Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
s9sRFRPn1i.exe

Overview

General Information

Sample name:s9sRFRPn1i.exe
Analysis ID:1427909
MD5:262a7eb58a01d1aab21b24292c181cd3
SHA1:535312b7048fb90be981e04ea759c5ad8aaf6eda
SHA256:107090a44888272297ecb7a715a9abca4bc17dafe6aa57505436722a5a9926a6
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Found direct / indirect Syscall (likely to bypass EDR)
Queries memory information (via WMI often done to detect virtual machines)
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to launch a program with higher privileges
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
PE file contains sections with non-standard names
Program does not show much activity (idle)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

  • System is w10x64
  • s9sRFRPn1i.exe (PID: 3572 cmdline: "C:\Users\user\Desktop\s9sRFRPn1i.exe" MD5: 262A7EB58A01D1AAB21B24292C181CD3)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: s9sRFRPn1i.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: s9sRFRPn1i.exeVirustotal: Detection: 65%Perma Link
Source: s9sRFRPn1i.exeReversingLabs: Detection: 37%
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B464A0 memcpy,memcpy,memcpy,memcpy,memcpy,memcmp,memcpy,memcpy,memcpy,memcmp,memcpy,memcpy,BCryptGenRandom,SystemFunction036,memcpy,0_2_00007FF607B464A0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B7EEC0 memcpy,memcpy,HeapFree,BCryptGenRandom,SystemFunction036,0_2_00007FF607B7EEC0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B57370 BCryptGenRandom,SystemFunction036,0_2_00007FF607B57370
Source: s9sRFRPn1i.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 4x nop then sub rsp, 58h0_2_00007FF607C21790
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BBD930 memcmp,memcmp,memcmp,memcpy,memcpy,memcpy,memcmp,memcmp,memcmp,memcmp,memcmp,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,HeapFree,memcpy,WakeByAddressSingle,memcpy,ioctlsocket,recv,WSAGetLastError,ioctlsocket,memcpy,memcmp,memcmp,memcmp,WSAGetLastError,WSAGetLastError,HeapFree,HeapFree,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,0_2_00007FF607BBD930
Source: s9sRFRPn1i.exe, 00000000.00000003.1725529210.000002995B2DF000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1715401234.000002995AC55000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1717076307.000002995B2E6000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1724219798.000002995AC5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: s9sRFRPn1i.exe, 00000000.00000003.1725529210.000002995B2DF000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1715401234.000002995AC55000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1717076307.000002995B2E6000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1724219798.000002995AC5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: s9sRFRPn1i.exe, 00000000.00000003.1725529210.000002995B2DF000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1725529210.000002995B2B7000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1717076307.000002995B2BE000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1715401234.000002995AC55000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1717076307.000002995B2E6000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1724219798.000002995AC5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: s9sRFRPn1i.exe, 00000000.00000003.1725529210.000002995B2DF000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1715401234.000002995AC55000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1717076307.000002995B2E6000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1724219798.000002995AC5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: s9sRFRPn1i.exe, 00000000.00000003.1715401234.000002995AC6D000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1724219798.000002995AC77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
Source: s9sRFRPn1i.exe, 00000000.00000003.1725529210.000002995B2B7000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1717076307.000002995B2BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
Source: s9sRFRPn1i.exeString found in binary or memory: https://docs.rs/rustls/latest/rustls/manual/_03_howto/index.html#unexpected-eof
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BAE2B0 NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,HeapFree,NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,HeapFree,GetLastError,HeapFree,VirtualQueryEx,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,RtlRestoreThreadPreferredUILanguages,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,HeapFree,HeapFree,0_2_00007FF607BAE2B0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BB4EB0 PdhCollectQueryData,HeapFree,HeapFree,RtlAllocateHeap,NtQuerySystemInformation,HeapFree,RtlDeleteBoundaryDescriptor,GetSystemTimePreciseAsFileTime,HeapFree,HeapFree,memcpy,HeapFree,HeapFree,HeapFree,memcpy,memcpy,memcpy,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,WakeByAddressAll,HeapFree,HeapFree,HeapFree,0_2_00007FF607BB4EB0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BAF1E0 NtQueryInformationProcess,NtQueryInformationProcess,HeapFree,HeapFree,0_2_00007FF607BAF1E0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B13CC0 RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,GetTickCount64,GetCurrentProcess,CheckRemoteDebuggerPresent,GetCurrentProcess,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,0_2_00007FF607B13CC0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B127380_2_00007FF607B12738
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BA86E00_2_00007FF607BA86E0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BB23900_2_00007FF607BB2390
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BAE2B00_2_00007FF607BAE2B0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BAA2700_2_00007FF607BAA270
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BB2FD00_2_00007FF607BB2FD0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BB4EB00_2_00007FF607BB4EB0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B36C700_2_00007FF607B36C70
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BA77B00_2_00007FF607BA77B0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BB17500_2_00007FF607BB1750
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BF56B00_2_00007FF607BF56B0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BAF6400_2_00007FF607BAF640
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B9B6100_2_00007FF607B9B610
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B140FD0_2_00007FF607B140FD
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B11D6D0_2_00007FF607B11D6D
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BB3AA00_2_00007FF607BB3AA0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B379E00_2_00007FF607B379E0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B4E9300_2_00007FF607B4E930
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B828F00_2_00007FF607B828F0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B9E8800_2_00007FF607B9E880
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BFE8800_2_00007FF607BFE880
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B408A00_2_00007FF607B408A0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B5C8500_2_00007FF607B5C850
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BAC7C00_2_00007FF607BAC7C0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CAA7F00_2_00007FF607CAA7F0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BA07E00_2_00007FF607BA07E0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CA47B00_2_00007FF607CA47B0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B946C00_2_00007FF607B946C0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BCE6F00_2_00007FF607BCE6F0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BF26500_2_00007FF607BF2650
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B4C6600_2_00007FF607B4C660
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CA45F00_2_00007FF607CA45F0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B5C5400_2_00007FF607B5C540
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BB05600_2_00007FF607BB0560
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B365100_2_00007FF607B36510
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B445200_2_00007FF607B44520
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B805300_2_00007FF607B80530
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B6C4800_2_00007FF607B6C480
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CAA4800_2_00007FF607CAA480
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B464A00_2_00007FF607B464A0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BDA4400_2_00007FF607BDA440
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B504600_2_00007FF607B50460
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BF24700_2_00007FF607BF2470
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BBC3D00_2_00007FF607BBC3D0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B863D00_2_00007FF607B863D0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B283800_2_00007FF607B28380
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B763800_2_00007FF607B76380
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B223900_2_00007FF607B22390
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BFE3100_2_00007FF607BFE310
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BC83200_2_00007FF607BC8320
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BEC2E00_2_00007FF607BEC2E0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BE22A00_2_00007FF607BE22A0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B142AB0_2_00007FF607B142AB
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B281D00_2_00007FF607B281D0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B641D00_2_00007FF607B641D0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B9C1F00_2_00007FF607B9C1F0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B461800_2_00007FF607B46180
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CA41700_2_00007FF607CA4170
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B251000_2_00007FF607B25100
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BA11100_2_00007FF607BA1110
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B9D0D00_2_00007FF607B9D0D0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CA30F00_2_00007FF607CA30F0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B5B0E00_2_00007FF607B5B0E0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B990A00_2_00007FF607B990A0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B3309B0_2_00007FF607B3309B
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B690B00_2_00007FF607B690B0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BA90400_2_00007FF607BA9040
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B8F0500_2_00007FF607B8F050
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BCD0500_2_00007FF607BCD050
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CB8FF00_2_00007FF607CB8FF0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B9AF800_2_00007FF607B9AF80
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607C96F100_2_00007FF607C96F10
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BDCF000_2_00007FF607BDCF00
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BB0F100_2_00007FF607BB0F10
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B8CF300_2_00007FF607B8CF30
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B1EED00_2_00007FF607B1EED0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B32ECF0_2_00007FF607B32ECF
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B32E5A0_2_00007FF607B32E5A
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B64E000_2_00007FF607B64E00
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B32E0A0_2_00007FF607B32E0A
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B84DC00_2_00007FF607B84DC0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BC0DD00_2_00007FF607BC0DD0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B18DE60_2_00007FF607B18DE6
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B28DF00_2_00007FF607B28DF0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B44DA00_2_00007FF607B44DA0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BB2DB00_2_00007FF607BB2DB0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B32DAE0_2_00007FF607B32DAE
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B4AD500_2_00007FF607B4AD50
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607C2AD700_2_00007FF607C2AD70
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B18D670_2_00007FF607B18D67
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B76D100_2_00007FF607B76D10
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B34CD30_2_00007FF607B34CD3
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BE2CF00_2_00007FF607BE2CF0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607C9CCB00_2_00007FF607C9CCB0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B40CB00_2_00007FF607B40CB0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B32C000_2_00007FF607B32C00
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B44BC00_2_00007FF607B44BC0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BC8BD00_2_00007FF607BC8BD0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B5CBE00_2_00007FF607B5CBE0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CB2BE00_2_00007FF607CB2BE0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607C96B900_2_00007FF607C96B90
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BDCBB00_2_00007FF607BDCBB0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B9AB300_2_00007FF607B9AB30
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B18A780_2_00007FF607B18A78
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B48A900_2_00007FF607B48A90
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607C08A400_2_00007FF607C08A40
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B8EA700_2_00007FF607B8EA70
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607C9CA000_2_00007FF607C9CA00
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B4AA200_2_00007FF607B4AA20
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BFE9E00_2_00007FF607BFE9E0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CAA9E00_2_00007FF607CAA9E0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B1E9800_2_00007FF607B1E980
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CB49500_2_00007FF607CB4950
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BC49500_2_00007FF607BC4950
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BBD9300_2_00007FF607BBD930
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607C058C00_2_00007FF607C058C0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B5D8B90_2_00007FF607B5D8B9
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B458800_2_00007FF607B45880
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BB78500_2_00007FF607BB7850
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B9D8600_2_00007FF607B9D860
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B2D7E00_2_00007FF607B2D7E0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B837A00_2_00007FF607B837A0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B637A00_2_00007FF607B637A0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607C017600_2_00007FF607C01760
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BB76C00_2_00007FF607BB76C0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BDB6F00_2_00007FF607BDB6F0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B3369D0_2_00007FF607B3369D
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B6B6B00_2_00007FF607B6B6B0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B3364B0_2_00007FF607B3364B
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B596100_2_00007FF607B59610
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B336220_2_00007FF607B33622
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B335D90_2_00007FF607B335D9
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B2B5F00_2_00007FF607B2B5F0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B275F00_2_00007FF607B275F0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B7D5900_2_00007FF607B7D590
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607C9F5A00_2_00007FF607C9F5A0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B9D5200_2_00007FF607B9D520
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B595300_2_00007FF607B59530
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B434C00_2_00007FF607B434C0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B334CD0_2_00007FF607B334CD
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B614F00_2_00007FF607B614F0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B8B4B00_2_00007FF607B8B4B0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B354400_2_00007FF607B35440
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B114500_2_00007FF607B11450
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B3F4700_2_00007FF607B3F470
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BBF4200_2_00007FF607BBF420
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B3342A0_2_00007FF607B3342A
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B333D60_2_00007FF607B333D6
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B493F00_2_00007FF607B493F0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B7D3A00_2_00007FF607B7D3A0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B613A00_2_00007FF607B613A0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B333AF0_2_00007FF607B333AF
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B3330B0_2_00007FF607B3330B
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607C973200_2_00007FF607C97320
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B1532B0_2_00007FF607B1532B
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B932D00_2_00007FF607B932D0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B1532B0_2_00007FF607B1532B
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B732E00_2_00007FF607B732E0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B592F00_2_00007FF607B592F0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CA72900_2_00007FF607CA7290
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B4D2800_2_00007FF607B4D280
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B3329D0_2_00007FF607B3329D
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B331930_2_00007FF607B33193
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B781200_2_00007FF607B78120
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607C980600_2_00007FF607C98060
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CA00200_2_00007FF607CA0020
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B220300_2_00007FF607B22030
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B71FF00_2_00007FF607B71FF0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BA5F800_2_00007FF607BA5F80
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B89F790_2_00007FF607B89F79
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CA7F800_2_00007FF607CA7F80
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CA3F400_2_00007FF607CA3F40
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B1FF200_2_00007FF607B1FF20
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B5DEBB0_2_00007FF607B5DEBB
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B5FE900_2_00007FF607B5FE90
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BA7E300_2_00007FF607BA7E30
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B63D900_2_00007FF607B63D90
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B87DB00_2_00007FF607B87DB0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B23D500_2_00007FF607B23D50
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CA7D000_2_00007FF607CA7D00
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607C95D200_2_00007FF607C95D20
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BC5C100_2_00007FF607BC5C10
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B31C100_2_00007FF607B31C10
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B4DC300_2_00007FF607B4DC30
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B33BCE0_2_00007FF607B33BCE
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B85BD00_2_00007FF607B85BD0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B47B800_2_00007FF607B47B80
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B8BB900_2_00007FF607B8BB90
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B57B500_2_00007FF607B57B50
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B33B310_2_00007FF607B33B31
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B65B300_2_00007FF607B65B30
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BF9AE00_2_00007FF607BF9AE0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B25A800_2_00007FF607B25A80
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B95A900_2_00007FF607B95A90
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BBBAA00_2_00007FF607BBBAA0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B33A380_2_00007FF607B33A38
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CB7A500_2_00007FF607CB7A50
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B2BA400_2_00007FF607B2BA40
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B899FE0_2_00007FF607B899FE
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BEFA000_2_00007FF607BEFA00
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B89A040_2_00007FF607B89A04
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B899FA0_2_00007FF607B899FA
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B89A100_2_00007FF607B89A10
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B89A0A0_2_00007FF607B89A0A
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B89A160_2_00007FF607B89A16
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B89A1C0_2_00007FF607B89A1C
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B999D00_2_00007FF607B999D0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BF59D00_2_00007FF607BF59D0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B899EE0_2_00007FF607B899EE
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B899F40_2_00007FF607B899F4
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B519F00_2_00007FF607B519F0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B679F00_2_00007FF607B679F0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B4F9500_2_00007FF607B4F950
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B579600_2_00007FF607B57960
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607CA99600_2_00007FF607CA9960
Source: classification engineClassification label: mal72.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B9D0D0 FormatMessageW,GetLastError,0_2_00007FF607B9D0D0
Source: s9sRFRPn1i.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name FROM Win32_Process
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: s9sRFRPn1i.exeVirustotal: Detection: 65%
Source: s9sRFRPn1i.exeReversingLabs: Detection: 37%
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeSection loaded: perfos.dllJump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
Source: s9sRFRPn1i.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: s9sRFRPn1i.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: s9sRFRPn1i.exeStatic file information: File size 2414592 > 1048576
Source: s9sRFRPn1i.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1a9000
Source: s9sRFRPn1i.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: s9sRFRPn1i.exeStatic PE information: section name: .xdata
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607D5E830 push rbp; retf 0_2_00007FF607D5E833
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607D5EBA8 push rbp; retf 0_2_00007FF607D5EBAB
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607C20AA8 push rbp; retf 0_2_00007FF607D5EB13
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607C20AA8 push rsi; retf 0_2_00007FF607D5EB73
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607D5EA88 push rbp; retf 0_2_00007FF607D5EA8B
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_CacheMemory
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B732E0 GetSystemTimePreciseAsFileTime followed by cmp: cmp word ptr [rcx+18h], 0016h and CTI: je 00007FF607B73AF8h0_2_00007FF607B732E0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BB2390 GetSystemInfo,HeapFree,HeapFree,memcpy,HeapFree,memcpy,memcpy,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,memcpy,memcpy,0_2_00007FF607BB2390
Source: s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995906A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V ncxfrwalxntsfux Bus
Source: s9sRFRPn1i.exe, 00000000.00000003.1713119405.000002995AA94000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6242WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O T
Source: s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEBB000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995902C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid PartitionllF'p
Source: s9sRFRPn1i.exe, 00000000.00000003.1708492388.000002995AA7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: reated Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Tot
Source: s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995906A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000002.1734167100.00000299590E0000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1732480644.00000299590CC000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEBB000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEF9000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1720920374.00000299590DD000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AF6F000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B0FE000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995902C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service
Source: s9sRFRPn1i.exe, 00000000.00000003.1725529210.000002995B3A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}F
Source: s9sRFRPn1i.exe, 00000000.00000002.1734167100.00000299590E0000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1732480644.00000299590CC000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1720920374.00000299590DD000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AF6F000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B0FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partition
Source: s9sRFRPn1i.exe, 00000000.00000003.1707202437.000002995AA77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flus
Source: s9sRFRPn1i.exe, 00000000.00000002.1734167100.00000299590E0000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1732480644.00000299590CC000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1720920374.00000299590DD000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AF6F000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B0FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
Source: s9sRFRPn1i.exe, 00000000.00000003.1713288817.000002995AA94000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost483
Source: s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEBB000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995902C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
Source: s9sRFRPn1i.exe, 00000000.00000003.1713119405.000002995AA94000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6242WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O T
Source: s9sRFRPn1i.exe, 00000000.00000002.1734167100.00000299590E0000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1732480644.00000299590CC000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1720920374.00000299590DD000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AF6F000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B0FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partition
Source: s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEBB000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995902C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisorr
Source: s9sRFRPn1i.exe, 00000000.00000002.1734167100.00000299590E0000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1732480644.00000299590CC000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1720920374.00000299590DD000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AF6F000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B0FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processor.dll
Source: s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEBB000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995902C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus Pipes
Source: s9sRFRPn1i.exe, 00000000.00000003.1724219798.000002995AC94000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1715401234.000002995AC8A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1717076307.000002995B2D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: s9sRFRPn1i.exe, 00000000.00000002.1734167100.00000299590E0000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1732480644.00000299590CC000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1720920374.00000299590DD000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AF6F000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B0FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual ProcessorH
Source: s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995906A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
Source: s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995906A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid Partition"=
Source: s9sRFRPn1i.exe, 00000000.00000003.1707361781.000002995AA44000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost5032Debug Register Accesses/sec5034Debug Register Accesses Cost5036Page Fault Intercepts/sec5038Page Fault Intercepts Cost5040NMI Interrupts/sec5042NMI Interrupts Cost5044Guest Page Table Maps/sec5046Large Page TLB Fills/sec5048Small Page TLB Fills/sec5050Reflected Guest Page Faults/sec5052APIC MMIO Accesses/sec5054IO Intercept Messages/sec5056Memory Intercept Messages/sec5058APIC EOI Accesses/sec5060Other Messages/sec5062Page Table Allocations/sec5064Logical Processor Migrations/sec5066Address Space Evictions/sec5068Address Space Switches/sec5070Address Domain Flushes/sec5072Address Spa
Source: s9sRFRPn1i.exe, 00000000.00000002.1734167100.00000299590E0000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1732480644.00000299590CC000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1720920374.00000299590DD000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AF6F000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B0FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partition
Source: s9sRFRPn1i.exe, 00000000.00000003.1713119405.000002995AA94000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ime6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshotumbe
Source: s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995906A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition
Source: s9sRFRPn1i.exe, 00000000.00000002.1734167100.00000299590E0000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1732480644.00000299590CC000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1720920374.00000299590DD000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AF6F000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B0FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
Source: s9sRFRPn1i.exe, 00000000.00000003.1715165374.000002995ACA1000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1729139779.000002995ACA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: s9sRFRPn1i.exe, 00000000.00000003.1717076307.000002995B2E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: s9sRFRPn1i.exe, 00000000.00000003.1715401234.000002995AC6D000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1724219798.000002995AC77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPS6
Source: s9sRFRPn1i.exe, 00000000.00000003.1707821187.000002995AA80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: visor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
Source: s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEBB000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995902C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Hypervisor Root Partitiona
Source: s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995906A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V HypervisorU
Source: s9sRFRPn1i.exe, 00000000.00000003.1717076307.000002995B2E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
Source: s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995906A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipes
Source: s9sRFRPn1i.exe, 00000000.00000002.1734167100.00000299590E0000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1732480644.00000299590CC000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1720920374.00000299590DD000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AF6F000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B0FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus Pipes
Source: s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995906A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipesv>
Source: s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995906A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V ncxfrwalxntsfux Bus Pipes
Source: s9sRFRPn1i.exe, 00000000.00000002.1734167100.00000299590E0000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1732480644.00000299590CC000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1720920374.00000299590DD000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AF6F000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B0FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration ServiceF
Source: s9sRFRPn1i.exe, 00000000.00000003.1708492388.000002995AA84000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/
Source: s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995906A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition`>
Source: s9sRFRPn1i.exe, 00000000.00000002.1734167100.00000299590E0000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1732480644.00000299590CC000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1720920374.00000299590DD000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AF6F000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B0FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor"
Source: s9sRFRPn1i.exe, 00000000.00000002.1734167100.00000299590E0000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1732480644.00000299590CC000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1720920374.00000299590DD000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AF6F000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B0FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical ProcessorXN
Source: s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEBB000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995902C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processork*
Source: s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEBB000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995902C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processorc.sys
Source: s9sRFRPn1i.exe, 00000000.00000003.1707766821.000002995AA84000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1707202437.000002995AA8C000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1709809117.000002995AA8C000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1708356545.000002995AA8C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1
Source: s9sRFRPn1i.exe, 00000000.00000002.1734009697.000002995906A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1728708798.000002995B04A000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1714945869.000002995AEF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor
Source: s9sRFRPn1i.exe, 00000000.00000003.1725529210.000002995B3A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B13CC0 RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,GetTickCount64,GetCurrentProcess,CheckRemoteDebuggerPresent,GetCurrentProcess,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,0_2_00007FF607B13CC0
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BAA270 HeapReAlloc,SafeArrayDestroy,HeapFree,HeapFree,memcpy,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,memcmp,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,SysFreeString,SysFreeString,0_2_00007FF607BAA270
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607D5EBA8 SetUnhandledExceptionFilter,Sleep,0_2_00007FF607D5EBA8
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B111B9 SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,0_2_00007FF607B111B9
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeNtQuerySystemInformation: Indirect: 0x7FF607BB5485Jump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeNtQueryInformationProcess: Indirect: 0x7FF607BAE374Jump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeNtQueryInformationProcess: Indirect: 0x7FF607BAF291Jump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeNtQueryInformationProcess: Indirect: 0x7FF607BAE4D9Jump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeNtQueryInformationProcess: Indirect: 0x7FF607BAF20CJump to behavior
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607B464A0 memcpy,memcpy,memcpy,memcpy,memcpy,memcmp,memcpy,memcpy,memcpy,memcmp,memcpy,memcpy,BCryptGenRandom,SystemFunction036,memcpy,0_2_00007FF607B464A0
Source: s9sRFRPn1i.exe, 00000000.00000003.1724598999.000002995AEF4000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1725529210.000002995B3E4000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1717076307.000002995B3EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: s9sRFRPn1i.exe, 00000000.00000003.1725529210.000002995B3E4000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1717076307.000002995B3EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd]1Q
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeCode function: 0_2_00007FF607BB4EB0 PdhCollectQueryData,HeapFree,HeapFree,RtlAllocateHeap,NtQuerySystemInformation,HeapFree,RtlDeleteBoundaryDescriptor,GetSystemTimePreciseAsFileTime,HeapFree,HeapFree,memcpy,HeapFree,HeapFree,HeapFree,memcpy,memcpy,memcpy,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,RtlDeleteBoundaryDescriptor,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,HeapFree,WakeByAddressAll,HeapFree,HeapFree,HeapFree,0_2_00007FF607BB4EB0
Source: s9sRFRPn1i.exe, 00000000.00000003.1717076307.000002995B493000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1725529210.000002995B48C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Windows Defender\MSASCui.exe
Source: C:\Users\user\Desktop\s9sRFRPn1i.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts211
Windows Management Instrumentation		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		OS Credential Dumping11
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Process Injection		1
Process Injection		LSASS Memory331
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Abuse Elevation Control Mechanism		1
Abuse Elevation Control Mechanism		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		2
Obfuscated Files or Information		NTDS4
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
s9sRFRPn1i.exe65%VirustotalBrowse
s9sRFRPn1i.exe38%ReversingLabsWin64.Trojan.Generic
s9sRFRPn1i.exe100%AviraTR/Agent.orjwg

