode Fuzzy Hash: 2c0223646b415e1aca3253257565e121b1695af322570ee7e75b19ab1605280c
Instruction Fuzzy Hash: 0B312A62F0F98F5FE712ABBC88251B97BA0FF62254B0945BBC09C870E7ED556906C341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD239D Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4821da6be87f8b07b9257a2013d9b72c5177d6e138ab70af12047e45d0d8aa60
Instruction ID: 2c6c0cf10b632ac0a63ff2cefd37fab3816453a4f471555c124ece26b2158bb9
Opcode Fuzzy Hash: 4821da6be87f8b07b9257a2013d9b72c5177d6e138ab70af12047e45d0d8aa60
Instruction Fuzzy Hash: 94414C70E19A0D8FEB58EBD8D865AEDB7B1FF58315F010279E009E72A6CE746941CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACC4A8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb594a06a627da43eb1e8f3ff4891de483786e39fe8f32a262f14f0e9445eeec
Instruction ID: d78ef3f07cf6631df8a4e43507cd98e92d6df9b47e8c9281e4e2a3a979a0f642
Opcode Fuzzy Hash: cb594a06a627da43eb1e8f3ff4891de483786e39fe8f32a262f14f0e9445eeec
Instruction Fuzzy Hash: B2318322E4E65E4AE775B7EC68214F83750AF1533AF0502B7E45D8A0E7ED6C294082D5

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD7295 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50c212544a4aef3da4db9dd6a8e3d247df93dbe0883c1a1a50f29843ec8c1972
Instruction ID: a94ecaadefc32fede4b33ce280be9b9a60c98c5b38e60fecddf4a939991bebaa
Opcode Fuzzy Hash: 50c212544a4aef3da4db9dd6a8e3d247df93dbe0883c1a1a50f29843ec8c1972
Instruction Fuzzy Hash: 3831F230F0A50E8FEB68EBA4C4A46FD33E1FF99310F11067AD419D71A5DE78AA408B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0805 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 268367b276cb9e24770c57bcb03d9cee0a41adc32d33968cd64f377e3e5f7b87
Instruction ID: 07069c5ca8aea2ee2867c92ed87f25ab129496d21d709e92a0f55c418a803e72
Opcode Fuzzy Hash: 268367b276cb9e24770c57bcb03d9cee0a41adc32d33968cd64f377e3e5f7b87
Instruction Fuzzy Hash: 23216E12B0E58A57E73477BC9C751F97B90EF11719B098677E09CCA0D3DD04A155C389

