Often includes Kernel32.dll for process manipulation (e.g., CreateProcess , VirtualAlloc ) and Advapi32.dll for registry or service changes.
It might try to reach out to a Command & Control (C2) server to beacon for instructions. CB17x64.exe
(MD5/SHA256) to check against databases like VirusTotal . Often includes Kernel32