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.microsoft.c0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.microsoft.cs9sRFRPn1i.exe, 00000000.00000003.1725529210.000002995B2B7000.00000004.00000020.00020000.00000000.sdmp, s9sRFRPn1i.exe, 00000000.00000003.1717076307.000002995B2BE000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1427909
Start date and time:2024-04-18 10:29:27 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 17s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:8
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:s9sRFRPn1i.exe
Detection:MAL
Classification:mal72.evad.winEXE@1/0@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 98%
  • Number of executed functions: 42
  • Number of non-executed functions: 106
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtEnumerateKey calls found.
  • Report size getting too big, too many NtOpenKey calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy (8bit):6.659209278067152
TrID:
  • Win64 Executable (generic) (12005/4) 74.95%
  • Generic Win/DOS Executable (2004/3) 12.51%
  • DOS Executable Generic (2002/1) 12.50%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
File name:s9sRFRPn1i.exe
File size:2'414'592 bytes
MD5:262a7eb58a01d1aab21b24292c181cd3
SHA1:535312b7048fb90be981e04ea759c5ad8aaf6eda
SHA256:107090a44888272297ecb7a715a9abca4bc17dafe6aa57505436722a5a9926a6
SHA512:358b34a792eadc739446283e42a352147aac1bad6d9a535eedabeb2427735b03e7977d25086cfa6b6e8e17df628e37d9a8cd584dd1a64d703e99a8f7af1a0e9b
SSDEEP:49152:Iwbow/vbvIgF0kyPGcASmbYK94IZsrNSc8n1PI0IU6iD:IwL3bDjcABKAMSXn1q+D
TLSH:80B58C87F59295E8C56AC174935BAB32F632BC4D4920BB7707D0DB303DA2B906E0DB19
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....R.f...............)......$................@.............................@%......f%...`... ............................

File Icon

Icon Hash:00928e8e8686b000

Static PE Info

General

Entrypoint:0x1400013d0
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Time Stamp:0x661052F0 [Fri Apr 5 19:37:20 2024 UTC]
TLS Callbacks:0x4008d930, 0x1, 0x40111400, 0x1, 0x401113d0, 0x1
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:f30ecba2902c4a298094694d866ac533

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [0020F215h]
mov dword ptr [eax], 00000001h
call 00007FB478B98D4Fh
nop
nop
dec eax
add esp, 28h
ret
nop dword ptr [eax]
dec eax
sub esp, 28h
dec eax
mov eax, dword ptr [0020F1F5h]
mov dword ptr [eax], 00000000h
call 00007FB478B98D2Fh
nop
nop
dec eax
add esp, 28h
ret
nop dword ptr [eax]
dec eax
sub esp, 28h
call 00007FB478CA8E24h
dec eax
cmp eax, 01h
sbb eax, eax
dec eax
add esp, 28h
ret
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
dec eax
lea ecx, dword ptr [00000009h]
jmp 00007FB478B98F89h
nop dword ptr [eax+00h]
ret
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
inc ecx
push edi
inc ecx
push esi
inc ecx
push ebp
inc ecx
push esp
push esi
push edi
push ebp
push ebx
dec eax
sub esp, 28h
dec eax
mov esi, ecx
dec eax
cmp dword ptr [ecx], 00000000h
je 00007FB478B98FC4h
dec esp
mov eax, dword ptr [esi+08h]
dec eax
mov ecx, dword ptr [0024BC94h]
xor edx, edx
call 00007FB478CA85E2h
dec eax
mov edi, dword ptr [esi+30h]
dec eax
test edi, edi
je 00007FB478B98FE1h
dec eax
mov ebx, dword ptr [esi+28h]
dec eax
add ebx, 10h
jmp 00007FB478B98FBDh
nop
dec eax
add ebx, 28h
dec eax
dec edi

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x24e0000x1ec8.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x23f0000x53e8.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x2520000x13a4.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x2102200x28.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x24e7900x650.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x1a8e280x1a9000579671f31c2adbab796926152fb1374aFalse0.4472748161764706data6.397341700250136IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data0x1aa0000xda00xe00a4e031906368fa14ac566c0d297a64f8False0.6328125data5.020959819653997IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata0x1ab0000x935900x93600dbf9bdf5ffb21c5b0eac2f0d37e61d92False0.6674568622773537data6.856763191779834IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.pdata0x23f0000x53e80x5400f8298188da435ed2480a731f7b5d6938False0.5645461309523809data6.0946414521762815IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.xdata0x2450000x72640x7400d9b3ecbcea94e2cc89a296bb43fa4a1bFalse0.20383216594827586data4.883936937434037IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.bss0x24d0000x2400x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata0x24e0000x1ec80x2000da565f9d760e92a061313d930ee65e32False0.288818359375data4.359131277223726IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT0x2500000x680x200db01283933ac21815bf26243521485ddFalse0.080078125data0.3849086746830143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls0x2510000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc0x2520000x13a40x1400776022dfe35d5e670b03c6244a4e3ff1False0.4880859375data5.423845217310179IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLLImport
ADVAPI32.dllCopySid, GetLengthSid, GetTokenInformation, IsValidSid, OpenProcessToken, RegCloseKey, RegCreateKeyExW, RegSetValueExW, SystemFunction036
bcrypt.dllBCryptGenRandom
KERNEL32.dllDeleteCriticalSection, EnterCriticalSection, InitializeCriticalSection, LeaveCriticalSection, RaiseException, RtlCaptureContext, RtlLookupFunctionEntry, RtlUnwindEx, VirtualProtect, VirtualQuery, __C_specific_handler
msvcrt.dll__getmainargs, __initenv, __iob_func, __set_app_type, __setusermatherr, _amsg_exit, _cexit, _commode, _fmode, _fpreset, _initterm, _onexit, abort, calloc, exit, fprintf, free, fwrite, malloc, memcmp, memcpy, memmove, memset, signal, strlen, strncmp, vfprintf, wcslen
ntdll.dllNtQueryInformationProcess, NtQuerySystemInformation, NtReadFile, NtWriteFile, RtlGetVersion, RtlNtStatusToDosError, RtlVirtualUnwind
api-ms-win-core-synch-l1-2-0.dllWaitOnAddress, WakeByAddressAll, WakeByAddressSingle
kernel32.dllAddVectoredExceptionHandler, CheckRemoteDebuggerPresent, CloseHandle, CompareStringOrdinal, CreateDirectoryW, CreateFileW, CreateNamedPipeW, CreateProcessW, CreateThread, CreateWaitableTimerExW, DeleteFileW, DeleteProcThreadAttributeList, DuplicateHandle, ExitProcess, FindClose, FindFirstFileW, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, GetConsoleMode, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesW, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFullPathNameW, GetLastError, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetProcessHeap, GetProcessIoCounters, GetProcessTimes, GetStdHandle, GetSystemDirectoryW, GetSystemInfo, GetSystemTimePreciseAsFileTime, GetSystemTimes, GetTickCount64, GetWindowsDirectoryW, GlobalMemoryStatusEx, HeapAlloc, HeapFree, HeapReAlloc, InitOnceBeginInitialize, InitOnceComplete, InitializeProcThreadAttributeList, K32GetPerformanceInfo, LoadLibraryExA, LocalFree, MultiByteToWideChar, OpenProcess, QueryPerformanceCounter, QueryPerformanceFrequency, ReadFileEx, ReadProcessMemory, SetFileInformationByHandle, SetFilePointerEx, SetHandleInformation, SetLastError, SetThreadStackGuarantee, SetUnhandledExceptionFilter, SetWaitableTimer, Sleep, SleepEx, SwitchToThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UpdateProcThreadAttribute, VirtualQueryEx, WaitForSingleObject, WriteConsoleW, WriteFileEx
ole32.dllCoCreateInstance, CoInitializeEx, CoInitializeSecurity, CoSetProxyBlanket
oleaut32.dllGetErrorInfo, SafeArrayAccessData, SafeArrayDestroy, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayUnaccessData, SysAllocStringLen, SysFreeString, SysStringLen, VariantClear
pdh.dllPdhAddEnglishCounterW, PdhCloseQuery, PdhCollectQueryData, PdhGetFormattedCounterValue, PdhOpenQueryA, PdhRemoveCounter
powrprof.dllCallNtPowerInformation
psapi.dllGetModuleFileNameExW, GetProcessMemoryInfo
shell32.dllCommandLineToArgvW, ShellExecuteExW
ws2_32.dllWSACleanup, WSADuplicateSocketW, WSAGetLastError, WSARecv, WSASend, WSASocketW, WSAStartup, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, getpeername, getsockname, getsockopt, ioctlsocket, listen, recv, select, send, setsockopt
bcryptprimitives.dllProcessPrng

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:10:30:16
Start date:18/04/2024
Path:C:\Users\user\Desktop\s9sRFRPn1i.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\s9sRFRPn1i.exe"
Imagebase:0x7ff607b10000
File size:2'414'592 bytes
MD5 hash:262A7EB58A01D1AAB21B24292C181CD3
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Disassembly

