Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
onedrive.bat.exe

Overview

General Information

Sample Name:onedrive.bat.exe
Analysis ID:829696
MD5:c32ca4acfcc635ec1ea6ed8a34df5fac
SHA1:f5ee89bb1e4a0b1c3c7f1e8d05d0677f2b2b5919
SHA256:73a3c4aef5de385875339fc2eb7e58a9e8a47b6161bdc6436bf78a763537be70
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:true
Confidence:100%

Signatures

Uses 32bit PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)
Queries the installation date of Windows
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Enables debug privileges

Classification

Process Tree

  • System is w10x64native
  • onedrive.bat.exe (PID: 4720 cmdline: C:\Users\user\Desktop\onedrive.bat.exe MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • conhost.exe (PID: 6244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: onedrive.bat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: onedrive.bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: powershell.pdbUGP source: onedrive.bat.exe
Source: Binary string: powershell.pdb source: onedrive.bat.exe
Source: onedrive.bat.exe, 00000002.00000003.103961663238.0000000002954000.00000004.00000020.00020000.00000000.sdmp, onedrive.bat.exe, 00000002.00000002.105188091472.000000000295D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: onedrive.bat.exe, 00000002.00000003.103961663238.0000000002954000.00000004.00000020.00020000.00000000.sdmp, onedrive.bat.exe, 00000002.00000002.105188091472.000000000295D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: onedrive.bat.exe, 00000002.00000002.105194211165.00000000048D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: onedrive.bat.exe, 00000002.00000002.105194211165.00000000048D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6LR
Source: onedrive.bat.exe, 00000002.00000002.105194211165.00000000048F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
Source: onedrive.bat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: onedrive.bat.exe, 00000002.00000002.105194211165.00000000048C5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs onedrive.bat.exe
Source: onedrive.bat.exe, 00000002.00000002.105194211165.00000000048C5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\040904B0\\OriginalFilename vs onedrive.bat.exe
Source: onedrive.bat.exe, 00000002.00000002.105194211165.00000000048B2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Management.Automation.dllv+ vs onedrive.bat.exe
Source: onedrive.bat.exe, 00000002.00000002.105194211165.00000000048B2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\000004B0\\OriginalFilename vs onedrive.bat.exe
Source: onedrive.bat.exe, 00000002.00000000.103939392812.0000000000564000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs onedrive.bat.exe
Source: onedrive.bat.exe, 00000002.00000002.105194211165.00000000048A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Management.Automation.dllv+ vs onedrive.bat.exe
Source: onedrive.bat.exe, 00000002.00000002.105194211165.00000000048A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs onedrive.bat.exe
Source: onedrive.bat.exe, 00000002.00000002.105194211165.00000000048A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\000004B0\\OriginalFilename vs onedrive.bat.exe
Source: onedrive.bat.exe, 00000002.00000002.105188091472.00000000028B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs onedrive.bat.exe
Source: onedrive.bat.exe, 00000002.00000002.105194211165.00000000049F8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs onedrive.bat.exe
Source: onedrive.bat.exeBinary or memory string: OriginalFilenamePowerShell.EXEj% vs onedrive.bat.exe
Source: C:\Users\user\Desktop\onedrive.bat.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_047DEBC82_2_047DEBC8
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_047DEBB82_2_047DEBB8
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CB81B82_2_07CB81B8
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CB81B12_2_07CB81B1
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CF6D182_2_07CF6D18
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CFEAC82_2_07CFEAC8
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CF91502_2_07CF9150
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CFEABD2_2_07CFEABD
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07EE7DA82_2_07EE7DA8
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07EE24782_2_07EE2478
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07EE8ED02_2_07EE8ED0
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07EE5E902_2_07EE5E90
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07EE46782_2_07EE4678
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07EE3C602_2_07EE3C60
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07EEB2402_2_07EEB240
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07EE32182_2_07EE3218
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07F000402_2_07F00040
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07F0ED922_2_07F0ED92
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07F052C02_2_07F052C0
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07F052B82_2_07F052B8
Source: onedrive.bat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\onedrive.bat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\onedrive.bat.exe C:\Users\user\Desktop\onedrive.bat.exe
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\onedrive.bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcServer32Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6244:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6244:120:WilError_03
Source: onedrive.bat.exeJoe Sandbox Cloud Basic: Detection: clean Score: 6Perma Link
Source: C:\Users\user\Desktop\onedrive.bat.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tw0strn3.bud.ps1Jump to behavior
Source: classification engineClassification label: clean5.winEXE@2/2@0/0
Source: C:\Users\user\Desktop\onedrive.bat.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: onedrive.bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: onedrive.bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: onedrive.bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: onedrive.bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: onedrive.bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: onedrive.bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: onedrive.bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: onedrive.bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: powershell.pdbUGP source: onedrive.bat.exe
Source: Binary string: powershell.pdb source: onedrive.bat.exe
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CB3798 push esi; retf 0007h2_2_07CB3B0A
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CB3787 push ebx; retf 0007h2_2_07CB378A
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CB57B0 push esp; retf 0007h2_2_07CB57B1
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CB3C10 push edi; retf 0007h2_2_07CB3C12
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CFDA58 push 0807CA01h; retn 076Ah2_2_07CFDB15
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CFE659 push es; retf 0007h2_2_07CFE65A
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CFE8FD push 00000007h; ret 2_2_07CFE900
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CFF589 push cs; retf 0007h2_2_07CFF58A
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CF7380 push 00000007h; ret 2_2_07CF7390
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CF9022 push eax; retf 2_2_07CF9029
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07EEAA6A push 8B059113h; iretd 2_2_07EEAA6F
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeWindow / User API: threadDelayed 7690Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\onedrive.bat.exeCode function: 2_2_07CFDE0C CreateNamedPipeW,2_2_07CFDE0C

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1
DLL Side-Loading		2
Process Injection		1
Disable or Modify Tools		OS Credential Dumping1
Process Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		2
Process Injection		LSASS Memory1
Application Window Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager22
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Obfuscated Files or Information		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 829696 Sample: onedrive.bat.exe Startdate: 19/03/2023 Architecture: WINDOWS Score: 0 5 onedrive.bat.exe 8 2->5         started        process3 7 conhost.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
onedrive.bat.exe0%VirustotalBrowse
onedrive.bat.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://aka.ms/pscore6LRonedrive.bat.exe, 00000002.00000002.105194211165.00000000048D3000.00000004.00000800.00020000.00000000.sdmpfalse
    		high
    https://aka.ms/pscore6lBonedrive.bat.exe, 00000002.00000002.105194211165.00000000048F1000.00000004.00000800.00020000.00000000.sdmpfalse
      		high
      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameonedrive.bat.exe, 00000002.00000002.105194211165.00000000048D3000.00000004.00000800.00020000.00000000.sdmpfalse
        		high

        World Map of Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox Version:37.0.0 Beryl
        Analysis ID:829696
        Start date and time:2023-03-19 00:09:28 +01:00
        Joe Sandbox Product:CloudBasic
        Overall analysis duration:0h 6m 26s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
        Number of analysed new started processes analysed:6
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • HDC enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample file name:onedrive.bat.exe
        Detection:CLEAN
        Classification:clean5.winEXE@2/2@0/0
        EGA Information:
        • Successful, ratio: 100%
        HDC Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 207
        • Number of non-executed functions: 8
        Cookbook Comments:
        • Found application associated with file extension: .exe

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe
        • Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, client.wns.windows.com, login.live.com, ctldl.windowsupdate.com, wdcp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
        • Report size getting too big, too many NtOpenKeyEx calls found.
        • Report size getting too big, too many NtProtectVirtualMemory calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.
        • Report size getting too big, too many NtReadVirtualMemory calls found.

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tw0strn3.bud.ps1

        Download File
        Process:C:\Users\user\Desktop\onedrive.bat.exe
        File Type:ASCII text, with no line terminators
        Category:dropped
        Size (bytes):60
        Entropy (8bit):4.038920595031593
        Encrypted:false
        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
        MD5:D17FE0A3F47BE24A6453E9EF58C94641
        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
        Malicious:false
        Reputation:high, very likely benign file
        Preview:# PowerShell test file to determine AppLocker lockdown mode

        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u2wwjpve.24z.psm1

        Download File
        Process:C:\Users\user\Desktop\onedrive.bat.exe
        File Type:ASCII text, with no line terminators
        Category:dropped
        Size (bytes):60
        Entropy (8bit):4.038920595031593
        Encrypted:false
        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
        MD5:D17FE0A3F47BE24A6453E9EF58C94641
        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
        Malicious:false
        Reputation:high, very likely benign file
        Preview:# PowerShell test file to determine AppLocker lockdown mode

        Static File Info

        General

        File type:PE32 executable (console) Intel 80386, for MS Windows
        Entropy (8bit):5.502549953174867
        TrID:
        • Win32 Executable (generic) a (10002005/4) 99.96%
        • Generic Win/DOS Executable (2004/3) 0.02%
        • DOS Executable Generic (2002/1) 0.02%
        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
        File name:onedrive.bat.exe
        File size:433152
        MD5:c32ca4acfcc635ec1ea6ed8a34df5fac
        SHA1:f5ee89bb1e4a0b1c3c7f1e8d05d0677f2b2b5919
        SHA256:73a3c4aef5de385875339fc2eb7e58a9e8a47b6161bdc6436bf78a763537be70
        SHA512:6e43dca1b92faace0c910cbf9308cf082a38dd39da32375fad72d6517dea93e944b5e5464cf3c69a61eabf47b2a3e5aa014d6f24efa1a379d4c81c32fa39ddbc
        SSDEEP:6144:MF45pGVc4sqEoWwO9sV1yZywi/PzNKXzJ7BapCK5d3klRzULOnWyjLsPhAQzqO:95pGVcwW2KXzJ4pdd3klnnWosPhnzq
        TLSH:B5947C8367D45295EC3FC431DC3745610622BCBDDBD09BDB99C8B6390A702D09A3EA6B
        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......".z.fg..fg..fg..x5..dg..o...lg..r...eg..r...}g..fg...g..r...cg..r...og..r...ng..r...gg..r...gg..Richfg.........................

        File Icon

        Icon Hash:14ec98b2b8e4d600

        Static PE Info

        General

        Entrypoint:0x40afc0
        Entrypoint Section:.text
        Digitally signed:false
        Imagebase:0x400000
        Subsystem:windows cui
        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Time Stamp:0x30F12F73 [Mon Jan 8 14:51:31 1996 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:10
        OS Version Minor:0
        File Version Major:10
        File Version Minor:0
        Subsystem Version Major:10
        Subsystem Version Minor:0
        Import Hash:194427a488ed1dd0a91731658b071667

        Entrypoint Preview

        Instruction
        call 00007F70DC413925h
        jmp 00007F70DC412FAEh
        jmp dword ptr [004121F4h]
        cmp ecx, dword ptr [00411368h]
        jne 00007F70DC4131D5h
        retn 0000h
        jmp 00007F70DC41339Bh
        int3
        int3
        mov edi, edi
        push ebp
        mov ebp, esp
        push esi
        mov esi, 004113A4h
        push esi
        call dword ptr [004120E8h]
        mov ecx, dword ptr [00411360h]
        mov eax, dword ptr [ebp+08h]
        inc ecx
        mov dword ptr [00411360h], ecx
        push esi
        mov dword ptr [eax], ecx
        mov eax, dword ptr fs:[0000002Ch]
        mov ecx, dword ptr [004116DCh]
        mov ecx, dword ptr [eax+ecx*4]
        mov eax, dword ptr [00411360h]
        mov dword ptr [ecx+00000004h], eax
        call dword ptr [00412078h]
        push 004113A8h
        call dword ptr [00412070h]
        pop esi
        pop ebp
        ret
        mov edi, edi
        push ebp
        mov ebp, esp
        push esi
        push edi
        mov edi, 004113A4h
        push edi
        call dword ptr [004120E8h]
        mov esi, dword ptr [ebp+08h]
        cmp dword ptr [esi], 00000000h
        jne 00007F70DC4131E1h
        or dword ptr [esi], FFFFFFFFh
        jmp 00007F70DC4131FBh
        push 00000000h
        call 00007F70DC413202h
        pop ecx
        jmp 00007F70DC4131BEh
        cmp dword ptr [esi], FFFFFFFFh
        je 00007F70DC4131C3h
        mov eax, dword ptr fs:[0000002Ch]
        mov ecx, dword ptr [004116DCh]
        mov ecx, dword ptr [eax+ecx*4]
        mov eax, dword ptr [00411360h]
        mov dword ptr [ecx+00000004h], eax
        push edi
        call dword ptr [00412078h]
        pop edi
        pop esi

        Rich Headers

        Programming Language:
        • [IMP] VS2008 build 21022
        • [IMP] VS2008 SP1 build 30729

        Data Directories

        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IMPORT0x122080xb4.idata
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x130000x57d88.rsrc
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x6b0000x127c.reloc
        IMAGE_DIRECTORY_ENTRY_DEBUG0x49000x54.text
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x16940x18.text
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x15e80xac.text
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x120000x204.idata
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
        .text0x10000xf35c0xf400False0.457367443647541data5.675599809360563IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        .data0x110000x9380x400False0.439453125data4.3874403980662935IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .idata0x120000xcd80xe00False0.44614955357142855data5.292395568542356IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .rsrc0x130000x57d880x57e00False0.3494065611664296data5.3056762942545195IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .reloc0x6b0000x127c0x1400False0.7013671875data6.257290188908493IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

        Resources

        NameRVASizeTypeLanguageCountry
        MUI0x6acb00xd8dataEnglishUnited States
        RT_ICON0x13c480x2fbePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
        RT_ICON0x16c080x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States
        RT_ICON0x1ae300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
        RT_ICON0x1d3d80x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6720EnglishUnited States
        RT_ICON0x1ee400x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
        RT_ICON0x1fee80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
        RT_ICON0x208700x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States
        RT_ICON0x20f280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
        RT_ICON0x214080x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
        RT_ICON0x21a700x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
        RT_ICON0x21d580x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
        RT_ICON0x21f400x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
        RT_ICON0x220680xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
        RT_ICON0x22f100x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
        RT_ICON0x237b80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
        RT_ICON0x23e800x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
        RT_ICON0x243e80x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishUnited States
        RT_ICON0x664100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
        RT_ICON0x689b80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
        RT_ICON0x69a600x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
        RT_ICON0x6a3e80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
        RT_GROUP_ICON0x213900x76dataEnglishUnited States
        RT_GROUP_ICON0x6a8500xbcdataEnglishUnited States
        RT_VERSION0x6a9100x39cOpenPGP Secret KeyEnglishUnited States
        RT_MANIFEST0x135a00x6a3XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

        Imports

        DLLImport
        msvcrt.dll_onexit, __dllonexit, _unlock, _lock, _initterm, __setusermatherr, __p__fmode, _cexit, _exit, exit, __set_app_type, __wgetmainargs, ?terminate@@YAXXZ, __p__commode, ??1type_info@@UAE@XZ, _controlfp, _XcptFilter, _except_handler4_common, memcmp, _vsnwprintf, _wcsicmp, _wcsnicmp, bsearch, fclose, _wfopen, _itow_s, wcstoul, wcschr, __uncaught_exception, memmove, memcpy, _CxxThrowException, ?what@exception@@UBEPBDXZ, ??1exception@@UAE@XZ, ??0exception@@QAE@ABV0@@Z, ??0exception@@QAE@ABQBDH@Z, ??0exception@@QAE@ABQBD@Z, _callnewh, malloc, wcsncmp, wcsrchr, free, _purecall, ??3@YAXPAX@Z, memcpy_s, ??_V@YAXPAX@Z, __CxxFrameHandler3, _amsg_exit, memset
        ATL.DLL
        KERNEL32.dllCreateFileMappingW, FreeLibrary, LoadResource, FindResourceExW, UnmapViewOfFile, GetVersionExW, GetLocaleInfoW, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, SearchPathW, MapViewOfFile, GetTickCount, GetSystemTimeAsFileTime, LoadLibraryExW, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, SleepConditionVariableSRW, WakeAllConditionVariable, GetModuleFileNameW, ReleaseSRWLockExclusive, Sleep, IsWow64Process, SetConsoleTitleW, GetFileType, VerifyVersionInfoW, GetProcAddress, GetModuleHandleW, GetCurrentThreadId, GetModuleHandleExW, GetStartupInfoW, VerSetConditionMask, FindFirstFileW, SetErrorMode, LocalFree, CompareStringW, WriteConsoleW, SetLastError, GetLastError, GetCurrentProcess, GetStdHandle, WriteFile, FormatMessageW, ExpandEnvironmentStringsW, GetFileAttributesW, CreateFileW, FindClose, SetThreadUILanguage, AcquireSRWLockExclusive, CloseHandle
        OLEAUT32.dllSysAllocString, SafeArrayPutElement, VariantClear, SafeArrayCreate, SysFreeString, SysStringLen
        ADVAPI32.dllRegOpenKeyExW, RegEnumKeyExW, RegQueryValueExW, RegCloseKey, RegGetValueW
        OLE32.dllCoUninitialize, CoInitializeEx, CoInitialize, PropVariantClear, CoTaskMemAlloc, CoCreateInstance
        USER32.dllLoadStringW
        mscoree.dllCorBindToRuntimeEx

        Possible Origin

        Language of compilation systemCountry where language is spokenMap
        EnglishUnited States

        Network Behavior

        Report size exceeds maximum size, go to the download page of this report and download PCAP to see all network behavior.

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:2
        Start time:00:11:22
        Start date:19/03/2023
        Path:C:\Users\user\Desktop\onedrive.bat.exe
        Wow64 process (32bit):true
        Commandline:C:\Users\user\Desktop\onedrive.bat.exe
        Imagebase:0x500000
        File size:433152 bytes
        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:.Net C# or VB.NET
        Reputation:moderate

        General

        Target ID:3
        Start time:00:11:22
        Start date:19/03/2023
        Path:C:\Windows\System32\conhost.exe
        Wow64 process (32bit):false
        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Imagebase:0x7ff744690000
        File size:875008 bytes
        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high