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD70A1 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4723518b4d68323964b8771e88413a0687a79b77e28a865de6fc20be1a810547
Instruction ID: 08a05456048b2a935a853649cb4533e0ab86b574e6d9aea0c9ace247f7e31652
Opcode Fuzzy Hash: 4723518b4d68323964b8771e88413a0687a79b77e28a865de6fc20be1a810547
Instruction Fuzzy Hash: 2F21B330A0A51E9FEB65EBA8C8586FD7BF4FF59301F0109B2D00CC30A1DB74AA408750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD2571 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1266dc1b37964784b30716e5dd027f5ba9d12a02b27fea374818b5d6deedc97
Instruction ID: 10342881eeb5ea8cfa08a102012e8d5f3c31d2370f6b10fedb73b087ad1e9e7b
Opcode Fuzzy Hash: b1266dc1b37964784b30716e5dd027f5ba9d12a02b27fea374818b5d6deedc97
Instruction Fuzzy Hash: F8314F74E0960D8BEB68DBD0C865BFD77B1BF48314F010279C009A62E1DBB95644CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC3575 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1deff4083a7eee58458d23143e1dc58306f65553b77afddea3110403f346e2cf
Instruction ID: 20d75e63a0398c909a3a8fc1a81cd8ce0d806ca906fd68e8037d13e978f22206
Opcode Fuzzy Hash: 1deff4083a7eee58458d23143e1dc58306f65553b77afddea3110403f346e2cf
Instruction Fuzzy Hash: 3D218030A0AA4E4FEB69AB64C4666F973E1FF59304F11047AC01ED70E5DE79AA058701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD783D Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 873ad9a411968bf9d1cbdd1aa06ef0d45a94e3a665d208d832b18cf858414041
Instruction ID: 6ee48f758a7d8a7a81e49bbda16664da05318a13b4e6fc758ac087e9442e0dfe
Opcode Fuzzy Hash: 873ad9a411968bf9d1cbdd1aa06ef0d45a94e3a665d208d832b18cf858414041
Instruction Fuzzy Hash: F321BE30B4A50E4FDB5EEB64C8655BD3BA0EF59304F1205BED41EC74E2CE75AA80C640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0A01 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcc187657bb19d3c7b732a235b2cc604d5fab672351d08687ab60ae016682b27
Instruction ID: 5565f28fa990c120f0d39f387940f41005e3905043616466f812368e2e0671ec
Opcode Fuzzy Hash: bcc187657bb19d3c7b732a235b2cc604d5fab672351d08687ab60ae016682b27
Instruction Fuzzy Hash: FA11B271E0A50E8FE7A0FBA8C8691BD7BE0FF58700F4246B6D41CC71A6EE74A6408740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD2DD9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3317b0658f195b6b71363d723e14c39e781b9d7067c2316c473d6b14a1229112
Instruction ID: 6298b1eff16de98b76071d409c2138ca5aac948e07083a36d58a185cbfd73b50
Opcode Fuzzy Hash: 3317b0658f195b6b71363d723e14c39e781b9d7067c2316c473d6b14a1229112
Instruction Fuzzy Hash: FD11D53090E28A4FE752EBB4C868AA97FF0EF5A310F0545FAE44CC7063CA289654C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD4345 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a40f480c75be1b850c789034028e768b6ec8bc675445fdf0a9dedd40ef28796f
Instruction ID: d315a06ee3a303ff767a4d5998f4194b591a918b3ee99123286749ed6a621356
Opcode Fuzzy Hash: a40f480c75be1b850c789034028e768b6ec8bc675445fdf0a9dedd40ef28796f
Instruction Fuzzy Hash: 82117F30A0964E8FDB98EFA884692F977A0FF58305F0106BED41DC61A6DE74A640C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD6921 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d110b0aa0e87686e505a6be75b755ffc4e4df07c238f6a30a62e0bb31d985fb7
Instruction ID: 4c520caaa92c84fe3aab05ce216c490343297b83c87fb69dcf88025304f7dade
Opcode Fuzzy Hash: d110b0aa0e87686e505a6be75b755ffc4e4df07c238f6a30a62e0bb31d985fb7