Reset < >

    Executed Functions

    Function 00007FF607BB4EB0 Relevance: 79.4, APIs: 52, Instructions: 1405memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: CollectDataFreeHeapQuery
    • String ID:
    • API String ID: 1318341352-0
    • Opcode ID: 77d3a22027e066e0817b45178ca705b8c1e53be288520a297e7a46225e356f01
    • Instruction ID: 351560fedc65fe49f8feb6f5430dab80d2a58236ca5ffd8f4d678ae5b1d56ef5
    • Opcode Fuzzy Hash: 77d3a22027e066e0817b45178ca705b8c1e53be288520a297e7a46225e356f01
    • Instruction Fuzzy Hash: F0E29132A08B8581EA619F25E4813FA6360FF8A784F648236DE8D97795DF7CF495C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BAE2B0 Relevance: 58.5, APIs: 31, Strings: 2, Instructions: 756nativememoryCOMMON
    Download Yara Rule
    APIs
    Strings
    • Unable to read process memory informationReadProcessMemory returned unexpected number of bytes readUnable to read process dataTotal CPUIntel x86MIPSRISC AlphaPPCSHXARMIntel Itanium-based x64RISC Alpha x64MSIL(Intel or AMD) x64Intel Itanium-based x86unknownARM , xrefs: 00007FF607BAE789
    • ), xrefs: 00007FF607BAE798
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Process$InformationMemoryQueryRead$FreeHeap
    • String ID: )$Unable to read process memory informationReadProcessMemory returned unexpected number of bytes readUnable to read process dataTotal CPUIntel x86MIPSRISC AlphaPPCSHXARMIntel Itanium-based x64RISC Alpha x64MSIL(Intel or AMD) x64Intel Itanium-based x86unknownARM
    • API String ID: 4112743180-3186079858
    • Opcode ID: 85f3e17feda371657457afd664cf0f61198a0bb1e5d80a6ae62ddeeecba8b65d
    • Instruction ID: 360efb14efad357d886d7db34aa1fba013d26a9ad63dde7d9c455369600b7d08
    • Opcode Fuzzy Hash: 85f3e17feda371657457afd664cf0f61198a0bb1e5d80a6ae62ddeeecba8b65d
    • Instruction Fuzzy Hash: E9727472A0CB82A5EB70AF25E4413BA63A1FB86784F644136DE8D87795DF3CE485C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B379E0 Relevance: 50.5, APIs: 27, Strings: 1, Instructions: 1519memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$InfoSystem
    • String ID: RAYON_NUM_THREADSRAYON_RS_NUM_CPUS
    • API String ID: 738346042-2148087183
    • Opcode ID: 08665177bff89ffa8d4f37f4885d7840cd0ab51fd7f26f29f28b5b15fb5cf425
    • Instruction ID: 39c7953f548f0893462790d4d9abaa04f0408e7fbb5e6cd74d7021e4911a8237
    • Opcode Fuzzy Hash: 08665177bff89ffa8d4f37f4885d7840cd0ab51fd7f26f29f28b5b15fb5cf425
    • Instruction Fuzzy Hash: 94037C72A09BC182E7718F15A4843BAA3A0FBDA754F644236DADD83B95DF7CE484C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B12738 Relevance: 46.8, APIs: 15, Strings: 11, Instructions: 1255memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Free$Heap$String$BlanketProxymemcpy
    • String ID: ROOT\CIMV2$UP$WQLEmptyNullString$e revocation list: $pected-eof$0>$8z$N<$f`$o>$J
    • API String ID: 1804671696-1799597701
    • Opcode ID: b7dfce453ec9f469b05e75e2c6c8c27c0aa3d8aeff2a3806d407ce4c94fc7cf7
    • Instruction ID: ee2d5b52b53a256a2d78021cf48792bc0d40891557ab5567fc30140e28b16225
    • Opcode Fuzzy Hash: b7dfce453ec9f469b05e75e2c6c8c27c0aa3d8aeff2a3806d407ce4c94fc7cf7
    • Instruction Fuzzy Hash: D4E24672608BC595EB618F11E4443EAB7A4FB99B80F944236DACD83B99EF7CD184C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BB3AA0 Relevance: 38.5, APIs: 25, Instructions: 996memorytimeCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Value$AddressFreeHeap$ErrorLastSingleWake$ProcessTimesWait
    • String ID:
    • API String ID: 989480408-0
    • Opcode ID: 31995dcd71871e7c3de141ff010a6bcc191e9236746eb1e3a70935f31ab0c293
    • Instruction ID: 1234e15947cead2a2788fd2a365175d404fa78ffe33d3a617303a400fbd1da85
    • Opcode Fuzzy Hash: 31995dcd71871e7c3de141ff010a6bcc191e9236746eb1e3a70935f31ab0c293
    • Instruction Fuzzy Hash: 25B23E32A09BC581EB718F15E4813AAB3A0FB96784F548135DE8D87B9ADF7CE195C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B142AB Relevance: 35.7, APIs: 10, Strings: 10, Instructions: 723memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Free$Heap$String$memcpy
    • String ID: ROOT\CIMV2$UP$WQLEmptyNullString$e revocation list: $pected-eof$0>$8z$N<$f`$o>
    • API String ID: 416962675-234445396
    • Opcode ID: 096abbcc5668aa6ad3f5be5ccdd7ff935b60b3eb9966833fc65bea70c7979b4c
    • Instruction ID: af7e341e6d6aa79596e5858defb6f29279d4800356bebddab8d9754d0495c72e
    • Opcode Fuzzy Hash: 096abbcc5668aa6ad3f5be5ccdd7ff935b60b3eb9966833fc65bea70c7979b4c
    • Instruction Fuzzy Hash: 95729B72A08BC585EB618F12E4443EA77A4FB9AB80F558236CE8D83B95EF3CD540C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BB2390 Relevance: 33.8, APIs: 17, Strings: 2, Instructions: 514memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy$FreeHeap$InfoSystem
    • String ID: 0$unknownARM x64CPU
    • API String ID: 1631627638-152856199
    • Opcode ID: 8f26764af59743bc934b0140b7800ac8fa4fb1882a8293eae1e16f6993e31312
    • Instruction ID: ff742e518861167a3c9476258d34c6a285c51889ecb5e34a7e3cd849a5a6a8c4
    • Opcode Fuzzy Hash: 8f26764af59743bc934b0140b7800ac8fa4fb1882a8293eae1e16f6993e31312
    • Instruction Fuzzy Hash: 2D327031A0CB8586E7649F15A4853FAA7A0FF8A784F244235DE8D87B99DF7CE481C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BAA270 Relevance: 32.4, APIs: 17, Strings: 1, Instructions: 890memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Heap$Free$AllocString$ArrayDestroyProcessSafememcpy
    • String ID: WQLEmptyNullString
    • API String ID: 1657369709-1438605188
    • Opcode ID: 9ae2615c3b031822adc3f07e2c6f2f867d35e21174ac437aa11d210e4801a88c
    • Instruction ID: 9d9b602770024f1cef4cbba2296565e1fb1239e57686b84ac14b5cfbfca5fe9e
    • Opcode Fuzzy Hash: 9ae2615c3b031822adc3f07e2c6f2f867d35e21174ac437aa11d210e4801a88c
    • Instruction Fuzzy Hash: 12928E72A0CBC295E7719F15A4447AEB7A0FB8A780F648136DA8D83B99DF3CD445CB10
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B11D6D Relevance: 28.8, APIs: 11, Strings: 5, Instructions: 801COMMON
    Download Yara Rule
    APIs
    • GetTokenInformation.ADVAPI32 ref: 00007FF607B11D95
    • memcpy.MSVCRT ref: 00007FF607B11FAF
      • Part of subcall function 00007FF607B9DF10: HeapFree.KERNEL32 ref: 00007FF607B9E152
      • Part of subcall function 00007FF607B9DF10: HeapFree.KERNEL32 ref: 00007FF607B9E163
      • Part of subcall function 00007FF607B9DF10: WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF607B9E173
      • Part of subcall function 00007FF607B93BB0: QueryPerformanceFrequency.KERNEL32 ref: 00007FF607B93BEF
      • Part of subcall function 00007FF607BA37C0: CreateWaitableTimerExW.KERNEL32 ref: 00007FF607BA37EA
      • Part of subcall function 00007FF607BA37C0: SetWaitableTimer.KERNEL32 ref: 00007FF607BA383F
      • Part of subcall function 00007FF607BA37C0: WaitForSingleObject.KERNEL32 ref: 00007FF607BA3850
      • Part of subcall function 00007FF607BA37C0: CloseHandle.KERNEL32 ref: 00007FF607BA385A
      • Part of subcall function 00007FF607BA37C0: Sleep.KERNEL32 ref: 00007FF607BA38B2
      • Part of subcall function 00007FF607B93BB0: GetLastError.KERNEL32 ref: 00007FF607B93C81
      • Part of subcall function 00007FF607BF9820: SysFreeString.OLEAUT32 ref: 00007FF607BF98E0
      • Part of subcall function 00007FF607BF9820: CoSetProxyBlanket.OLE32 ref: 00007FF607BF9914
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Free$HeapSingleTimerWaitable$AddressBlanketCloseCreateErrorFrequencyHandleInformationLastObjectPerformanceProxyQuerySleepStringTokenWaitWakememcpy
    • String ID: )$2$runas$A$J
    • API String ID: 3472272302-343204927
    • Opcode ID: e174fe54cc7611a549c09b4eadedd72e253ca62e7da407d30a7098abc8a6c234
    • Instruction ID: 8efc70628516201bded62322a07160870aa71505a267c06618cf7920ccc83359
    • Opcode Fuzzy Hash: e174fe54cc7611a549c09b4eadedd72e253ca62e7da407d30a7098abc8a6c234
    • Instruction Fuzzy Hash: FAA22372618BC595E761CB11F4803EAB7A4FB99780F904226DACD83B99DFBCD194CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B13CC0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 172nativememoryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Process$FreeHeap$Current$InformationQuery$CheckCount64DebuggerPresentRemoteTick
    • String ID: ROOT\CIMV2$Lv$]6$8
    • API String ID: 3381193015-2285665645
    • Opcode ID: 058b1fccbcefe437964b9d8f11bcd025329d9a9e765079f639ede06df73efd4c
    • Instruction ID: 282dc50ee5aae9479e07041ca649019b1a68694c6adc9ef61c453564b80d725e
    • Opcode Fuzzy Hash: 058b1fccbcefe437964b9d8f11bcd025329d9a9e765079f639ede06df73efd4c
    • Instruction Fuzzy Hash: 63818D7260C7C584EB71AB11A0013EAA7A0FB9AB84F545132DECD93B99DF7CD585C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BA77B0 Relevance: 24.0, APIs: 19, Instructions: 252memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 44c42618938f07b02f6cb8d8e78dd7627ace5e59b52bfbbb77537f1a5c8ab5da
    • Instruction ID: da2c71f7669a689b013efb9a49f84260ae33e067b78584797c1b7a9d4c9b9a77
    • Opcode Fuzzy Hash: 44c42618938f07b02f6cb8d8e78dd7627ace5e59b52bfbbb77537f1a5c8ab5da
    • Instruction Fuzzy Hash: 94B17E72F0D742A1FAA5AF26D4413B923A1EF8A750F644236DA5D963D1CF3CE882C350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B140FD Relevance: 17.3, APIs: 6, Strings: 5, Instructions: 775memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Free$Heap$Value$String$PrngProcessmemcmpmemcpy
    • String ID: displayN$displayN$displayN$playName$J
    • API String ID: 142518295-131648959
    • Opcode ID: 767289a4c1731a3840ca39c94b3f5e1fb82efcb5a24a0a1cbebf618e31dc85de
    • Instruction ID: 947ca93beeed328775389cfcdf12dc9d695dc5acf547b29ea7da750ec361bdbc
    • Opcode Fuzzy Hash: 767289a4c1731a3840ca39c94b3f5e1fb82efcb5a24a0a1cbebf618e31dc85de
    • Instruction Fuzzy Hash: 20826976618BC185EB718B15F4513EAB7A4FB9A780F908226DACD83B59EF7CD184C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BAF640 Relevance: 15.2, APIs: 10, Instructions: 221memorytimeCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: ErrorLast$Process$CountersFileFreeHeapInfoMemoryModuleNameSystemTimesmemset
    • String ID:
    • API String ID: 708183126-0
    • Opcode ID: a127561bc22014bd89c0db46b12b9044ab5138c88730f3672c5dfdd8abe29337
    • Instruction ID: fa7f5c155687a1b8a9088af40edcb5d343d161b58d020b864f3e72a3b3b9513e
    • Opcode Fuzzy Hash: a127561bc22014bd89c0db46b12b9044ab5138c88730f3672c5dfdd8abe29337
    • Instruction Fuzzy Hash: 26A1D432B08BC5A6E7599F3691017F9A7A0FB45780F249235EB9C97795EF38E0A1C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B36C70 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 415COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID: !
    • API String ID: 0-2657877971
    • Opcode ID: 0670e15a6345fd580f3eef3dfa6080a62e31f76c7c7ef1fc6d361f167d7c0dbc
    • Instruction ID: ea8b7d533ac54a26ed7f1ee6ab6177af05920c9767faedce299d35807c0e58cf
    • Opcode Fuzzy Hash: 0670e15a6345fd580f3eef3dfa6080a62e31f76c7c7ef1fc6d361f167d7c0dbc
    • Instruction Fuzzy Hash: E3F1E372B09A8683EE64CF15D4803BA6791FB56B98F284136EE5D87794DF3DE4C58300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BB2FD0 Relevance: 10.5, APIs: 8, Instructions: 456memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$memcmp
    • String ID:
    • API String ID: 4130495867-0
    • Opcode ID: 7dfda03320cf98c17fa8014b55826491f32ddd200d26620afdce3d1ace67c896
    • Instruction ID: 7fef7f552f3da41de0a0696cef7c447d4606a79cf9cf583bb52508a628135a04
    • Opcode Fuzzy Hash: 7dfda03320cf98c17fa8014b55826491f32ddd200d26620afdce3d1ace67c896
    • Instruction Fuzzy Hash: 93121972A18B8581E7658F26E48037EA7E1FB86B84F644236DE9E97794DF7CE144C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BAF1E0 Relevance: 6.1, APIs: 4, Instructions: 81memorynativeCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapInformationProcessQuery
    • String ID:
    • API String ID: 2382859111-0
    • Opcode ID: 4d317fc8af4491ac348678e691853bf1760268e33cef435223bb228483c93907
    • Instruction ID: b1d444b9ce78f973acd485b5aa6129e3d6efdbff22b4434380693c0b8f0e601c
    • Opcode Fuzzy Hash: 4d317fc8af4491ac348678e691853bf1760268e33cef435223bb228483c93907
    • Instruction Fuzzy Hash: D931E576B0970256FB64AF21A4007BE66A1EF8AB80F648135EE8E977D4EF3CD4418300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BF56B0 Relevance: 4.7, APIs: 3, Instructions: 217memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeString$Heap
    • String ID:
    • API String ID: 1587000460-0
    • Opcode ID: 02357ba4b9e2488d658f976bed243e2547278d6b5b7c0cabf20056da2a8d4d3b
    • Instruction ID: 90df96ba056afbf4ff2ca4eababe44a6797acdda18438f05ce2c2d4e5c0ab32a
    • Opcode Fuzzy Hash: 02357ba4b9e2488d658f976bed243e2547278d6b5b7c0cabf20056da2a8d4d3b
    • Instruction Fuzzy Hash: 22716837E5855685FA7C8B15940023E5F91BF86BA8FA94235DAAE837C0DF3CE5619300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BA86E0 Relevance: 4.3, APIs: 3, Instructions: 593COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpymemset
    • String ID:
    • API String ID: 1297977491-0
    • Opcode ID: c873446906f2ef01e1e47e9c5d98f67758cd6c78b4cad8592a20cf515da7bab9
    • Instruction ID: 3a007c9174b8f481f1a50afbf60093075bc00025848bf4d43a19abfcf73647f4
    • Opcode Fuzzy Hash: c873446906f2ef01e1e47e9c5d98f67758cd6c78b4cad8592a20cf515da7bab9
    • Instruction Fuzzy Hash: 3F227662F19B8242EF169F2994116796B51FB96BE0F509335EEAE92BD4EF3CD101C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B9B610 Relevance: 1.4, APIs: 1, Instructions: 191COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 29174f14c382d8b08b0699e5a8a44a5392c276c84224afc29d6ad1f36d069393
    • Instruction ID: 24e5f02cac0e9161ad96f41574ded44c0716d1d70aeb1cbe2646415419549d78
    • Opcode Fuzzy Hash: 29174f14c382d8b08b0699e5a8a44a5392c276c84224afc29d6ad1f36d069393