        Disassembly

        Reset < >

          Execution Graph

          Execution Coverage:14.7%
          Dynamic/Decrypted Code Coverage:100%
          Signature Coverage:4.3%
          Total number of Nodes:443
          Total number of Limit Nodes:24
          execution_graph 55820 47d0c78 55821 47d0c99 55820->55821 55827 47d4fe1 55821->55827 55832 47d4ff0 55821->55832 55822 47d0dbe 55837 7cf5bb3 55822->55837 55828 47d4f70 55827->55828 55828->55827 55829 47d5054 55828->55829 55844 47d51c8 55828->55844 55850 47d51b8 55828->55850 55829->55822 55833 47d5011 55832->55833 55834 47d5054 55833->55834 55835 47d51c8 SetThreadPreferredUILanguages 55833->55835 55836 47d51b8 SetThreadPreferredUILanguages 55833->55836 55834->55822 55835->55834 55836->55834 55870 7cf6d08 55837->55870 55875 7cf6d6f 55837->55875 55880 7cf70e0 55837->55880 55894 7cf7098 55837->55894 55900 7cf6d18 55837->55900 55838 47d0e78 55845 47d51e7 55844->55845 55846 47d51eb 55845->55846 55857 47d539f 55845->55857 55862 47d53b0 55845->55862 55846->55829 55847 47d5244 55847->55829 55851 47d51c7 55850->55851 55852 47d5148 55850->55852 55853 47d51eb 55851->55853 55855 47d539f SetThreadPreferredUILanguages 55851->55855 55856 47d53b0 SetThreadPreferredUILanguages 55851->55856 55852->55829 55853->55829 55854 47d5244 55854->55829 55855->55854 55856->55854 55858 47d53af 55857->55858 55861 47d5330 55857->55861 55859 47d540a 55858->55859 55866 47d4a34 55858->55866 55859->55847 55861->55847 55863 47d53ec 55862->55863 55865 47d540a 55862->55865 55864 47d4a34 SetThreadPreferredUILanguages 55863->55864 55864->55865 55865->55847 55868 47d5650 SetThreadPreferredUILanguages 55866->55868 55869 47d578e 55868->55869 55871 7cf6d40 55870->55871 55905 7cf8e28 55871->55905 55916 7cf8e00 55871->55916 55872 7cf6e82 55872->55872 55876 7cf6d74 55875->55876 55878 7cf8e28 8 API calls 55876->55878 55879 7cf8e00 8 API calls 55876->55879 55877 7cf6e82 55877->55877 55878->55877 55879->55877 55881 7cf70a1 55880->55881 55883 7cf70ea 55880->55883 55889 7cf70e0 7 API calls 55881->55889 56029 7cf723d 55881->56029 56035 7cf70f0 55881->56035 55882 7cf70c2 55882->55838 55887 7cf73a8 2 API calls 55883->55887 56044 7cf7398 55883->56044 55884 7cf7235 56051 7cf79e9 55884->56051 56062 7cf79f8 55884->56062 56073 7cf7ae8 55884->56073 55885 7cf72bf 55885->55838 55887->55884 55889->55882 55895 7cf70a1 55894->55895 55897 7cf723d 6 API calls 55895->55897 55898 7cf70e0 7 API calls 55895->55898 55899 7cf70f0 7 API calls 55895->55899 55896 7cf70c2 55896->55838 55897->55896 55898->55896 55899->55896 55901 7cf6d40 55900->55901 55903 7cf8e28 8 API calls 55901->55903 55904 7cf8e00 8 API calls 55901->55904 55902 7cf6e82 55902->55902 55903->55902 55904->55902 55907 7cf8e46 55905->55907 55906 7cf8e81 55906->55872 55907->55906 55908 7cf8f04 55907->55908 55910 7cf8f10 55907->55910 55927 7cf902a 55908->55927 55934 7cf9030 55908->55934 55909 7cf8f0c 55909->55872 55940 7cf913f 55910->55940 55953 7cf9150 55910->55953 55911 7cf8ff2 55911->55872 55918 7cf8e28 55916->55918 55917 7cf8e81 55917->55872 55918->55917 55919 7cf8f04 55918->55919 55921 7cf8f10 55918->55921 55923 7cf902a 2 API calls 55919->55923 55924 7cf9030 2 API calls 55919->55924 55920 7cf8f0c 55920->55872 55925 7cf913f 5 API calls 55921->55925 55926 7cf9150 5 API calls 55921->55926 55922 7cf8ff2 55922->55872 55923->55920 55924->55920 55925->55922 55926->55922 55928 7cf9030 55927->55928 55966 7cf7cf4 55928->55966 55930 7cf903f 55930->55909 55932 7cf90e2 SetConsoleTitleW 55933 7cf910f 55932->55933 55933->55909 55935 7cf7cf4 SetConsoleTitleW 55934->55935 55937 7cf903b 55935->55937 55936 7cf903f 55936->55909 55937->55936 55938 7cf90e2 SetConsoleTitleW 55937->55938 55939 7cf910f 55938->55939 55939->55909 55945 7cf9150 55940->55945 55941 7cf9de0 55941->55911 55942 7cf9de8 55943 7cf9e3b 55942->55943 55970 7cf9e50 55942->55970 55976 7cf9e40 55942->55976 55943->55911 55944 7cf9e30 55951 7cfa76f GetConsoleMode GetConsoleMode WriteConsoleW WriteConsoleW WriteConsoleW 55944->55951 55952 7cfa780 GetConsoleMode GetConsoleMode WriteConsoleW WriteConsoleW WriteConsoleW 55944->55952 55945->55942 55946 7cf9224 55945->55946 55946->55941 55947 7cf913f 5 API calls 55946->55947 55948 7cf9150 5 API calls 55946->55948 55947->55941 55948->55941 55951->55943 55952->55943 55958 7cf9224 55953->55958 55959 7cf9186 55953->55959 55954 7cf9de0 55954->55911 55955 7cf9de8 55956 7cf9e3b 55955->55956 55960 7cf9e40 5 API calls 55955->55960 55961 7cf9e50 5 API calls 55955->55961 55956->55911 55957 7cf9e30 56020 7cfa76f 55957->56020 56025 7cfa780 55957->56025 55958->55954 55964 7cf913f 5 API calls 55958->55964 55965 7cf9150 5 API calls 55958->55965 55959->55955 55959->55958 55960->55957 55961->55957 55964->55954 55965->55954 55967 7cf9090 SetConsoleTitleW 55966->55967 55969 7cf903b 55967->55969 55969->55930 55969->55932 55971 7cf9e7d 55970->55971 55974 7cf9e98 55971->55974 55982 7cfa05f 55971->55982 55972 7cf9ea7 55972->55972 55975 7cfa05f 5 API calls 55974->55975 55975->55972 55977 7cf9e50 55976->55977 55978 7cf9e98 55977->55978 55980 7cfa05f 5 API calls 55977->55980 55981 7cfa05f 5 API calls 55978->55981 55979 7cf9ea7 55979->55979 55980->55978 55981->55979 55985 7cfa498 55982->55985 55986 7cfa4af 55985->55986 55992 7cf73a8 55986->55992 55988 7cfa4c2 55998 7cfa558 55988->55998 56005 7cfa548 55988->56005 55989 7cfa07d 55989->55974 56012 7cf6cac 55992->56012 55994 7cf73c7 55994->55988 55995 7cf7460 GetConsoleMode 55996 7cf7491 55995->55996 55996->55988 56000 7cfa56f 55998->56000 55999 7cfa585 55999->55989 56000->55999 56002 7cfa5ee WriteConsoleW 56000->56002 56016 7cfa0ac 56000->56016 56004 7cfa6cc 56002->56004 56004->55989 56006 7cfa558 56005->56006 56007 7cfa585 56006->56007 56008 7cfa0ac WriteConsoleW 56006->56008 56009 7cfa5ee WriteConsoleW 56006->56009 56007->55989 56008->56006 56011 7cfa6cc 56009->56011 56011->55989 56013 7cf7418 GetConsoleMode 56012->56013 56015 7cf73c3 56013->56015 56015->55994 56015->55995 56017 7cfa638 WriteConsoleW 56016->56017 56019 7cfa6cc 56017->56019 56019->56000 56021 7cfa77d 56020->56021 56023 7cf9e40 5 API calls 56021->56023 56024 7cf9e50 5 API calls 56021->56024 56022 7cfa791 56022->55956 56023->56022 56024->56022 56027 7cf9e40 5 API calls 56025->56027 56028 7cf9e50 5 API calls 56025->56028 56026 7cfa791 56026->55956 56027->56026 56028->56026 56030 7cf7253 56029->56030 56032 7cf79e9 6 API calls 56030->56032 56033 7cf79f8 6 API calls 56030->56033 56034 7cf7ae8 3 API calls 56030->56034 56031 7cf72bf 56031->55882 56032->56031 56033->56031 56034->56031 56036 7cf712b 56035->56036 56039 7cf7398 2 API calls 56036->56039 56040 7cf73a8 2 API calls 56036->56040 56037 7cf7235 56041 7cf79e9 6 API calls 56037->56041 56042 7cf79f8 6 API calls 56037->56042 56043 7cf7ae8 3 API calls 56037->56043 56038 7cf72bf 56038->55882 56039->56037 56040->56037 56041->56038 56042->56038 56043->56038 56045 7cf73a8 56044->56045 56046 7cf6cac GetConsoleMode 56045->56046 56049 7cf73c3 56046->56049 56047 7cf73c7 56047->55884 56048 7cf7460 GetConsoleMode 56050 7cf7491 56048->56050 56049->56047 56049->56048 56050->55884 56052 7cf79f8 56051->56052 56082 7cf8360 56052->56082 56090 7cf8370 56052->56090 56053 7cf7a81 56054 7cf7aac 56053->56054 56055 7cf73a8 2 API calls 56053->56055 56097 7cf6cc4 56054->56097 56055->56054 56058 7cf73a8 2 API calls 56059 7cf7ac4 56058->56059 56059->55885 56063 7cf7a49 56062->56063 56071 7cf8360 3 API calls 56063->56071 56072 7cf8370 3 API calls 56063->56072 56064 7cf7a81 56065 7cf7aac 56064->56065 56066 7cf73a8 2 API calls 56064->56066 56067 7cf6cc4 SetConsoleMode 56065->56067 56066->56065 56068 7cf7ab9 56067->56068 56069 7cf7ac4 56068->56069 56070 7cf73a8 2 API calls 56068->56070 56069->55885 56070->56069 56071->56064 56072->56064 56074 7cf7aa6 56073->56074 56075 7cf7af6 56073->56075 56076 7cf73a8 2 API calls 56074->56076 56077 7cf7aac 56076->56077 56078 7cf6cc4 SetConsoleMode 56077->56078 56079 7cf7ab9 56078->56079 56080 7cf7ac4 56079->56080 56081 7cf73a8 2 API calls 56079->56081 56080->55885 56081->56080 56083 7cf8370 56082->56083 56101 7cf83ca 56083->56101 56106 7cf83d8 56083->56106 56084 7cf838a 56111 7cf859f 56084->56111 56115 7cf85b0 56084->56115 56085 7cf8397 56085->56053 56093 7cf83ca 3 API calls 56090->56093 56094 7cf83d8 3 API calls 56090->56094 56091 7cf838a 56095 7cf859f 2 API calls 56091->56095 56096 7cf85b0 2 API calls 56091->56096 56092 7cf8397 56092->56053 56093->56091 56094->56091 56095->56092 56096->56092 56098 7cf8618 SetConsoleMode 56097->56098 56100 7cf7ab9 56098->56100 56100->56058 56100->56059 56102 7cf83d8 56101->56102 56119 7cf8432 56102->56119 56126 7cf8440 56102->56126 56103 7cf8412 56103->56084 56107 7cf83fd 56106->56107 56109 7cf8432 2 API calls 56107->56109 56110 7cf8440 2 API calls 56107->56110 56108 7cf8412 56108->56084 56109->56108 56110->56108 56112 7cf85ae 56111->56112 56114 7cf85e9 56111->56114 56113 7cf8440 2 API calls 56112->56113 56113->56114 56114->56085 56116 7cf85d5 56115->56116 56117 7cf8440 2 API calls 56116->56117 56118 7cf85e9 56117->56118 56118->56085 56120 7cf8440 56119->56120 56132 7cf6cf4 56120->56132 56122 7cf8469 56122->56103 56124 7cf8508 GetConsoleScreenBufferInfo 56125 7cf8539 56124->56125 56125->56103 56127 7cf6cf4 GetConsoleScreenBufferInfo 56126->56127 56129 7cf8465 56127->56129 56128 7cf8469 56128->56103 56129->56128 56130 7cf8508 GetConsoleScreenBufferInfo 56129->56130 56131 7cf8539 56130->56131 56131->56103 56133 7cf84c0 GetConsoleScreenBufferInfo 56132->56133 56135 7cf8465 56133->56135 56135->56122 56135->56124 56162 47d9228 56163 47d9250 56162->56163 56167 47dd641 56163->56167 56172 47dd650 56163->56172 56164 47da5a4 56168 47dd650 56167->56168 56169 47dd6f7 56168->56169 56177 47dd851 56168->56177 56186 47dd860 56168->56186 56169->56164 56174 47dd673 56172->56174 56173 47dd6f7 56173->56164 56174->56173 56175 47dd851 IdentifyCodeAuthzLevelW 56174->56175 56176 47dd860 IdentifyCodeAuthzLevelW 56174->56176 56175->56173 56176->56173 56178 47dd84c 56177->56178 56179 47dd7fb 56177->56179 56178->56177 56181 47dd87b 56178->56181 56194 47de1ec 56178->56194 56199 47de203 56178->56199 56204 47de0b0 56178->56204 56209 47de054 56178->56209 56214 47de1d5 56178->56214 56179->56169 56181->56169 56188 47dd874 56186->56188 56187 47dd87b 56187->56169 56188->56187 56189 47de1ec IdentifyCodeAuthzLevelW 56188->56189 56190 47de1d5 IdentifyCodeAuthzLevelW 56188->56190 56191 47de054 IdentifyCodeAuthzLevelW 56188->56191 56192 47de0b0 IdentifyCodeAuthzLevelW 56188->56192 56193 47de203 IdentifyCodeAuthzLevelW 56188->56193 56189->56187 56190->56187 56191->56187 56192->56187 56193->56187 56196 47de152 56194->56196 56219 47de810 56196->56219 56223 47de800 56196->56223 56200 47de152 56199->56200 56202 47de810 IdentifyCodeAuthzLevelW 56200->56202 56203 47de800 IdentifyCodeAuthzLevelW 56200->56203 56201 47de283 56201->56181 56202->56201 56203->56201 56206 47de0d4 56204->56206 56205 47de11f 56205->56181 56206->56205 56207 47de810 IdentifyCodeAuthzLevelW 56206->56207 56208 47de800 IdentifyCodeAuthzLevelW 56206->56208 56207->56205 56208->56205 56210 47de05d 56209->56210 56211 47de11f 56210->56211 56212 47de810 IdentifyCodeAuthzLevelW 56210->56212 56213 47de800 IdentifyCodeAuthzLevelW 56210->56213 56211->56181 56212->56211 56213->56211 56216 47de152 56214->56216 56215 47de283 56215->56181 56217 47de810 IdentifyCodeAuthzLevelW 56216->56217 56218 47de800 IdentifyCodeAuthzLevelW 56216->56218 56217->56215 56218->56215 56228 47de840 56219->56228 56232 47de830 56219->56232 56224 47de810 56223->56224 56226 47de840 IdentifyCodeAuthzLevelW 56224->56226 56227 47de830 IdentifyCodeAuthzLevelW 56224->56227 56225 47de283 56225->56181 56226->56225 56227->56225 56229 47de878 56228->56229 56236 47de55c 56229->56236 56231 47de8b4 56233 47de839 56232->56233 56234 47de55c IdentifyCodeAuthzLevelW 56233->56234 56235 47de8b4 56234->56235 56237 47de9f0 IdentifyCodeAuthzLevelW 56236->56237 56239 47deb17 56237->56239 56325 47d1784 56326 47d1792 56325->56326 56327 47d1742 56325->56327 56331 47d4670 56327->56331 56336 47d4680 56327->56336 56328 47d1782 56332 47d468d 56331->56332 56333 47d46af 56332->56333 56341 47d4738 56332->56341 56346 47d4728 56332->56346 56333->56328 56337 47d468a 56336->56337 56338 47d46af 56337->56338 56339 47d4738 GetFileAttributesW 56337->56339 56340 47d4728 GetFileAttributesW 56337->56340 56338->56328 56339->56338 56340->56338 56342 47d474b 56341->56342 56351 47d47b0 56342->56351 56357 47d47a0 56342->56357 56343 47d4769 56343->56333 56347 47d474b 56346->56347 56349 47d47b0 GetFileAttributesW 56347->56349 56350 47d47a0 GetFileAttributesW 56347->56350 56348 47d4769 56348->56333 56349->56348 56350->56348 56352 47d47c5 56351->56352 56353 47d488b 56352->56353 56354 47d48cd 56352->56354 56363 47d5830 56352->56363 56353->56354 56355 47d5830 GetFileAttributesW 56353->56355 56354->56343 56355->56354 56358 47d47c5 56357->56358 56359 47d488b 56358->56359 56360 47d48cd 56358->56360 56362 47d5830 GetFileAttributesW 56358->56362 56359->56360 56361 47d5830 GetFileAttributesW 56359->56361 56360->56343 56361->56360 56362->56359 56368 47d5830 GetFileAttributesW 56363->56368 56370 47d5890 56363->56370 56364 47d585a 56365 47d5860 56364->56365 56375 47d4ab4 56364->56375 56365->56353 56368->56364 56371 47d58a8 56370->56371 56372 47d58bd 56371->56372 56373 47d4ab4 GetFileAttributesW 56371->56373 56372->56364 56374 47d58ee 56373->56374 56374->56364 56376 47d5db8 GetFileAttributesW 56375->56376 56378 47d58ee 56376->56378 56378->56353 56136 7cf8881 56140 7cf8898 56136->56140 56144 7cf88a8 56136->56144 56141 7cf88a8 56140->56141 56148 7cf7c10 56141->56148 56145 7cf88b6 56144->56145 56146 7cf7c10 GetConsoleTitleW 56145->56146 56147 7cf8896 56146->56147 56149 7cf8950 GetConsoleTitleW 56148->56149 56151 7cf8a8b 56149->56151 56152 7cf64c0 56158 7cf5cec 56152->56158 56154 7cf64f5 56156 7cf65bc CreateFileW 56157 7cf65f9 56156->56157 56159 7cf6568 CreateFileW 56158->56159 56161 7cf64df 56159->56161 56161->56154 56161->56156 56240 7cf86d0 56242 7cf86e2 56240->56242 56241 7cf8791 56242->56241 56243 7cf8e28 8 API calls 56242->56243 56244 7cf8e00 8 API calls 56242->56244 56243->56241 56244->56241 56245 7cf6010 56254 7cf586c 56245->56254 56248 7cf60be 56249 7cf6052 56249->56248 56250 7cf614f GetConsoleCP 56249->56250 56251 7cf617b 56250->56251 56255 7cf6110 GetConsoleCP 56254->56255 56257 7cf602a 56255->56257 56258 7cf6670 56257->56258 56265 7cf6661 56257->56265 56259 7cf66ac 56258->56259 56272 7cf5d04 56259->56272 56261 7cf66d8 56261->56249 56262 7cf66d4 56262->56261 56263 7cf67e4 GetCurrentConsoleFontEx 56262->56263 56264 7cf683a 56263->56264 56266 7cf666d 56265->56266 56267 7cf5d04 GetCurrentConsoleFontEx 56266->56267 56269 7cf66d4 56267->56269 56268 7cf66d8 56268->56249 56269->56268 56270 7cf67e4 GetCurrentConsoleFontEx 56269->56270 56271 7cf683a 56270->56271 56273 7cf6738 GetCurrentConsoleFontEx 56272->56273 56275 7cf683a 56273->56275 56276 7cfd560 56277 7cfd573 56276->56277 56281 7cfd5c8 56277->56281 56286 7cfd5d8 56277->56286 56282 7cfd5fb 56281->56282 56283 7cfd63b 56282->56283 56291 7cfd7c0 56282->56291 56296 7cfd7b0 56282->56296 56287 7cfd5fb 56286->56287 56288 7cfd63b 56287->56288 56289 7cfd7c0 CreateNamedPipeW 56287->56289 56290 7cfd7b0 CreateNamedPipeW 56287->56290 56289->56288 56290->56288 56292 7cfd7d4 56291->56292 56301 7cfda49 56292->56301 56307 7cfda58 56292->56307 56293 7cfd801 56293->56283 56297 7cfd7b5 56296->56297 56299 7cfda49 CreateNamedPipeW 56297->56299 56300 7cfda58 CreateNamedPipeW 56297->56300 56298 7cfd801 56298->56283 56299->56298 56300->56298 56303 7cfda58 56301->56303 56302 7cfdada 56303->56302 56313 7cfe198 56303->56313 56317 7cfe191 56303->56317 56304 7cfdacd 56304->56293 56309 7cfda71 56307->56309 56308 7cfdada 56309->56308 56311 7cfe198 CreateNamedPipeW 56309->56311 56312 7cfe191 CreateNamedPipeW 56309->56312 56310 7cfdacd 56310->56293 56311->56310 56312->56310 56315 7cfe1be 56313->56315 56316 7cfe2c8 56313->56316 56315->56316 56321 7cfde0c 56315->56321 56316->56304 56319 7cfe198 56317->56319 56318 7cfde0c CreateNamedPipeW 56320 7cfe2c8 56318->56320 56319->56318 56319->56320 56320->56304 56322 7cfe478 CreateNamedPipeW 56321->56322 56324 7cfe5aa 56322->56324