Instruction Fuzzy Hash: 9B11B430A0964E8FDB98EF6884652BD7BA0FF58300F0105BED41DC61A6DA74A240C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD2307 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da71070e516b5be8279a2dedcb596396ba655d761294402db73e9574125131d4
Instruction ID: f4c0b2c2421632b7152a4ba22d85816d89b302584acf7425770bb5374a0b8df0
Opcode Fuzzy Hash: da71070e516b5be8279a2dedcb596396ba655d761294402db73e9574125131d4
Instruction Fuzzy Hash: BA21D23094E3894FDB169B7088691F87FB0AF07300F0605EBD449CB0E3DA695A45C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD20F1 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1c208919cd2869f8d3f5ea8ac1a9215b80d35516f7b3145ab1821cce0be5542
Instruction ID: b5b5cb85e1438f08c806e9a3a394d3717a72bce508ea2ce6a56dfde937ec8675
Opcode Fuzzy Hash: f1c208919cd2869f8d3f5ea8ac1a9215b80d35516f7b3145ab1821cce0be5542
Instruction Fuzzy Hash: 4B117C30A0924D8FDB58DF64C4A65F93BA1FF99304F1242AEE85E83291CA74A541CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD69C5 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65c7f19e6035e43dc4313a0d3c5ab4d805be920a889a05414bd15c956d01f4c4
Instruction ID: f3119472cafc8a04c4d97e58b754d092eddf9f5b3dc0bbb78e613d19a37edc20
Opcode Fuzzy Hash: 65c7f19e6035e43dc4313a0d3c5ab4d805be920a889a05414bd15c956d01f4c4
Instruction Fuzzy Hash: 8511B430A0964E8FEB98EFA8846A6BD7BF0FF58300F0145BED45DC71A6DA756540C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD4865 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9e3ceae8f30cc809c96beb310c69fe040e11239b589dc07fcf09a014938958b
Instruction ID: 7bf7cd02ebbf8364e32c0de88d8891684989db00109f41506d817840aa34aa2a
Opcode Fuzzy Hash: e9e3ceae8f30cc809c96beb310c69fe040e11239b589dc07fcf09a014938958b
Instruction Fuzzy Hash: 4411C131B0EA8D4FEB69DBA488B52B87BD0EF59304F0501BED01DC65B2DE656550C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD42A9 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fd22751937ca7b1ab870772e6c8320e94c867481fa9ecf65b2cd59f7a22b295
Instruction ID: fe51b00f1494ef17c493cd4500c7a5ae53edbe7cc4d547831f7fccf93295ef8c
Opcode Fuzzy Hash: 8fd22751937ca7b1ab870772e6c8320e94c867481fa9ecf65b2cd59f7a22b295
Instruction Fuzzy Hash: D911DF30A0A64E8FDB99EF6884652B93BE0FF69300F0102BFD41DC71A2CE75A540CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC112D Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a8ec6e6cf2d6b633e72a1b1d4f4e48daee911491f8f54f9570dfc52b6ee0555
Instruction ID: 6319af855e01861fb9bbd7e403434edae6ad4e358ba43f4a7680150001063c18
Opcode Fuzzy Hash: 1a8ec6e6cf2d6b633e72a1b1d4f4e48daee911491f8f54f9570dfc52b6ee0555
Instruction Fuzzy Hash: 4311B670B0A64E8EEB69AFA8C4682B97BE0FF65310F4115BFD419C71E1DE796540C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACC5A0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96bf3a3908e8f912bdfaadff7ab13eb5cf6e56bf34ac1eeba3b43b889fffa31f
Instruction ID: f296d0c05f7342620763a1b3737998800fcc4cde3bb71481c479276cf6072f3c
Opcode Fuzzy Hash: 96bf3a3908e8f912bdfaadff7ab13eb5cf6e56bf34ac1eeba3b43b889fffa31f
Instruction Fuzzy Hash: 6011B23090E64E5FDB56EBA488685F97BB0FF09304F0104BBD419C71A2DE785940C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD6AE9 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eab4d0d46e1582ded78275625194161735c6ca89e7334f10116f24875c25bb75
Instruction ID: 350ff318f0f63124c9127b43f926168d34c3409f5ea2268d75637a31697b3f88