    • Instruction Fuzzy Hash: 5D612567A1CA8586E6218F29A50037BAA50F777798F201235EEAEC77C6CF3CE144C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BB1750 Relevance: 1.4, APIs: 1, Instructions: 189COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: e46ce1e06a633b4cc312e67185a1391dc5915fd2cffc4f6db5b1081eaa98048a
    • Instruction ID: ccdd106bd8c8570b995d6ea899c49ced82fac2ebe51a661455a86b6344c20588
    • Opcode Fuzzy Hash: e46ce1e06a633b4cc312e67185a1391dc5915fd2cffc4f6db5b1081eaa98048a
    • Instruction Fuzzy Hash: 16510662B1924E42FB348F2A94A537A1A91F756BC0F244535EE8E877C1CEBCF582D340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BA2D00 Relevance: 21.3, APIs: 14, Instructions: 336COMMON
    Download Yara Rule
    APIs
    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF607B113E6), ref: 00007FF607BA31FA
    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF607B113E6), ref: 00007FF607BA3202
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: CloseHandle
    • String ID:
    • API String ID: 2962429428-0
    • Opcode ID: ce427193e14e2c6a1d62e20e0b82324ff7ef5cca7be50a1b215ec326e505ac7c
    • Instruction ID: 773cadabf66b5fb5ca1b245360b855aaacf5031261fc42cc8e89ae09ccc52fcc
    • Opcode Fuzzy Hash: ce427193e14e2c6a1d62e20e0b82324ff7ef5cca7be50a1b215ec326e505ac7c
    • Instruction Fuzzy Hash: 56D1BE32A1E642A5EE65AF11E8513BE67A0FF92B40F644436EE4E877D2DF3CE4418340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BB7280 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Value$ErrorGlobalInfoLastMemoryPerformancePrngProcessStatusmemcpymemset
    • String ID: @$Total CP
    • API String ID: 4265565779-3285987082
    • Opcode ID: f3439e767cfc47db1cdb065f28cc29c32e78568fe14e8a554b78d7a707b8d4ac
    • Instruction ID: ed59e859b0203c334890d5472718cb9111a29b528d56b2924dcbc858627dcc54
    • Opcode Fuzzy Hash: f3439e767cfc47db1cdb065f28cc29c32e78568fe14e8a554b78d7a707b8d4ac
    • Instruction Fuzzy Hash: 89615E32A0CBC481E7724B14F4453EBB3A0FBD9358F105225EAC846B99DF7ED18A8B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BAE110 Relevance: 12.1, APIs: 8, Instructions: 106memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: ErrorLast$HeapProcessToken$AllocCloseHandleInformationOpen
    • String ID:
    • API String ID: 602524855-0
    • Opcode ID: fed09064d3b59d5a5bb7f6ad8d4ac0001635d1475568a000362ab9d1fe0e42c5
    • Instruction ID: 39709c23e626edff1875aacf2b2ce1d3d754e51f1269bf57244ff15beb976742
    • Opcode Fuzzy Hash: fed09064d3b59d5a5bb7f6ad8d4ac0001635d1475568a000362ab9d1fe0e42c5
    • Instruction Fuzzy Hash: 9641C631A0C652A5FB50AF2594423BE63A4EF86B84F245036FE4EC7B95DF3CE5428710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B3AF00 Relevance: 11.4, APIs: 7, Instructions: 881memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$AddressWake$Single$Value
    • String ID:
    • API String ID: 4225811427-0
    • Opcode ID: 7ab6958a8c2ff611658a1a979a9f95ced7ad9db46cb028c3eb8deca216bba03d
    • Instruction ID: df8457d55fd495a24ca40bb01cb3bd28680b0e7e7d50168b61790feaed3adf86
    • Opcode Fuzzy Hash: 7ab6958a8c2ff611658a1a979a9f95ced7ad9db46cb028c3eb8deca216bba03d
    • Instruction Fuzzy Hash: 4A82E661A0C9C151EA2A6B1AA5163FBD371BFD2BC4F105231EF89477A6DF3DD2428780
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BAB470 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 199COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeString
    • String ID: WQLEmptyNullString
    • API String ID: 3341692771-1438605188
    • Opcode ID: 4a191f0e881ecad8e077b8a43ffd2d6e37209b3f9efc42903aac81ad107415b8
    • Instruction ID: dbf1933be3d23a7c8ac7f710003c26ee6349670a83249f3d481656f35aefd99b
    • Opcode Fuzzy Hash: 4a191f0e881ecad8e077b8a43ffd2d6e37209b3f9efc42903aac81ad107415b8
    • Instruction Fuzzy Hash: 78919D32A0CBC591E6629F29A0453FAA7A0FF96784F249121EF9C53B56DF3CE185C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B93980 Relevance: 10.6, APIs: 7, Instructions: 97memorythreadCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$ErrorLast$GuaranteeStackThread
    • String ID:
    • API String ID: 2866066207-0
    • Opcode ID: e0298b6560a5df33786a475f768972f8b269e21cdff8f1bbd7c89303ffd0e7d9
    • Instruction ID: 15d2d5e84d9c0cb2f3d1ca7c7ab3f5cd9c67cd4a6437a4a2eeecd75af014177a
    • Opcode Fuzzy Hash: e0298b6560a5df33786a475f768972f8b269e21cdff8f1bbd7c89303ffd0e7d9
    • Instruction Fuzzy Hash: 3531C362B0864181EB54AF23E9413BD53A2EFAABC4FA88135DE5DC7795DF3CD4828350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BB39D0 Relevance: 9.3, APIs: 6, Instructions: 328COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: ErrorLast$Copy
    • String ID:
    • API String ID: 2796656279-0
    • Opcode ID: ddfd0f205701a8bfff76f432578fbb54b9c67ee7bb235fcbad8be87fb031c716
    • Instruction ID: 6b86f95ad590a17077538ed23ab65c3d382722e45249cc18c474a6d32f8bba47
    • Opcode Fuzzy Hash: ddfd0f205701a8bfff76f432578fbb54b9c67ee7bb235fcbad8be87fb031c716
    • Instruction Fuzzy Hash: 0EE18C32A09BC581EA658F15E4813FAA3A0FB9AB94F249135DF8D83756DF7CE181C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BA37C0 Relevance: 9.1, APIs: 6, Instructions: 78timesleepsynchronizationCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: CloseHandleTimerWaitable$CreateObjectSingleSleepWait
    • String ID:
    • API String ID: 2261246915-0
    • Opcode ID: f070b314b21cf0879a64bf46710997804d9d1f691196038dde3098000811a3c0
    • Instruction ID: 789abfda114c1d456d2c982f696ed64045845bc3e86e543807b3f9663033ae40
    • Opcode Fuzzy Hash: f070b314b21cf0879a64bf46710997804d9d1f691196038dde3098000811a3c0
    • Instruction Fuzzy Hash: 66213A32F0A24716FEA87B2A661973941964F867A0E245231ED1EC77D5DF3CA8814300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BAFA00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    • ReadProcessMemory returned unexpected number of bytes readUnable to read process dataTotal CPUIntel x86MIPSRISC AlphaPPCSHXARMIntel Itanium-based x64RISC Alpha x64MSIL(Intel or AMD) x64Intel Itanium-based x86unknownARM x64CPU , xrefs: 00007FF607BAFAD4
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: ErrorFreeHeapLastMemoryProcessRead
    • String ID: ReadProcessMemory returned unexpected number of bytes readUnable to read process dataTotal CPUIntel x86MIPSRISC AlphaPPCSHXARMIntel Itanium-based x64RISC Alpha x64MSIL(Intel or AMD) x64Intel Itanium-based x86unknownARM x64CPU
    • API String ID: 2093145822-1464910840
    • Opcode ID: 0d6da2efe37eb1309b2efb81185094312dba20bce08c416c69b5971d867bb81e
    • Instruction ID: 876a267a90df6fb83c294dfa959bc4678a43fbc2180da1874344835c861617b3
    • Opcode Fuzzy Hash: 0d6da2efe37eb1309b2efb81185094312dba20bce08c416c69b5971d867bb81e
    • Instruction Fuzzy Hash: A721E132A08B45AAE6209F11B8407BAB3B4FB597A4F645234EE9D867D4DF3CD581C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B1E333 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 142memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Heap$Free$CloseHandle$AllocErrorLast
    • String ID: main
    • API String ID: 2709777324-3207122276
    • Opcode ID: ac41fffb7b461300bae31c0a7a96ecfb132480a981ddec53c45dcadb594db5bc
    • Instruction ID: b2079b7b673ffb39d7ac0f78737a6391856a70abe92b2d948417305e916dc774
    • Opcode Fuzzy Hash: ac41fffb7b461300bae31c0a7a96ecfb132480a981ddec53c45dcadb594db5bc
    • Instruction Fuzzy Hash: 96617C32A09B9689FB409F60E8403BD27A1FB0A748F644535DE4D9BB85EF7CE581C350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B93AD0 Relevance: 6.1, APIs: 4, Instructions: 60memorythreadCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$Thread$CurrentDescription
    • String ID:
    • API String ID: 930939367-0
    • Opcode ID: be531aff8e33b8265762688d0db730ee3d677fa6d68b7cc51cbeec6b8326690e
    • Instruction ID: 4f76336d6bfc5aa4ea2ad1c225d94b87abb8cc80ac0ea36bde53ca1cba9be177
    • Opcode Fuzzy Hash: be531aff8e33b8265762688d0db730ee3d677fa6d68b7cc51cbeec6b8326690e
    • Instruction Fuzzy Hash: 0E219F26B0DA4581EB109F12D1583BD63A2EFAAFD4F644136EE5D93789DF3CE4828300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BB7540 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: ErrorInfoLastPerformance
    • String ID: @
    • API String ID: 3053874364-2766056989
    • Opcode ID: 9b22b3a1a57e0b125eb8ffcb68f88a4b3901613774602ce03b013ea22ede466b
    • Instruction ID: fd5d699f8e1e1412bf891932bc3d35c2b36c5361ef83d56296690a49eab844a2
    • Opcode Fuzzy Hash: 9b22b3a1a57e0b125eb8ffcb68f88a4b3901613774602ce03b013ea22ede466b
    • Instruction Fuzzy Hash: 7B216111A18EC492E6324B28B4063E6A3B5FFE5368F105311FEDD46795EF7DD2968B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BF9820 Relevance: 4.6, APIs: 3, Instructions: 115COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeString$BlanketProxy
    • String ID:
    • API String ID: 2006564294-0
    • Opcode ID: 7768cc1d0db9fc1386fbe7f474e8f8a1fcf09ca027b31f5932222e620097c88b
    • Instruction ID: 919c14c9731e0fb3af4b2751345d236edcfd67f46d80271adb5aa7e889df0e04
    • Opcode Fuzzy Hash: 7768cc1d0db9fc1386fbe7f474e8f8a1fcf09ca027b31f5932222e620097c88b
    • Instruction Fuzzy Hash: B841A476B0974282EB249F65A05472AA794FF86F80F64D035DF8E87B85DF7DE0458700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BAF050 Relevance: 3.8, APIs: 3, Instructions: 90COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: ErrorFreeLastLocalwcslen
    • String ID:
    • API String ID: 2220074781-0
    • Opcode ID: bbf94f2fb0c29624c3d2ee6c7df2ce4127bbd48c066967a8b210ffb8bd302809
    • Instruction ID: d32e64a0538ad7d6e4e944917ae551e265383be9649e18b516d9c5833ca140ef
    • Opcode Fuzzy Hash: bbf94f2fb0c29624c3d2ee6c7df2ce4127bbd48c066967a8b210ffb8bd302809
    • Instruction Fuzzy Hash: 3441BD32A18B8095E6619F15F4403AAB7A0FB89798F644135EFCD46B58EF7CD189CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BAF560 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: ErrorInformationLastToken
    • String ID:
    • API String ID: 2700267200-0
    • Opcode ID: 8b00991843f8d8cad33b742f4f008bb03b7888ef026bbf2c329fe78dd769cb29
    • Instruction ID: 2e7e091c80fd9bb430f9aed4e440722bd2c5120926dfe603348578deba939f77
    • Opcode Fuzzy Hash: 8b00991843f8d8cad33b742f4f008bb03b7888ef026bbf2c329fe78dd769cb29
    • Instruction Fuzzy Hash: E9E09231A087529AE7547B25B4013BA62E0AB48380F208035DACEC6795EF6CD8824690
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BF9610 Relevance: 2.6, APIs: 2, Instructions: 103memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID:
    • API String ID: 673829100-0
    • Opcode ID: 87df4e5f8352f314df8d3bee646365e509409bc5ca5537dcfc36ba11d57269c7
    • Instruction ID: 41584d27d62ae236f16e8949cdd5bc165c7d297ac77caf6e010ce0c898492465
    • Opcode Fuzzy Hash: 87df4e5f8352f314df8d3bee646365e509409bc5ca5537dcfc36ba11d57269c7
    • Instruction Fuzzy Hash: 24419175B4974292EE658F26E8407B863A1AF16B84FA48436DA5EC7781EF3CF145C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B37570 Relevance: 2.6, APIs: 2, Instructions: 92memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 4ce81ec4fb88c4cd820d340b0f25586446098824508f93eb2054337fcdc40009
    • Instruction ID: 4e0de0125bd2b1d9e1213c1489cacd1c146790b34d1948f34f40809778bb6765
    • Opcode Fuzzy Hash: 4ce81ec4fb88c4cd820d340b0f25586446098824508f93eb2054337fcdc40009
    • Instruction Fuzzy Hash: FE417072A1CA4282EB60CF19E4A577977A1FB86B84F648136DA4EC36A4DF3CD4C5C341
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B37450 Relevance: 2.6, APIs: 2, Instructions: 76memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: c34d65c046ccb75b58ab089794a0b180ae092c176c1d576283081caed3465adc
    • Instruction ID: 150ded57e7d2e8307908cc5a8c389693a6af10131d948e2431196bd38b5dd692
    • Opcode Fuzzy Hash: c34d65c046ccb75b58ab089794a0b180ae092c176c1d576283081caed3465adc
    • Instruction Fuzzy Hash: 1E31C9B2B18A4182EA14CF15E4853AE63A2FB86794FA44232DA4D837A4DF3CD5C2C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B12591 Relevance: 2.6, APIs: 2, Instructions: 75memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 8be9cc7a1d514ed46d15ccf6d99d7e34ae4005ce7d1be1392cf51bf52c6ae15e
    • Instruction ID: 8fb38d30ac3b68b393c07401117ce380d2db220c580e71fc0d2a058b9ee8b8ba
    • Opcode Fuzzy Hash: 8be9cc7a1d514ed46d15ccf6d99d7e34ae4005ce7d1be1392cf51bf52c6ae15e
    • Instruction Fuzzy Hash: 1F414F72A0CAC594EB65DF15E0503EA63A1FB9AB80F948131D6CD83B99DF7CE584C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BB4FC0 Relevance: 1.7, APIs: 1, Instructions: 180memorynativeCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Query$CollectCounterDataFormattedFreeHeapInformationSystemValuememcmp
    • String ID:
    • API String ID: 753412125-0
    • Opcode ID: e150874622506963725443d11604d385581c609d03efdbe21a1fb6b44c795bab
    • Instruction ID: c98810c417d0434076c14abfd5cad489030ddcc14b0a170c0bd4adb71841df7b
    • Opcode Fuzzy Hash: e150874622506963725443d11604d385581c609d03efdbe21a1fb6b44c795bab
    • Instruction Fuzzy Hash: AA919E32A08BC581E7608F11E5853AE77A8FF85394F654236EE8D82795DFBCE099C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BA7BE0 Relevance: 1.3, APIs: 1, Instructions: 74memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 0a46a23456d1728c278d373f3e94e8004d3d6c0783be8989dc18b38a32ef8c18
    • Instruction ID: 6b13636ea28ade0ac361849c1d33e8f77586def68d9136cf5dc689b7603c19e2
    • Opcode Fuzzy Hash: 0a46a23456d1728c278d373f3e94e8004d3d6c0783be8989dc18b38a32ef8c18
    • Instruction Fuzzy Hash: 8D21FF23B0A65652E656AB2AA4456785761BB85BF0F285332CE3C827C0FF3CD4C3C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BAC3F0 Relevance: 1.3, APIs: 1, Instructions: 45COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: 924a8e663a2f76df2f3f473a8f386dacee690bb3910cd28017aec338618be6f6
    • Instruction ID: f6716f389d47a12a12e7ff05cdaade8a069a7c498244e9391b38795ab177cef2
    • Opcode Fuzzy Hash: 924a8e663a2f76df2f3f473a8f386dacee690bb3910cd28017aec338618be6f6
    • Instruction Fuzzy Hash: 2F01D472A0974592EA255F22A9403796BA1BB09FC0F249530DFAD97B91DF3CE4D24314
    Uniqueness