          Executed Functions

          Function 07CB81B8 Relevance: 5.8, Strings: 4, Instructions: 776COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 59 7cb81b8-7cb84ce call 7cbb919 108 7cb84d8-7cb8a7e 59->108 187 7cb8b3e-7cb8b59 108->187 189 7cb8b5f-7cb8b64 187->189 190 7cb8a83-7cb8ab9 187->190 191 7cb8bc9-7cb8be4 189->191 197 7cb8faf-7cb8fc2 190->197 198 7cb8abf-7cb8b15 190->198 195 7cb8b66-7cb8b9c 191->195 196 7cb8be6-7cb8fae 191->196 195->197 205 7cb8ba2-7cb8bc6 195->205 198->197 211 7cb8b1b-7cb8b3b 198->211 205->191 211->187
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID: "Xq$SsTk^$csTk^$ssTk^
          • API String ID: 0-3937456417
          • Opcode ID: 35af53a14891f53174030ecb43bd028914c3c791b36e3f16ed591b098f8cff80
          • Instruction ID: f889089436a8c4bfa9a886840a06e464d137a9d7b97d4762316998e32574d019
          • Opcode Fuzzy Hash: 35af53a14891f53174030ecb43bd028914c3c791b36e3f16ed591b098f8cff80
          • Instruction Fuzzy Hash: E3722B70A002199FEB54DFA4C890BEEB7B2FF84300F1145A9D50AAB795DB35AE81CF51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB81B1 Relevance: 5.7, Strings: 4, Instructions: 705COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 258 7cb81b1-7cb83f5 294 7cb8400-7cb8402 call 7cbb919 258->294 295 7cb8408-7cb84ba 294->295 307 7cb84c2-7cb84ce 295->307 308 7cb84d8-7cb8a7e 307->308 387 7cb8b3e-7cb8b59 308->387 389 7cb8b5f-7cb8b64 387->389 390 7cb8a83-7cb8ab9 387->390 391 7cb8bc9-7cb8be4 389->391 397 7cb8faf-7cb8fc2 390->397 398 7cb8abf-7cb8b15 390->398 395 7cb8b66-7cb8b9c 391->395 396 7cb8be6-7cb8fae 391->396 395->397 405 7cb8ba2-7cb8bc6 395->405 398->397 411 7cb8b1b-7cb8b3b 398->411 405->391 411->387
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID: "Xq$SsTk^$csTk^$ssTk^
          • API String ID: 0-3937456417
          • Opcode ID: 6b7b86eb58f5937720279b285765dc61cbef67fb5c333b3517435ac362c1f9e8
          • Instruction ID: 8d4ca6b5f541107a3142eec068b558ade4d5dadc69e8929da8925f7ae3a03d9c
          • Opcode Fuzzy Hash: 6b7b86eb58f5937720279b285765dc61cbef67fb5c333b3517435ac362c1f9e8
          • Instruction Fuzzy Hash: 38623A70A002199FEB54EFA4C890BEEB7B2FF84300F1144A9D50AAB795DE356E85CF51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F00040 Relevance: 5.6, Strings: 1, Instructions: 4326COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 458 7f00040-7f04774 1451 7f0477f-7f05225 458->1451
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID: l"t
          • API String ID: 0-2830563313
          • Opcode ID: 460d823f857604046132fac68213dfa4566cbb7ce3910e8063bb8ca4895aa179
          • Instruction ID: a90f4776aa537958344e1de9b70d0dacd88060b7855647a77b6d592bc8bc688f
          • Opcode Fuzzy Hash: 460d823f857604046132fac68213dfa4566cbb7ce3910e8063bb8ca4895aa179
          • Instruction Fuzzy Hash: 99A33D70A052199FEB64EF64D950B9EBBF2FF84300F0144E9920DAB294DE756E85CF90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 047DEBB8 Relevance: 2.5, Strings: 1, Instructions: 1293COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1885 47debb8-47dec27 1891 47dec2e-47dec35 1885->1891 1892 47dec3d-47dff96 1891->1892
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105192878035.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_47d0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID: ,k"t
          • API String ID: 0-2146965598
          • Opcode ID: f4a134bf7bb4255bded69d7427d29084974b3237f3496f614a19981e5b63544c
          • Instruction ID: fc402de49c41888d17431d7bb49aa3fc5c74d1f65d3fa75d378dc5be2b745240
          • Opcode Fuzzy Hash: f4a134bf7bb4255bded69d7427d29084974b3237f3496f614a19981e5b63544c
          • Instruction Fuzzy Hash: EEA283307143045FEB54AB75EC14BBF3A63EBC4B00F648569D406AB399DEB25C85AFA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 047DEBC8 Relevance: 2.5, Strings: 1, Instructions: 1287COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 2205 47debc8-47dec35 2211 47dec3d-47dff96 2205->2211
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105192878035.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_47d0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID: ,k"t
          • API String ID: 0-2146965598
          • Opcode ID: 29134552fffd5ffe4a8cdf0d6cd73fae5cee4a2fa89ed152cceae84d2dc2a413
          • Instruction ID: 7b6411e9218d632652bde5232abebefb3faa96cb0cc539bbe4c3ff3fce917b85
          • Opcode Fuzzy Hash: 29134552fffd5ffe4a8cdf0d6cd73fae5cee4a2fa89ed152cceae84d2dc2a413
          • Instruction Fuzzy Hash: BDA283307143045FEB54AB75EC14BBF3A63EBC4B00F648569D406AB399DEB25C85AFA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CFDE0C Relevance: 1.6, APIs: 1, Instructions: 128pipeCOMMON
          Download Yara Rule
          APIs
          • CreateNamedPipeW.KERNELBASE(00000000,40080003,?,?,?,00000000,00000001,00000000), ref: 07CFE598
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: CreateNamedPipe
          • String ID:
          • API String ID: 2489174969-0
          • Opcode ID: 57c5174936a4072a216177512d73116ab7ba3153d6b89b85a92e4241f6468ce3
          • Instruction ID: f51f41f0cd1a4c73973dd56d3623641742151b8157788091355b1b54661977fc
          • Opcode Fuzzy Hash: 57c5174936a4072a216177512d73116ab7ba3153d6b89b85a92e4241f6468ce3
          • Instruction Fuzzy Hash: 655106B0D00718AFDB54CFAAC88479DFBF2BF48304F24812AE509AB261D7749984CF51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF9150 Relevance: 1.0, Instructions: 964COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d778736124148663eaef1403eef995dcc646e5b1ba58f1761a8f21b98f3911c0
          • Instruction ID: 5e870d926a0a459953a9906bb8bbf47e9eaa7b238c680b742b725a801421b92e
          • Opcode Fuzzy Hash: d778736124148663eaef1403eef995dcc646e5b1ba58f1761a8f21b98f3911c0
          • Instruction Fuzzy Hash: 508268B0A152159FDF55CBA5C984BADBBB2BF88300F258159E902DB392CB35ED42CF50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE7DA8 Relevance: .8, Instructions: 802COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 361e49ade13f69b7ee54c10c4d554612fb57d0c352a6fce52791465653050c3e
          • Instruction ID: 9715fb22dca72e6f1aba2cbecb29ada513b00571c65068009c9f65fb48097bcc
          • Opcode Fuzzy Hash: 361e49ade13f69b7ee54c10c4d554612fb57d0c352a6fce52791465653050c3e
          • Instruction Fuzzy Hash: A5525A74B413049FEB25BB38C865B6E77B2ABC5701F208869E506AF3C0DF769842DB45
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE2478 Relevance: .7, Instructions: 721COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 15f6439613d7e8a03df1bb19795226f2d10fc4e907aeb9b2c2f09440535846a3
          • Instruction ID: eeaa6ae0bb4f166601488594cd2f337e6e77f92503cbe5f70f220048b3b0e2de
          • Opcode Fuzzy Hash: 15f6439613d7e8a03df1bb19795226f2d10fc4e907aeb9b2c2f09440535846a3
          • Instruction Fuzzy Hash: FE424874B403149FEB29BB348C25B6E76A3ABC5701F24487DE502AF3D4DEB69842DB44
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CFEAC8 Relevance: .6, Instructions: 634COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f807308d4e27e413353846470ac03b130eb9be7881be912769ddc4bc22b44f4
          • Instruction ID: 4b060970b4bc81c68a415e9707178d47577759f84c3922a07d824b71e13638ac
          • Opcode Fuzzy Hash: 7f807308d4e27e413353846470ac03b130eb9be7881be912769ddc4bc22b44f4
          • Instruction Fuzzy Hash: AC428130A102159FEB149B64C850BAEB7B2FF89300F1085A9E90A7B7A5DF75ADC5CF50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CFEABD Relevance: .4, Instructions: 365COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 69ebbad522574f6dfa5b123c02927eb712abe5d7e4127dc05ab30a88489d761c
          • Instruction ID: 2fa4e51adf750b78c8d720dc22c3d3d2e54dc90f7b88c04ae96898be61f11ec8
          • Opcode Fuzzy Hash: 69ebbad522574f6dfa5b123c02927eb712abe5d7e4127dc05ab30a88489d761c
          • Instruction Fuzzy Hash: F8E1B230B102159FEB149B64C850BAAB7B2FF85304F1185A9E90A7B395DF71ADC5CFA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0ED92 Relevance: .3, Instructions: 280COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c444bdccc3d0ef5e588d0b2b9dc0138181f94f1e49bb7139ca69bb96324bb761
          • Instruction ID: 1417810d0ce245d25b7a93130d4e7e54b29ff4e3a3bc6f153813108fa375c551
          • Opcode Fuzzy Hash: c444bdccc3d0ef5e588d0b2b9dc0138181f94f1e49bb7139ca69bb96324bb761
          • Instruction Fuzzy Hash: CDA1ADB5B042058FD718DB79D8546AEBBF2FFC9310F18846AD916E7391DA34AC41CBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF6D18 Relevance: .2, Instructions: 231COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ae2f5e5d63c0a50cb7b8dfcca8a0653c3fc91070d1f4d9ca544219a7c8f07eea
          • Instruction ID: 360166c39f5b1409d80278d8a7078efe2147d3ec31d3637d9736e0cfe4836f8b
          • Opcode Fuzzy Hash: ae2f5e5d63c0a50cb7b8dfcca8a0653c3fc91070d1f4d9ca544219a7c8f07eea
          • Instruction Fuzzy Hash: D6A184B0600641DFEB59DF35C4947AABBF2BF88300F548569D942AB3A1CB75ED81CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F08C38 Relevance: 7.7, Strings: 6, Instructions: 221COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 0 7f08c38-7f08cb8 6 7f08cba 0->6 7 7f08cbf-7f08cf9 0->7 6->7 12 7f08d15-7f08d1c 7->12 13 7f08cfb-7f08d0e 7->13 14 7f08d28-7f08d2e 12->14 15 7f08d1e-7f08d21 12->15 13->12 57 7f08d31 call 7f093b0 14->57 58 7f08d31 call 7f093a1 14->58 15->14 17 7f08d37-7f08d5c 20 7f08d65-7f08d96 17->20 21 7f08d5e 17->21 25 7f08d98 20->25 26 7f08d9f-7f08e6d 20->26 21->20 25->26 41 7f08e92-7f08ea7 26->41 42 7f08e6f-7f08e75 26->42 51 7f08eaf 41->51 43 7f0900b-7f09015 42->43 44 7f08e7b-7f08e8b 42->44 46 7f09017-7f09026 43->46 47 7f0902e-7f09035 43->47 53 7f08e8d 44->53 46->47 48 7f09037-7f09051 47->48 49 7f09059-7f09074 47->49 48->49 55 7f09076 49->55 56 7f0907e 49->56 51->43 53->43 55->56 57->17 58->17
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID: #h/k^$3h/k^$Ch/k^$Sh/k^$ch/k^$sh/k^
          • API String ID: 0-699684181
          • Opcode ID: 8aa4c32966258f9a16dd66a7a9b13a8cd19e2a181cb53bcb6b6884b20d4aa2c6
          • Instruction ID: 7f9d021e795d1fdbe44eae711e8ea16d07bcb2bdcd6716768e0180e01614d6f3
          • Opcode Fuzzy Hash: 8aa4c32966258f9a16dd66a7a9b13a8cd19e2a181cb53bcb6b6884b20d4aa2c6
          • Instruction Fuzzy Hash: 1F914C70A113069FD704DF68C480AAEB7B2FF84314F14C968E8169B795DB71ED4ACBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF6010 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 124COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 1772 7cf6010-7cf604a call 7cf586c 1797 7cf604c call 7cf6661 1772->1797 1798 7cf604c call 7cf6670 1772->1798 1777 7cf6052-7cf606a 1780 7cf60be-7cf60c5 1777->1780 1781 7cf606c-7cf6080 1777->1781 1781->1780 1783 7cf6082-7cf60bc call 7cf5878 1781->1783 1783->1780 1786 7cf60c6-7cf6179 GetConsoleCP 1783->1786 1794 7cf617b-7cf6181 1786->1794 1795 7cf6182-7cf6196 1786->1795 1794->1795 1797->1777 1798->1777
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: Console
          • String ID: 0
          • API String ID: 4190041642-4108050209
          • Opcode ID: 609a20c34371d74c13b452e7fb3b31f1acd6ab729054447c28f7b9faf51064b0
          • Instruction ID: b24f0c229d2d127072fdbe623e984de78f00cf759d8a99e3d9697cec92111c81
          • Opcode Fuzzy Hash: 609a20c34371d74c13b452e7fb3b31f1acd6ab729054447c28f7b9faf51064b0
          • Instruction Fuzzy Hash: 07417BB0A003099FDB10DFA9D8887DEBBF5EF89314F108469DA05A7380DB79A945CF95
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF6670 Relevance: 1.7, APIs: 1, Instructions: 180COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 3434 7cf6670-7cf66d6 call 7cf5d04 3440 7cf66d8-7cf66ef 3434->3440 3441 7cf66f0-7cf6838 GetCurrentConsoleFontEx 3434->3441 3451 7cf683a-7cf6840 3441->3451 3452 7cf6841-7cf68ad 3441->3452 3451->3452 3458 7cf68bf-7cf68c6 3452->3458 3459 7cf68af-7cf68b5 3452->3459 3460 7cf68dd 3458->3460 3461 7cf68c8-7cf68d7 3458->3461 3459->3458 3463 7cf68de 3460->3463 3461->3460 3463->3463
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: ConsoleCurrentFont
          • String ID:
          • API String ID: 2874077460-0
          • Opcode ID: fd68af9946e969afbe9963780a702f31931c75c51a74bbdb2cece0285ebe4a15
          • Instruction ID: 83626cc051ce650b403328185861d440db003cee4a641e24b42d16b4425ba83a
          • Opcode Fuzzy Hash: fd68af9946e969afbe9963780a702f31931c75c51a74bbdb2cece0285ebe4a15
          • Instruction Fuzzy Hash: B3614971D003699FDB24CF65C850BDEBBB5AF89300F1481A9D509B7241DB746E89CFA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB75E0 Relevance: 1.7, Strings: 1, Instructions: 418COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 3464 7cb75e0-7cb7613 3467 7cb761a-7cb7626 3464->3467 3468 7cb7615 3464->3468 3471 7cb7628-7cb7630 3467->3471 3472 7cb7635-7cb7642 3467->3472 3469 7cb7b52-7cb7b59 3468->3469 3471->3469 3475 7cb7695-7cb76ac 3472->3475 3476 7cb7644-7cb7672 3472->3476 3481 7cb76ae-7cb76ba 3475->3481 3482 7cb76f5-7cb7701 3475->3482 3485 7cb767b 3476->3485 3486 7cb7674-7cb7679 3476->3486 3481->3482 3488 7cb76bc-7cb76f0 3481->3488 3490 7cb773f-7cb7758 3482->3490 3491 7cb7703-7cb773a 3482->3491 3489 7cb7680-7cb7690 3485->3489 3486->3489 3488->3469 3489->3469 3496 7cb775a-7cb7761 3490->3496 3497 7cb77d3-7cb77ef 3490->3497 3491->3469 3496->3497 3504 7cb7763-7cb776a 3496->3504 3505 7cb77f1 3497->3505 3506 7cb77f6-7cb77fa 3497->3506 3504->3497 3509 7cb776c-7cb7778 3504->3509 3505->3469 3507 7cb77fc-7cb77fe 3506->3507 3508 7cb7800 3506->3508 3510 7cb7805-7cb7816 3507->3510 3508->3510 3509->3497 3513 7cb777a-7cb7786 3509->3513 3514 7cb781c-7cb782a 3510->3514 3515 7cb7a44 3510->3515 3513->3497 3518 7cb7788-7cb7792 3513->3518 3522 7cb7a3b-7cb7a42 3514->3522 3523 7cb7830-7cb7845 3514->3523 3517 7cb7a4b-7cb7a4d 3515->3517 3519 7cb7a68-7cb7a6a 3517->3519 3520 7cb7a4f-7cb7a5d 3517->3520 3518->3497 3529 7cb7794-7cb77ce 3518->3529 3524 7cb7a7c 3519->3524 3525 7cb7a6c-7cb7a7a 3519->3525 3520->3519 3530 7cb7a5f-7cb7a65 3520->3530 3522->3517 3535 7cb784b-7cb785d 3523->3535 3536 7cb7a32-7cb7a39 3523->3536 3528 7cb7a84-7cb7a86 3524->3528 3525->3524 3533 7cb7a88-7cb7a92 3528->3533 3534 7cb7a9e-7cb7aea 3528->3534 3529->3469 3530->3519 3533->3534 3541 7cb7a94-7cb7a96 3533->3541 3563 7cb7aec-7cb7af2 3534->3563 3564 7cb7af4-7cb7af8 3534->3564 3535->3517 3543 7cb7863-7cb787a 3535->3543 3536->3517 3544 7cb7a98-7cb7a9c 3541->3544 3545 7cb7b03-7cb7b07 3541->3545 3555 7cb7978-7cb798f 3543->3555 3556 7cb7880-7cb78a5 3543->3556 3544->3534 3544->3545 3548 7cb7b09-7cb7b0f 3545->3548 3549 7cb7b12-7cb7b14 3545->3549 3548->3549 3551 7cb7b40-7cb7b4b 3549->3551 3552 7cb7b16-7cb7b3d 3549->3552 3551->3469 3552->3551 3555->3517 3570 7cb7995-7cb79d4 3555->3570 3568 7cb78ab-7cb78b3 3556->3568 3569 7cb7b5a-7cb7b60 3556->3569 3563->3549 3564->3549 3565 7cb7afa-7cb7b01 3564->3565 3565->3549 3571 7cb78b9-7cb78cc 3568->3571 3572 7cb7935-7cb7941 3568->3572 3587 7cb79f3-7cb7a30 3570->3587 3588 7cb79d6-7cb79e3 3570->3588 3571->3572 3582 7cb78ce-7cb78da 3571->3582 3572->3517 3577 7cb7947-7cb7973 3572->3577 3577->3517 3582->3517 3586 7cb78e0-7cb78fe 3582->3586 3586->3517 3598 7cb7904-7cb7930 3586->3598 3587->3517 3588->3517 3592 7cb79e5-7cb79f1 3588->3592 3592->3517 3592->3587 3598->3517
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID: /
          • API String ID: 0-2043925204
          • Opcode ID: 538f3687e9315d33a73d4c5bbb6a471bc1299304c39f985b8b15eacb8a51c4a8
          • Instruction ID: 8365359423ccba64a50be08fde5382ba779fd2d8f1242238f59e18ada10012e5
          • Opcode Fuzzy Hash: 538f3687e9315d33a73d4c5bbb6a471bc1299304c39f985b8b15eacb8a51c4a8
          • Instruction Fuzzy Hash: F9E1AEF0B002069FDB55DF69C4846AEB7E6AFC5704F14846AE806DB391DF71DE068B90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CFA558 Relevance: 1.7, APIs: 1, Instructions: 155COMMON
          Download Yara Rule
          APIs
          • WriteConsoleW.KERNELBASE(?,00000000,?,?,?), ref: 07CFA6BD
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: ConsoleWrite
          • String ID:
          • API String ID: 2657657451-0
          • Opcode ID: 4a2086037d75c9bbaf49999eabe4393e2e59c8113c2b04f3152d591b81a774ed
          • Instruction ID: b45cfcacbcf08d4781ba957aaa63774e370f69b07256c5c94c0c8533d2a4bf91
          • Opcode Fuzzy Hash: 4a2086037d75c9bbaf49999eabe4393e2e59c8113c2b04f3152d591b81a774ed
          • Instruction Fuzzy Hash: DC5181B2E0061A9FDB10CFA9D8847EEFBB5EF48750F058129EA0CE7240D7749904CBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF8946 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
          Download Yara Rule
          APIs
          • GetConsoleTitleW.KERNELBASE(00000000,00000400), ref: 07CF8A79
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: ConsoleTitle
          • String ID:
          • API String ID: 3358957663-0
          • Opcode ID: 4932858c7b8a5eba7b993d8c2b07698abdc3c450910e09109f7444bad77fab03
          • Instruction ID: fc2907faf27304f31c66589e9c29f9a339b65575ea5c3158ce54f3ae70c1b268
          • Opcode Fuzzy Hash: 4932858c7b8a5eba7b993d8c2b07698abdc3c450910e09109f7444bad77fab03
          • Instruction Fuzzy Hash: D35135B0D012188FDB68CFA9C884B9EBBF1EF48710F148429E919BB351D774A945CF95
          Uniqueness

          Uniqueness Score: -1.00%

          Function 047D4A34 Relevance: 1.6, APIs: 1, Instructions: 129threadCOMMON
          Download Yara Rule
          APIs
          • SetThreadPreferredUILanguages.KERNELBASE(?,?,?), ref: 047D577C
          Memory Dump Source
          • Source File: 00000002.00000002.105192878035.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_47d0000_onedrive.jbxd
          Similarity
          • API ID: LanguagesPreferredThread
          • String ID:
          • API String ID: 842807343-0
          • Opcode ID: 093ff953bad64b765512557e23552af7570b3155bba3aeda28221421907b4d99
          • Instruction ID: cb0291c90f3b538ec082bd710c64b0f4904adf64f5330cc357e8d619c8b97221
          • Opcode Fuzzy Hash: 093ff953bad64b765512557e23552af7570b3155bba3aeda28221421907b4d99
          • Instruction Fuzzy Hash: 0B510470D10218DFDB14CFA9C884B9DBBB5BF48724F24812AE81ABB351D774A844CF99
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CFE46F Relevance: 1.6, APIs: 1, Instructions: 128pipeCOMMON
          Download Yara Rule
          APIs
          • CreateNamedPipeW.KERNELBASE(00000000,40080003,?,?,?,00000000,00000001,00000000), ref: 07CFE598
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: CreateNamedPipe
          • String ID:
          • API String ID: 2489174969-0
          • Opcode ID: 9badeeca3059d187fd3f676e7151369f9f0ec4407a8047955db10ff6443b3f86
          • Instruction ID: 5a4f16d1f041e203ddc055ab102ba97c3146b567dc6a5e61d943fce9687374ef
          • Opcode Fuzzy Hash: 9badeeca3059d187fd3f676e7151369f9f0ec4407a8047955db10ff6443b3f86
          • Instruction Fuzzy Hash: 2551F5B1D00719AFDB54CFAAD884B8DFBF2BF48304F24812AE518AB261D7749984CF51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CFE475 Relevance: 1.6, APIs: 1, Instructions: 127pipeCOMMON
          Download Yara Rule
          APIs
          • CreateNamedPipeW.KERNELBASE(00000000,40080003,?,?,?,00000000,00000001,00000000), ref: 07CFE598
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: CreateNamedPipe
          • String ID:
          • API String ID: 2489174969-0
          • Opcode ID: 6f571ef485e2d3d286307c87f76062f2e61a0e0a456cf2137e3ef81f5fc7e5de
          • Instruction ID: dd88c71dbc28b65c057c8247aefd439e3bcfe40ed73423c64a810f85e55e7ee9
          • Opcode Fuzzy Hash: 6f571ef485e2d3d286307c87f76062f2e61a0e0a456cf2137e3ef81f5fc7e5de
          • Instruction Fuzzy Hash: 2751F6B1D00719AFDB54CFAAD88478DFBF2BF48304F24812AE508AB261D7749984CF51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF7C10 Relevance: 1.6, APIs: 1, Instructions: 127COMMON
          Download Yara Rule
          APIs
          • GetConsoleTitleW.KERNELBASE(00000000,00000400), ref: 07CF8A79
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: ConsoleTitle
          • String ID:
          • API String ID: 3358957663-0
          • Opcode ID: df38f31bc42e2d957090ece4d4ff4fd5096261e5a8897c66f35874a6d2a6718a
          • Instruction ID: 22dc17f97a6a3b4481e93df7bac90477d4b5f60f539a9c7d75fbfb1b6d4f7e64
          • Opcode Fuzzy Hash: df38f31bc42e2d957090ece4d4ff4fd5096261e5a8897c66f35874a6d2a6718a
          • Instruction Fuzzy Hash: 3F5102B0D002588FDB54CFA9C884B9EBBF1EF48310F148029D916BB351D774A945CF95
          Uniqueness

          Uniqueness Score: -1.00%

          Function 047DE590 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
          Download Yara Rule
          APIs
          • IdentifyCodeAuthzLevelW.ADVAPI32(00000001,?,?,00000000), ref: 047DEB02
          Memory Dump Source
          • Source File: 00000002.00000002.105192878035.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_47d0000_onedrive.jbxd
          Similarity
          • API ID: AuthzCodeIdentifyLevel
          • String ID:
          • API String ID: 1431151113-0
          • Opcode ID: d0bab46dbf4afc7a04ccf75d1b5e19f586cb2372243b8e9af61fda4db9a92f90
          • Instruction ID: fc4c0b81b6759483b76d79143954e9ca12b1e65016ed5963d749bf7f70eda39d
          • Opcode Fuzzy Hash: d0bab46dbf4afc7a04ccf75d1b5e19f586cb2372243b8e9af61fda4db9a92f90
          • Instruction Fuzzy Hash: 81511970905669DFEB25CF59C884FD9BBB4AF48300F0085EAD40DAB251D774AA88CF61
          Uniqueness