Opcode Fuzzy Hash: eab4d0d46e1582ded78275625194161735c6ca89e7334f10116f24875c25bb75
Instruction Fuzzy Hash: D4112630A0EA8D4FEBA9DBA888762B83BA0FF55300F0602BED05DC60E3DE656504C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD4BD9 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0df35820950a24fae441b2e69cd4a50394fa991e6cf0a5b95ee558344543aba1
Instruction ID: 6d541c2fb0ea183f2e126940865626310662ffaec65566bfee250b602704bc13
Opcode Fuzzy Hash: 0df35820950a24fae441b2e69cd4a50394fa991e6cf0a5b95ee558344543aba1
Instruction Fuzzy Hash: C511D330A0E68E4FEB59EB64C8696B97BE0FF59300F4105BED41DC70B2DE7465408701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD6B7D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 989a4bbc9947bee994fa5fe2732b0f6f00b997eb80dbc562d14d7e74ed6846a8
Instruction ID: b1aceb3ea83e9553bdd05fe0782690fcea23c0aab61e027ec3ce3699039ef4bf
Opcode Fuzzy Hash: 989a4bbc9947bee994fa5fe2732b0f6f00b997eb80dbc562d14d7e74ed6846a8
Instruction Fuzzy Hash: 3F110630A0A64E4FDB69EFA8C4692B97BA0FF58300F0142BED41DC21A6DE75A644C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD24F1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34df6e6a1170f7f956997241be041f40694c3216a3c576ebe00e63d143b8a1c3
Instruction ID: 9b87dda46598f48c61803e11fae5092cc96d1134d393a32a2d4c84f3be3bbacd
Opcode Fuzzy Hash: 34df6e6a1170f7f956997241be041f40694c3216a3c576ebe00e63d143b8a1c3
Instruction Fuzzy Hash: D6018030A4964E8FE751FBB8C8AD9F97BE0EF99300F0149B6D41DC7066DA78A245CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACBCD9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 833378189d4c00b2848a42709a437a74ffbb878c16c0bbd237806143510f59db
Instruction ID: 7752732e0ec89c6a2543928162b0cedec6155495d38cbf8f987a0878d4fdd087
Opcode Fuzzy Hash: 833378189d4c00b2848a42709a437a74ffbb878c16c0bbd237806143510f59db
Instruction Fuzzy Hash: 71117030A0A68D8FEB56EF64C8696BD7BB0FF19304F5244BBD419C71A2DA75A640C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD498D Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b2632cf09832c829b591a72406a0a41fe4f527568642e81cd58d96249f2a90d
Instruction ID: eb9bc6b0bc973d0acd5ab46891adde156fec8ab7a9ddeb72eb5fe556310e2e03
Opcode Fuzzy Hash: 9b2632cf09832c829b591a72406a0a41fe4f527568642e81cd58d96249f2a90d
Instruction Fuzzy Hash: 9B119130A0964E4FEB98EF6488A96BD7BE0FF58304F0106BED41DC61A6DE75A5408B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACB885 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 777bc330f525ebc70fd020031b73a1641510dd7dba26fe821371491aea311d14
Instruction ID: f299da3a3081c5e57546b9fc910ea5acb041928705f1c05de046662fa64d7a54
Opcode Fuzzy Hash: 777bc330f525ebc70fd020031b73a1641510dd7dba26fe821371491aea311d14
Instruction Fuzzy Hash: 2B115E74A0A64E8FDB59FF64C8A92BD7BE0FF18301F4144BAD419C71A5DA75A640CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD5C79 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fee241aa5b41d147adc9d18788d7230e59878580164fcb59bbd2a9ba16c4a04
Instruction ID: 7cfae9e067bccb11abfc7b1bc1527f08727ca39bed1a0b502f4947ab0339a7fd
Opcode Fuzzy Hash: 8fee241aa5b41d147adc9d18788d7230e59878580164fcb59bbd2a9ba16c4a04
Instruction Fuzzy Hash: 4511A030A0E64E4FE7A1FB6888685B97BE0FF59300F4645B6D418C71B7EA38A6448741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC34F5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 637fb643d4636e2fc6a1be1c38da952d472287bd8d242a34762e6e700b489773