    Uniqueness Score: -1.00%

    Non-executed Functions

    Function 00007FF607BBD930 Relevance: 88.8, APIs: 46, Strings: 4, Instructions: 1326COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcmp$memcpy
    • String ID: set$P$httphttpswswssftpfile//file://$testunknown scheme
    • API String ID: 231171946-2656226251
    • Opcode ID: 006678d4b8c8bce4fc1861835fd9e35a40a610f8f6488cbc698d2313115b805f
    • Instruction ID: a1abc0039e5d34a758afd889456db1925c92f7bc99903ff15410a5eb2a70de47
    • Opcode Fuzzy Hash: 006678d4b8c8bce4fc1861835fd9e35a40a610f8f6488cbc698d2313115b805f
    • Instruction Fuzzy Hash: F9E26B32A0CBC185E6718F15E8803EAA7A4FB96784F645235DE8D83B99DF7CE585C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B6C480 Relevance: 69.2, APIs: 41, Strings: 3, Instructions: 3203memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    • , xrefs: 00007FF607B6D213
    • c ap traffics ap trafficexp masterres masterderivedCLIENT_EARLY_TRAFFIC_SECRETCLIENT_HANDSHAKE_TRAFFIC_SECRETSERVER_HANDSHAKE_TRAFFIC_SECRETCLIENT_TRAFFIC_SECRET_0SERVER_TRAFFIC_SECRET_0EXPORTER_SECRETkeyivfinishedtraffic updresumptionexporterexporting too muc, xrefs: 00007FF607B6CE29
    • derivedCLIENT_EARLY_TRAFFIC_SECRETCLIENT_HANDSHAKE_TRAFFIC_SECRETSERVER_HANDSHAKE_TRAFFIC_SECRETCLIENT_TRAFFIC_SECRET_0SERVER_TRAFFIC_SECRET_0EXPORTER_SECRETkeyivfinishedtraffic updresumptionexporterexporting too muchtls13 ClientSessionMemoryCache, xrefs: 00007FF607B6CADA
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy$FreeHeap
    • String ID: $c ap traffics ap trafficexp masterres masterderivedCLIENT_EARLY_TRAFFIC_SECRETCLIENT_HANDSHAKE_TRAFFIC_SECRETSERVER_HANDSHAKE_TRAFFIC_SECRETCLIENT_TRAFFIC_SECRET_0SERVER_TRAFFIC_SECRET_0EXPORTER_SECRETkeyivfinishedtraffic updresumptionexporterexporting too muc$derivedCLIENT_EARLY_TRAFFIC_SECRETCLIENT_HANDSHAKE_TRAFFIC_SECRETSERVER_HANDSHAKE_TRAFFIC_SECRETCLIENT_TRAFFIC_SECRET_0SERVER_TRAFFIC_SECRET_0EXPORTER_SECRETkeyivfinishedtraffic updresumptionexporterexporting too muchtls13 ClientSessionMemoryCache
    • API String ID: 4250714341-2870698899
    • Opcode ID: 9ece228d56780dbe5c9684950ad80d95adff7e6a14e2dad595d0dc113e5b9f97
    • Instruction ID: 748c96a084b903e3dc1bdf9c818e3b417f6741ccd6f4fab73d00f3049a2f9496
    • Opcode Fuzzy Hash: 9ece228d56780dbe5c9684950ad80d95adff7e6a14e2dad595d0dc113e5b9f97
    • Instruction Fuzzy Hash: 77A3E12610D7D089E3328729A0687EFBFA4E7E6345F084195D7D446B8BCB6DC248CF66
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B80530 Relevance: 64.0, APIs: 50, Instructions: 1463memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$memcpy
    • String ID:
    • API String ID: 1887603139-0
    • Opcode ID: c4fc9e5febbc33a306dfee22aa44cb510b3fe01a82506e69ddcf248b9241d76a
    • Instruction ID: 1b25c71e5da6d1e793b1b4d4f06e8911c5360495259bee8c3a21a774332607d7
    • Opcode Fuzzy Hash: c4fc9e5febbc33a306dfee22aa44cb510b3fe01a82506e69ddcf248b9241d76a
    • Instruction Fuzzy Hash: FCF29D22A09BC685E7A68F29D4013F967A0FF9A784F189235CF8D47792DF78E195C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B837A0 Relevance: 60.5, APIs: 31, Strings: 3, Instructions: 1048memorytimeCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$Timememcpy$FilePreciseSystem
    • String ID: $0$CLIENT_RANDOM
    • API String ID: 3233976405-2570407474
    • Opcode ID: 5f59f8c2b1122af6da5e83c3f881e17decb3f16fe73ca1e96c8e095596204da3
    • Instruction ID: 765843bdb790eeda89d40a6f8beac40da80e35515587e46cad3173787743c30f
    • Opcode Fuzzy Hash: 5f59f8c2b1122af6da5e83c3f881e17decb3f16fe73ca1e96c8e095596204da3
    • Instruction Fuzzy Hash: A7C23C62A0CBC281E6B18F15E4453EAA3A0FB99784F549225DFCC57B56EF7CE185CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B59610 Relevance: 55.1, APIs: 33, Strings: 3, Instructions: 1083COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy$memset
    • String ID: ;$g failed$signing
    • API String ID: 438689982-3197274493
    • Opcode ID: 2f427774303ca811cd54338fdf3c1074b9df19e0b4eca99bfc23b9be3b3bcdb8
    • Instruction ID: b17d83904de53112b1f37d4f3da8a8fb8faac74c59587277daa0ea0c73d5bb23
    • Opcode Fuzzy Hash: 2f427774303ca811cd54338fdf3c1074b9df19e0b4eca99bfc23b9be3b3bcdb8
    • Instruction Fuzzy Hash: B2A2D871A0CBC185E6609F12F8443EAA765FB8ABD4F544235EE8DA7B9ADF3CD1418700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B828F0 Relevance: 39.6, APIs: 31, Instructions: 801memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 3be09a09a56d9f8e34ee5146e18eefa00810443473e281fe32a7eed592e7055e
    • Instruction ID: 636b113f1bb4e8015f8ad956537cb066a7b0b37845f860edcfb0711f3255c022
    • Opcode Fuzzy Hash: 3be09a09a56d9f8e34ee5146e18eefa00810443473e281fe32a7eed592e7055e
    • Instruction Fuzzy Hash: E9929E72A09BC181E7A68B29E4453F967A0FF9A744F599221CF8C43752EF79E1D5C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B946C0 Relevance: 36.9, APIs: 24, Instructions: 940COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: CompareOrdinalString
    • String ID:
    • API String ID: 2409332303-0
    • Opcode ID: 138a6f8291121b00921046cec2fc9944e558e0f66be53df72e4df2636d756977
    • Instruction ID: 20f01625224ea6ecb40541075d7ee4c54ca722d2bf75512754f98b9d9d105b74
    • Opcode Fuzzy Hash: 138a6f8291121b00921046cec2fc9944e558e0f66be53df72e4df2636d756977
    • Instruction Fuzzy Hash: D8B28522908BC4C1E7228F28E4457EAB3B4FFA9794F159221DF9C53665EF39D295C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B464A0 Relevance: 34.4, APIs: 15, Strings: 4, Instructions: 1144COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID: InvalidEncodingVersionNotSupportedInconsistentComponentsInvalidComponentPrivateModulusLenNotMultipleOf512BitsTooLargeTooSmallrunas$RNG failed$UnexpectedError$WrongAlgorithm
    • API String ID: 3510742995-3340407148
    • Opcode ID: 2122ac822906aec69cfaac0a9c6a9f8eb4ee1e9d70a4ef5ead7f943ea2549851
    • Instruction ID: ead6d81b39c7792760d07b35bb79955e90befc4646852db8cf73c69d77697ac1
    • Opcode Fuzzy Hash: 2122ac822906aec69cfaac0a9c6a9f8eb4ee1e9d70a4ef5ead7f943ea2549851
    • Instruction Fuzzy Hash: D5C2742290CAC591E6368F28E4053FAA370FF96358F545221EFCC52656EF39E2D6D700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B9D860 Relevance: 27.4, APIs: 18, Instructions: 425memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Value$AllocCompleteInitOnce
    • String ID:
    • API String ID: 1228016869-0
    • Opcode ID: f1953b4b352e75f63cec3c1b01405acd315139514edaf964ec645168771cb1a7
    • Instruction ID: d4769082808e7eed54cd3ea3adad883fb93fbcae943186954b4b32d6975dccb2
    • Opcode Fuzzy Hash: f1953b4b352e75f63cec3c1b01405acd315139514edaf964ec645168771cb1a7
    • Instruction Fuzzy Hash: 02F18D31F0C64282FB659F26A8803796292EF76B54F784635DA2DD73D5CF3CA8828351
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B434C0 Relevance: 23.5, APIs: 18, Instructions: 988COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy$memset$memcmp
    • String ID:
    • API String ID: 270934217-0
    • Opcode ID: f5f3dc8f7ab57eebe52d1afb3e286e211d88dbf9efb211a98f2c5476c8b68d90
    • Instruction ID: f6863ad96b1df622ceb01820e3d27b00bb3489c3ee1b722a182eb84dd99b70e3
    • Opcode Fuzzy Hash: f5f3dc8f7ab57eebe52d1afb3e286e211d88dbf9efb211a98f2c5476c8b68d90
    • Instruction Fuzzy Hash: 6992C422E1CBC581EA608F15E4003FAA7A0FB96B94F649235EE8D53796DF3CE595C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B11450 Relevance: 23.0, APIs: 18, Instructions: 521memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 16a070483253a166c31491af56f23a5456d2b6df87490654a9bbf75584131561
    • Instruction ID: 9fccbe8cb7e6990edc6b2afab61a6e3e7161cfc0d0b7400b6372f23f9fa8d734
    • Opcode Fuzzy Hash: 16a070483253a166c31491af56f23a5456d2b6df87490654a9bbf75584131561
    • Instruction Fuzzy Hash: 5B12A171B1964E82EA959F1A94443B917A1EF47BE4FA84632CF2D977D0DF3CE4828310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B7D590 Relevance: 21.9, APIs: 17, Instructions: 612COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: 53ef6bc4ed334b94afa9d173bb0d63d89cd2bb87d1b58ad3eeb06d04937bfd62
    • Instruction ID: 25aa32aa6c3489bba42c115e70b60a5f149b1cf4aac5896fdb2afbe4aaeeb255
    • Opcode Fuzzy Hash: 53ef6bc4ed334b94afa9d173bb0d63d89cd2bb87d1b58ad3eeb06d04937bfd62
    • Instruction Fuzzy Hash: 76429572B18B9582DB10DF10D0442A973A4FF55BA8F659636DB2E8B3E0EF38E459C304
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B6B6B0 Relevance: 21.5, APIs: 14, Instructions: 456memorytimeCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$memcpy$Time$FilePreciseSystem
    • String ID:
    • API String ID: 869420969-0
    • Opcode ID: 25690d1eab518c97846042c62ed722f21a430b560bbd8ef2be5c29e549cd8552
    • Instruction ID: f2534cd60f651f24b7b0ecb518ce04a449331ec56d6d4bc05075cad482bb1f55
    • Opcode Fuzzy Hash: 25690d1eab518c97846042c62ed722f21a430b560bbd8ef2be5c29e549cd8552
    • Instruction Fuzzy Hash: AB326F72A08BC582E7618F25E5413EAA770FB99784F649225DF8C83796EF3CE195C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BBC3D0 Relevance: 18.7, APIs: 8, Strings: 4, Instructions: 665memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$memcpy
    • String ID: Transfer-EncodingchunkedContent-LengthauthorizationAuthorizationBasic $chun$nked$transfer-encodingcontent-length
    • API String ID: 1887603139-2832985829
    • Opcode ID: 8834fbb700a0af683e2ec5a42871a8b3ddf077e8308c626adc231c3632398173
    • Instruction ID: d1e74b001750f5173411fe1bdab09b2215701a2b990db8eba9900b1bce4ff0cc
    • Opcode Fuzzy Hash: 8834fbb700a0af683e2ec5a42871a8b3ddf077e8308c626adc231c3632398173
    • Instruction Fuzzy Hash: 45628172A08BC185EA60CF15E4843AABBA0FB96780F644235DECD97B99DF7CE445C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B9D520 Relevance: 18.2, APIs: 12, Instructions: 195memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$ErrorLast$EnvironmentVariable
    • String ID:
    • API String ID: 4066227703-0
    • Opcode ID: a9620bf96b9f7b7772309a6e199d5ee3786d7a975a142d054fa6be1944aee010
    • Instruction ID: fcd0fb7b94343193a86d4736b35b887e3e2b2c776fa377c543a9238dc065c5f8
    • Opcode Fuzzy Hash: a9620bf96b9f7b7772309a6e199d5ee3786d7a975a142d054fa6be1944aee010
    • Instruction Fuzzy Hash: 4381A232B1CA8181E7609F26E44536AB7A1FBAA790F644532DEADD3B95CF3CD481C710
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B9E880 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 311memorynetworkCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Heap$Free$AllocErrorLastgetaddrinfomemcpy
    • String ID: 127.0.0.1:0testserver: pre-connect with error
    • API String ID: 2912495042-123408176
    • Opcode ID: 81d9ccd265dd3a60391ccdf71926cb6886348b33aa2ab115162a02de5978c598
    • Instruction ID: 8564d03bc6f77df39475e9aadbde5d7e5f0f7df667d2fce24b311b4b4be56124
    • Opcode Fuzzy Hash: 81d9ccd265dd3a60391ccdf71926cb6886348b33aa2ab115162a02de5978c598
    • Instruction Fuzzy Hash: BAC1F533A1DB8185EB60CB15A441379ABA0FBBA790F644636EADD827D5DF3CD185C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BB0560 Relevance: 14.1, APIs: 5, Strings: 4, Instructions: 567memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy$FreeHeapmemset
    • String ID: arenegyl$modnarod$setybdet$uespemos
    • API String ID: 389588089-66988881
    • Opcode ID: c8b2be897e3158e04b3a5bef139afede0c5e4183fc6f645f8e019960038b62ec
    • Instruction ID: 16ee4ca764fe31d607965cc81438fbeed761f63fb83fa74a3794fac5fa0394bf
    • Opcode Fuzzy Hash: c8b2be897e3158e04b3a5bef139afede0c5e4183fc6f645f8e019960038b62ec
    • Instruction Fuzzy Hash: 3D323723F09BC581EB05DF2899112BA6720F799B98F15A331DEAD566D2EF78E1D1C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B50460 Relevance: 14.0, APIs: 7, Strings: 2, Instructions: 467COMMON
    Download Yara Rule
    Strings
    • u8u24u32received unexpected message: got when expecting , xrefs: 00007FF607B505AC, 00007FF607B50947
    • ProtocolVersionInsufficientSecurityInternalErrorInappropriateFallbackUserCanceledNoRenegotiationMissingExtensionUnsupportedExtensionCertificateUnobtainableUnrecognisedNameBadCertificateStatusResponseBadCertificateHashValueUnknownPSKIdentityCertificateRequiredA, xrefs: 00007FF607B504B4
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID: ProtocolVersionInsufficientSecurityInternalErrorInappropriateFallbackUserCanceledNoRenegotiationMissingExtensionUnsupportedExtensionCertificateUnobtainableUnrecognisedNameBadCertificateStatusResponseBadCertificateHashValueUnknownPSKIdentityCertificateRequiredA$u8u24u32received unexpected message: got when expecting
    • API String ID: 0-2588640901
    • Opcode ID: 9797b296139b0aa20b65899a4716ec6464a032127a3d63aab0098a4aae819097
    • Instruction ID: ded1ebb91c0aba93ca3907e2616fb140ac421f63ec431371090bac8c4d44b4c3
    • Opcode Fuzzy Hash: 9797b296139b0aa20b65899a4716ec6464a032127a3d63aab0098a4aae819097
    • Instruction Fuzzy Hash: AB32933291CBC585E7319B25F4403AAB7A0FBD6794F204322EADD92A99DF7CD185CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BBF420 Relevance: 12.7, APIs: 5, Strings: 3, Instructions: 704COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID: AuthorizationBasic $host$user-agentUser-AgentacceptAccept*/*Cookie
    • API String ID: 0-3727191119
    • Opcode ID: 577c9b570e115f8da4fff54a97cf7d9554e764e094cdcdf7b2f94a40a6fa3969
    • Instruction ID: b57a07c363594ec5fe132f540b7def8640f5cb5c01901478776832f12fe5aa12
    • Opcode Fuzzy Hash: 577c9b570e115f8da4fff54a97cf7d9554e764e094cdcdf7b2f94a40a6fa3969
    • Instruction Fuzzy Hash: B2729332A0DB82C5EA709F15E8803BAB3A0FB4A354F644635DA8D87B95EF7CE555C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B59530 Relevance: 12.6, APIs: 10, Instructions: 79memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: cf4acf208e9a910b454624dbc540c460eb27ffcd07fbb7ac616b3f1a1e8f09ac
    • Instruction ID: 574777c6db766615bf6a279f1fa55b90a8d92ebed0704064d3797e3a12d2d445
    • Opcode Fuzzy Hash: cf4acf208e9a910b454624dbc540c460eb27ffcd07fbb7ac616b3f1a1e8f09ac
    • Instruction Fuzzy Hash: 06414365A0874382E7A4AB36F4813B96772EF85750F644233C65DC65D1CF3CE481C361
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B4C660 Relevance: 12.5, APIs: 5, Strings: 3, Instructions: 536memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    • ProtocolVersionInsufficientSecurityInternalErrorInappropriateFallbackUserCanceledNoRenegotiationMissingExtensionUnsupportedExtensionCertificateUnobtainableUnrecognisedNameBadCertificateStatusResponseBadCertificateHashValueUnknownPSKIdentityCertificateRequiredA, xrefs: 00007FF607B4C8BC
    • u8u24u32received unexpected message: got when expecting , xrefs: 00007FF607B4C680, 00007FF607B4C947, 00007FF607B4CE40
    • ServerNameTypeNamedGroupsecp256r1secp384r1secp521r1X25519X448FFDHE2048FFDHE3072FFDHE4096FFDHE6144FFDHE8192, xrefs: 00007FF607B4CD25