          Uniqueness Score: -1.00%

          Function 047D5644 Relevance: 1.6, APIs: 1, Instructions: 126threadCOMMON
          Download Yara Rule
          APIs
          • SetThreadPreferredUILanguages.KERNELBASE(?,?,?), ref: 047D577C
          Memory Dump Source
          • Source File: 00000002.00000002.105192878035.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_47d0000_onedrive.jbxd
          Similarity
          • API ID: LanguagesPreferredThread
          • String ID:
          • API String ID: 842807343-0
          • Opcode ID: 19e24248c4534051f90bd7c0088db8ed9a88a223ce03b6701736eef0914a2086
          • Instruction ID: e132464020557cc7d4fcdb1fb605adeff4ac92b1b3576f70f8d871b15ea70c6e
          • Opcode Fuzzy Hash: 19e24248c4534051f90bd7c0088db8ed9a88a223ce03b6701736eef0914a2086
          • Instruction Fuzzy Hash: BA51F474D10218DFDB14CFA9C884BADBBF5BF48324F24842AE819AB351D774A845CF99
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF64C0 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: CreateFile
          • String ID:
          • API String ID: 823142352-0
          • Opcode ID: 6af4f3a3fc8c13949a52219999afdf26bd6606c2993d9979b8798229b9e428fc
          • Instruction ID: 68f6537590af0540e407691a28afdffefb0b9fa0f73714a793b777b798b49a73
          • Opcode Fuzzy Hash: 6af4f3a3fc8c13949a52219999afdf26bd6606c2993d9979b8798229b9e428fc
          • Instruction Fuzzy Hash: 2341A1B1A04259AFDB00CFA9D844B9AFBB5FF48310F148159EA09AB381C775A940CFA5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 047DE55C Relevance: 1.6, APIs: 1, Instructions: 109COMMON
          Download Yara Rule
          APIs
          • IdentifyCodeAuthzLevelW.ADVAPI32(00000001,?,?,00000000), ref: 047DEB02
          Memory Dump Source
          • Source File: 00000002.00000002.105192878035.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_47d0000_onedrive.jbxd
          Similarity
          • API ID: AuthzCodeIdentifyLevel
          • String ID:
          • API String ID: 1431151113-0
          • Opcode ID: 28a10d88c88e33ce8bd1e7c758af8d66c1d47ec22b9de8070e7c3a6f6caebdc5
          • Instruction ID: 2ea62946f686adb0a587623d79e5846e2c46febeb93c286082fce28ebca78b29
          • Opcode Fuzzy Hash: 28a10d88c88e33ce8bd1e7c758af8d66c1d47ec22b9de8070e7c3a6f6caebdc5
          • Instruction Fuzzy Hash: 1741F570900269CFEB24CF59C884FD9BBB4AF08304F0085EAD40DBB240D774AA89CF60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF8440 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: BufferConsoleInfoScreen
          • String ID:
          • API String ID: 3437242342-0
          • Opcode ID: 7c32c5b449a74dacf9b7600eb17ce06cb3c35fd0db2a7e73861844984eef1b34
          • Instruction ID: b9b63f1c80f3a84e858f4aca823ec7eb340e24dac29b734047a3233b7a62d35b
          • Opcode Fuzzy Hash: 7c32c5b449a74dacf9b7600eb17ce06cb3c35fd0db2a7e73861844984eef1b34
          • Instruction Fuzzy Hash: 4C319E71D042599BDB00DFA9C4447DEBBF5EB88310F108169D908B7240DB78AD458FE1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 047DE9EE Relevance: 1.6, APIs: 1, Instructions: 108COMMON
          Download Yara Rule
          APIs
          • IdentifyCodeAuthzLevelW.ADVAPI32(00000001,?,?,00000000), ref: 047DEB02
          Memory Dump Source
          • Source File: 00000002.00000002.105192878035.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_47d0000_onedrive.jbxd
          Similarity
          • API ID: AuthzCodeIdentifyLevel
          • String ID:
          • API String ID: 1431151113-0
          • Opcode ID: 39cda73790d5691e10bfb10793687141daf9b4234577b9c20d9ec159359839fd
          • Instruction ID: 3c6a6b22df5e5ae5d710b789c7a9b2b26917f7f9f50ffc3335cb6e5ae301f898
          • Opcode Fuzzy Hash: 39cda73790d5691e10bfb10793687141daf9b4234577b9c20d9ec159359839fd
          • Instruction Fuzzy Hash: 6541E3B0901269DFEB24CF59C884FD9BBB5AF48304F1085EAD40DBB250D775AA89CF60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF5D04 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
          Download Yara Rule
          APIs
          • GetCurrentConsoleFontEx.KERNELBASE(?,?,?), ref: 07CF6825
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: ConsoleCurrentFont
          • String ID:
          • API String ID: 2874077460-0
          • Opcode ID: 23eedfdb546d0651b425ca81060cab0ace996d0c73bd8176308ed045aa93d1eb
          • Instruction ID: c92c85b41c5987dfc3b14f32611cf6777f8c71578776f499618b67a80e175c6a
          • Opcode Fuzzy Hash: 23eedfdb546d0651b425ca81060cab0ace996d0c73bd8176308ed045aa93d1eb
          • Instruction Fuzzy Hash: 8B41EEB1D00329DFEB64CF69C880BDABBB5BF0A204F5081A9D509A7251DB745E89CF91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF73A8 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: ConsoleMode
          • String ID:
          • API String ID: 4145635619-0
          • Opcode ID: 1c4492af1589be3367faf2f0a32b8e58f64f33b1d214ca5185da4d69244298ea
          • Instruction ID: 50dba2ea556b166d5064138afd1176ce2fb1ce21e9badc22b213b771e6bd663f
          • Opcode Fuzzy Hash: 1c4492af1589be3367faf2f0a32b8e58f64f33b1d214ca5185da4d69244298ea
          • Instruction Fuzzy Hash: 6E315AB0D04259AFDB10DFAAC88479EFBF4EF48310F108569D918A7241E778AA44CFA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF9030 Relevance: 1.6, APIs: 1, Instructions: 91COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: ConsoleTitle
          • String ID:
          • API String ID: 3358957663-0
          • Opcode ID: a718679332fed199a2841dbc6587c3721ed6dcb127237d45bde3146dfb85e373
          • Instruction ID: 308f4954f8a0abbbbfecbc95593f8bf44819a2986d7b7ab50792b3349eb10bad
          • Opcode Fuzzy Hash: a718679332fed199a2841dbc6587c3721ed6dcb127237d45bde3146dfb85e373
          • Instruction Fuzzy Hash: 7B319CB1D00219AFDB10DFAAC8457EEFBB4AF48310F108169D908A7380D778AA44CFA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CFA0AC Relevance: 1.6, APIs: 1, Instructions: 67COMMON
          Download Yara Rule
          APIs
          • WriteConsoleW.KERNELBASE(?,00000000,?,?,?), ref: 07CFA6BD
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: ConsoleWrite
          • String ID:
          • API String ID: 2657657451-0
          • Opcode ID: b1f9ce67c7bb8b069e8ca1d2470f7e3722f4287b8e5f03f9523f58db0c35f7e4
          • Instruction ID: 43e10bd128938970f1ac24f21cd8507133e50bb577dd9ca7b37d0bab6a7ea9b2
          • Opcode Fuzzy Hash: b1f9ce67c7bb8b069e8ca1d2470f7e3722f4287b8e5f03f9523f58db0c35f7e4
          • Instruction Fuzzy Hash: 402107B1C01619AFCB10CF9AC884BDEFBB4FF09310F10852AE918A7350D374A954CBA5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF5CEC Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON
          Download Yara Rule
          APIs
          • CreateFileW.KERNELBASE(00000000,C0000000,?,?,?,?,?,?,?,?,07CF64DF,00000000,00000000,00000003,00000000,00000002), ref: 07CF65EA
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: CreateFile
          • String ID:
          • API String ID: 823142352-0
          • Opcode ID: 0acf63bdcd030ec5c95eee408d3030325a08cb75e28f6d4d59c02717693846f6
          • Instruction ID: eb13a19c10385052e9e170d69397d7a6f329bd0c7836bb6ceaa9ce3b0cc911e8
          • Opcode Fuzzy Hash: 0acf63bdcd030ec5c95eee408d3030325a08cb75e28f6d4d59c02717693846f6
          • Instruction Fuzzy Hash: E52128B1900659ABCB10CF9AC884ADEFBB4FF08310F108119E919B7210C375AA54CFE5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF7CF4 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
          Download Yara Rule
          APIs
          • SetConsoleTitleW.KERNELBASE(00000000), ref: 07CF9100
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: ConsoleTitle
          • String ID:
          • API String ID: 3358957663-0
          • Opcode ID: d949fd07aa944c5de6d6ee567029043504819bc934e98b0940137f0af5910196
          • Instruction ID: d2ea8babcdd6422df2dd13593edc58fee9fceccef6372b51afa146c26b29f33f
          • Opcode Fuzzy Hash: d949fd07aa944c5de6d6ee567029043504819bc934e98b0940137f0af5910196
          • Instruction Fuzzy Hash: 932124B1C0066A9BCB10CF9AC4447EEFBB4BF48320F14852AD958B7241D778AA44CFA5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF84B8 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
          Download Yara Rule
          APIs
          • GetConsoleScreenBufferInfo.KERNELBASE(?,?), ref: 07CF852A
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: BufferConsoleInfoScreen
          • String ID:
          • API String ID: 3437242342-0
          • Opcode ID: f5ccc271cea4964664a80197b82f708032cd4203484a21f40f1986307b44ab08
          • Instruction ID: 5be90a65e28b83fa2a379def472aa8c62bae9e6388b136433744024f3ef8c173
          • Opcode Fuzzy Hash: f5ccc271cea4964664a80197b82f708032cd4203484a21f40f1986307b44ab08
          • Instruction Fuzzy Hash: BC11F4B1C006199BDB10CF9AC484BDEFBB4BB48320F10852AD518B7241D778AA548FE5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF6CF4 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
          Download Yara Rule
          APIs
          • GetConsoleScreenBufferInfo.KERNELBASE(?,?), ref: 07CF852A
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: BufferConsoleInfoScreen
          • String ID:
          • API String ID: 3437242342-0
          • Opcode ID: 077c2defd4d680f8f8c6c1c5cf2f62fc6798c96e4f6b45ee49cf85165144455a
          • Instruction ID: c373207a3aa879adba9699e66575359711eba6d4ca13cae140b7e36aea20c908
          • Opcode Fuzzy Hash: 077c2defd4d680f8f8c6c1c5cf2f62fc6798c96e4f6b45ee49cf85165144455a
          • Instruction Fuzzy Hash: 6411F4B1C006599BDB10CF9AC4847DEFBF4BF08220F108529D518A7241D778A954CFE5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF6CAC Relevance: 1.6, APIs: 1, Instructions: 57COMMON
          Download Yara Rule
          APIs
          • GetConsoleMode.KERNELBASE(?,?), ref: 07CF7482
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: ConsoleMode
          • String ID:
          • API String ID: 4145635619-0
          • Opcode ID: e723b921d1e731cce2abb07fc07f9a775315e1b5baf9a6d938e653e0102dceb5
          • Instruction ID: 89d31d9e16038da232ffc9f9db5d5ad124b9136c839b2f019d2145120fb21bbd
          • Opcode Fuzzy Hash: e723b921d1e731cce2abb07fc07f9a775315e1b5baf9a6d938e653e0102dceb5
          • Instruction Fuzzy Hash: C91106B1C00659ABCB10DF9AC4847DEFBB4BF08220F508569D518B7241D3B8A954CFE5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF7411 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
          Download Yara Rule
          APIs
          • GetConsoleMode.KERNELBASE(?,?), ref: 07CF7482
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: ConsoleMode
          • String ID:
          • API String ID: 4145635619-0
          • Opcode ID: cba67a49642251c0c497bfce8703e5cc2fb61f57be21c551ff031a559fd709d5
          • Instruction ID: d481d1d50b8825ce6832c3208e81edd9e4d0e3ce77058c07ebbde02d25dec72b
          • Opcode Fuzzy Hash: cba67a49642251c0c497bfce8703e5cc2fb61f57be21c551ff031a559fd709d5
          • Instruction Fuzzy Hash: 551117B1D0026A9BDB10DF9AC4847DEFBB4BF48320F508529D518B7241D7B8A954CFE5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 047D4AB4 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
          Download Yara Rule
          APIs
          • GetFileAttributesW.KERNELBASE(00000000), ref: 047D5E28
          Memory Dump Source
          • Source File: 00000002.00000002.105192878035.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_47d0000_onedrive.jbxd
          Similarity
          • API ID: AttributesFile
          • String ID:
          • API String ID: 3188754299-0
          • Opcode ID: a203e7e506905b2cc653a134d1eafe54bf177ac353f4e953f912582fea607745
          • Instruction ID: 77855247b59a38556db7ec83bb4ee750cb8a2a5ca2d2df39efa4c0f22499673b
          • Opcode Fuzzy Hash: a203e7e506905b2cc653a134d1eafe54bf177ac353f4e953f912582fea607745
          • Instruction Fuzzy Hash: E62133B1D00659ABDB10DFAAD84479EFBB4EF48720F10852AE819B7310D7B4A944CFE5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF8610 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
          Download Yara Rule
          APIs
          • SetConsoleMode.KERNELBASE(?,00000000), ref: 07CF867A
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: ConsoleMode
          • String ID:
          • API String ID: 4145635619-0
          • Opcode ID: 8bb304fe7b2e10bead8a130dc4fd08f51da299b642d11c89a583dcb91a71618f
          • Instruction ID: 0e7304ce4f42776375988ea194d0f76d363c312015399a51637bbec6dd278b13
          • Opcode Fuzzy Hash: 8bb304fe7b2e10bead8a130dc4fd08f51da299b642d11c89a583dcb91a71618f
          • Instruction Fuzzy Hash: 391104B18003599FDB10CF9AC884BDEFBF4AF88320F148429D558A7251D779A984CFA5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF6CC4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
          Download Yara Rule
          APIs
          • SetConsoleMode.KERNELBASE(?,00000000), ref: 07CF867A
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: ConsoleMode
          • String ID:
          • API String ID: 4145635619-0
          • Opcode ID: 1496568a66cec4e5c5cb738c3452c4d73aeca7222e7df86a94c1f993a280bc84
          • Instruction ID: a20a71a07255ecdca06c6e3a780d5925ebbb31466869fddcc8c3fc5d59928d30
          • Opcode Fuzzy Hash: 1496568a66cec4e5c5cb738c3452c4d73aeca7222e7df86a94c1f993a280bc84
          • Instruction Fuzzy Hash: 5A1143B18007599FCB10CF9AC884BEEBBF4EF88320F108429D558A7351D778A984CFA5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 047D5DB0 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
          Download Yara Rule
          APIs
          • GetFileAttributesW.KERNELBASE(00000000), ref: 047D5E28
          Memory Dump Source
          • Source File: 00000002.00000002.105192878035.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_47d0000_onedrive.jbxd
          Similarity
          • API ID: AttributesFile
          • String ID:
          • API String ID: 3188754299-0
          • Opcode ID: d68e4892e5512e98bed4135521ece2f0cae0336b6415f1b1ceac71fb797334eb
          • Instruction ID: bbbfa088e6d87f2a4d078808f3fabc8f3240e8b4a5cb193cdd8cd0d4b2d80224
          • Opcode Fuzzy Hash: d68e4892e5512e98bed4135521ece2f0cae0336b6415f1b1ceac71fb797334eb
          • Instruction Fuzzy Hash: F01100B5D0062A9FDB04CFAAD54079EFBB0FF48720F10852AD818AB350D7B4A944CFA5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF6108 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: Console
          • String ID:
          • API String ID: 4190041642-0
          • Opcode ID: 7ead5c170c045d3f2b869028c43999327b2c54ecb33d4aa78cbf7bb3d1a4816e
          • Instruction ID: 1d87a9f333c44660beddba750b35eae9ac1a86b52400464c978a9c3aad20c48c
          • Opcode Fuzzy Hash: 7ead5c170c045d3f2b869028c43999327b2c54ecb33d4aa78cbf7bb3d1a4816e
          • Instruction Fuzzy Hash: 3F1122B48002599FCB20CFAAC888BDEBBF4AF08320F108519D559A7251C375A984CFA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CF586C Relevance: 1.5, APIs: 1, Instructions: 44COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000002.00000002.105215056839.0000000007CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CF0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cf0000_onedrive.jbxd
          Similarity
          • API ID: Console
          • String ID:
          • API String ID: 4190041642-0
          • Opcode ID: 8bc7b43e6333bd2535d95f03708fec27775412c2011067e2620e8da1da6ed49e
          • Instruction ID: 26106107b21a0c08804597dadbffc7c9ba25719e424bb2ba1852e5baa6a65ad1
          • Opcode Fuzzy Hash: 8bc7b43e6333bd2535d95f03708fec27775412c2011067e2620e8da1da6ed49e
          • Instruction Fuzzy Hash: F41100B48007599FCB60DF9AC884BDEBBF4EB48320F208419D559B7351C375A984CFA5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0AB68 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID: sN/k^
          • API String ID: 0-3016338709
          • Opcode ID: 16cc829fabcf74414cd15be18ed479d89e59d78b8d97f0ddf9fd46682f8fa067
          • Instruction ID: 7184b5b123ed4ffb9a121eda5afb0cb64e40cb588b312594a191fc61c584d410
          • Opcode Fuzzy Hash: 16cc829fabcf74414cd15be18ed479d89e59d78b8d97f0ddf9fd46682f8fa067
          • Instruction Fuzzy Hash: 01C11BB4A00349DFDB15CFA9C454AAEBBB2EF85301F158469E8069F794DB34ED85CB80
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0B650 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID: #L/k^
          • API String ID: 0-567519829
          • Opcode ID: 8774c3e2942fe15bd8ccc39ebe12a75b5ccecc3dfcd53f01ff6c45b38648a586
          • Instruction ID: 53ced77b4b98fb285e7c98461a53edf4e25e382d5d78fe43cc8a6cfa532911d6
          • Opcode Fuzzy Hash: 8774c3e2942fe15bd8ccc39ebe12a75b5ccecc3dfcd53f01ff6c45b38648a586
          • Instruction Fuzzy Hash: E4A145B4B012058FD718DF69D898A6DB7B2FF89311F148469E9069B3A0CF35EC42CB80
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0BF50 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID: S5
          • API String ID: 0-588537384
          • Opcode ID: 9b2ddfab212a65d8337b1ee2a3b701275d95f6ed27136d4f5d40335026beef2e
          • Instruction ID: a55deff4f9b806f8f3568057f8febc3dfe99bd924ef6c340c84db87113f84f4b
          • Opcode Fuzzy Hash: 9b2ddfab212a65d8337b1ee2a3b701275d95f6ed27136d4f5d40335026beef2e
          • Instruction Fuzzy Hash: 2A81E1B1B043059BEB149BB598547BF77A6AFC4300F188529E906DB780EB39DC42CBE5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB4003 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID: +
          • API String ID: 0-2838448445
          • Opcode ID: a59657ec92278f2460b602671b088aeecad6ca73e6c93ea7dd69e15e3d2557e9
          • Instruction ID: 430ac254118de3ec2421152132043b6cb5d17fefffe5a4a769eb5a8acafa71c7
          • Opcode Fuzzy Hash: a59657ec92278f2460b602671b088aeecad6ca73e6c93ea7dd69e15e3d2557e9
          • Instruction Fuzzy Hash: A931F8F1B00B42AF8768EB38901009BB7E6EFD45043158A7DD01B8BB94DF71AD4A8BD5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F06108 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID: ^Xq
          • API String ID: 0-4030020947
          • Opcode ID: 34bc467e35e85a07c05b0c9787dbccdaec795dd8b5216e73bce5597a74e0294c
          • Instruction ID: a855dcd5fb7721ed73424a1da6302110fe121e05dafdb2b89d9be3c11f49cc65
          • Opcode Fuzzy Hash: 34bc467e35e85a07c05b0c9787dbccdaec795dd8b5216e73bce5597a74e0294c
          • Instruction Fuzzy Hash: 5AE0D8D5B003142BE78CE6B9181177F22DB4BC5950B19C47DD50ACB7C4EC749C4217E9
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F07200 Relevance: .6, Instructions: 650COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 556e0fd9b5c8ceea6813ecc771f93c2a31bf153c945c2ec3a66feca18c66c908
          • Instruction ID: ed24cb287d91fdb2867596bc302cc7e7761aa08b60c5f7f54da49daa1d07a985
          • Opcode Fuzzy Hash: 556e0fd9b5c8ceea6813ecc771f93c2a31bf153c945c2ec3a66feca18c66c908
          • Instruction Fuzzy Hash: 2E523C38A182089FEB459B90D854BDE7B73FBCC310F645524E94233BA8CE756989DF21
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB4A63 Relevance: .5, Instructions: 484COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5393e0d91e3ab3b5c94c2b13920b68575d5dc083f5c4da8ae6a071cb81b64095
          • Instruction ID: ef2514920428bf7ddeb87b0d1683c74f5479d46f4824c94dee461d7c6ba2f3c6
          • Opcode Fuzzy Hash: 5393e0d91e3ab3b5c94c2b13920b68575d5dc083f5c4da8ae6a071cb81b64095
          • Instruction Fuzzy Hash: 54127EB1B002449FDB18DF68D594AAEB7F6EF89710F204169F806AB361CB71EE45CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB6BB8 Relevance: .4, Instructions: 437COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 54ab20e9e86951ffe2f957187fcc0e0caf38abf906aab1dba9c161069c55a425
          • Instruction ID: e75a09e49f1bc3d58127cec9a9b8db45ec20ed1e237151eaba416b772c0f2e19
          • Opcode Fuzzy Hash: 54ab20e9e86951ffe2f957187fcc0e0caf38abf906aab1dba9c161069c55a425
          • Instruction Fuzzy Hash: BA027D70B102058FDB24DB79D894AAEB7F2FF84310F158569E906AB354DB34ED45CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0E281 Relevance: .3, Instructions: 338COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 27420b70efc102844906dde9ce3f609311d8014662f57e75c0644d436ea7b9a7
          • Instruction ID: 82863c8ced03ec246c79753285dba87edbbb2e9880e9478f5f2da3256c06d441
          • Opcode Fuzzy Hash: 27420b70efc102844906dde9ce3f609311d8014662f57e75c0644d436ea7b9a7
          • Instruction Fuzzy Hash: A8D173B0711245AFD704EB78C451B6EBBA2FB85304F14C62DD9069BB81DF71AD4A8BE0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBDEB0 Relevance: .3, Instructions: 292COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 60d568b5c6bc56b8f1689f493cb2ad92477dfe6c2f8229ba14a15d383dcddf38
          • Instruction ID: f3d6db5da5c8b92102b3950f8be619f0dfb11a2a1c91e29c6926411704a10f10
          • Opcode Fuzzy Hash: 60d568b5c6bc56b8f1689f493cb2ad92477dfe6c2f8229ba14a15d383dcddf38
          • Instruction Fuzzy Hash: 41B191B0A0434A8FDB24CFA5C4947EEBBB2FF85304F248569E805AB351DB75D986CB40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EECB78 Relevance: .3, Instructions: 279COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 42d5dc0f4ef61114de1223742cdfa287d7dce6f7896b0f258dec2efada1d0eb6
          • Instruction ID: 7acd4b12573a3fbd7895fc5ddaac7aba42454823acef36448ef435383fa5a65f
          • Opcode Fuzzy Hash: 42d5dc0f4ef61114de1223742cdfa287d7dce6f7896b0f258dec2efada1d0eb6
          • Instruction Fuzzy Hash: F8A17DB03113149BD718AB39D855B6A77A6ABC1311F148A28E5668B7C0CFBAE846CF50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0DE71 Relevance: .3, Instructions: 261COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fee549efa4ef6eda4f564340123e882115fd673aed36460e4aecf94f146a14ed
          • Instruction ID: 319549b5b3ff62d019b3fa13abd9919615fb8a106e8673cc532954b012fbccc3
          • Opcode Fuzzy Hash: fee549efa4ef6eda4f564340123e882115fd673aed36460e4aecf94f146a14ed
          • Instruction Fuzzy Hash: 4A91BDB1B042459FDB059F64C855BBE7BB2FF89304F188469E902DB391CB3ADC429B91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB3798 Relevance: .2, Instructions: 249COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2cffd558e161f7b18a393837b42487c9a5c8f35d904b10febbacb962dc32f259
          • Instruction ID: a09165f2a51009f42b5aa37709fd6bd35c7d72e6309cfb7c30cd791f0098deef
          • Opcode Fuzzy Hash: 2cffd558e161f7b18a393837b42487c9a5c8f35d904b10febbacb962dc32f259
          • Instruction Fuzzy Hash: 6291AE703103469FE704EB68D89179E73A3FFC4300B558928E8068B665DF71FE4A8BA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB5A08 Relevance: .2, Instructions: 246COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 02eb5064594e80b9bf3c3259f2c6d6c99284d09aee51b74b597b8179e0275e39
          • Instruction ID: 06255e4b873a09ced587f74f0090c858c20f7714bccb35f1e47d0d30acb18bdb
          • Opcode Fuzzy Hash: 02eb5064594e80b9bf3c3259f2c6d6c99284d09aee51b74b597b8179e0275e39
          • Instruction Fuzzy Hash: 42819C717002059FE714EB74D8A4BAE77A7EFC8304F148528E9069B391DF39AD468BA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB3793 Relevance: .2, Instructions: 222COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c19b3bc7d580895aec903559ca67b5ac0688c48a5f07b4650d88a6b68e58ae20
          • Instruction ID: eeb374e569f7cdad8eb456405afec785612b151d69f11557eb29140a763f8d48
          • Opcode Fuzzy Hash: c19b3bc7d580895aec903559ca67b5ac0688c48a5f07b4650d88a6b68e58ae20
          • Instruction Fuzzy Hash: 548160703107469FE714EB68C481B9E73A3FFC4304B558928E8068B665DF71FE4A8BA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBE908 Relevance: .2, Instructions: 220COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f7d2d26924313d4110c701910dff90d22481868e6d66f38fc092a1a752f2ed2b
          • Instruction ID: 6867a8769543bf2ea678755955b5a787e3d947d80ec0910660982d016a6bdd5f
          • Opcode Fuzzy Hash: f7d2d26924313d4110c701910dff90d22481868e6d66f38fc092a1a752f2ed2b
          • Instruction Fuzzy Hash: 2481BF717003069FD724DF74C481AAAB7B6FF85304F108969E90A8B651DB35FE45CBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB517B Relevance: .2, Instructions: 215COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 42dd02744cb8c05a97c049074722eb9c1ef46bd58a92f049408363ea28942c7a
          • Instruction ID: 1552c0ddeb0ea02a34b3ddb6c372ddb3b768b74ddb4a11176095838d47efcd68
          • Opcode Fuzzy Hash: 42dd02744cb8c05a97c049074722eb9c1ef46bd58a92f049408363ea28942c7a