Instruction ID: 2731b95e21a6905f0b7cdb8b2022cf9c4033dd823d15c504cd9c79146ebf72ee
Opcode Fuzzy Hash: 637fb643d4636e2fc6a1be1c38da952d472287bd8d242a34762e6e700b489773
Instruction Fuzzy Hash: 4B115270A0968E8FDB99EFA8C46A6BE7BE0FF18300F4104BED41DD71A1DB75A5408700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD4B4D Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd4154987adddd2445d5440a6cb3b10f3f22f9eb9d620fab0b9d443576d7b5d7
Instruction ID: 32dbbe689fd005e9d410baf237f21ea03e3895178de3af42a201fc66390a5638
Opcode Fuzzy Hash: cd4154987adddd2445d5440a6cb3b10f3f22f9eb9d620fab0b9d443576d7b5d7
Instruction Fuzzy Hash: CE11A330A0964E4FEBA9EF6488696F97BE0FF68304F0106BED41DC61E2DE75A540C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC2E81 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 826b3fc09c8b3fc39956c62392983ff681768a4fd7272286760ba3e252be4abd
Instruction ID: b1f181cabf3d6a943296bc9edc9f3b07726bbf773521aeca92e409f5b93fa483
Opcode Fuzzy Hash: 826b3fc09c8b3fc39956c62392983ff681768a4fd7272286760ba3e252be4abd
Instruction Fuzzy Hash: C0017C31A1A74E4FE761FBA488A85F97FE0EF59300F0649B6D418D70A6EB74E6448B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC05D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29b7f11223079ac33318ae924e32a5b090d515f4d35ec31aa14e4a4e7eeca8a6
Instruction ID: b89f4594de6a6e18230766a18b28b88de7a4c748fbca65703fe5a8453f78f7dc
Opcode Fuzzy Hash: 29b7f11223079ac33318ae924e32a5b090d515f4d35ec31aa14e4a4e7eeca8a6
Instruction Fuzzy Hash: 54018030B0950E8FEB98EF64C0A46B977A1EF68304F51447AE40ED31A5CA71A661CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD1F85 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc3fc134cc8052854080373d72630a91dad1020ff10d28e4f253b856fd2843e4
Instruction ID: 5b20b56d947343463aa445f23efe4fab66d6faaefed71cbdb9c637f786f79da8
Opcode Fuzzy Hash: fc3fc134cc8052854080373d72630a91dad1020ff10d28e4f253b856fd2843e4
Instruction Fuzzy Hash: 2901B130A0924D8FDB59EF64C4699F93BA0EF59304F0205BED40EC61E2DB75A644C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC285D Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3fe0983dd537483d18e4b573f3388431fd55d25cac7f11b816b7d07f05b9aa1
Instruction ID: b024800b920538937feec1fcdff9903dde5f08c093c2081cb44b214c9b905d62
Opcode Fuzzy Hash: d3fe0983dd537483d18e4b573f3388431fd55d25cac7f11b816b7d07f05b9aa1
Instruction Fuzzy Hash: D701A230E1A64E8FE761FBA488A95F97BE0FF19300F4245B6D408C70B6EE78E6408700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACA6B9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e93c5a25a8910c54abc5ec90071e93d6cb61cc3164eeaba53ba53cac96975841
Instruction ID: c3fc4cd1c191af2a5499c90193689a038d876c73cb235b7bba7fafd9b68c48cf
Opcode Fuzzy Hash: e93c5a25a8910c54abc5ec90071e93d6cb61cc3164eeaba53ba53cac96975841
Instruction Fuzzy Hash: 25018F30A4E64E5FD752BBB4C8685B97BF0EF1A304F0648B3E408C70B6EE78A6448711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD77C9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd8ae953b192e3b9e3cdc258cdf900f72a3109ea8f8be6e05b79d285ff7bcc5f
Instruction ID: 6602148457a14b85cb13659a7eef2a1c22061702be3cb8eb3d88b4936da50a52
Opcode Fuzzy Hash: fd8ae953b192e3b9e3cdc258cdf900f72a3109ea8f8be6e05b79d285ff7bcc5f
Instruction Fuzzy Hash: 4901D230A0A28D4FDB5ADB64C8795BD3BA0FF56304F0209FED40AC60E2DE75A940C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0F2F Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 969d80864cc9fd57a7529c17b104b535cbe4c9627394024046822500f9a3e320