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID: ProtocolVersionInsufficientSecurityInternalErrorInappropriateFallbackUserCanceledNoRenegotiationMissingExtensionUnsupportedExtensionCertificateUnobtainableUnrecognisedNameBadCertificateStatusResponseBadCertificateHashValueUnknownPSKIdentityCertificateRequiredA$ServerNameTypeNamedGroupsecp256r1secp384r1secp521r1X25519X448FFDHE2048FFDHE3072FFDHE4096FFDHE6144FFDHE8192$u8u24u32received unexpected message: got when expecting
    • API String ID: 673829100-3214441535
    • Opcode ID: f3bd3012dac9d4a2667b47139fe788f42fa76f67cbd4444430bc7fa400d46f92
    • Instruction ID: 696b6fc9ed9968a5fb78ec80d72e1d5c9917b6ee63be4e96818e45f2b042ee65
    • Opcode Fuzzy Hash: f3bd3012dac9d4a2667b47139fe788f42fa76f67cbd4444430bc7fa400d46f92
    • Instruction Fuzzy Hash: 7532D732A1AB8182EB608F15E44037ABBA0F786F94F204136EE8E87794DF7CD585D750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B44520 Relevance: 11.6, APIs: 9, Instructions: 328memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$memcpy$memset
    • String ID:
    • API String ID: 4151080496-0
    • Opcode ID: 4b0b141edfa486ec25d5ec38b1783f53a67d23e30fd474f129816fc37728d76c
    • Instruction ID: 8c84b87ba3fecd9c904383824b4717c0651b7f6b58baf531f7d87c75ed6ee78f
    • Opcode Fuzzy Hash: 4b0b141edfa486ec25d5ec38b1783f53a67d23e30fd474f129816fc37728d76c
    • Instruction Fuzzy Hash: 2BE19172A0CAC181EA719F15E4443FAA360FB8A794F585231DE8C93BA5DF3CE591D704
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BDA440 Relevance: 11.4, APIs: 9, Instructions: 191memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$memcpy
    • String ID:
    • API String ID: 1887603139-0
    • Opcode ID: d24c398861a84117c3d18afddafe298afa95aa80162f2e536f79a6f439641f50
    • Instruction ID: c902102aa5e5a9213bb1ada4edc7e38dd6e185ff83645569c2f5d12c7a403a0a
    • Opcode Fuzzy Hash: d24c398861a84117c3d18afddafe298afa95aa80162f2e536f79a6f439641f50
    • Instruction Fuzzy Hash: 60719531B0864182FB659B62A5403B96761EF89B90F688536CE5DC77D1EF3CEC818314
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B45880 Relevance: 11.0, APIs: 5, Strings: 2, Instructions: 532memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID: InvalidEncodingVersionNotSupportedInconsistentComponentsInvalidComponentPrivateModulusLenNotMultipleOf512BitsTooLargeTooSmallrunas$UnexpectedError
    • API String ID: 3298025750-3587430882
    • Opcode ID: 0dde0c669779a4a25f85a22ba97d3b8eaad9e2a7465080f72d3543966cbdaa90
    • Instruction ID: e2ae3016db42909afbae159204e54580685610aafcb6fea29c88cae33e580871
    • Opcode Fuzzy Hash: 0dde0c669779a4a25f85a22ba97d3b8eaad9e2a7465080f72d3543966cbdaa90
    • Instruction Fuzzy Hash: D012F572B18E4252EA349F12A8403BA67A5BF46BD4F644231DE5E87BD0DF3CE590E304
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B5C850 Relevance: 9.0, APIs: 7, Instructions: 234memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: ebd69b28cc7e503f948b24bd036a6274152c9c834154fe3939b09cb3bbeb0e75
    • Instruction ID: b766589647883d40ae201e7ca320f5d040e74af815159480b05f44cd6cb548fd
    • Opcode Fuzzy Hash: ebd69b28cc7e503f948b24bd036a6274152c9c834154fe3939b09cb3bbeb0e75
    • Instruction Fuzzy Hash: C8A1E3A3A0D3C285FB618B25E4143796F92EB56B84F18C235CA4E4B781DF7DE085C361
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B614F0 Relevance: 9.0, APIs: 7, Instructions: 219memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 5f1059e42c65b56da5a1b613abc3c4767f0b3d5ca28d1a253fb46d5960a27c77
    • Instruction ID: b41a389ddd991d4067c973dfcdee2cf6aa0b842b0efd5afcad4919179ea9eebc
    • Opcode Fuzzy Hash: 5f1059e42c65b56da5a1b613abc3c4767f0b3d5ca28d1a253fb46d5960a27c77
    • Instruction Fuzzy Hash: F6A1D176A0C78A81EB71DF19E0483BA63A1EB86B90F644132CB9D872C5DF7CD681C301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B4E930 Relevance: 7.9, APIs: 3, Strings: 2, Instructions: 430memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID: SignatureSchemeRsaParameterspadding_alg$u8u24u32received unexpected message: got when expecting
    • API String ID: 3298025750-64041730
    • Opcode ID: 7cdcd6a16486f691d2b109aafd61d5608bdaa1490206b89068a766fbe180984a
    • Instruction ID: 58c46eed99b277fed42e04eb41cd972db15a49d3fc3840013a5afeca90ea59a2
    • Opcode Fuzzy Hash: 7cdcd6a16486f691d2b109aafd61d5608bdaa1490206b89068a766fbe180984a
    • Instruction Fuzzy Hash: 2A12E732A1CB9186EB608F15E48037EB3A1FB85794F645136EA8E83B94DF7CE181D741
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607C21790 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 232COMMON
    Download Yara Rule
    Strings
    • Unknown pseudo relocation protocol version %d., xrefs: 00007FF607C21AE0
    • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF607C2191D
    • Unknown pseudo relocation bit size %d., xrefs: 00007FF607C21AD4
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
    • API String ID: 0-1286557213
    • Opcode ID: 1880e95fa8ff54b746f206f1cf9259914130b6c4033684cd1a0b816de8a64c0c
    • Instruction ID: abe774a6365348e80fbf18c620a19b3fc5bd6aee5d142f22d6e0695fccd54c18
    • Opcode Fuzzy Hash: 1880e95fa8ff54b746f206f1cf9259914130b6c4033684cd1a0b816de8a64c0c
    • Instruction Fuzzy Hash: CB91B026F0855AABFB109B24944027963B1BF957A4F3CA331CA6D977C8DE3CED438251
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BA07E0 Relevance: 6.8, APIs: 5, Instructions: 550COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: 4a097afecc933a6cb66c27622289e53ad3045164187158be2884e2342a6ec0e5
    • Instruction ID: 5f3d0cd24746b9d9d7ea499805a76fbb1d00a3ba9b26e7db8823c02cc23d6494
    • Opcode Fuzzy Hash: 4a097afecc933a6cb66c27622289e53ad3045164187158be2884e2342a6ec0e5
    • Instruction Fuzzy Hash: 16222632A0C78596FB61AF15E4403BE67A1FB96790F644132EA8D83B95EF3DE485C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B2D7E0 Relevance: 6.4, APIs: 4, Instructions: 1388COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 115b497f4397f931d11ee8700806f98862a7e262c9c7c659989aee003b24809a
    • Instruction ID: 579c15ca20896d10ece72610b1938e80b14ad574063df9210103117dae88fe50
    • Opcode Fuzzy Hash: 115b497f4397f931d11ee8700806f98862a7e262c9c7c659989aee003b24809a
    • Instruction Fuzzy Hash: E6C24772E1CAD986FB258F19A4047BE6752FB46790F244235DA9E83BC4DF7CE9818700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BB76C0 Relevance: 5.1, Strings: 4, Instructions: 98COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID: arenegyl$modnarod$setybdet$uespemos
    • API String ID: 0-66988881
    • Opcode ID: 30ecba30a59e1207a5a08b7c47a287f0dd115cbac2afeaa39fd4664444d41f8c
    • Instruction ID: 0775f02f08c4f9195afb931905fcfe8a6923f2bacdd841107ace641ed7b137a2
    • Opcode Fuzzy Hash: 30ecba30a59e1207a5a08b7c47a287f0dd115cbac2afeaa39fd4664444d41f8c
    • Instruction Fuzzy Hash: 9D3109E5B08B8042FE90E7E5787636B9252A3457C0F40E136EE4D9770EDF2DD2528644
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BB7850 Relevance: 5.1, Strings: 4, Instructions: 91COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID: arenegyl$modnarod$setybdet$uespemos
    • API String ID: 0-66988881
    • Opcode ID: 19f111dfb905323ef022bece2fa0183fa792212cff9142e6b716040df3c1b6ab
    • Instruction ID: 47cc59e2fddec78352e4e837ced63eb6c81dc69f53dba1b88bb7e96d71e0ad67
    • Opcode Fuzzy Hash: 19f111dfb905323ef022bece2fa0183fa792212cff9142e6b716040df3c1b6ab
    • Instruction Fuzzy Hash: AD21A4E5B58F8042FE80DBE5787636BA262A3857C0F50E036EE4D9770ADF3DD2528644
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B36510 Relevance: 4.8, APIs: 1, Strings: 2, Instructions: 289COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID: arenegyl$setybdet
    • API String ID: 3510742995-2199462733
    • Opcode ID: f14b7fd4e84e01a6ee778fac9f280e28171ca11514af8ad18346ab5218bd1a2a
    • Instruction ID: 16fc86f428766fb78a9c4506c483efe476897b3148e0f8471a6692769f3125a6
    • Opcode Fuzzy Hash: f14b7fd4e84e01a6ee778fac9f280e28171ca11514af8ad18346ab5218bd1a2a
    • Instruction Fuzzy Hash: B9F14C32948BC181F3B58B14F55A7EBB360F7D8318F506209DBC846655EFBED2D68A80
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B3F470 Relevance: 4.8, APIs: 2, Strings: 1, Instructions: 279COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID: jjjjjjjj
    • API String ID: 3510742995-1384931739
    • Opcode ID: a574413750e5dfa0d756ef24627edaf153ca80338849e322247f5fb5a2f0a1c2
    • Instruction ID: 2f535a32670d15c7734917c0693d07c46218b78dc56a1ae35cfe01637cd566cc
    • Opcode Fuzzy Hash: a574413750e5dfa0d756ef24627edaf153ca80338849e322247f5fb5a2f0a1c2
    • Instruction Fuzzy Hash: 83E19222D0CAC586E6768F1CE1453F9A361FFEA788F54A221DFC852655EF2CE1D58700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B5C540 Relevance: 4.7, APIs: 2, Strings: 1, Instructions: 188memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    • NoKeyLogFailResolveClientCertres binderc e trafficc hs traffics hs trafficc ap traffics ap trafficexp masterres masterderivedCLIENT_EARLY_TRAFFIC_SECRETCLIENT_HANDSHAKE_TRAFFIC_SECRETSERVER_HANDSHAKE_TRAFFIC_SECRETCLIENT_TRAFFIC_SECRET_0SERVER_TRAFFIC_SECRET_0, xrefs: 00007FF607B5C7DC
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID: NoKeyLogFailResolveClientCertres binderc e trafficc hs traffics hs trafficc ap traffics ap trafficexp masterres masterderivedCLIENT_EARLY_TRAFFIC_SECRETCLIENT_HANDSHAKE_TRAFFIC_SECRETSERVER_HANDSHAKE_TRAFFIC_SECRETCLIENT_TRAFFIC_SECRET_0SERVER_TRAFFIC_SECRET_0
    • API String ID: 3298025750-662669378
    • Opcode ID: 58c958df9e141a2d55599c1825dbc9f64902a0206b7bfb4ee764a7b3231a56f0
    • Instruction ID: 7cb55653f502a1bdfaae47ccaeda95f5999531233c3c93f1e194e78ac338db10
    • Opcode Fuzzy Hash: 58c958df9e141a2d55599c1825dbc9f64902a0206b7bfb4ee764a7b3231a56f0
    • Instruction Fuzzy Hash: 7F516E76B1975681EA648F16E5003785B92EB4AFE0F685331CE1D97BD0DF3CE9828324
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B637A0 Relevance: 4.2, APIs: 3, Instructions: 400memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$memcpy
    • String ID:
    • API String ID: 1887603139-0
    • Opcode ID: 5ae75583b5e7bb861f9045921f6f5200eab9f496f8e667dd8ab80e392b3c6c86
    • Instruction ID: cbe7a8ead8de15ca7cde2cfe1a81441c2d7526573d24b7f7b239d43c10b7813b
    • Opcode Fuzzy Hash: 5ae75583b5e7bb861f9045921f6f5200eab9f496f8e667dd8ab80e392b3c6c86
    • Instruction Fuzzy Hash: 0AF11773A09B9182EB618F16A4407ADB7A0FB5AB94F544235EF9D43B91EF3CE581C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B3369D Relevance: 3.0, APIs: 2, Instructions: 506COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: 02bc536398d13714bdf8ab0e3da9ee763c0b7932d6a801b37b5cc1f1a654538c
    • Instruction ID: 0f18164352d32dd0b32db6b38b9d251758206bb58aa007e2f462692bbe743ae4
    • Opcode Fuzzy Hash: 02bc536398d13714bdf8ab0e3da9ee763c0b7932d6a801b37b5cc1f1a654538c
    • Instruction Fuzzy Hash: 99122B72B1C6D287D7258F29A4047BBA695FF82784F209231EE4A97B94DF3DE5809700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B5D8B9 Relevance: 2.7, APIs: 2, Instructions: 155COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: 8aeeee1057694c4f631164cce7ad2aec8f61096276152cae6cb66c84051bc9b4
    • Instruction ID: 83ded30d2713a37a897723634bbd281646b6f174ada6ee7255c64675bfd6efbf
    • Opcode Fuzzy Hash: 8aeeee1057694c4f631164cce7ad2aec8f61096276152cae6cb66c84051bc9b4
    • Instruction Fuzzy Hash: E0518072B09B9585EA644F12F4403BA67A0FB46BC0F648539DE9D9B788DF3CD440D700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B8B4B0 Relevance: 2.6, Strings: 2, Instructions: 105COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID: d length$too long
    • API String ID: 0-1574262248
    • Opcode ID: 5d7a5047a5df1e835bfee3e35d18ab1aec9699d2649bc6186c1840f3e7b5167b
    • Instruction ID: bcb00c1a79e5e26149b5ecd2b7d054923ce27048fd58bde495d566f8e8517c8b
    • Opcode Fuzzy Hash: 5d7a5047a5df1e835bfee3e35d18ab1aec9699d2649bc6186c1840f3e7b5167b
    • Instruction Fuzzy Hash: 5F410872B097C682F7A14F39A5117BAA7909B92780F289231DF8D47792EF6CD5D1C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B275F0 Relevance: 1.6, Strings: 1, Instructions: 346COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID: -+NaNinf00e0
    • API String ID: 0-2134585679
    • Opcode ID: 9d207ccd8f7b6f3c45b9b376383a460d6177179b553b4d385bb6733778465ea0
    • Instruction ID: 37954761c34f38542efaacb00931a588facb4ca31c5e033b6f535c4e36c31335
    • Opcode Fuzzy Hash: 9d207ccd8f7b6f3c45b9b376383a460d6177179b553b4d385bb6733778465ea0
    • Instruction Fuzzy Hash: 81D15971B0AB5194EB228F24C9503B563A2AF117E1F648332DA5C9B7D8EF6DE9478304
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B35440 Relevance: 1.5, APIs: 1, Instructions: 298COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memset
    • String ID:
    • API String ID: 2221118986-0
    • Opcode ID: 5cbfba97a8ba6bf00451c8edc16f0f78db3c59aa2f095dc0182a4daaaa100891
    • Instruction ID: c1ce79f7f9b9350fd101439d60fac31b6990bed5238635630d05c77ac3d50b36
    • Opcode Fuzzy Hash: 5cbfba97a8ba6bf00451c8edc16f0f78db3c59aa2f095dc0182a4daaaa100891
    • Instruction Fuzzy Hash: 33B13572E1859187E7398F2494187FA67A0FF52358F669531EE0AC73D0DF38A9A18740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BCE6F0 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID: authorizationAuthorizationBasic
    • API String ID: 0-545821620
    • Opcode ID: 20a31e49f2c55444982e073561537acfe0d585fd4934d941d701e845c66b4fed
    • Instruction ID: d3fddd0f950ae31a907161e374955f52be89f57af23eeda53ab0f91809c7bdf2
    • Opcode Fuzzy Hash: 20a31e49f2c55444982e073561537acfe0d585fd4934d941d701e845c66b4fed
    • Instruction Fuzzy Hash: 4C611933E1D6E2C1F6B98F6549442BDA6525B43383FAAC932ED9E861D0DF7CED449100
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607C9F5A0 Relevance: .7, Instructions: 723COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f2458c7636ce9df8085c3440ee840bf816c19f3f699ddacc68ba808b22dceec8
    • Instruction ID: 018e06b8fc443bcf955e5247ff0a4c4c44cab4828bb6dc89c615ca05ae1ed842
    • Opcode Fuzzy Hash: f2458c7636ce9df8085c3440ee840bf816c19f3f699ddacc68ba808b22dceec8
    • Instruction Fuzzy Hash: 804287B2F11BA986CB408F1AE8416497775F758FD8B488136EF8D93B78EA38D456C304
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607CA47B0 Relevance: .7, Instructions: 721COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9f2a7f99092b377b6d5db53402a705bfdec75a1584540cd990262c9d80cfc523
    • Instruction ID: b77f6282e47a2d42db4b8e0ae2b6acc9e60de7030527acea56a1b622320b8fad
    • Opcode Fuzzy Hash: 9f2a7f99092b377b6d5db53402a705bfdec75a1584540cd990262c9d80cfc523
    • Instruction Fuzzy Hash: 0262E6A3A25BC541E7124B2CA4063E5B360EFE67D4F149332EFD866F56DF39A2468304
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607C01760 Relevance: .6, Instructions: 591COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 61459ae49209b8aa77289af15049f597d175e6278f781adac225be77cbf64d55
    • Instruction ID: 9801a1f4181afe526cc8d7405d812a98750eaea24607d3c43feac3c39a5b3c32
    • Opcode Fuzzy Hash: 61459ae49209b8aa77289af15049f597d175e6278f781adac225be77cbf64d55