          • Instruction Fuzzy Hash: 2B815B71A01355AFE710DBA4D885FAEBBB2BF89710F118149F905AB391CB71AD42CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0C3F8 Relevance: .2, Instructions: 209COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d556a1e54d978512aa2c0bfd74f49f5fb3d6a64841a5c7de763282db2319c73c
          • Instruction ID: c6506d4ef6b45f8b81b35e833abe7ea271970d093cab5a4bb8a431f22a82921e
          • Opcode Fuzzy Hash: d556a1e54d978512aa2c0bfd74f49f5fb3d6a64841a5c7de763282db2319c73c
          • Instruction Fuzzy Hash: EC915E74A00249DFDB15DFA4C454BAEBBF2FF88300F148568E806AB395DB74AD45CBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0C26A Relevance: .2, Instructions: 209COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 797f694cd14a53669d68b076df91ad7edf37388895532223e475b83488065d78
          • Instruction ID: 26d739ab4c61429391b2bfb1a0a5301371d5b5184b3a51a91b7c6c1521c054a1
          • Opcode Fuzzy Hash: 797f694cd14a53669d68b076df91ad7edf37388895532223e475b83488065d78
          • Instruction Fuzzy Hash: F871E87170030A9FEB14DFA4D454BAE77B2EF85304F048929E9429B390DB79ED46CBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE99DF Relevance: .2, Instructions: 197COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f94680c09dafc9fc4e5b9e966cf581a410e855eaa4074ef96807e1544ac5e1ab
          • Instruction ID: d1695118473e28849c4927d6facf41d6928b5b995692cd639cff993ffaec7d58
          • Opcode Fuzzy Hash: f94680c09dafc9fc4e5b9e966cf581a410e855eaa4074ef96807e1544ac5e1ab
          • Instruction Fuzzy Hash: 2B5177317093414FDB01EB78E85025E7BB6EFC22117144ABEC50ADB352DE75DC0A87A2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB5D29 Relevance: .2, Instructions: 190COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: da52d72896b5d59ada1179bf4040f1e5e27b45eec29ac7dcb2058b1a12ac9356
          • Instruction ID: e91a46301ee98ab269f69f8d0f3138d0a085085291cbc7b34501b93675e8ff2b
          • Opcode Fuzzy Hash: da52d72896b5d59ada1179bf4040f1e5e27b45eec29ac7dcb2058b1a12ac9356
          • Instruction Fuzzy Hash: B8717DB5B002058FDB14DFA8D494AAEBBF2EF89210F158069E906DB361CB34ED45CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0A690 Relevance: .2, Instructions: 188COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d9ba0a510463a6ca8ba623f80fb32b6322265e9e35cd2aad5e9bb9016ad03278
          • Instruction ID: 76f5c18da675648e4098d740807aa0cfb541d9d94ed969acc795960487621eed
          • Opcode Fuzzy Hash: d9ba0a510463a6ca8ba623f80fb32b6322265e9e35cd2aad5e9bb9016ad03278
          • Instruction Fuzzy Hash: 3D61BF71F013499FDB18DFB8D4546AEBBF2AF85300F148569E802AB390DB75AD45CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F063D8 Relevance: .2, Instructions: 178COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7d43e058614ded5765eea3ced9c1fedc1e03fb46d6955ed4bec56c2713a6e23b
          • Instruction ID: 3501663f97ff1ae1588e2c3b351a99b4d380be1b6f1fedb8b60657f4cc7714a4
          • Opcode Fuzzy Hash: 7d43e058614ded5765eea3ced9c1fedc1e03fb46d6955ed4bec56c2713a6e23b
          • Instruction Fuzzy Hash: 7951A0B1B10226DFCB149B789C5667F77EAAB88751B194528D806D33C8EF34CC619BE0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBE680 Relevance: .2, Instructions: 171COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 43bd4d683f684c6a1395f0ce0a700ae4317424c953c0fa89191cc1acd3f9b9a7
          • Instruction ID: 9c071c7c90ba799db72753a0dc7ebb3f5e3efc2617cc4af0dea15bc9c36de7b6
          • Opcode Fuzzy Hash: 43bd4d683f684c6a1395f0ce0a700ae4317424c953c0fa89191cc1acd3f9b9a7
          • Instruction Fuzzy Hash: C25191B0301705AFD3249F35D445B5A7BA2EB86720F10CA2DE5278B7D0DB7AA885CF51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0DBA0 Relevance: .2, Instructions: 168COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c75f72be778dd382988e03dfe4c82174c634fa35d709d78753d2b7de7b8ff521
          • Instruction ID: b9729815a3300c179704215c9ee9edab3c764ac589c414137c3bd1f932c2206c
          • Opcode Fuzzy Hash: c75f72be778dd382988e03dfe4c82174c634fa35d709d78753d2b7de7b8ff521
          • Instruction Fuzzy Hash: E2710EB4A51308EFEB04DBB4D895BAD7BB2FF89300F504428E9056B394DB766885CF54
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB0F48 Relevance: .2, Instructions: 161COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 723cbac373b34cb721645b3152651f6c336612222d63230a216d8527918cd3e6
          • Instruction ID: 2267d9f6e57575ca21121559288fad760b0655a2fd271624558e7db23a147b6d
          • Opcode Fuzzy Hash: 723cbac373b34cb721645b3152651f6c336612222d63230a216d8527918cd3e6
          • Instruction Fuzzy Hash: B251B370B002599FDB14DF78D555BDE77F2EF88300F1589A8E406AB350DB72AD498BA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBE690 Relevance: .2, Instructions: 157COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d629335af48de79fba7662f99f27f9f78443b298fd0c57f33bef7d18a12afc8a
          • Instruction ID: 692c65c1fe0bbcf5d2c83657fd8ffa43b237604d69f14ee24dfe964597ee4f13
          • Opcode Fuzzy Hash: d629335af48de79fba7662f99f27f9f78443b298fd0c57f33bef7d18a12afc8a
          • Instruction Fuzzy Hash: CC514D70301705AFD3289F39D54975A77A2EB85720F10CA2DE92B9B7C0DB7AA8858F50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBF798 Relevance: .2, Instructions: 157COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4135d301cddeb355ed93e1d0391212925912d0d67609666deb47a0339ab92a86
          • Instruction ID: db8ca11a23b822c550ecbecf0b6dca46be0fb579b11234e592cb4be88369711a
          • Opcode Fuzzy Hash: 4135d301cddeb355ed93e1d0391212925912d0d67609666deb47a0339ab92a86
          • Instruction Fuzzy Hash: B8517E74B003028BEB289B35D9A876A77E6AF85305B14856DE906DB390EF3DDD41CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F093A1 Relevance: .2, Instructions: 150COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 63f0ff80c391560747858ba2562f7cdbebcc162ce8524adc3566c37a52da5f10
          • Instruction ID: 8d969afe668bcd8a68514307e318846aabf62f38ee3d2b5b55dd0596c509b57c
          • Opcode Fuzzy Hash: 63f0ff80c391560747858ba2562f7cdbebcc162ce8524adc3566c37a52da5f10
          • Instruction Fuzzy Hash: DE514DB4A002069FDB14DF65D494BAEBBF6BF88304F148069E805A73A1EB74EC45DB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB1809 Relevance: .1, Instructions: 149COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cf305f19b4531d75b33632e33aafe49dca98fd5085f9bec23e8e32f7bd84ffaf
          • Instruction ID: 424e594578e33e83a7c7e390a33d8fa263a6e7c7546990b3fa3daeddcbbddfc6
          • Opcode Fuzzy Hash: cf305f19b4531d75b33632e33aafe49dca98fd5085f9bec23e8e32f7bd84ffaf
          • Instruction Fuzzy Hash: ED515CB13107419BE318EB35D8917AA7393AFC1304F958D2CD9428F694DEB1BE4E87A1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F093B0 Relevance: .1, Instructions: 148COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f121702c1df97dd0d98d70d5ee936f15a88fd09bceb47345f175d59ee68eb5ff
          • Instruction ID: c1f38a84721aa1459015720e8c567e01f173a573fceb012be6e891a770c30446
          • Opcode Fuzzy Hash: f121702c1df97dd0d98d70d5ee936f15a88fd09bceb47345f175d59ee68eb5ff
          • Instruction Fuzzy Hash: D85130B4B0020A9FDB14DF65D554BAEBBF6BF88304F144069E805A73A1EB74EC45DB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB1810 Relevance: .1, Instructions: 144COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f2d71262b41794c5b935a1a21199c59e20876ad6bcb4884370faf70400d0916d
          • Instruction ID: d1bfabc44f9081a61516fc8d57de141a95c919b87d6ffb51c7061d0c3497ed2f
          • Opcode Fuzzy Hash: f2d71262b41794c5b935a1a21199c59e20876ad6bcb4884370faf70400d0916d
          • Instruction Fuzzy Hash: 81515CB13107419BE318EB25D89176E7393AFC1304F958D2CD9428F694DEB1BE4E87A1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE0D08 Relevance: .1, Instructions: 141COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 35518342d5226edaa8afded6752de96ff36c83792d28a7b8f3484e512c714d34
          • Instruction ID: 25dea2d0a5cc9ae9bdcf4ac32082fde16526327884019e3d42c494c3578e4554
          • Opcode Fuzzy Hash: 35518342d5226edaa8afded6752de96ff36c83792d28a7b8f3484e512c714d34
          • Instruction Fuzzy Hash: C441D434345300AFE725B739D855B6E7BA39BC1710F248A6AE1058F7D1CBB2D882C755
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F09EA4 Relevance: .1, Instructions: 138COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 910524d7d2d9aa75313259cc5f3f417957e3c0f2017dc91e961ec73e5c39d964
          • Instruction ID: 1953eb46524b7a05558a9871d16b50c55d9e939d5d9e3489d759bd59d6653a64
          • Opcode Fuzzy Hash: 910524d7d2d9aa75313259cc5f3f417957e3c0f2017dc91e961ec73e5c39d964
          • Instruction Fuzzy Hash: A25118B1A01309CFDB14DF74D458BADBBB1BF88305F188128E806A7391DB75AC85DB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0CC3F Relevance: .1, Instructions: 137COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c8713e34d33c4a7fb35365caf4955dfddcb4911ca7c43e46d48cd4af4191f17a
          • Instruction ID: d687424c4b17b1333c7f8c4ea61b94001c23fe7d740112427c581331a8c2a708
          • Opcode Fuzzy Hash: c8713e34d33c4a7fb35365caf4955dfddcb4911ca7c43e46d48cd4af4191f17a
          • Instruction Fuzzy Hash: 1B4124B160E3805FD712A739D8643D67FF69F86204B1945ABD482CF392DA28DC09C3B2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBEC18 Relevance: .1, Instructions: 136COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 605d350fc1aa121896432a33a09b0e2edfe6916e5900780c4c031bbf6671e661
          • Instruction ID: 47c484899a8338b642ac2ab7d9e2a4835bfb5130cca4cc9d437fe30593c14b5e
          • Opcode Fuzzy Hash: 605d350fc1aa121896432a33a09b0e2edfe6916e5900780c4c031bbf6671e661
          • Instruction Fuzzy Hash: CA41C371B0025AAFDB15DFB8D8506FF7BB6AFC9200F144129E906E7340DB399D458BA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBDC08 Relevance: .1, Instructions: 134COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 936ed6f0dc5fe81bd906a797f0a7a60999751ba4c8c1e58211d44917bc804267
          • Instruction ID: e42fe74ed2c80a2be8324bd4ddea71c69874b090e0cbea08305969268e8bc7aa
          • Opcode Fuzzy Hash: 936ed6f0dc5fe81bd906a797f0a7a60999751ba4c8c1e58211d44917bc804267
          • Instruction Fuzzy Hash: F341D2727003165BE724DB25D4407AABBB6EFC5300F04856AF546CB790DA79ED468BE0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0D010 Relevance: .1, Instructions: 125COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6787208106e56b9c5814a9b0c3a31dfad8727cf5d4e206ea4564f9f58b8d2756
          • Instruction ID: 18f2d60cc019c8fbfaa4d0c60ccb0c5f0e6183fa9b6b4533dbe780ab531265bc
          • Opcode Fuzzy Hash: 6787208106e56b9c5814a9b0c3a31dfad8727cf5d4e206ea4564f9f58b8d2756
          • Instruction Fuzzy Hash: 3B41B0702043468FE720DB68D484B5AB7F2AF81304F05CE58E4468B7A1DB79ED4A8BE1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB3C18 Relevance: .1, Instructions: 124COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2fc08e7211df05090aff4a157bc8d205a1fcd1f3a8505e2d0f281e390fdab13a
          • Instruction ID: 7dc3c06bebac54cdb01e619505c172ef3c5c1737a7fc2dab445cd24569a268e5
          • Opcode Fuzzy Hash: 2fc08e7211df05090aff4a157bc8d205a1fcd1f3a8505e2d0f281e390fdab13a
          • Instruction Fuzzy Hash: 1241A130701305AFEB14EB64D85AB6E3763FF85304F108968E9066F394DF75AC498BA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F084F0 Relevance: .1, Instructions: 122COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c95f25532db4f7730c4c7d9aaa929742955e57d20cda49a12c4ab2c940643a4d
          • Instruction ID: f7211ccacb523cba5c346e16812e4272538464880303133ecf10c87e7b5a99c4
          • Opcode Fuzzy Hash: c95f25532db4f7730c4c7d9aaa929742955e57d20cda49a12c4ab2c940643a4d
          • Instruction Fuzzy Hash: DC41A1307103059FE709EB74D49179EB7E2FF85204F108A79D54AAB385EF75AD098BA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F096B8 Relevance: .1, Instructions: 121COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e195eca046d2e89fa45a14bc94d8e95e11fb7beb636d54ac9c1a0fd8e2366914
          • Instruction ID: 2c3fd39db761a55e043d0a1cc09bd4cc6426bb50c6c949c686ab080b37a4dd1a
          • Opcode Fuzzy Hash: e195eca046d2e89fa45a14bc94d8e95e11fb7beb636d54ac9c1a0fd8e2366914
          • Instruction Fuzzy Hash: FC413AB6F102158BDB14CF6985442EDBAF6AF88251F48802AD805E7391FB75A941DBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB3C20 Relevance: .1, Instructions: 121COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d2c9a71b0b24cd51a12e2fcd9cdfa37eaef098ce0c74a7c8fe90d83e1b2b08f2
          • Instruction ID: 2911314f2586417d27335d087d4b626db417ee5fb95afbf1ed50c5116666c643
          • Opcode Fuzzy Hash: d2c9a71b0b24cd51a12e2fcd9cdfa37eaef098ce0c74a7c8fe90d83e1b2b08f2
          • Instruction Fuzzy Hash: 06419130701305AFEB14EB64D85AB6E7763FF85304F108968E9066F395DF75AC498BA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0C748 Relevance: .1, Instructions: 120COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f03a623a822e1e3552094a059b628411bcdc1070962bbe1906966a7ee8c03900
          • Instruction ID: 4cfa801ffb5f01579928e812a7776e64405dd9db09f6858aa0b4b568e94f8efe
          • Opcode Fuzzy Hash: f03a623a822e1e3552094a059b628411bcdc1070962bbe1906966a7ee8c03900
          • Instruction Fuzzy Hash: E841F3309093449FD702DB70D85479EBFB2EF86300F2981DAD841977A6DF795A88CB54
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0B410 Relevance: .1, Instructions: 120COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5f8ab945c56c6d1df2e7a977d0d7b9a8ed8a8c44dffbe5f0a6cbdb9c9736289e
          • Instruction ID: 8c8f2b156b0737ff3f52c8d7c1a4b172c5576274f50eb73351c4efa534374ba7
          • Opcode Fuzzy Hash: 5f8ab945c56c6d1df2e7a977d0d7b9a8ed8a8c44dffbe5f0a6cbdb9c9736289e
          • Instruction Fuzzy Hash: 6E410575704345AFCB20CF24D850BAABBF5EF89710F0885A9E949CB391D675ED05C7A0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBE8F8 Relevance: .1, Instructions: 120COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 64e96db584ea0ac01a95bb42dce06f965ae42c1f1788da15a4a51cb4771f2784
          • Instruction ID: c37bf6810bb8f4c918f2d8a5f5f4b98e36f080b0724539a0d480aec9cb64f410
          • Opcode Fuzzy Hash: 64e96db584ea0ac01a95bb42dce06f965ae42c1f1788da15a4a51cb4771f2784
          • Instruction Fuzzy Hash: 0E417F7131070A8FD720EB64C481ADAB7A2FF81304F51CA68E5058B665DB75FE498BE1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB3DD0 Relevance: .1, Instructions: 120COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abc85fd40e65c4d468b7c19702906be573c8131ba8b942f14c674853b8ef6e2f
          • Instruction ID: 2fae40a296b0cfbc57a025ad39d6bc887d43f23566a64360351c424ab1831ab4
          • Opcode Fuzzy Hash: abc85fd40e65c4d468b7c19702906be573c8131ba8b942f14c674853b8ef6e2f
          • Instruction Fuzzy Hash: 11415171B0024A8FDB14DFA4D594ADEBBB2FF88305F108565E405AB391DB39ED45CBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0AF90 Relevance: .1, Instructions: 116COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 177c5e0e29bdec98877bfa31d234a770c22634b310e97e052ad941e51a429f29
          • Instruction ID: 0da18a1005304fd7d4f241285fdbfcf9ec82e498c1934f15e70646db7fb3eba2
          • Opcode Fuzzy Hash: 177c5e0e29bdec98877bfa31d234a770c22634b310e97e052ad941e51a429f29
          • Instruction Fuzzy Hash: FC41B4B1B042459FDB14DB74D818BAE7BF6EF88310F1480AAE516E7391DE759D40CBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB72AB Relevance: .1, Instructions: 109COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a46aae3bce2837b383ad89afcb40ede4a6f51db2fae27848e81f1e1d3a7b5f9b
          • Instruction ID: 1b59e886f0e8fc38ba5b176b9c0e64ffc6192c408817874814bc1b19ab667bd2
          • Opcode Fuzzy Hash: a46aae3bce2837b383ad89afcb40ede4a6f51db2fae27848e81f1e1d3a7b5f9b
          • Instruction Fuzzy Hash: B0310771B001199FDB359BA5A8847FE7BB6EBC9310F14442BFC45E7380CA758D448B61
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE9C68 Relevance: .1, Instructions: 107COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f27207e9a3317064ea2bba89356e0922cc7bb5c44d03c1c729dc9a86c799444
          • Instruction ID: d67f6b2cfaf1d3df4e070c626a77129690029890057d4ab09652565a0654201a
          • Opcode Fuzzy Hash: 7f27207e9a3317064ea2bba89356e0922cc7bb5c44d03c1c729dc9a86c799444
          • Instruction Fuzzy Hash: C2414D70A112199BEB14DFA9E858AEDBBF6FFC8310F108525E405BB244DB34AC41CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0FBC8 Relevance: .1, Instructions: 101COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5f77531b7dc5ee394b2c66e353a7133dc58a0087997e09cff27bcad3efa00578
          • Instruction ID: 9e60e4899b692617eb84b4a590771987ce0fb3ea4dd57339f0c3ece5a6be8738
          • Opcode Fuzzy Hash: 5f77531b7dc5ee394b2c66e353a7133dc58a0087997e09cff27bcad3efa00578
          • Instruction Fuzzy Hash: EA3182703007016BE314EA69C891B5BB397FFC8740F608A3CE60A9B695DEB17D494BA5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBF648 Relevance: .1, Instructions: 97COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2538b7685e2be30e69ab676efc0fb28cea5bff1d16d9a2c3c8f87906ad7989cd
          • Instruction ID: d7f06ec0f19f5c50dd724e8b0293bea2378069fac80fe1354b3e3243a3dfc547
          • Opcode Fuzzy Hash: 2538b7685e2be30e69ab676efc0fb28cea5bff1d16d9a2c3c8f87906ad7989cd
          • Instruction Fuzzy Hash: 5B31A275700205AFD7149F79C85066EB7A2FFC5720F208129E9269B380EF35ED42CBA2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F05EBF Relevance: .1, Instructions: 96COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9e70ba5bbe2de115a198170a3baba9f09c87990addbb76eb68a0f8f8ccb83af9
          • Instruction ID: 9b0190154d63eb1d7c92708441840b27b0c0673e589298ee1d37c5281440cf74
          • Opcode Fuzzy Hash: 9e70ba5bbe2de115a198170a3baba9f09c87990addbb76eb68a0f8f8ccb83af9
          • Instruction Fuzzy Hash: 5031A6B5B002098FDB44DB68C894A6EB7B2FF84311F258029E819D7390DB74EC41CF90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F096A8 Relevance: .1, Instructions: 94COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b4d3a19bc7a4816f7317644fe8b57b0e41f2f89dea129f60e441648e3f2d397f
          • Instruction ID: 3fa9efa2d3f66135d2bbdee343d20ed7db4564e5759d80fbdcec94feac6bdddf
          • Opcode Fuzzy Hash: b4d3a19bc7a4816f7317644fe8b57b0e41f2f89dea129f60e441648e3f2d397f
          • Instruction Fuzzy Hash: 8721F0B6F102158FCB14CF7998406BEBBE5AF89610F18413AD805E7381FB71A902DBD1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB7145 Relevance: .1, Instructions: 94COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1bafa0cb31ac40778a0d555a9af27de2f29217a1993f4d342143adc0620eebdd
          • Instruction ID: deb2a1b38ed1375cf986e5b637d9681265ed611373af5f0232ee7c09828d85d3
          • Opcode Fuzzy Hash: 1bafa0cb31ac40778a0d555a9af27de2f29217a1993f4d342143adc0620eebdd
          • Instruction Fuzzy Hash: FA413AB46002559FDB20CF58D884AADB7F2FB89311F19C195EC45AB395C735ED41CB60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB5830 Relevance: .1, Instructions: 94COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abfcb7a9792989aa0c93605e9f5279db51e1d5c4c3968cf2c14a277dde4b039a
          • Instruction ID: 814983753e80d7d086191e3e9d4b8620e3e917b2a79c89a7856ade0cee328f1a
          • Opcode Fuzzy Hash: abfcb7a9792989aa0c93605e9f5279db51e1d5c4c3968cf2c14a277dde4b039a
          • Instruction Fuzzy Hash: F13191B1B00115AFDB24CF65D894ABE77AAEF89650F088429F506CB290CB76DC02CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB3DC7 Relevance: .1, Instructions: 92COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 405043e2cf5855fb6e990a3954d519a3d82fd753ddd283f367a518c8346d6faa
          • Instruction ID: f3e993287525dd74dc7e05799cdac0ebfd878f8f34f8ba3ce69b672a00736520
          • Opcode Fuzzy Hash: 405043e2cf5855fb6e990a3954d519a3d82fd753ddd283f367a518c8346d6faa
          • Instruction Fuzzy Hash: 21313071A0024ACFDF14DF64D5886DEBBB2FF88705F148565E406AB250DB34AD45CBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB72B8 Relevance: .1, Instructions: 89COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2832076674f3f54217860364480f5a18977b81cc031e594ece52557ba6c2d488
          • Instruction ID: c10f9bca4b5fe70481f6efc01cadce31fabaee2233189c61b1c74752f10e3370
          • Opcode Fuzzy Hash: 2832076674f3f54217860364480f5a18977b81cc031e594ece52557ba6c2d488
          • Instruction Fuzzy Hash: 6C31A470B042159FDB249BB5D8546FE7BF6ABC9300F14442AED02E7340DE788D448BA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBEC08 Relevance: .1, Instructions: 86COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7525b0d95fceffe18c61d3ad322d6b48d7f3e8eda4b750a7b864b8b6d81df1f4
          • Instruction ID: 61bf5db5e7c5a48704118795d116b4948ea747b03ae8c373941eaefc9a2e3890
          • Opcode Fuzzy Hash: 7525b0d95fceffe18c61d3ad322d6b48d7f3e8eda4b750a7b864b8b6d81df1f4
          • Instruction Fuzzy Hash: A731A2B1A0025EAFDF218FA9C840AFF7FB9BF89700F144069F905A3251D7359A15DBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBA825 Relevance: .1, Instructions: 85COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 532e990d25c79e6c5b915b17cd3fbb9f176f8058e04c4c0985448287266b7658
          • Instruction ID: 10fe3932f8ea94fa7cb932e06bceb186b646521cc355f7b14e7adcd48f2f1991
          • Opcode Fuzzy Hash: 532e990d25c79e6c5b915b17cd3fbb9f176f8058e04c4c0985448287266b7658
          • Instruction Fuzzy Hash: 6C217175B00205CFCB14CFA4C8845EDBBF2FF88210B298456E946E7355CA34EC42DBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F095F0 Relevance: .1, Instructions: 84COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7302b566789506595f9b415dc4102948807c4741dea77e2635a32a3b7a85766f
          • Instruction ID: 388d3cd7f29a6c27bacad43ae3eda7fb4d69eaa55cce70e9fd69b2416ee63c2b
          • Opcode Fuzzy Hash: 7302b566789506595f9b415dc4102948807c4741dea77e2635a32a3b7a85766f
          • Instruction Fuzzy Hash: 5621B0763012205FD700DB69E888D6ABBA6FFC97617148066E605CB362DB72EC04D790
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0664D Relevance: .1, Instructions: 83COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2f82d4be1c0ce88f2246e461c5c35ebb09c05e6c6e50e0f3e4b3ffcaed032c25
          • Instruction ID: 7e58edba87783e640cfe2875f6886ec37a06722a98b275d775afd6b1666ddd02
          • Opcode Fuzzy Hash: 2f82d4be1c0ce88f2246e461c5c35ebb09c05e6c6e50e0f3e4b3ffcaed032c25
          • Instruction Fuzzy Hash: ED316BB5B002059FEB04EBA4D4447BFB7F2EB85305F548475D909AB3C1DB399A528BE0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBD2C8 Relevance: .1, Instructions: 83COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4616e66ab3f44a9e9e74d0db159ea7a204e160cb1fa480da7a248243d553bd46
          • Instruction ID: b37275e3e3e9049d8acf028318cf5b3322059cfc2b0b7ee23aa3f1e97f69575c
          • Opcode Fuzzy Hash: 4616e66ab3f44a9e9e74d0db159ea7a204e160cb1fa480da7a248243d553bd46
          • Instruction Fuzzy Hash: FC2107723047545BD3155A25E894BAB7BAAEBC5321F14403AE507CB381CE2ADC86C790
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F084E0 Relevance: .1, Instructions: 82COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dcc2bf7941178da5891652cedcff14c3ccebef52a48d5aa88bc996d1c3adceb3
          • Instruction ID: bdbcc77cb9808fcb81404c077393f3d66e39004777fcec23715055e2798b7c96
          • Opcode Fuzzy Hash: dcc2bf7941178da5891652cedcff14c3ccebef52a48d5aa88bc996d1c3adceb3
          • Instruction Fuzzy Hash: CC2171703103069FD719EA74D49079EB3A7FB85214F508A2CD54A9B685EF71BD0D87E0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0CE30 Relevance: .1, Instructions: 82COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: db2ab16ff161ee1c3be1b801c0aad55b26fce8228535beec1632ea45eac4e00b
          • Instruction ID: 3a74e9803e7b85952a9e13428e220aa06e958553ebacc2c97aff9f2422993db7
          • Opcode Fuzzy Hash: db2ab16ff161ee1c3be1b801c0aad55b26fce8228535beec1632ea45eac4e00b
          • Instruction Fuzzy Hash: B721D3B021134A9FD304EB68D88265A7397EFC1300791CE68E90A8F259DF71BD0D8BB5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB74E8 Relevance: .1, Instructions: 81COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1098d0cba6230b99886d1feb539e2f1e07fb9c1f53d68a8dea2643b78cdafa97
          • Instruction ID: b20d0e0c7924306ecbe1c919b895f29b3556988ef08dd5c571a7dcdfc5c82d02
          • Opcode Fuzzy Hash: 1098d0cba6230b99886d1feb539e2f1e07fb9c1f53d68a8dea2643b78cdafa97