Instruction ID: 38594459f3fe07ffc0f721afd108121c19b12a9cbd460086c705bca19fda16e3
Opcode Fuzzy Hash: 969d80864cc9fd57a7529c17b104b535cbe4c9627394024046822500f9a3e320
Instruction Fuzzy Hash: 43015231A0990D8BEB68EB58D865FBD77A1FF54304F1142B59009D72AACE3469818B80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD3A08 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd657c37168704acb2d3c8fa4b872af2f0bfbe7a9b84183028cb84991ff28387
Instruction ID: d29a4fefd2d524615d451f05702fdaab0295527e01d371fae5f9116d00781e03
Opcode Fuzzy Hash: fd657c37168704acb2d3c8fa4b872af2f0bfbe7a9b84183028cb84991ff28387
Instruction Fuzzy Hash: 8F11DA70E0561D8FDB60DFA5C5582ECB7F0EF94301F5142BAD009E72A1DE785A858F50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC340A Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eb0bf78d270af5e5dd1bf41cf4affbf9ecdb4bcdf2985dc4943d8f3872f7a88
Instruction ID: 19e87c5e952b62223cf2b416e470557b0dafb04f7042013226241952811000ad
Opcode Fuzzy Hash: 0eb0bf78d270af5e5dd1bf41cf4affbf9ecdb4bcdf2985dc4943d8f3872f7a88
Instruction Fuzzy Hash: 30014F31E1994E8EEB91FBA8C55D5B97BE0FF18301F4549B6D41DC3065EB74E2448B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC2EF9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 606bf0db9f07ef94b3c7e45cb8ea21567af2ef63d82355e90eb3fc82906d89ed
Instruction ID: 3ba5d96bbcc1d16d78b4452dcfa7f7b04b03ea80c88c7105084eae916fed78f9
Opcode Fuzzy Hash: 606bf0db9f07ef94b3c7e45cb8ea21567af2ef63d82355e90eb3fc82906d89ed
Instruction Fuzzy Hash: E2018470A1A74D4FD752BBB488695B97BE0EF0A300F0644B3D40CCB0B6DE78A6588741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD7229 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 885b71e1613e314bce4ea9008441a8e3cf5b4c7c3d472d39d2ffe0c96b2ec940
Instruction ID: b71b36ef13795062e2fccd2e04e8a40e0fa0981d8cf34931b7f24bbcdba5103d
Opcode Fuzzy Hash: 885b71e1613e314bce4ea9008441a8e3cf5b4c7c3d472d39d2ffe0c96b2ec940
Instruction Fuzzy Hash: 0E01A731E0E68E4FE765EB7488695A97BF0EF56300F0645F7E408C70B6DE74A9448701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b6bfb7165e604d4f388f5f36ca3bcc06fc31ed21aff62b29b1b1a89d7af25f
Instruction ID: bca8f0651a82a55ddaed4290db3353b6cedd02d7279f3f9f845ce6c8bb2dd13c
Opcode Fuzzy Hash: b7b6bfb7165e604d4f388f5f36ca3bcc06fc31ed21aff62b29b1b1a89d7af25f
Instruction Fuzzy Hash: AC016D30A1960E8EEB69FBA4C4686B972A0FF18305F11487ED41EC61E5DF75A650CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acda80830b24ae418bbe5cf045f5bf0e242b3124b488e8424fe0ed8f15f09699
Instruction ID: d91645c0f756f6f79738d6825388887e31dd16e2c53d578acf315c851c955f82
Opcode Fuzzy Hash: acda80830b24ae418bbe5cf045f5bf0e242b3124b488e8424fe0ed8f15f09699
Instruction Fuzzy Hash: 47018630A1560E8EDB59FFA4C4A85B973A0FF18305F21087ED41EC71E5DE75A250CA01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC1C4D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2e6cfc608f36e52f762757b401f2956d19a99b85f7970197938e4bcf7cfca2c
Instruction ID: 9192cb24090203582be103db1ada1ff309cb71a8218f26570715f599894d644e
Opcode Fuzzy Hash: f2e6cfc608f36e52f762757b401f2956d19a99b85f7970197938e4bcf7cfca2c
Instruction Fuzzy Hash: 21018630A0E64D8FEBA8AF5484656B97BE4EF65305F51407AE408C31A2DBB59561C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC1140 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7edd30bae94e2f9d5ba58053a936abca9537a0e5f09a4b73a246dad3ea99d3b9