    • Instruction Fuzzy Hash: 133246E6B90A65A7DB048F16E94178D7B64F319BC8F898526DF8C83B54EB38E471C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BDB6F0 Relevance: .4, Instructions: 391COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9a3d3692b17ee544957e2340baccd991bd09b691e105376c6191198736aaea87
    • Instruction ID: fdac754a543c956b8778f7f64b463ad3fa2763af8a59b170f7c10848274b2fec
    • Opcode Fuzzy Hash: 9a3d3692b17ee544957e2340baccd991bd09b691e105376c6191198736aaea87
    • Instruction Fuzzy Hash: 7FE1BFF7A292D048C7268B685814EBD6FD5C72BB84F0A827DDF854B7C1DF088516E310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607C058C0 Relevance: .4, Instructions: 368COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 45a4d389368b04bc00b1505616ba011d25663e5b3690dc062032c445b7152bbc
    • Instruction ID: 8e24dd7388e773a87b582938fb284a45e520ac579246f9c130fb95337a298395
    • Opcode Fuzzy Hash: 45a4d389368b04bc00b1505616ba011d25663e5b3690dc062032c445b7152bbc
    • Instruction Fuzzy Hash: 32021A66718B8AA2D7109F16F10159EA730F789BC8F544112EFDC63B69CF39E15ACB80
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B3342A Relevance: .3, Instructions: 304COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: da8e50028332c8af97a3927e7e800b01910bf19f16798365e77276b653a6af0e
    • Instruction ID: 830fc403c137cad629c0ad846e3d568f5e543b0cf718fe881eea449420bea934
    • Opcode Fuzzy Hash: da8e50028332c8af97a3927e7e800b01910bf19f16798365e77276b653a6af0e
    • Instruction Fuzzy Hash: 4EB15A32B287D247D7358F39A4017A6AA94EF92390F209336EE5957ED4DF3DD5809B00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B334CD Relevance: .3, Instructions: 303COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 74a56bcd269daa09afc8ec3a2bacdd90c7c0a42df52df98b546c27eeacf37acf
    • Instruction ID: f5136fd347184b4bfadb34fb182ea077b12f7374ff66811eb512d4766ffd6276
    • Opcode Fuzzy Hash: 74a56bcd269daa09afc8ec3a2bacdd90c7c0a42df52df98b546c27eeacf37acf
    • Instruction Fuzzy Hash: 2EB15972A1C6D24BD7758F39A40127AAA90EF92780F609336EF5A97ED4DF3CD5809700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B335D9 Relevance: .3, Instructions: 284COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b8c95bf0db7cd2bd790e3244e2df74d64a96cccd8a31fd3038aa1518a9d7fa7c
    • Instruction ID: c1e1181a3c6d168437a56eb9bf94ecf85c3d67c9f3c0f53d584b548f63bb184b
    • Opcode Fuzzy Hash: b8c95bf0db7cd2bd790e3244e2df74d64a96cccd8a31fd3038aa1518a9d7fa7c
    • Instruction Fuzzy Hash: D6B16932A1D7D647D7358F39A4016B6AA94EF92380F209332EE5A97F94DF3CE1809600
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B3364B Relevance: .3, Instructions: 278COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6d968cf6c57cb05edd9171fdef5f7b25d88243fbd85cf4ae7b4826f7406e4c5e
    • Instruction ID: f46fefec09f9f8c12662270a5c2e294822cad712a45e8ea2a8f73523a5a51c40
    • Opcode Fuzzy Hash: 6d968cf6c57cb05edd9171fdef5f7b25d88243fbd85cf4ae7b4826f7406e4c5e
    • Instruction Fuzzy Hash: 1DA16B32B2D7D647D7358F39A401666AA94EFD2380F209336EE5A57F94DF3DE1809A00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B33622 Relevance: .3, Instructions: 272COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 753d16f6ad8101a9f0769fa429b82e109461067e326249e00f2f8941e02937d7
    • Instruction ID: 07bcac48f807fea6d2979513e1596dd139d9f1412b0b492a0e9c5df2062fdc49
    • Opcode Fuzzy Hash: 753d16f6ad8101a9f0769fa429b82e109461067e326249e00f2f8941e02937d7
    • Instruction Fuzzy Hash: DBA14832B2D7D647D7358F39A4016A6AA94EF92380F209336EE5A57E94DF3CE5809600
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BF2650 Relevance: .2, Instructions: 236COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6a8a3772fd4478e805ea1a59cd1a0ba75b16359bd4fb1c658a86fbac623e5681
    • Instruction ID: b406753a75f71a771f2750ee91d13765601caad557d3fd8a8deda3c4a7188c40
    • Opcode Fuzzy Hash: 6a8a3772fd4478e805ea1a59cd1a0ba75b16359bd4fb1c658a86fbac623e5681
    • Instruction Fuzzy Hash: 9D71AA7AE8D12361FA764E2492247FC56817F23F54F399431CC0EEA6D4DF6DAC826201
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B2B5F0 Relevance: .2, Instructions: 235COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b4e8d80c056b87aa30809ffd81a3f1b2704d567de81a0869d422d23cc2463311
    • Instruction ID: d2277905e4fd46d828d227d05992bc995a3d0ee522438bee41ce7aa0bb7c8350
    • Opcode Fuzzy Hash: b4e8d80c056b87aa30809ffd81a3f1b2704d567de81a0869d422d23cc2463311
    • Instruction Fuzzy Hash: 81C152B34181E04AD3CB9B75D4A4ABE7FE1F70D74EF8A4181EBC687082C62495B1DB21
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607CAA480 Relevance: .2, Instructions: 205COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a1f68192e8f00365f339ff1845a0643ff9f7bd91f6c2326c82fbefefe0862f85
    • Instruction ID: e237979e3ee7258adc1ed8f63caa744b5c74c7fba637ce2c2350f0e2719beba9
    • Opcode Fuzzy Hash: a1f68192e8f00365f339ff1845a0643ff9f7bd91f6c2326c82fbefefe0862f85
    • Instruction Fuzzy Hash: BA6155A6B55BA946CE448F0AE84124AB7B5F789FD87488536BF4CC3B38EA3CD545C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B408A0 Relevance: .2, Instructions: 152COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c7666ac33aa3cef99d8c814a2b55b3b791474559610b496c57254a837cd55be5
    • Instruction ID: de20dcb472e694a7b049a51a09dda6d7bd300ba460aee7bfcc09132e375918f5
    • Opcode Fuzzy Hash: c7666ac33aa3cef99d8c814a2b55b3b791474559610b496c57254a837cd55be5
    • Instruction Fuzzy Hash: 4D414B93E15FA902F61397792D16593D2506FA6FD8E10E322EE9C37B50FF28A5C29200
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BF2470 Relevance: .2, Instructions: 151COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 249f22b2d084f5f6fe608bbcb4d4358d7359e075b7fd4149927cf795a1469b1f
    • Instruction ID: e7fe345e876ea09891dae98fd6111b81d511dba141d4230de34cc06980d001f3
    • Opcode Fuzzy Hash: 249f22b2d084f5f6fe608bbcb4d4358d7359e075b7fd4149927cf795a1469b1f
    • Instruction Fuzzy Hash: CC41E43AF8D26666FE798F2194247FD26817B67F50E294031C90ED77C1DFAC68466301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607CAA7F0 Relevance: .1, Instructions: 128COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 13a11d797f3c2b5eff692abc02e0775846d42126e669b87a44b2b1c1aabf6c80
    • Instruction ID: 1d44668c6e535c06fdd784fd1f6c2df5a1bc0a3e3c3bc28ae2897793ac12e92f
    • Opcode Fuzzy Hash: 13a11d797f3c2b5eff692abc02e0775846d42126e669b87a44b2b1c1aabf6c80
    • Instruction Fuzzy Hash: EA4146A3B962EC47CF45CF664D41BD8AB526726BF1B64A727DE29073C8C038C606D351
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607CA45F0 Relevance: .1, Instructions: 121COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 68a4785a74c62acfa98e8af1945a7814ad753e1978ee577cd02a4b7666bb04ee
    • Instruction ID: 437fc26975db990605cd8efbeb03b106e682f9a776cec743f45ec1d2264a746b
    • Opcode Fuzzy Hash: 68a4785a74c62acfa98e8af1945a7814ad753e1978ee577cd02a4b7666bb04ee
    • Instruction Fuzzy Hash: 0D415DB3A2A5C121DF06133D44460B4EB939FC779539DD732DAA4A5193FB5EE1C5C240
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BAC7C0 Relevance: .1, Instructions: 90COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 67bc01073fc7caaa7439f8caeda16c26297c394a407085b8d638f5c3f4b49de6
    • Instruction ID: e1019052b02d3bb47375ff54fed779c207f0dde92970b84579f78c7bd148e0ac
    • Opcode Fuzzy Hash: 67bc01073fc7caaa7439f8caeda16c26297c394a407085b8d638f5c3f4b49de6
    • Instruction Fuzzy Hash: 4731B8E6B08F8042FE54D7A8746737B9321A7857D0F40E236EE89AA70BDF2DD1428644
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BFE880 Relevance: .1, Instructions: 71COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e9eef7e42239b07bfb6be218b1befcaa8a4f6eb537a5c707a45a39fccc2fb9b5
    • Instruction ID: 72bbb9d612370a384a87d8d2ba4415a33829cb8b0ad9e162f2f136fd343bc00d
    • Opcode Fuzzy Hash: e9eef7e42239b07bfb6be218b1befcaa8a4f6eb537a5c707a45a39fccc2fb9b5
    • Instruction Fuzzy Hash: 2821062AD2DFE761F613873E6407515D600AFF3285AA0E71FFDE874C62EB1147816218
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607C215B0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 138COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: QueryVirtual
    • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
    • API String ID: 1804819252-1534286854
    • Opcode ID: f673d0d1a97f4d7a58775c4b5f3db2bacb8ebcb3f7b05bcb77bd109fb418adf6
    • Instruction ID: ae0827ec3bad99d8a4d72628247c75707f40d394a12b85e0ae6c78d44216c58e
    • Opcode Fuzzy Hash: f673d0d1a97f4d7a58775c4b5f3db2bacb8ebcb3f7b05bcb77bd109fb418adf6
    • Instruction Fuzzy Hash: A651B172B08A46ABEB109B11E840AA977B1FF84B94F685230DE4D87394DF3CE942C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B91410 Relevance: 11.7, APIs: 9, Instructions: 441COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: 0775935d133fde8bad9930aa88fee66723f7e1c78411dbb23ad86a82c74bd3ee
    • Instruction ID: 7bae16e0eeec2663923d32240e1a9f9b997af65941669e0092a2edb44f85d18d
    • Opcode Fuzzy Hash: 0775935d133fde8bad9930aa88fee66723f7e1c78411dbb23ad86a82c74bd3ee
    • Instruction Fuzzy Hash: 21229032608BC982D711CF18E4403EAB3A4FBA9B84F589236EB9D57B59DF78D191D700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B416C0 Relevance: 11.3, APIs: 9, Instructions: 69memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: dfa28850500f6b1fcf8dd71e54fb91647bfcb05a18862bebbfeac4dc9ffbba89
    • Instruction ID: a0cf9fdd779503f9f77e56ab93dd8e08692e632bc11ba4c2279c71c8e3e55320
    • Opcode Fuzzy Hash: dfa28850500f6b1fcf8dd71e54fb91647bfcb05a18862bebbfeac4dc9ffbba89
    • Instruction Fuzzy Hash: 9C310D65E0864682F7A4AB36E4853F963A1EF89750F648236C68E866D1CF3CE4C2D351
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BC4410 Relevance: 10.8, APIs: 7, Instructions: 276memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$memcpy
    • String ID:
    • API String ID: 1887603139-0
    • Opcode ID: 37a5dc402fab0f56e3dae78a9bccba5bdf21ec96c8bfe067814460b1aa4f189e
    • Instruction ID: 34fefb6458cecb2451f4c02badd9f5af8bb787982d670ca86b913014cef8d3b6
    • Opcode Fuzzy Hash: 37a5dc402fab0f56e3dae78a9bccba5bdf21ec96c8bfe067814460b1aa4f189e
    • Instruction Fuzzy Hash: EBB11532B09AC182EA548F25E5503797BA1EB8A794F24C636EE6D877D5DF3CE5818300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BB37A0 Relevance: 10.1, APIs: 8, Instructions: 142memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 4e01da5d17efdf4ce61464e891fd8d90d9fb5da7227b5ab9b64f2e490df5db47
    • Instruction ID: a0ba406afe52a600feb5b4ce17aa7b31c1ffcc7d8cd57be80844ab955bdf15c4
    • Opcode Fuzzy Hash: 4e01da5d17efdf4ce61464e891fd8d90d9fb5da7227b5ab9b64f2e490df5db47
    • Instruction Fuzzy Hash: 23515576B09A4181E7659F2295C43BD53A1EF86BA0F684232CF6E876C5CF7CF4818351
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BA0690 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Value$PrngProcess
    • String ID:
    • API String ID: 3259538350-0
    • Opcode ID: 6a320f8c657c04bd12518556554efcf703c04e4129a55c4983cb124f3d5ad51d
    • Instruction ID: 3dfb68d79f263ea57020ad6b1f9f0a631d52262f0ea15a00a64ffe73c9f82c7b
    • Opcode Fuzzy Hash: 6a320f8c657c04bd12518556554efcf703c04e4129a55c4983cb124f3d5ad51d
    • Instruction Fuzzy Hash: FE31AE31F1C64661FE65BF35A4153B963A0AF96744F648136D94EC33E2EF3CB8818600
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BE2880 Relevance: 9.0, APIs: 7, Instructions: 236COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcmp$memcpy
    • String ID:
    • API String ID: 231171946-0
    • Opcode ID: cd9e909439e5ca7940ba15ae6fc5c578285bc9455aa0e2ecde0b937f3fdbc6d2
    • Instruction ID: 141f0aa8a9df8f10d346053740667701f805321191b3903995726a2cc8ac7248
    • Opcode Fuzzy Hash: cd9e909439e5ca7940ba15ae6fc5c578285bc9455aa0e2ecde0b937f3fdbc6d2
    • Instruction Fuzzy Hash: BFB13036A09F8585EB608F25E4413AAA7A4FB59B84F205276EFCD93758EF7CD480C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B6151A Relevance: 8.9, APIs: 7, Instructions: 153memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 43dcd80decb3db678fcc4b8ce85f3af911d45f41c072472413da94a32bc36559
    • Instruction ID: 728eb47eb105adb26ffcbe4a886191cc20109a6f9e1d10cf9b10e2827bc4da54
    • Opcode Fuzzy Hash: 43dcd80decb3db678fcc4b8ce85f3af911d45f41c072472413da94a32bc36559
    • Instruction Fuzzy Hash: 4B61B572B0C78A81EB65DF19E0483BA63A5EF86B84F654036CB8D87695DF7CD681C301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BC0910 Relevance: 8.8, APIs: 7, Instructions: 87memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 98f6f9eba10c686a14cad312cea74fc2e8a1a5db0f432d3c7b1a1d1cb5fa81ca
    • Instruction ID: 605a67839c7c2be291e3f7ad65a5660dde715a9a3cbae4a52f46ec73114e5a21
    • Opcode Fuzzy Hash: 98f6f9eba10c686a14cad312cea74fc2e8a1a5db0f432d3c7b1a1d1cb5fa81ca
    • Instruction Fuzzy Hash: 8E315961B09742C2F664AB26E8413791361EF89751F688636CE5D966D0CF7CF4C2C360
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B3E880 Relevance: 8.0, APIs: 6, Instructions: 475COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: 61e84541f079d5fe4412857466e5203be1ca7c93a580ba537b8763c41fe65b8f
    • Instruction ID: 5211a454e9e7a5dd0e4df1281424a5b2a4ad81a69eca12ecef06c469db10638d
    • Opcode Fuzzy Hash: 61e84541f079d5fe4412857466e5203be1ca7c93a580ba537b8763c41fe65b8f
    • Instruction Fuzzy Hash: 6E52FD2254CAC591E6364B2DE0463EAE3B4FFE5359F446211EFC812665EF3AD297CB00
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B92430 Relevance: 7.7, APIs: 6, Instructions: 220COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: 3fad4bd89b95e05729bf24a6d0765394f9162e9b611fe9c4aaa0e60fe1499801
    • Instruction ID: 51659278e4f35ca3621786b45523e1692e4941f5898b5fb9827c84827ad0a908
    • Opcode Fuzzy Hash: 3fad4bd89b95e05729bf24a6d0765394f9162e9b611fe9c4aaa0e60fe1499801
    • Instruction Fuzzy Hash: D1B1D772918BC482E6568F18E4053EAA3A8FFA5B94F159336DF8D53361DF38E295C300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B82456 Relevance: 7.7, APIs: 6, Instructions: 207memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID:
    • API String ID: 673829100-0
    • Opcode ID: ec9d5cc3e71f6bc849189ae72cab98695f4820bd67ed2ee9e8f36d5178cbeb20
    • Instruction ID: d0b8b2595cc240f5d34ace0a1a15419438209f68d72dc5d0cee5af12837507e2
    • Opcode Fuzzy Hash: ec9d5cc3e71f6bc849189ae72cab98695f4820bd67ed2ee9e8f36d5178cbeb20
    • Instruction Fuzzy Hash: 73B1803290CBC481E6668B29E5057FAA7B4FFA9388F146211DFCD42666EF39E1D5C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B65840 Relevance: 7.7, APIs: 5, Instructions: 203memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 7fd6acb86aba06149a7a1f971364bdea9fbe2aa513653c41fd5ab468fa5da6b2
    • Instruction ID: 13caf640df616dfbb6b9a1f1ef89b9013a015059a1d908bfbc640f9ba34cd0a3
    • Opcode Fuzzy Hash: 7fd6acb86aba06149a7a1f971364bdea9fbe2aa513653c41fd5ab468fa5da6b2
    • Instruction Fuzzy Hash: 4881B663A097C182EB219F2595503B96BA0EF96B84F59D231CF8E47792DF2CE1E5C310