          • Instruction Fuzzy Hash: A521D4B1704A125FE769ABA9A8943BE63D6DBC9754F00413BED0ACB380DE71DD0483A1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBD1E1 Relevance: .1, Instructions: 81COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3e2aba3f42fe70c2e96f4e4b4293f162d84c171fc047b3b325000154891547e6
          • Instruction ID: 2b863020360b261b8180e90d4a12a000894f6cd58435ae12e43d4aaf2539d8b9
          • Opcode Fuzzy Hash: 3e2aba3f42fe70c2e96f4e4b4293f162d84c171fc047b3b325000154891547e6
          • Instruction Fuzzy Hash: 4D2183B170020ADBDB14DF65E989AEE7BB6EF88315F144029F806A7241CB35ED45CBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0A988 Relevance: .1, Instructions: 78COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4c8933e988825ab4eb17f79dfc57364ca3dbc5855983797b52a5c69d079dda0b
          • Instruction ID: 203fdebf8d8c33413b2408a8272b355a6af6d6a8dd691ca35ca40f83988551ae
          • Opcode Fuzzy Hash: 4c8933e988825ab4eb17f79dfc57364ca3dbc5855983797b52a5c69d079dda0b
          • Instruction Fuzzy Hash: 04316F70B00206DFD7149B68D558BAABBF2AF49310F188068E806E73D0DF75AC91DB94
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F062EB Relevance: .1, Instructions: 78COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2c6de7715fa5fa9be022cae9eff925077208e46b629efef642a87da38da3da00
          • Instruction ID: 1054bbba13bba7541782bccf950751211f0d2cde548d1c4fdd997546c643f810
          • Opcode Fuzzy Hash: 2c6de7715fa5fa9be022cae9eff925077208e46b629efef642a87da38da3da00
          • Instruction Fuzzy Hash: 6E21DABA705312CBEB245629D0243BE7AE69F84795F198029EC06C73C1DE79C991F7D0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB73EB Relevance: .1, Instructions: 77COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6bdac050a8f98c794a29ba61721a473d0fe46560eafe2fe9e43ff1ba9c017221
          • Instruction ID: 4a8696b5d5c2de1d27bf4fb3f7b58321d03749fecd72f3481bb9ae4689b56410
          • Opcode Fuzzy Hash: 6bdac050a8f98c794a29ba61721a473d0fe46560eafe2fe9e43ff1ba9c017221
          • Instruction Fuzzy Hash: 0B2160B5B002099FDB54DFA9D9457EEBBB2EB88311F14802AF909A7350CB745D48CF60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBDD48 Relevance: .1, Instructions: 77COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ce3b70f90bbbdd54148da8095d297f4cfc2ce16a30c7116e3402a6fc3fcc0fe7
          • Instruction ID: 341cc468dde4e67baf939474b2a2d1308ca37e87f6ba49ba57eea99628a8a85a
          • Opcode Fuzzy Hash: ce3b70f90bbbdd54148da8095d297f4cfc2ce16a30c7116e3402a6fc3fcc0fe7
          • Instruction Fuzzy Hash: 95213675700301ABEB255B35D014BAABBB6EFC5700F54807AE902CB381DA3ADC42C7A0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0B121 Relevance: .1, Instructions: 76COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5c4231f89aee824e876a69418125d0b4db31b001fb86fdb73acb93132d75909d
          • Instruction ID: 42bd9f65816e5aff24042f5a9567286eea845e6108029c04c66c1ea526c89161
          • Opcode Fuzzy Hash: 5c4231f89aee824e876a69418125d0b4db31b001fb86fdb73acb93132d75909d
          • Instruction Fuzzy Hash: 01216FB0A0030ADFDB14DF64D881AEEBBB2FF48304B504919E505AB351D771A949CFA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0426DB04 Relevance: .1, Instructions: 75COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105191754447.000000000426D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0426D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_426d000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: df6f991e03e146b5e27b148983df33b7f85d31546f2f637e9e8ed209adc3a294
          • Instruction ID: 1df6d3a0cd7d48559da222a4e8dfdfd313092371c3480fa3ddf4c27701e66bfa
          • Opcode Fuzzy Hash: df6f991e03e146b5e27b148983df33b7f85d31546f2f637e9e8ed209adc3a294
          • Instruction Fuzzy Hash: AA21D371724249DFDB55DF10D8C0F2ABB69FB84324F248569E9060B24AC376E496CBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0BE40 Relevance: .1, Instructions: 74COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9dc031ae52b200af4c4d9092c787ec8f60baf3ce499dbead7ecede8e5732ea36
          • Instruction ID: 89ed8e4e24e70232681c8b8142e60fe0dcd3430eb3725ac1ea6ccb1dc57d97b3
          • Opcode Fuzzy Hash: 9dc031ae52b200af4c4d9092c787ec8f60baf3ce499dbead7ecede8e5732ea36
          • Instruction Fuzzy Hash: E2217CB070060A9BE714DB64D89076BB3A7EBC1715F15C92CD90A4B780DF74B8898FD1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBA87B Relevance: .1, Instructions: 74COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 88554114414de140ba103e3ab2c9ce85a095ff4020aba9c03e78c6b665d26c36
          • Instruction ID: f3f6aa2f3370d14c14f6369a68e01f433e128e308eaa9e83e9b67cc7d92cbff4
          • Opcode Fuzzy Hash: 88554114414de140ba103e3ab2c9ce85a095ff4020aba9c03e78c6b665d26c36
          • Instruction Fuzzy Hash: 1121E875A001199F8B14DFA9C9849AEBBF5FF88210B25805AE945A7355CA30ED418BA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB582B Relevance: .1, Instructions: 74COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8249cf879c96120cda1ba54cddad969607783476efc1cd8a8987d20b65ea6e8e
          • Instruction ID: 964701bee46776640168ced3033b83ac2e98c8b2548b5060584ba7a40208717e
          • Opcode Fuzzy Hash: 8249cf879c96120cda1ba54cddad969607783476efc1cd8a8987d20b65ea6e8e
          • Instruction Fuzzy Hash: 9121A4B2B00215AFDB24CF65D844ABA7BFAEF89650F198459F505CB250CB71DD12CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB1269 Relevance: .1, Instructions: 71COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e99953e6664e1f12c7eb082a17e122da705c3188f21e64d8f6d219fc04c70b68
          • Instruction ID: 8c0226110dd2264b3e8e37924e98e12cde735765bea0be949c3f363d7f69c58e
          • Opcode Fuzzy Hash: e99953e6664e1f12c7eb082a17e122da705c3188f21e64d8f6d219fc04c70b68
          • Instruction Fuzzy Hash: 842102B12107059FE314EB26D491B9A7397EFC0314B598D2CE4468BA91DF72B84E8BB1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0D670 Relevance: .1, Instructions: 69COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 71f241d57f94b9554c7a249496f3f4e4c96cde7931f44f3d482acd7cab79bccf
          • Instruction ID: dc179607556d8deb27ea548c8478895ddbaa829d682783b7cccd95a604c86fb9
          • Opcode Fuzzy Hash: 71f241d57f94b9554c7a249496f3f4e4c96cde7931f44f3d482acd7cab79bccf
          • Instruction Fuzzy Hash: 6A21E4B1B002169FDB05DFA9D8406AFBBF1FF89350B04853AE809DB340E7309909CBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB5931 Relevance: .1, Instructions: 67COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4a60f26b0e7df2596d1fbeec2e949698944667d24de23e089db5aa78f1c94601
          • Instruction ID: 02e944e816f14c73491a84d2a36bae6ff9136043cf2060abcd49ab87f1f8252c
          • Opcode Fuzzy Hash: 4a60f26b0e7df2596d1fbeec2e949698944667d24de23e089db5aa78f1c94601
          • Instruction Fuzzy Hash: 01219370701219AFD754EF69E88099A77E6FF89220B50452EEC1AD7780DB70BC548BA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE9B52 Relevance: .1, Instructions: 67COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 83685f95ab58c367d696026a9faf2c09c0f909d5fde72a6ce7d6454b0695dc2a
          • Instruction ID: 03aab790f70bdaaf730598d4ffb0bbd5de040783d587a80a0e4085f4f2b58657
          • Opcode Fuzzy Hash: 83685f95ab58c367d696026a9faf2c09c0f909d5fde72a6ce7d6454b0695dc2a
          • Instruction Fuzzy Hash: 19118471D0E7C64FCB13DB7488540D9BFB5ED43220B1945EAC490EF0A7D2741549CBA2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBB919 Relevance: .1, Instructions: 65COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1da4f005b8c9ff06e85071ba9f0d09c2c928fb45ad83e57bee373e3dacf0b2e5
          • Instruction ID: f15a6cd7e12b74dd5e3b165e1625d88f1cf0844dfbcfcbfa1a5dca23690423a9
          • Opcode Fuzzy Hash: 1da4f005b8c9ff06e85071ba9f0d09c2c928fb45ad83e57bee373e3dacf0b2e5
          • Instruction Fuzzy Hash: 6C11A5B1E002099BDB14DEB9D4906FE7BB6AF89314F148029E905BB384DF759C45DBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB1270 Relevance: .1, Instructions: 62COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 17c97fe0c562496aa16bd0da859d67d3675d0e37eaa36368ebfb7d5b2a6909b2
          • Instruction ID: 852f4690b1661f0213eb65496933c34c032a6a83b72e43b292548a729548e313
          • Opcode Fuzzy Hash: 17c97fe0c562496aa16bd0da859d67d3675d0e37eaa36368ebfb7d5b2a6909b2
          • Instruction Fuzzy Hash: CC11BEB02107059BE314EB26D491B9A73A7EFC0304B49CD2CE8468B691DEB1BD4E4BA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0B541 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 25183e9d63c045bfeae214370654cf20044a1379f9c45d33e77b885602397b51
          • Instruction ID: 2eff23b47e63876122ff01e4c249c15d245edae79c2a4be91acaa88be01b7020
          • Opcode Fuzzy Hash: 25183e9d63c045bfeae214370654cf20044a1379f9c45d33e77b885602397b51
          • Instruction Fuzzy Hash: 04117FB5E00208EFCB04DFA9D8419EEBBF6EB8C300B14801AE905E7340DB3199058BA5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE7C18 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b77b9f2b6c7d3c09a361ea5c0c1aff8a08267817c2e1250123d9b26014d76bac
          • Instruction ID: a85b07097386c986abd775989cc5118d59bddfecd470daeae863c1579043e568
          • Opcode Fuzzy Hash: b77b9f2b6c7d3c09a361ea5c0c1aff8a08267817c2e1250123d9b26014d76bac
          • Instruction Fuzzy Hash: 8D0122713002015BE720BA79E89066A7796DBC0334F248A2AE919873C0CA6298829790
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE9E30 Relevance: .1, Instructions: 60COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ee081e88c70bdc533e1a1297fed01a9598bd97b71777d492bf34398492cbb7aa
          • Instruction ID: 5cfc7bf9596db7387cced3f760d63fdf87874979943f67c8e10fd701a04bd62e
          • Opcode Fuzzy Hash: ee081e88c70bdc533e1a1297fed01a9598bd97b71777d492bf34398492cbb7aa
          • Instruction Fuzzy Hash: 6C1188B170020B9FCB14DF69E848AA9B7F9FF84314B048965D209D76A0EB31FC91CB81
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0A880 Relevance: .1, Instructions: 58COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: eb5e95fcd950c2822d5588c4e5bea1acb0359757fa97864658a25afebb359ac9
          • Instruction ID: 612f1d2be2e2ad67d0af0f9616dd4e3c2a8ce8b22be9051b89d1c0956305ddb5
          • Opcode Fuzzy Hash: eb5e95fcd950c2822d5588c4e5bea1acb0359757fa97864658a25afebb359ac9
          • Instruction Fuzzy Hash: 00114C71B003069BDB149B78D9197AEBBF1EF88711F2440A9E806EB3D0DE759D40CBA4
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0426DAFF Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105191754447.000000000426D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0426D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_426d000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a8388773376aae311f8bcc2cc9a57dfb4f5185681ef09db3d61e25173080ae03
          • Instruction ID: 839d0c828f684c2a28b90a9c88eaa880548f81c328fc79c6a68b28bbc60853f8
          • Opcode Fuzzy Hash: a8388773376aae311f8bcc2cc9a57dfb4f5185681ef09db3d61e25173080ae03
          • Instruction Fuzzy Hash: 0311D376614285CFCB15CF10D5C4B16BF71FB84314F24C5A9DC490B65AC33AE49ACBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0B238 Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 762ef47ca36c6c0bf4276455e8c68378bc6a4430c863081afb729c74134e70b2
          • Instruction ID: 6e78ff6308b8421f065a483ca1710fa14f7f3706ed031a8a422b7ce88c909bfd
          • Opcode Fuzzy Hash: 762ef47ca36c6c0bf4276455e8c68378bc6a4430c863081afb729c74134e70b2
          • Instruction Fuzzy Hash: C0116DB1D05249ABDB15CFA5D845AEEBFF6EF49310F188029E814B7281CB719910DBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE9E22 Relevance: .1, Instructions: 55COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 19790283e6f93f39e24a30106d4943580840966ad0f98c6963371478ea216af8
          • Instruction ID: 4de9e3f08618c150d979f3fed609d11876c586d1ff287e5b5b32161ccf47069a
          • Opcode Fuzzy Hash: 19790283e6f93f39e24a30106d4943580840966ad0f98c6963371478ea216af8
          • Instruction Fuzzy Hash: 241104B160510B9FCB10CFA8E8459EDBBF4FF85314B0449A6C209D7662EB31E895CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0B550 Relevance: .1, Instructions: 54COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 49eb85d2ae089edbe6f4668a13f97ad954271a044abdccbf1d7aa2345f14e002
          • Instruction ID: eb8c8a57d87b89dd41f47b7e0b46eddf0892fca5e9360c461fbb9a926f66ca88
          • Opcode Fuzzy Hash: 49eb85d2ae089edbe6f4668a13f97ad954271a044abdccbf1d7aa2345f14e002
          • Instruction Fuzzy Hash: 8A113DB5E00208AFCB04DFA9D8419AEBBF6FB8C310F14802AE915E7350DB3599158FA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBFA00 Relevance: .1, Instructions: 54COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0c9753d60e79558b61c46f1f0e27f5e3327d283e962a96f0ff6940c48ab5dbea
          • Instruction ID: 75be3d73a99ab4f52c4515970cb332d0be246375595b079d38e496c21b83bb81
          • Opcode Fuzzy Hash: 0c9753d60e79558b61c46f1f0e27f5e3327d283e962a96f0ff6940c48ab5dbea
          • Instruction Fuzzy Hash: 00112171B001199BCB18DF65D8586DEBBB5EF8C210F14502DD806B7381DF759C45CBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F063D3 Relevance: .1, Instructions: 53COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 36e254dcdf042c5055d3a8d69d4c1153f67f2baecdd637f58f9ba91229cfb9e2
          • Instruction ID: 42388889513d41284e12b6c6179323eb5cb69863f37523826916ffa773dcdf67
          • Opcode Fuzzy Hash: 36e254dcdf042c5055d3a8d69d4c1153f67f2baecdd637f58f9ba91229cfb9e2
          • Instruction Fuzzy Hash: B701D2B6B102268FCB149B78A80A5AE7FA5EB887607040536DC05D3340EF348D118BE0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBD0B0 Relevance: .1, Instructions: 53COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 13025fba7d96931d7270cdd4d1d9222abd049872d8c19e9d410c3e94a89afadd
          • Instruction ID: 1b2623bbed21fbec87e5bd06c855e4ffd8dabbca7f63bd41d56730a43034bb81
          • Opcode Fuzzy Hash: 13025fba7d96931d7270cdd4d1d9222abd049872d8c19e9d410c3e94a89afadd
          • Instruction Fuzzy Hash: 0C118C7560020AAFCB00DF68D88199AFBF6FF48300B008669E904D7751D771AD15CBD1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB5F3B Relevance: .1, Instructions: 52COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8d919472d03c8bdf7892b62629a913559a7bdfe97be36f9bd8ba1564dc582754
          • Instruction ID: adc07425b22a1b45bf7226367ffe685d2ec487c7c8b80e018001c62060f9c6d5
          • Opcode Fuzzy Hash: 8d919472d03c8bdf7892b62629a913559a7bdfe97be36f9bd8ba1564dc582754
          • Instruction Fuzzy Hash: A8016DB1A0121A8FDB60DFADE4446DEFBF5AF88314F104429E509E7300EB30E9458BA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F05FF8 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0a2ee23ddc88efb5c72c1a4846b738de42c62a39df0142fe01a80e1becadeee5
          • Instruction ID: 679834ab1832d1974813e2680134e98e9acbdf518006c3fc2176ee54b0507c6b
          • Opcode Fuzzy Hash: 0a2ee23ddc88efb5c72c1a4846b738de42c62a39df0142fe01a80e1becadeee5
          • Instruction Fuzzy Hash: A2019E70B016069BDB11DAA8D890AEFB7E6EFC5310F044439ED09AB344EF35AD058BA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBD2B8 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1f31b427abd2c6564f76030b9c3b6ff212212bea917cce616aa3baa973cc9130
          • Instruction ID: cd6fa95b6ad5ca8f4751159c71e47230634c129c457765895af7d051bc6586ef
          • Opcode Fuzzy Hash: 1f31b427abd2c6564f76030b9c3b6ff212212bea917cce616aa3baa973cc9130
          • Instruction Fuzzy Hash: 41014E723053546FD7115A259C50B9B7FA9EF85321F188126F446C7351CA31DD01CBE1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB5F40 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 747c7c089591e05afde2c1bc55de303988151dbe5b3f696fb747503ac683ca7b
          • Instruction ID: af9ecc748da4bc4bd07f3fadb6216afa6b3812dbc8f668e537ae82095a63fc57
          • Opcode Fuzzy Hash: 747c7c089591e05afde2c1bc55de303988151dbe5b3f696fb747503ac683ca7b
          • Instruction Fuzzy Hash: C90129B1A0121A8FDB60EFADD4846DEFBF5AF88314F104469E509E7310DA30E9468BA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBD1F0 Relevance: .0, Instructions: 47COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b29b57175a6087ab12db14f6e6c21cb01b14e0f4218c06ce3b0398f6c12ae1b0
          • Instruction ID: 04a487dd5d412e5de945860e712d1b2e9f7144f75956f39556140c281529644d
          • Opcode Fuzzy Hash: b29b57175a6087ab12db14f6e6c21cb01b14e0f4218c06ce3b0398f6c12ae1b0
          • Instruction Fuzzy Hash: 04116171B00249DBDB14DFA5D959AEE7BB5EF48355F104068F802A3251DB369D00CBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBD0C0 Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9e360207a540909b9bd9e81960d7418f88204d5a4acc187eb3e4b40b542fd5e0
          • Instruction ID: 434215b08bd58aaf89340e38298d93b39716d3d0b969c8f87a2b9c0525309579
          • Opcode Fuzzy Hash: 9e360207a540909b9bd9e81960d7418f88204d5a4acc187eb3e4b40b542fd5e0
          • Instruction Fuzzy Hash: C901577570061AAFCB00DFA8D88199ABBF6FF88310B008629EA0997750D771BD15CBD0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0426D01D Relevance: .0, Instructions: 45COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105191754447.000000000426D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0426D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_426d000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8a7613d2b99fcebbb598a646258ed3755d9e7631d0fd67aadc94fd9dd88935a5
          • Instruction ID: da69631abec75d33a07a9bca2f7a122def65159d5305517a788cf5775bdfb339
          • Opcode Fuzzy Hash: 8a7613d2b99fcebbb598a646258ed3755d9e7631d0fd67aadc94fd9dd88935a5
          • Instruction Fuzzy Hash: EC01F7713293859BE7204E15ECC0767FB98DF41764F18C016ED4A0A282D2B9A485CAB1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0AAD8 Relevance: .0, Instructions: 45COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 51142e5bf995d446ae71b40dab16085e43ac885de2a47e0c1986234fe7dd974b
          • Instruction ID: 3628c13c4a5f73b5e91e92123d072745b1e138a053e59a500dd139eff86a2bb1
          • Opcode Fuzzy Hash: 51142e5bf995d446ae71b40dab16085e43ac885de2a47e0c1986234fe7dd974b
          • Instruction Fuzzy Hash: 4401D4B0B402156BE7148A589C00BBFBFB6AB85701F244076E948AB2C1CAB16901C7E0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F09A40 Relevance: .0, Instructions: 45COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fc8d73a6e3e32692eb4a19a17ba952479807ddb46ec3972d3f84fd8ca1ec868d
          • Instruction ID: a85d62ddb5dc1d956af0d3bf0341856c5a63d54d9b173307de036b3e23f40604
          • Opcode Fuzzy Hash: fc8d73a6e3e32692eb4a19a17ba952479807ddb46ec3972d3f84fd8ca1ec868d
          • Instruction Fuzzy Hash: 4B01F770F402556BE7108B989C00BBFBFB6EB85701F14407AF948AB2C2CBB16911C7E0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0426D006 Relevance: .0, Instructions: 44COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105191754447.000000000426D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0426D000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_426d000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 56c62ef3fbe4b7c88537440f80fd195a5540fe920e5227e6183022b47c4a7c25
          • Instruction ID: 0e33dc79a79cd8e91115fcd513c5896b2ef9abc38a61c3388a0bfbb6035f47d6
          • Opcode Fuzzy Hash: 56c62ef3fbe4b7c88537440f80fd195a5540fe920e5227e6183022b47c4a7c25
          • Instruction Fuzzy Hash: 5101717111E3C09FD7128B259C94B52BFB4DF43224F19C1DBE9898F1A3C2699889CB72
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB74D8 Relevance: .0, Instructions: 44COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e06f90bb7776218e38ff6360054ac039baf1b5283af9cefb9ce0619220567b3d
          • Instruction ID: d7a54d340f2f7b00d6d2a07377056b51a5debe0786c58bb9da38b1dcb0cd7a60
          • Opcode Fuzzy Hash: e06f90bb7776218e38ff6360054ac039baf1b5283af9cefb9ce0619220567b3d
          • Instruction Fuzzy Hash: A10144B1B0CA004FE3259B68A8807AF6BC6DFCA351F04407BE80ACB391CE348C0583B0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB1A31 Relevance: .0, Instructions: 44COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c70652c64f6138339857cdca7bc1a917ebe97c9640411b278a03952cb71637ba
          • Instruction ID: 81cda233850f397edb34c06316bb7fc4fa4b35be016728064886d46e271ab834
          • Opcode Fuzzy Hash: c70652c64f6138339857cdca7bc1a917ebe97c9640411b278a03952cb71637ba
          • Instruction Fuzzy Hash: B1014470F00309AFDB40DFA4E4957AEBBF2FB45300F1089A9D419AB380DB746A458F50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0B403 Relevance: .0, Instructions: 42COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: de1d0fad99d46c02b53fd376b839fda3ba57152b02da37522314d9171b30bb8f
          • Instruction ID: 54a2101f67ad849168c624d50fe98c15e0cf07a0b354bee4c4c6a0d453551c09
          • Opcode Fuzzy Hash: de1d0fad99d46c02b53fd376b839fda3ba57152b02da37522314d9171b30bb8f
          • Instruction Fuzzy Hash: 24F0C8BA209390ABCB214E259C14BA77FE89F82B61F09806FF448CB391C535CA40D7E1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F065E8 Relevance: .0, Instructions: 41COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e9236336630efb76c865f4b8164e5b6d431edd722f0383881e4ce74baa85dfde
          • Instruction ID: c15767027ddee78ded1187c245f95ca15b245869324c6de79c108dc35bff1ade
          • Opcode Fuzzy Hash: e9236336630efb76c865f4b8164e5b6d431edd722f0383881e4ce74baa85dfde
          • Instruction Fuzzy Hash: 66F0273B2002215FD3126669A8207F7BB69DBC2361F09027ADD05CB7C1DD1ADD9593F1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0A5A8 Relevance: .0, Instructions: 40COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4fba2508ff1d51f95b9eb19b809ccab388ce2680b5b39f1a47dea8357715cb79
          • Instruction ID: 686b9d942df602e59f85ce39ab0cc1e53ef46140d7375f07f1ec852df88f8b24
          • Opcode Fuzzy Hash: 4fba2508ff1d51f95b9eb19b809ccab388ce2680b5b39f1a47dea8357715cb79
          • Instruction Fuzzy Hash: 3E01B8B1300708CFC7248E29E044BA2B7E1FB85325F48492DE48A87691C730F889CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBF1CA Relevance: .0, Instructions: 38COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e41c9f1792b43c5699343461e8ddbf22cc25aea7c3212976cbe749c60f650e70
          • Instruction ID: 8a9630ea147f71a90e62a0daaaa8cea5cbdedeeb63e009d4d5a8a85b29c1cce7
          • Opcode Fuzzy Hash: e41c9f1792b43c5699343461e8ddbf22cc25aea7c3212976cbe749c60f650e70
          • Instruction Fuzzy Hash: 86F09076301704AF86049A2AE85485FB7DBDFC9221304803EE90AC7341CE35EC0687A1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBDAEF Relevance: .0, Instructions: 37COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 216be1ec57506c09918c094182e59d019dced1063186161a814a8ffe4196d7e5
          • Instruction ID: 4571595c24432b6a754d89eaa331d9f69bb5b6ea75a7a4da921f0dfe8bff987e
          • Opcode Fuzzy Hash: 216be1ec57506c09918c094182e59d019dced1063186161a814a8ffe4196d7e5
          • Instruction Fuzzy Hash: 7CF0E9363091107F87154A25E4409EBBBE99BCA610308826BF906C7B45CB38ED03DBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB1A38 Relevance: .0, Instructions: 37COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 78ed9013d8592015aa8bb5e2bf5e2e1aae859bd4d7a610199c2e41f4741e0034
          • Instruction ID: 4442028d8a36c9d9ac682197433e952f17489bc560ceee40b33325add3cc6fd4
          • Opcode Fuzzy Hash: 78ed9013d8592015aa8bb5e2bf5e2e1aae859bd4d7a610199c2e41f4741e0034
          • Instruction Fuzzy Hash: 5301DE70E002099FDB44EFA4D48579EBBF2FB45304F2189A9C41AA7340EB746E458F51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB3F7B Relevance: .0, Instructions: 35COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2417ef2c45a9e0b33af0bbb9f08be85ae7b881c979011dcc84e7dd9a4c8bdc05
          • Instruction ID: 0d66cdeaf1eb8a533d8607ae8054b75c32dd0e8f3732442fb0446757eaaf2a13
          • Opcode Fuzzy Hash: 2417ef2c45a9e0b33af0bbb9f08be85ae7b881c979011dcc84e7dd9a4c8bdc05
          • Instruction Fuzzy Hash: 79F06870F10109AFD744EBB4D4516EDBBB2EF80304F5148B9D40B6B790DE356E858B91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F06278 Relevance: .0, Instructions: 33COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9cfcfc599313f4c7e8504aa8d98f83c37f9a2f3004a68bafc2fa376c510774dc
          • Instruction ID: b251d655198ef6e908986bc1f20f66c9711662b66916e16dec4ded46d62076dd
          • Opcode Fuzzy Hash: 9cfcfc599313f4c7e8504aa8d98f83c37f9a2f3004a68bafc2fa376c510774dc
          • Instruction Fuzzy Hash: 74F059716052005FD304D769E890AA9BBA6EFC5310708C9BEE00DCB161DB609C098B71
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F05BE8 Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cb4b54a3de49fdd09789f83606ccc0a4db765e5d46f6c655856a8bf73ba4beca