Instruction ID: c20a3d39935da790d0be4e332b2404f560de769109fe7a6006963b9e446a4320
Opcode Fuzzy Hash: 7edd30bae94e2f9d5ba58053a936abca9537a0e5f09a4b73a246dad3ea99d3b9
Instruction Fuzzy Hash: B3F08170B1A65E89FBA8AFA898682BAB7E0EF65215F01117FD419C20E1DE7812148640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD4FDB Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a82068aadc9be4ddcaf506d6dcc51406a5ebcec8b88c564e16dc824b9a4c1c3
Instruction ID: afa388b03a64908f03b72487f9eaddff009f07b31d9c6ca3ebc68041801b0eb6
Opcode Fuzzy Hash: 1a82068aadc9be4ddcaf506d6dcc51406a5ebcec8b88c564e16dc824b9a4c1c3
Instruction Fuzzy Hash: 2DF0E735E0992D8EDFA4EBA8C8957ECB7B1FF98200F4441B5D44DE3262DE3469458B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0364ddc2c03a5550b86d4d2f5c373979aff7b0da8380433cd4f5ec6cdb2e8f69
Instruction ID: 673d43a1d099f3bcde4108d2714fa6a167d92b4c131d6a073bb1f1a7c771035e
Opcode Fuzzy Hash: 0364ddc2c03a5550b86d4d2f5c373979aff7b0da8380433cd4f5ec6cdb2e8f69
Instruction Fuzzy Hash: B0F0C830B0E54E8FEB64FF6484655F97790EF65309F41407AF80DC31A2CA75A560C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACB4BF Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9baca000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64cfda8d3206c63a90cfa03c5e25b276b2252305fc8093491c46b8459ae3ce23
Instruction ID: 4f150b6fd023f87c855886a2285ddbc96d6819304b1d68ef52f87f005e36150b
Opcode Fuzzy Hash: 64cfda8d3206c63a90cfa03c5e25b276b2252305fc8093491c46b8459ae3ce23
Instruction Fuzzy Hash: BDF03C70A0991D8FDBA4EB14C4A6BE9B3B1FF58340F5182AA900DD3166DF75AA818F40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC2779 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16158cb3d18cedebe2127b96cfed9ac0773347449ce1d6b92c148dd1d77929df
Instruction ID: 4b54168dbc0442c9198d5cc8312fb91fd55bb67fe67c3659e340a97b92a4023b
Opcode Fuzzy Hash: 16158cb3d18cedebe2127b96cfed9ac0773347449ce1d6b92c148dd1d77929df
Instruction Fuzzy Hash: 43F0963090E38D8FDB5AAF6488681F93B70FF06304F4605BAD819C60E2DB789654CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC27ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04e0d48228483ba058eec874630ae14ae74cf8249ce94ce87f8841ae793425a
Instruction ID: 8b92147fe588574cb6b3c3ed859734bc9327c33a515c58090b4b858b7be2cd79
Opcode Fuzzy Hash: f04e0d48228483ba058eec874630ae14ae74cf8249ce94ce87f8841ae793425a
Instruction Fuzzy Hash: 01F0F030A0E78E8FEB69AFA088252B93BA0FF15304F0104BAD408C60E6DF799550C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAD25FB Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7894d27bff20a25fc3c660e328f0b617bb2d2cc75b2a8ba20b9f44b7310c9812
Instruction ID: 45c7a0a6a45ffbdec7a3853384c4ca28a487e191d357e9d9bb908289fd2c81d9
Opcode Fuzzy Hash: 7894d27bff20a25fc3c660e328f0b617bb2d2cc75b2a8ba20b9f44b7310c9812
Instruction Fuzzy Hash: 55F0D030E0951E8BDF65EB90C865AEC72A5FB55310F1106B5C109E32A1DFBC6A808B84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BAC6532 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bac0000_WmiPrvSE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6600520b4b51525c3086392ed64fe35cd09e6cacb37616ffd3813fc3edef568
Instruction ID: 25ab4e73bae5b8c3077d3b8f9ce7bff4d2ce5e07d001398ede960997ed280ce0
Opcode Fuzzy Hash: c6600520b4b51525c3086392ed64fe35cd09e6cacb37616ffd3813fc3edef568
Instruction Fuzzy Hash: 40E026B091991D8EDBA4EB4888A177976B1EB55305F5104FD810DD3290DE745A809F18