          • Instruction ID: c9dae2456f5cd37fc73c538235e5c73ed7232523ae5c88068dd403357ad2048f
          • Opcode Fuzzy Hash: cb4b54a3de49fdd09789f83606ccc0a4db765e5d46f6c655856a8bf73ba4beca
          • Instruction Fuzzy Hash: 15F0A0713001196FD7049B99E845EBF7BAAEBC8320B14402AE50997258CE712C058BA4
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F095DE Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 538329ed0d30cddfeaba7c15c88b4bedc5185968b7eb373efe82cea0bd43498e
          • Instruction ID: bce418530be83c9089ffd9a3b76c112466b890608600a48f54291e7d2b947267
          • Opcode Fuzzy Hash: 538329ed0d30cddfeaba7c15c88b4bedc5185968b7eb373efe82cea0bd43498e
          • Instruction Fuzzy Hash: A9E06D362092546F87159536AC448A77B9AAAC22703798167E848C7252EE31C80692A1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB3F80 Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ea3360245eb0da8db417a7fd0a26dc26dae09cd9a1007a1367e56b0a44206bad
          • Instruction ID: 3d394e6936e341312dbb3524755286790113f18905cdedf9a154871716a2408b
          • Opcode Fuzzy Hash: ea3360245eb0da8db417a7fd0a26dc26dae09cd9a1007a1367e56b0a44206bad
          • Instruction Fuzzy Hash: 7CF01270B10109AFD744EBA4D4516ADBBB2EF80305F5144B8C80B6B790DE346E458B51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0B1F8 Relevance: .0, Instructions: 30COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 08e415a2251122af43e6e28d4b5e6d6329925f3bca132349f8411f5b4cf9b689
          • Instruction ID: b238bc5d32dcd2b20c44753b39a2c70b258842eabc5db6a1869c6da716418f32
          • Opcode Fuzzy Hash: 08e415a2251122af43e6e28d4b5e6d6329925f3bca132349f8411f5b4cf9b689
          • Instruction Fuzzy Hash: 35E0E5B6509155AF97014A55DC44896FF7CFA492743154296E944D7302D622DC82C7F1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EED702 Relevance: .0, Instructions: 29COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8e084b555cafe344ce0cb9b550e42f05f51cf4856a9fd4f3e002ddfbd2fb8753
          • Instruction ID: 514c5df6a7673399b214b6c94449833fcba4be33de259bfd386e0ea0931f58ba
          • Opcode Fuzzy Hash: 8e084b555cafe344ce0cb9b550e42f05f51cf4856a9fd4f3e002ddfbd2fb8753
          • Instruction Fuzzy Hash: 13F09A75601305AFC704DF28E54156AB7A2FF80302B148928E11687740CB79AC06CF80
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F06290 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 98053def809459f96f8d47ad5ac6e923a7cd0eea197640385a4db5de80eb056b
          • Instruction ID: 5d4fec51d86743c8b03dec4b446120b604bde045604e9e3c552c0d6faa308c6c
          • Opcode Fuzzy Hash: 98053def809459f96f8d47ad5ac6e923a7cd0eea197640385a4db5de80eb056b
          • Instruction Fuzzy Hash: 2CE092713006046BD204E7AEE881B9EB79AFBC5320B44C979F10DC7211DF61AC498BB0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBDB00 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7cdf504b96c0bf6ffab48cb2adb34376fef6530c57caa1a5d3009e229db26181
          • Instruction ID: 5782e49de6e0b558b7433861ca8e24edae0c5b7027590878655928aaac8682df
          • Opcode Fuzzy Hash: 7cdf504b96c0bf6ffab48cb2adb34376fef6530c57caa1a5d3009e229db26181
          • Instruction Fuzzy Hash: 8EE09B313051107B87149A26E44497B7BED9BC9611304822AFD06C3B44DB38E9029BE4
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB5120 Relevance: .0, Instructions: 27COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9068188bc35d13b198fb7c0f76debe86d2aa06b82f95332cd7dddc2b2555a9d0
          • Instruction ID: b0396776763050839e9903280c0ff2c113a0840c2446a5676e67ce3402954a82
          • Opcode Fuzzy Hash: 9068188bc35d13b198fb7c0f76debe86d2aa06b82f95332cd7dddc2b2555a9d0
          • Instruction Fuzzy Hash: 21E06D313002149FD724E66AE454BAE73AAEBC9621F04493DE90A87250DE71E98A87A4
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F06919 Relevance: .0, Instructions: 26COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d7e663542ea524e6978a352f32e97ad770ffc835c15cbba5856e600fcffd7fb7
          • Instruction ID: 1ec5d892c6e6252fadb810fa26a7729ab46be28f42142c59ef16cd8014b5b00d
          • Opcode Fuzzy Hash: d7e663542ea524e6978a352f32e97ad770ffc835c15cbba5856e600fcffd7fb7
          • Instruction Fuzzy Hash: 94E08C363805005FE229A6B9A450BBF668BEBC5321F100939D61A8B781ED226D5207F1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBFD58 Relevance: .0, Instructions: 25COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e33c843e7be640fe76167d638e2387f761b078285b07410364e166d6a712d44f
          • Instruction ID: 367210dade1f937a980171760d282b5432e16bf2452585d737638c89a9fbf601
          • Opcode Fuzzy Hash: e33c843e7be640fe76167d638e2387f761b078285b07410364e166d6a712d44f
          • Instruction Fuzzy Hash: FDF039719102199BDB249FA9C9197EEBBB9EB88700F50446AE502B3380CBB91D04CBA5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EED8A8 Relevance: .0, Instructions: 25COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ffe081333a4a51363616d8d03c745c0a8aa11d38b839a92ccc30996655c4a498
          • Instruction ID: 75f5421a5a840a97694bb9aad3e05352b32289931bf25c30cb03388d32f95d05
          • Opcode Fuzzy Hash: ffe081333a4a51363616d8d03c745c0a8aa11d38b839a92ccc30996655c4a498
          • Instruction Fuzzy Hash: EDF0EDB5A00314AFDB04EF68E8016A9B3B6EFC0311F148929E11683380CBB9E846CF60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0A0E1 Relevance: .0, Instructions: 24COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0904a2431ba2b5f6e90a5d815861c9296c0a0add2cb980c2c0e8b16835f49edb
          • Instruction ID: cb79969846f088392eb99d308901e18da8dc36be53d93e56b78ba966da335a45
          • Opcode Fuzzy Hash: 0904a2431ba2b5f6e90a5d815861c9296c0a0add2cb980c2c0e8b16835f49edb
          • Instruction Fuzzy Hash: F1E048B550D1D16FC357472598144A6FFBAEF8B11031D81C7E484DB253C125DD86CBE1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0D4A1 Relevance: .0, Instructions: 24COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 36925d25b150d098f5acc9a28e107a42d49e0e383ea5277a0818fa0f78b63d0b
          • Instruction ID: 070ef6d149c80411dac9c30b89b2ce13943b72cc71bb81f0ae41dad098853593
          • Opcode Fuzzy Hash: 36925d25b150d098f5acc9a28e107a42d49e0e383ea5277a0818fa0f78b63d0b
          • Instruction Fuzzy Hash: 0CE0ED7AB001199FCB15DF99E4008EEBBB5EF98262B048066E954C7210D731AA65DB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB1AD1 Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 64c9d6aa9b9821c6527d6cc5af155f3f9de54293c4548b723bf4a03a148b4302
          • Instruction ID: 034e22a9700440d31e564519a26505bf5d7e82e75ed0810bcf565523bad909fd
          • Opcode Fuzzy Hash: 64c9d6aa9b9821c6527d6cc5af155f3f9de54293c4548b723bf4a03a148b4302
          • Instruction Fuzzy Hash: 70E0CD363001105FC304D754F449DF977A5DF49371B114066ED0987F51CA219C104AD1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE2FC5 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ce0f632c06dcae530eaeb79198dc967cffe5a9dd8c913a79ca2d598d75cf0cf4
          • Instruction ID: ef4061038fdfb6dc8abcbc8742c3822b36b4343bc8738011488827c0f8c2fc07
          • Opcode Fuzzy Hash: ce0f632c06dcae530eaeb79198dc967cffe5a9dd8c913a79ca2d598d75cf0cf4
          • Instruction Fuzzy Hash: C2E086727116149BD314EB59E4417FE7366DFC4321F048828D51B83640CB75AC468F51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EECFD9 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9b291bbab454d31b2c525e679aaceae508f46801d886de98a276fea176351807
          • Instruction ID: 3f0063db828c0405477eb700579b85c0bce4e9f28f4d59a4f56c13fb7b710deb
          • Opcode Fuzzy Hash: 9b291bbab454d31b2c525e679aaceae508f46801d886de98a276fea176351807
          • Instruction Fuzzy Hash: EFE0CDB27113189BD704E758E4457AE7366DFC0311F088525E617C3641DBB998054F55
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE2F82 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5d09e3b72e87f10e9053982c8a26809fcdaf74af3ea6bb54253436ce2079d722
          • Instruction ID: cf4f0dc6c5419571975ad1f96a9d389a605c3bc8567bcfb50bfd088f6a15808b
          • Opcode Fuzzy Hash: 5d09e3b72e87f10e9053982c8a26809fcdaf74af3ea6bb54253436ce2079d722
          • Instruction Fuzzy Hash: D2E08CB67116189BD314EB59E4127EE73A6DBC4322F088829E51A87680CB79AC4A8F51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EED765 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 971fc3c0da47de63ff2d2ebb38d8e04d846a50a4b6f308c926257249be691ed7
          • Instruction ID: 1172e0f6becb4d22500f48542fdcd7d378bb6e530b1ae130dd34567cde705572
          • Opcode Fuzzy Hash: 971fc3c0da47de63ff2d2ebb38d8e04d846a50a4b6f308c926257249be691ed7
          • Instruction Fuzzy Hash: 1EE0C2B2711314DFDB04EB99F8093AD7366EFC0355F188825E51683641DBBAA81A8F61
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE2E3F Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6da8b8168e4a9e07e2fd130b90663f41f521f5cf5dd663533f43052d51608a6a
          • Instruction ID: 07219e1b7995d7703268a7e4d2174a6bd3e3c56ddeed61e67087eed2adea75e3
          • Opcode Fuzzy Hash: 6da8b8168e4a9e07e2fd130b90663f41f521f5cf5dd663533f43052d51608a6a
          • Instruction Fuzzy Hash: 35E086727106149BD314EB59E4027EE73A6EBC4352F04882CD51AC3640CF75AD468F51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EED5C2 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8e25cd582281b2f3ebb01be28200c7650c068d5e988729957db2127668848f47
          • Instruction ID: 4487124e595da390670f90c32096c841e332985357172a130d975a0d09ad4779
          • Opcode Fuzzy Hash: 8e25cd582281b2f3ebb01be28200c7650c068d5e988729957db2127668848f47
          • Instruction Fuzzy Hash: DFE072B2B013048BDB00EB58F8093AD733ADFC0321F008824E41A83641CBBAA80A4F60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE2DBC Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 80bf512cdb2efb73cf284828571480b412b6e69dd80195b4b2af58274a06e998
          • Instruction ID: c4d8bd085f693c999ec87ea5600b2af0294050541143759bad5a3fa78871d6d6
          • Opcode Fuzzy Hash: 80bf512cdb2efb73cf284828571480b412b6e69dd80195b4b2af58274a06e998
          • Instruction Fuzzy Hash: 4EE086B26116149BD314EB59E4117FE736ADFC4321F048828D51B83640CF75AD468F55
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EED582 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 282d76076c383996d79667fd58b56172d565d85cf274eb2031e52caab45b6eaf
          • Instruction ID: 6ff476d1a692df500a11473b5d1491d2fd3c67c89dda47790b846db28ec83108
          • Opcode Fuzzy Hash: 282d76076c383996d79667fd58b56172d565d85cf274eb2031e52caab45b6eaf
          • Instruction Fuzzy Hash: 38E0C2B2711214ABD714EB98F8053EE7366EFC0311F048825E51A83682DBB9A81A9F65
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE2D79 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 15c4cc193fdf6ffa4352aba24826ce306e3842a5bd98b90ca8ba73b62d508e70
          • Instruction ID: 1dc37397fbca04a1774b3c075b643a6fcc91f089a6a1764c2fdb5b9f7fcce61b
          • Opcode Fuzzy Hash: 15c4cc193fdf6ffa4352aba24826ce306e3842a5bd98b90ca8ba73b62d508e70
          • Instruction Fuzzy Hash: 5AE086B26106149BD354EB59E4067EE73A6EBC4311F04882CD51B83641CF75AC468F65
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE4460 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bdab066ba77b050479aa78bd04515da10b3d4e0a3da077b5589d49a35df85f6e
          • Instruction ID: 8e769df901e1d56d5ca773a6f66bfba30ace9498671a607c9a7c6f9ebcd2e201
          • Opcode Fuzzy Hash: bdab066ba77b050479aa78bd04515da10b3d4e0a3da077b5589d49a35df85f6e
          • Instruction Fuzzy Hash: BDE0DF342063908FC7029B64E444D817FB1EF4A25570A00EAE808DB372C7348800C792
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EED37F Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2d05b2ca01b0669604d38397923e850e79e070faa7c5798db9ff50cf43b59ecf
          • Instruction ID: c0262c8598dc912b4793f4b28a111694e17e5a65364774a6cfaaf9b96f3609ce
          • Opcode Fuzzy Hash: 2d05b2ca01b0669604d38397923e850e79e070faa7c5798db9ff50cf43b59ecf
          • Instruction Fuzzy Hash: 3AE07D737113089BD700EB58E4013ED7365DFC0311F08C425D516C3641CBB998064F11
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EED22C Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4598e4b00e929d39677873a46a4accc22b532d43086d9c92ad0b9ec0c1b9ef57
          • Instruction ID: fb06e6f64f87649bec395e6d0b354e7ee08f7bd2069dcacfa7a57354c231634c
          • Opcode Fuzzy Hash: 4598e4b00e929d39677873a46a4accc22b532d43086d9c92ad0b9ec0c1b9ef57
          • Instruction Fuzzy Hash: 08E0CD727156189BD704EB58E8053ED73B5DFC4311F048425D516C7641DFB998065F51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EED199 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 32d5ff074cb3445189f8baba012fe3bca112244aa2b9c0845a7bb59edb9b0e5e
          • Instruction ID: 8a04d6203176ff5a33795f676e65faeb512ede6940bf9739a9d9e9099d4ceea4
          • Opcode Fuzzy Hash: 32d5ff074cb3445189f8baba012fe3bca112244aa2b9c0845a7bb59edb9b0e5e
          • Instruction Fuzzy Hash: 19E07DB27003089BD704E758E4053ED7335DFC0311F048425E516C3241CBB998064F50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EED8FB Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c2b09a70d1facc9313370e7ea8267cf3b127ba978036168a1b3e2cf88db83f97
          • Instruction ID: 6b5006c13659ce6d289c14b255ffac02750d2f8aeb54974452c1c380442aa99c
          • Opcode Fuzzy Hash: c2b09a70d1facc9313370e7ea8267cf3b127ba978036168a1b3e2cf88db83f97
          • Instruction Fuzzy Hash: 9DE072B2B103059BD704EB68F8093AD7376EFC0311F048834E11683242CBB9A80A8F20
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE308E Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3f5c85ce16e60a749fdce6936d2f5eaf01438685e6ffa9c050ee92dcb8857235
          • Instruction ID: 62b56c1fef223d24c7b7ed41210649c2de8d3e5c721d24662e110aa1e8d66adb
          • Opcode Fuzzy Hash: 3f5c85ce16e60a749fdce6936d2f5eaf01438685e6ffa9c050ee92dcb8857235
          • Instruction Fuzzy Hash: 1DE086726106149BD314EB59E4027ED73A6DBC4311F048829D51A87A40CB75AC468F51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EED868 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 79bd8818d183a441af1f724c1678558525f16640f9bfdbe2564b7f34ef129f89
          • Instruction ID: 630595f84adf9540f168e1be29cc210fc3f2e057613946e093c7db846119c214
          • Opcode Fuzzy Hash: 79bd8818d183a441af1f724c1678558525f16640f9bfdbe2564b7f34ef129f89
          • Instruction Fuzzy Hash: 65E07DB27112048FD700E758F8053AD7325DFC0311F00C825D51687141CB79A8054F10
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE304B Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b7c97e0364c21873e7b1705f1d020b4993fa6f0c2857a79f4a8271caec4db189
          • Instruction ID: 0791b3404534b70158773d7deb35b92ebdeced9951017271aa351cb4551e6a75
          • Opcode Fuzzy Hash: b7c97e0364c21873e7b1705f1d020b4993fa6f0c2857a79f4a8271caec4db189
          • Instruction Fuzzy Hash: 6AE086726106149BD314EB59E4017ED7366EBC4351F04882DD51A87A40CB75AC468F51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE3008 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6e76d8fa35495883f5b8b3e35c2980f61491542a7658cb5d4858496bc3f9fa1f
          • Instruction ID: 236001ddf19c2460b0c624aedacccf33b083ae0200b0971f40f8f34acbf3b7b9
          • Opcode Fuzzy Hash: 6e76d8fa35495883f5b8b3e35c2980f61491542a7658cb5d4858496bc3f9fa1f
          • Instruction Fuzzy Hash: 56E08CB6711614DBD314EB59E4027EE73A6DBC4322F048829E61A83681CB79AC4A8F51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F05B7F Relevance: .0, Instructions: 19COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 66cefee1168142ee41d58d36ce0f0600048a967ef56e77486ccbf4dd23377a74
          • Instruction ID: bab56abcc99870510af862c9ba6c9ef347475d53fb7245c79d08e125d9e9bff2
          • Opcode Fuzzy Hash: 66cefee1168142ee41d58d36ce0f0600048a967ef56e77486ccbf4dd23377a74
          • Instruction Fuzzy Hash: DAE0CD312096815BE354E71CE441A896392DFC5310F504D3DD18147794DA70BC8587F5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0A168 Relevance: .0, Instructions: 19COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d4746b585612bb3246695315be0d9041da56db70539b09b2ece3661f59a60481
          • Instruction ID: 35d9ec324070d5e2a35f30bfa07264cbf3d213212ac15772b8c53f0355427db9
          • Opcode Fuzzy Hash: d4746b585612bb3246695315be0d9041da56db70539b09b2ece3661f59a60481
          • Instruction Fuzzy Hash: FFD0126260E2905B87424664B4204E13FA99F8712533D45C7D494CB293C5178E5387E2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB7C51 Relevance: .0, Instructions: 19COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 776e2536dc631d1cb770a617d18aceadfa5776576a40d761ac9efd65f1dab765
          • Instruction ID: bf4a9f74db9b69676f0c8fc914b89a41ba23f5d90735bcc58b1c9f7603113fdb
          • Opcode Fuzzy Hash: 776e2536dc631d1cb770a617d18aceadfa5776576a40d761ac9efd65f1dab765
          • Instruction Fuzzy Hash: DAE0BF76109288BFCB028FA0D851CA57F75EF46218B09808AF9544A163D637D966EBA1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE2F42 Relevance: .0, Instructions: 19COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 683247be4242fd7a2eaf5c79de0ee0463a4944d353a9ba425f2503fdc1fece38
          • Instruction ID: 765430c61893c7a596009d1734ee44820f8f4da34c675c6c7b64446a0df0be9f
          • Opcode Fuzzy Hash: 683247be4242fd7a2eaf5c79de0ee0463a4944d353a9ba425f2503fdc1fece38
          • Instruction Fuzzy Hash: 6EE0C2B27212189BD704EB99E4063FD3366EBC0362F188C29E51A83641DB79A80A8F51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB5780 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2b02078f64ef2388f53f5471752cde6622484c11b91869c10e1a9ce58cfe8753
          • Instruction ID: 6d553ad42337ea5c39e5cbd65d9c1150cea1259aac273698630c3ec33e4d5b54
          • Opcode Fuzzy Hash: 2b02078f64ef2388f53f5471752cde6622484c11b91869c10e1a9ce58cfe8753
          • Instruction Fuzzy Hash: FBD05E352101209FC700EBA8E448E957BE9EB4D359B1241A5E91E8B361CA35AC008B91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE4470 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7479552736d4d55c7c6172958acb9f9c3d068248a25c15fb5de29d212671d323
          • Instruction ID: 90c04a31d7464625c63287ff592f2c0f6832e233f7a39fceeba7e53999d7da40
          • Opcode Fuzzy Hash: 7479552736d4d55c7c6172958acb9f9c3d068248a25c15fb5de29d212671d323
          • Instruction Fuzzy Hash: 39D05E353112249FC700EB68E848D95BBAAEF4A365B0140A5EE0987362CB35AC00CBD1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0A117 Relevance: .0, Instructions: 15COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6fa54f1b3c7f6f5e5eb80d17ddb8d3d8e1b2293f9387bbd1c3ef499912005897
          • Instruction ID: ba029fc68df909bffdd547022d946ffa1a5e8fb2f6f35991e7c5e79eacec5447
          • Opcode Fuzzy Hash: 6fa54f1b3c7f6f5e5eb80d17ddb8d3d8e1b2293f9387bbd1c3ef499912005897
          • Instruction Fuzzy Hash: 7CD0C7F151D3419FC7058720D595840BFE1FF5621433686DAD444CB363C621DD87C741
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB5782 Relevance: .0, Instructions: 15COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c3531025d6016d1d52f1139a4d9dcd69c40da82a219555556adc3dcbd37698f9
          • Instruction ID: 02aa59ca1e4a1a191b0e25f096af97c3a0dd7be5d657c21a1496c9783abc6f42
          • Opcode Fuzzy Hash: c3531025d6016d1d52f1139a4d9dcd69c40da82a219555556adc3dcbd37698f9
          • Instruction Fuzzy Hash: B8D09E352104209FC705EB68E548AA57BA5EB4D359B1241A5E91EDB361CA359C018B91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0A141 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c368644a8892fd9f4d97f3370dd173ef892cf5a020ec09f6a50cd6d4c8d4938d
          • Instruction ID: 5fb8736094fca64df81be96207d24947237fab10df21e932e24db898a096ea1a
          • Opcode Fuzzy Hash: c368644a8892fd9f4d97f3370dd173ef892cf5a020ec09f6a50cd6d4c8d4938d
          • Instruction Fuzzy Hash: 40D092B06093819FCB469B24D558842BFA5BB8720432A92D7D044CB263C621EC42C752
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F09A08 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2f3232ee30a2b9781143b6f20b2de95fda3cae97297d540d68520130abe03a92
          • Instruction ID: 30af4a6f6f7be61f9718970be16507b197b1485f7be3122150005e5dbb258788
          • Opcode Fuzzy Hash: 2f3232ee30a2b9781143b6f20b2de95fda3cae97297d540d68520130abe03a92
          • Instruction Fuzzy Hash: EAD0A765A0E1A05FC746C614E4544B57FE59F8E10832D80CFD898DB167D62ADC13CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB7C60 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 65b382f2b373dd0e42861b0c7a885679bbca07c8995822aa41ad6b5fde29ea02
          • Instruction ID: 2f1addc7ac752b055209e5a892d08ee60b8d95dd5987d24a20b0db1062a2c8ce
          • Opcode Fuzzy Hash: 65b382f2b373dd0e42861b0c7a885679bbca07c8995822aa41ad6b5fde29ea02
          • Instruction Fuzzy Hash: CFD06736104249AF8B01CE84D951C6A7F6AEB49214B14C049BE5946262C633E932EBA0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F07E41 Relevance: .0, Instructions: 12COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: aa5a4eff8ce845a2199d63428a879ea5d188960a2f4415dcaa71673a9bd0787f
          • Instruction ID: 20f2564ea54a5e95438fd0a6d7efa8d17bcbe6b9c2ee05a27dafa772ca6d63a1
          • Opcode Fuzzy Hash: aa5a4eff8ce845a2199d63428a879ea5d188960a2f4415dcaa71673a9bd0787f
          • Instruction Fuzzy Hash: 15C012B256D3806ED712073159119C47F605F17310F054697D18584AD281520494C363
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0A823 Relevance: .0, Instructions: 12COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bb70ab92665483489a7a5e0b18e3b52e07a313d30460635d46620e2cd6144f7a
          • Instruction ID: f8168cd5f175e789608a08c68aff4afaddb2ecaaa8df9d9de85c02b16838de74
          • Opcode Fuzzy Hash: bb70ab92665483489a7a5e0b18e3b52e07a313d30460635d46620e2cd6144f7a
          • Instruction Fuzzy Hash: 4BD0CABAA0110DABCF058AC4E852ADDFB32FB88365F008122E6146A154C2325522DB80
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F09081 Relevance: .0, Instructions: 10COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ddb77d9ef66d35b51ccbb5f363f4d1a4d7b6b82d1a1120385aded5ddd85bd417
          • Instruction ID: 37d50b358a684f404819f59147324bc0fd918066a44261fa1f62f2b66cb5fb89
          • Opcode Fuzzy Hash: ddb77d9ef66d35b51ccbb5f363f4d1a4d7b6b82d1a1120385aded5ddd85bd417
          • Instruction Fuzzy Hash: 18C08C3BB001088FCB00DB94F8848DCF375FFC8225B00C423E10183111C7305825DB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CB660B Relevance: .0, Instructions: 10COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 90b165c507f57d6ef5a24ed4508329f45af282e3f8de2215da17b753c47e0f15
          • Instruction ID: 77f0571e012a53fe2d614c6930a1475d7672899863f8932910234a78737924ec
          • Opcode Fuzzy Hash: 90b165c507f57d6ef5a24ed4508329f45af282e3f8de2215da17b753c47e0f15
          • Instruction Fuzzy Hash: A4B092BA286300BBD5608662BE47FA77E5D97A1B41F004012F348884808A614450E6B7
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F0C713 Relevance: .0, Instructions: 9COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5ba7e65b623cb597e516384cd6ea4c2cf57e03b1214679ef035bd6865224dd19
          • Instruction ID: 30d6a29853bc9ae61145a9c4e7aa321fc65416eaf6c8fa87d160e41ad888c577
          • Opcode Fuzzy Hash: 5ba7e65b623cb597e516384cd6ea4c2cf57e03b1214679ef035bd6865224dd19
          • Instruction Fuzzy Hash: BEC04C36E0100D8BCF04DA95F4454DCF774EB84266B108122D621925118735152ADB60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBA58B Relevance: .0, Instructions: 6COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 78450fb49692b15dd9a9f7acc0e4efef169099bf08f9493f25a37dfaf73541b3
          • Instruction ID: 119eb13b3f82deda48f59d64967dc176159b7bf5d3ae0082ca75d045ed60734e
          • Opcode Fuzzy Hash: 78450fb49692b15dd9a9f7acc0e4efef169099bf08f9493f25a37dfaf73541b3
          • Instruction Fuzzy Hash: 63A02230000200BBEEC00B80CBCABCC33A0EF03B32F000002F008C0082AB280282CE82
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07CBA85D Relevance: .0, Instructions: 5COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105214328392.0000000007CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CB0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7cb0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b659e4d2125f72063b512b1fd4e928b91f7e50744699a852ccbc91982535e940
          • Instruction ID: 1640697216936c45be86d10538a1f0c24db68a06e02ea13f892c4001acd023d4
          • Opcode Fuzzy Hash: b659e4d2125f72063b512b1fd4e928b91f7e50744699a852ccbc91982535e940
          • Instruction Fuzzy Hash: 1DA002EBD5690DB7E50056A1594128053199561410BDC4094C6044061AB05B784A0E40
          Uniqueness