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FFD9BAD12A8 Relevance: 8.9, Strings: 7, Instructions: 145COMMON

Download Yara Rule

Strings

., xrefs: 00007FFD9BAD1474
", xrefs: 00007FFD9BAD1195
", xrefs: 00007FFD9BAD119F
[, xrefs: 00007FFD9BAD1467
/, xrefs: 00007FFD9BAD13E3
(, xrefs: 00007FFD9BAD13CB
{, xrefs: 00007FFD9BAD13C2

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BAD1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bad1000_WmiPrvSE.jbxd

Similarity

API ID:
String ID: "$"$($.$/$[${
API String ID: 0-580553742
Opcode ID: 80d2efecb674ef06700abf9f7fbd1367464730be71deaad3c7a7200760e0e858
Instruction ID: cf220b8dd584be942922fda0c36bbc6c546932907fecb99b6aaa72744a1e387e
Opcode Fuzzy Hash: 80d2efecb674ef06700abf9f7fbd1367464730be71deaad3c7a7200760e0e858
Instruction Fuzzy Hash: E461D574E0522D8EEB78DF94C8A47FDB6B1BF94304F0142BAD04DA6291CBB85A84CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACF0A8 Relevance: 6.3, Strings: 5, Instructions: 84COMMON

Download Yara Rule

Strings

Q, xrefs: 00007FFD9BACFE2C
k, xrefs: 00007FFD9BACF147
A, xrefs: 00007FFD9BACF11B
R, xrefs: 00007FFD9BACFDE9
/, xrefs: 00007FFD9BACF0A8

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bacf000_WmiPrvSE.jbxd

Similarity

API ID:
String ID: /$A$Q$R$k
API String ID: 0-3601821991
Opcode ID: 36355d0e56e28b08cd1ade8d0590588a54254d200d713fa4d458e01f23afc1f0
Instruction ID: edaa8eab372a3e9eb43e06ff9e95f63e42e010c090868cbe7b69a9e9506ab3c2
Opcode Fuzzy Hash: 36355d0e56e28b08cd1ade8d0590588a54254d200d713fa4d458e01f23afc1f0
Instruction Fuzzy Hash: 4231B574A0962E8BDBA8EF14CCA57A9B7B1FB54301F1041EDD40EA3291CB745A848F44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFD9BACFC23 Relevance: 5.0, Strings: 4, Instructions: 50COMMON

Download Yara Rule

Strings

k, xrefs: 00007FFD9BACF147
[, xrefs: 00007FFD9BACFCA0
F, xrefs: 00007FFD9BACFC6C
;, xrefs: 00007FFD9BACFCAD

Memory Dump Source

Source File: 00000026.00000002.1759976780.00007FFD9BACF000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BACF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_38_2_7ffd9bacf000_WmiPrvSE.jbxd

Similarity

API ID:
String ID: ;$F$[$k
API String ID: 0-414671953
Opcode ID: a6b5958dce4cf848a47b256ee85a28e21dbf18955e0732cf46fa5ecd27e1b030
Instruction ID: 4ad878680c7745b5f519cd7f52f81fb3c1e155a0d2ddc5c56eedcdc2a991e218
Opcode Fuzzy Hash: a6b5958dce4cf848a47b256ee85a28e21dbf18955e0732cf46fa5ecd27e1b030
Instruction Fuzzy Hash: CA111974E0921E8FDB68EF54D8A07BAB7B2FB54300F0041A9E50E97295CF785A85CF05

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report DVuCnBrdbI.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DCRat

Yara Signatures

Memory Dumps

Sigma Signatures

System Summary

Persistence and Installation Behavior

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Windows Multimedia Platform\6ed216578b75a5

C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe

C:\Program Files (x86)\Windows Multimedia Platform\qJBfikDNRbrkF.exe:Zone.Identifier

C:\Program Files (x86)\Windows Photo Viewer\en-GB\6ccacd8608530f

C:\Program Files (x86)\Windows Photo Viewer\en-GB\Idle.exe

C:\Program Files (x86)\Windows Photo Viewer\en-GB\Idle.exe:Zone.Identifier

C:\Program Files\Common Files\6ed216578b75a5

C:\Program Files\Common Files\qJBfikDNRbrkF.exe

C:\Program Files\Common Files\qJBfikDNRbrkF.exe:Zone.Identifier

C:\Program Files\Internet Explorer\6ed216578b75a5

C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe

C:\Program Files\Internet Explorer\qJBfikDNRbrkF.exe:Zone.Identifier

C:\Program Files\Windows Mail\6ed216578b75a5

C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe

C:\Program Files\Windows Mail\qJBfikDNRbrkF.exe:Zone.Identifier

Windows Analysis Report
DVuCnBrdbI.exe