          Uniqueness Score: -1.00%

          Non-executed Functions

          Function 07F052B8 Relevance: 3.0, Strings: 2, Instructions: 492COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID: "Xq$"Xq
          • API String ID: 0-4273574092
          • Opcode ID: b87789a13137ed786e450b192167761f15bd5e82d3bd96c6ee2ceebf406e90d1
          • Instruction ID: 39382a2e62a55b3436a07875316325464596584d6e5faa3188144cc8dd38c760
          • Opcode Fuzzy Hash: b87789a13137ed786e450b192167761f15bd5e82d3bd96c6ee2ceebf406e90d1
          • Instruction Fuzzy Hash: C6220870A043199FDB54EFA4C4507AEBBF3FF84304F1185A8D11AAB294DB35AE858F91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07F052C0 Relevance: 3.0, Strings: 2, Instructions: 491COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000002.00000002.105217983552.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7f00000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID: "Xq$"Xq
          • API String ID: 0-4273574092
          • Opcode ID: 5da7634a51ef775696e150054050cc74d426c2da204cb3328694854ca2738049
          • Instruction ID: 317f8ea3414cb63182c9e61602cfa65cef9b2864ba9148e60e0fb57b4ad153d4
          • Opcode Fuzzy Hash: 5da7634a51ef775696e150054050cc74d426c2da204cb3328694854ca2738049
          • Instruction Fuzzy Hash: 1422F970A043199FDB54EFA4C4507AEBBF3FF84304F1185A8D11AAB294DB35AE858F91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE5E90 Relevance: 1.4, Instructions: 1446COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f99039dc9f2bdc61c545672e1d4ef4df0a721c6d6be316c2830e445e139b4cf0
          • Instruction ID: 88beeaad76e12ff110d00a385b38fc3a3bf4be9162ae54a07ae2646183ed2f20
          • Opcode Fuzzy Hash: f99039dc9f2bdc61c545672e1d4ef4df0a721c6d6be316c2830e445e139b4cf0
          • Instruction Fuzzy Hash: B4D26A70A012189FEB55EB74C850BAEB7B2FF89301F1044A9D509AB790DF369E85CF61
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE4678 Relevance: 1.2, Instructions: 1169COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9445a6a94194993d14786052d70bcc71c495f45ff1527d4d84467726a00a78b8
          • Instruction ID: 2e597cef11b51b461fbde1825c387487e0399a459dd748fcd567afdb5d1fe1b7
          • Opcode Fuzzy Hash: 9445a6a94194993d14786052d70bcc71c495f45ff1527d4d84467726a00a78b8
          • Instruction Fuzzy Hash: 52A2FC70B41314DFDB69AB38C8157AE77B2AB86305F6048BDD51AAF3D0DA769881CF40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE3C60 Relevance: .6, Instructions: 644COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ddf2707a1931678af179595d62e13f66d259f9cc731c6e59fc1943e295c542ac
          • Instruction ID: e705ab865c2ec0f4e3ffd10bc3005b024954eceb5a65deec2599ef69fe53b44d
          • Opcode Fuzzy Hash: ddf2707a1931678af179595d62e13f66d259f9cc731c6e59fc1943e295c542ac
          • Instruction Fuzzy Hash: AF321774B413049FDB29BB38C865B6E77A2ABC6701F20486DE506AF3D0DE76D842DB41
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE8ED0 Relevance: .6, Instructions: 612COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3480ee68a3a8f721993ebde9e24927ca36b29173d8fcaf3f3b14c45ed2d60293
          • Instruction ID: 88c6956cc7e470960d399a0a96ced920b1a475b0e231e686af6da843cdc11195
          • Opcode Fuzzy Hash: 3480ee68a3a8f721993ebde9e24927ca36b29173d8fcaf3f3b14c45ed2d60293
          • Instruction Fuzzy Hash: 5F227D747413049FEB25BB38C861B6E77A2ABC6701F204869E506AF3C1DEB6D842DB45
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EEB240 Relevance: .6, Instructions: 595COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0a008e5cc798c5beb415466bc40109dde63d368eefd8102b18ab94cee864e02a
          • Instruction ID: 69b2ae35ef6fa09c1da9eda17267e9f81e605110ecf9981124d302c6cdd64f8d
          • Opcode Fuzzy Hash: 0a008e5cc798c5beb415466bc40109dde63d368eefd8102b18ab94cee864e02a
          • Instruction Fuzzy Hash: 0D225A74B413049FDB29BB38C865B6E77A2ABC6701F20486DE106AF3D0DE76D842DB45
          Uniqueness

          Uniqueness Score: -1.00%

          Function 07EE3218 Relevance: .4, Instructions: 373COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000002.00000002.105217613066.0000000007EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EE0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_2_2_7ee0000_onedrive.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 94f8ed314dee4f2728f78f7641fbde3b02212bd31376bdc4dcfa0d97f7c520ba
          • Instruction ID: f67b3f560d83bbeb696e360be81b5641740c813764e650b64c575b2e392301a6
          • Opcode Fuzzy Hash: 94f8ed314dee4f2728f78f7641fbde3b02212bd31376bdc4dcfa0d97f7c520ba
          • Instruction Fuzzy Hash: B9C16B343413049FDB2AB7388865B6E37A3ABCA701F24487DE5069F3D1DEB6D8429B41
          Uniqueness

          Uniqueness Score: -1.00%