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B77420 Relevance: 7.7, APIs: 6, Instructions: 197COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: a97e61bc9d7fdb6d876f5dd61a79943d5aeaf15c91f1767651358e688cbf2ef0
    • Instruction ID: 7cb7b87496ad99351e014f93e273794ae0a1144edb4c51297e5e385bdb092825
    • Opcode Fuzzy Hash: a97e61bc9d7fdb6d876f5dd61a79943d5aeaf15c91f1767651358e688cbf2ef0
    • Instruction Fuzzy Hash: C99158126083C58AE735C729E05835FBFA1D716748F188074CBDA4BB82DB7DE609C7A1
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B82478 Relevance: 7.7, APIs: 6, Instructions: 186memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID:
    • API String ID: 673829100-0
    • Opcode ID: f035f6a64cce85da4b17e47013d2fcf50031b81f22c17a0e6c492f0be1b0c9cf
    • Instruction ID: 7e6f39329c689a69da1df5ace348005ad3d635cf5a3b050933a67c63941abfea
    • Opcode Fuzzy Hash: f035f6a64cce85da4b17e47013d2fcf50031b81f22c17a0e6c492f0be1b0c9cf
    • Instruction Fuzzy Hash: B9B1713290CBC485E6668B28E5057FAA3B4FFA9388F056211DFCC42666EF39E1D5C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B82484 Relevance: 7.7, APIs: 6, Instructions: 186memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID:
    • API String ID: 673829100-0
    • Opcode ID: af4b8a007f61534a1c38325f1a2ccde1ceda563081b95694901349ca40eeb281
    • Instruction ID: a1e73db3a0ea5606cc4627ce056334e8d1e35f1292b6e188d5085bcf21ac7978
    • Opcode Fuzzy Hash: af4b8a007f61534a1c38325f1a2ccde1ceda563081b95694901349ca40eeb281
    • Instruction Fuzzy Hash: 03B1713290DBC485E6668B28E5057FAA3B4FFA9388F156211DFCC42666EF39E1D5C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B8247E Relevance: 7.7, APIs: 6, Instructions: 186memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID:
    • API String ID: 673829100-0
    • Opcode ID: da6367bbb39bdcd4ab3d8fb848b2b30ada27080136fe4ae2a116990f619de100
    • Instruction ID: ca3412e65a9865e3a78ad7a47fd9f3ae365ae8eefecac39abc27c0ad413188b9
    • Opcode Fuzzy Hash: da6367bbb39bdcd4ab3d8fb848b2b30ada27080136fe4ae2a116990f619de100
    • Instruction Fuzzy Hash: 34B1713290DBC485E6668B28E5057FAA3B4FFA9388F156211DFCC42666EF39E1D5C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B8248A Relevance: 7.7, APIs: 6, Instructions: 186memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID:
    • API String ID: 673829100-0
    • Opcode ID: 98cc9ea1ed559da2100d5704f721fb4109caad52400e64ec1cd914702b75d5c9
    • Instruction ID: d20c1562eee69c98be658e77f340fb297997ef145798d847ffda7348784a4508
    • Opcode Fuzzy Hash: 98cc9ea1ed559da2100d5704f721fb4109caad52400e64ec1cd914702b75d5c9
    • Instruction Fuzzy Hash: 42B1713290DBC485E6668B28E5057FAA3B4FFA9388F156211DFCC42666EF39E1D5C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B82490 Relevance: 7.7, APIs: 6, Instructions: 186memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID:
    • API String ID: 673829100-0
    • Opcode ID: 447270a6f0ab474dae86cfdddab63977b9b862ca920a613946ab97fde143e2f6
    • Instruction ID: 08fe65fc340ee4edbddda709199d03db00a5834b79c5a22c62dfec698ddcabfc
    • Opcode Fuzzy Hash: 447270a6f0ab474dae86cfdddab63977b9b862ca920a613946ab97fde143e2f6
    • Instruction Fuzzy Hash: 56B1713290DBC485E6668B28E5057FAA3B4FFA9388F156211DFCC42666EF39E1D5C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B8249C Relevance: 7.7, APIs: 6, Instructions: 186memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID:
    • API String ID: 673829100-0
    • Opcode ID: 24e066ef0381b7357b56619b2cc440cff03f227f6287fde8031928768943cfb8
    • Instruction ID: e9a2230f744b1fe5b6b2c538a9d79499929168b1aede3c5d17357589e4b41fd9
    • Opcode Fuzzy Hash: 24e066ef0381b7357b56619b2cc440cff03f227f6287fde8031928768943cfb8
    • Instruction Fuzzy Hash: 45B1713290DBC485E6668B28E5057FAA3B4FFA9388F156211DFCC42666EF39E1D5C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B82496 Relevance: 7.7, APIs: 6, Instructions: 186memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID:
    • API String ID: 673829100-0
    • Opcode ID: 3a11bb738e082edb7af00f35e2606cced3ed0253727f8625f618aaaba122c74a
    • Instruction ID: c3c1e2bae02bce2f1fc9a55d0ea19b30fd78829ae336fcc9b6952949f3465015
    • Opcode Fuzzy Hash: 3a11bb738e082edb7af00f35e2606cced3ed0253727f8625f618aaaba122c74a
    • Instruction Fuzzy Hash: 1CB1603290DBC485E6668B28E5057FAA3B4FFA9388F156211DFCC42666EF39E1D5C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B824A2 Relevance: 7.7, APIs: 6, Instructions: 186memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID:
    • API String ID: 673829100-0
    • Opcode ID: 5d68cde6ce2d852663c9436d0f8e8a1f5fd36d47ca4144e2a604d2c9aca51251
    • Instruction ID: 54b8f0056bdb41c5581925f1fd9f299fc8229a8357a633be0d5200ae8e7a3f4d
    • Opcode Fuzzy Hash: 5d68cde6ce2d852663c9436d0f8e8a1f5fd36d47ca4144e2a604d2c9aca51251
    • Instruction Fuzzy Hash: C3B1713290DBC485E6668B28E5057FAA3B4FFA9388F156211DFCC42666EF39E1D5C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B824A8 Relevance: 7.7, APIs: 6, Instructions: 186memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID:
    • API String ID: 673829100-0
    • Opcode ID: f1a9ec71e629855c85e927e385abd19572073eb3a145403336415bcca74eac4c
    • Instruction ID: 906dd7b8534ea9df94c406de8f6f71cfe468c1e075c9bffabc60cbeaf3727ca1
    • Opcode Fuzzy Hash: f1a9ec71e629855c85e927e385abd19572073eb3a145403336415bcca74eac4c
    • Instruction Fuzzy Hash: 13B1713290CBC485E6668B29E5057FAA3B4FFA9388F056211DFCC42666EF39E1D5C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B824B4 Relevance: 7.7, APIs: 6, Instructions: 185memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID:
    • API String ID: 673829100-0
    • Opcode ID: 656a8b94b25be080038ed1616e9650da84670ca1f8aee92f16bd16072aae71fa
    • Instruction ID: e3c0f0d901152a8211f71a795212d73fed0d49b3541d472b540e6c3358284e2f
    • Opcode Fuzzy Hash: 656a8b94b25be080038ed1616e9650da84670ca1f8aee92f16bd16072aae71fa
    • Instruction Fuzzy Hash: 81B1613290DBC485E6668B29E5057FAA3B4FFA9388F056211DFCC42666EF39E1D5C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B184CB Relevance: 7.6, APIs: 6, Instructions: 144memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 97be3fabafe511bc3ebaf0131804a7ec069547ff6e63b1e6c0fd4ee7f4451751
    • Instruction ID: 9d635b92bb088dd812a2a98ce29340b72d079955ea3348997b6e65fe3b166e38
    • Opcode Fuzzy Hash: 97be3fabafe511bc3ebaf0131804a7ec069547ff6e63b1e6c0fd4ee7f4451751
    • Instruction Fuzzy Hash: E261A072A09BC182EB758F21E4543BA67A1EB86B80F958436DA8D87B85CF3CE541C750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BBD7E0 Relevance: 7.6, APIs: 6, Instructions: 84memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 34dae7f3399178c4f5add3a1a95ab551d8ec23c038bd892263085bd4f2dc91b5
    • Instruction ID: e57c699110e1bc9de8c1ecbdf08a6c0cc2fec06665212ca25e3076bf066c2f05
    • Opcode Fuzzy Hash: 34dae7f3399178c4f5add3a1a95ab551d8ec23c038bd892263085bd4f2dc91b5
    • Instruction Fuzzy Hash: 81313B25F08A4182F7659F26A8883B95361EF8AB95F688132CE4D866D5CFBCF4C18351
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607C724A0 Relevance: 6.4, APIs: 5, Instructions: 143COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: malloc$freememcpy
    • String ID:
    • API String ID: 4259248891-0
    • Opcode ID: b57484f7834a1804157a12d0d395b961331e15b7c93bcece891eacfd37ab269e
    • Instruction ID: 9c7a6d232a7182959bb4f7fd65edebeaa3c1104b41c401c7cde3bda84b089c7e
    • Opcode Fuzzy Hash: b57484f7834a1804157a12d0d395b961331e15b7c93bcece891eacfd37ab269e
    • Instruction Fuzzy Hash: 1151E032A09A8298EB65AF21951437967B1FF02FD8F68C135CE0A9B789DF3DE441C340
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BCE570 Relevance: 6.4, APIs: 5, Instructions: 107COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcmp
    • String ID:
    • API String ID: 1475443563-0
    • Opcode ID: 97b275ac2ab44b895fb87d996620fe61c29f1b33e00675b99e23d6d50c0ce633
    • Instruction ID: 9da342d128e1f879dc1a83e4c98fa9eb1a57099085ac60305201849a12525d9b
    • Opcode Fuzzy Hash: 97b275ac2ab44b895fb87d996620fe61c29f1b33e00675b99e23d6d50c0ce633
    • Instruction Fuzzy Hash: 69414172A08542D3EFA49F26C2402B963A1FB05791F64C832DB4ED7AD4EF9CF8908750
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B19883 Relevance: 6.4, APIs: 5, Instructions: 104memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$CloseHandlememset$ErrorLast
    • String ID:
    • API String ID: 985745261-0
    • Opcode ID: 43e89b6d7a00be1297d33127aea7049afaf5cf3683f88d660a7de935e4b08689
    • Instruction ID: bd5e2a97825446fadb5c9c7a1c86cfe32e84f56aa9d7961a3e274c2851d24027
    • Opcode Fuzzy Hash: 43e89b6d7a00be1297d33127aea7049afaf5cf3683f88d660a7de935e4b08689
    • Instruction Fuzzy Hash: B5415772B1DBC284EA748F12D0953BAA761EB8AB80FA44432DE4E83795CF3DE5418650
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BC4870 Relevance: 6.3, APIs: 5, Instructions: 62memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 52464567744cf2990a915b9187606772d9c546e3dc0adb0f45cf0218068f709f
    • Instruction ID: 500508a51feb5da1ba4f6457d53632a783f81776f4e3ff251aed96733896af64
    • Opcode Fuzzy Hash: 52464567744cf2990a915b9187606772d9c546e3dc0adb0f45cf0218068f709f
    • Instruction Fuzzy Hash: 9F21A721F0968282FA619B22E55037917A1DF89B61F649B32CA5D877D0CF7CF5C28350
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BBB8B0 Relevance: 6.3, APIs: 5, Instructions: 57memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 97669dfa55cc8c2421fa6c3a96c0a939ad302e57d1e63a985cf9a414bc4972c9
    • Instruction ID: a29501221a6013f8d108d4b37c2fdb3e251879fe43366cc1649551a3c2e97ee4
    • Opcode Fuzzy Hash: 97669dfa55cc8c2421fa6c3a96c0a939ad302e57d1e63a985cf9a414bc4972c9
    • Instruction Fuzzy Hash: 74215EB5F0C64285FB54AB2399C57BD13A1EF89790F684536CE4CC66C1CF7CA4A28250
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B51500 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 257memoryCOMMON
    Download Yara Rule
    APIs
    Strings
    • CompressionAlertLevelExtensionTypeServerNameTypeNamedGroupsecp256r1secp384r1secp521r1X25519X448FFDHE2048FFDHE3072FFDHE4096FFDHE6144FFDHE8192, xrefs: 00007FF607B517BF
    • u8u24u32received unexpected message: got when expecting , xrefs: 00007FF607B51538
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID: CompressionAlertLevelExtensionTypeServerNameTypeNamedGroupsecp256r1secp384r1secp521r1X25519X448FFDHE2048FFDHE3072FFDHE4096FFDHE6144FFDHE8192$u8u24u32received unexpected message: got when expecting
    • API String ID: 673829100-2310489723
    • Opcode ID: c32aaf734d27f377e089d0c3efd99a62fb0f8349d639549c1b37f65a47ed80c7
    • Instruction ID: af2638d0ee691bcc50aeff232a2beec79f8373b99c82903ef988b9ed94c31987
    • Opcode Fuzzy Hash: c32aaf734d27f377e089d0c3efd99a62fb0f8349d639549c1b37f65a47ed80c7
    • Instruction Fuzzy Hash: DEC1B42391CBD989E3218B29E40077ABBB4FBD7780F258321EAD893A55DF39D551CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BC3910 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 125COMMON
    Download Yara Rule
    APIs
    • memcpy.MSVCRT ref: 00007FF607BC3A59
      • Part of subcall function 00007FF607BC4410: HeapFree.KERNEL32(?,?,?,?,?,?,?,?,-7F7F7F7F7F7F7F80,?,?,00007FF607BC28B6), ref: 00007FF607BC473B
      • Part of subcall function 00007FF607BC4410: HeapFree.KERNEL32(?,?,?,?,?,?,?,?,-7F7F7F7F7F7F7F80,?,?,00007FF607BC28B6), ref: 00007FF607BC474C
    • memcpy.MSVCRT ref: 00007FF607BC3A94
    Strings
    • response body closed before all bytes were readtimed out reading response, xrefs: 00007FF607BC3AC7
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID: response body closed before all bytes were readtimed out reading response
    • API String ID: 673829100-2989494899
    • Opcode ID: bd8d22b2fcea3c3e5762042cb9090b43fc4b3709195de144b7e39d2e3809b383
    • Instruction ID: 365aa4bb51c2e9756a9be07c8ae2de9f96cf5f7896c2fd3f1815c7919e8bcc1b
    • Opcode Fuzzy Hash: bd8d22b2fcea3c3e5762042cb9090b43fc4b3709195de144b7e39d2e3809b383
    • Instruction Fuzzy Hash: 6441D2B1B0AA9584EE508F0699047BDA7D1AB09FC4F6CC435EE4DCB7A5EF2DD4528301
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B85870 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 112COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID: 0$client finishedserver finishedTLS 1.3, client CertificateVerify
    • API String ID: 3510742995-3169658230
    • Opcode ID: 656808eb46e231d0f341a4d47c88afe728bf443abb81899b50e3a27854c8c28c
    • Instruction ID: 0e400ec87ad7347a8d7a2e7591589e4f9e7ce834b1500ad82bac3e2220949f6d
    • Opcode Fuzzy Hash: 656808eb46e231d0f341a4d47c88afe728bf443abb81899b50e3a27854c8c28c
    • Instruction Fuzzy Hash: BD417B72608B8692EB609F12E8447AAB7A0FB89BD4F544435EF8C47B49CFBCD095C704
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B198DD Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 110COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: CloseErrorHandleLastmemset
    • String ID: Invalid checksumfailed to fill whole buffer
    • API String ID: 890964151-1069559445
    • Opcode ID: f05601591a23ddc50a9d446610c0bb65eb3bfe7fde4e0b1424361ef8fa3e4d64
    • Instruction ID: 7512d248531af8ef2c78d281ecfd192421b8c90cf4d455ae50aa9d37d470c440
    • Opcode Fuzzy Hash: f05601591a23ddc50a9d446610c0bb65eb3bfe7fde4e0b1424361ef8fa3e4d64
    • Instruction Fuzzy Hash: D0417A72A1D6C285EA749F11D0943FAA7A1FB8AB80FA48435CE8E83785DF3DE540C740
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B748C0 Relevance: 5.2, APIs: 4, Instructions: 239COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: memcpy
    • String ID:
    • API String ID: 3510742995-0
    • Opcode ID: caeafe0af053baf8ec5260a70b4ddae4c7673b1b95749c73591267b3183017b8
    • Instruction ID: e626422dcd1f2328978cfb8220c7cf673d9d9e14e6ec09fcd8df90acf02d147e
    • Opcode Fuzzy Hash: caeafe0af053baf8ec5260a70b4ddae4c7673b1b95749c73591267b3183017b8
    • Instruction Fuzzy Hash: 41D1DE12D1CBC482E2228B29E5413F9A770FBE9758F15A315EFC912626EF79E2D5C700
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B67540 Relevance: 5.2, APIs: 4, Instructions: 206memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 40cf5e6b1995f56eb477a0a857d30a6a14199477fd1bbc6d2a6c743512e3809a
    • Instruction ID: cc284b36fab373a485379a478784cec4131f0582f1273c375ae2f0f7a8457972
    • Opcode Fuzzy Hash: 40cf5e6b1995f56eb477a0a857d30a6a14199477fd1bbc6d2a6c743512e3809a
    • Instruction Fuzzy Hash: 5BD1502210C6C0D6E32AC739E4693DB6F91D756348F584059C7E64A3C2CBBDE159C3A6
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B3763E Relevance: 5.1, APIs: 4, Instructions: 116memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap$Value
    • String ID:
    • API String ID: 3456309649-0
    • Opcode ID: d8b1e312a65d2b097648c0091f5596f8b83328dd1a2e42d9794e067e1fc0615f
    • Instruction ID: da78a7b86f38e6a42b0e02d73379b7e05006fcc833b6e606fe09b4fa87234f68
    • Opcode Fuzzy Hash: d8b1e312a65d2b097648c0091f5596f8b83328dd1a2e42d9794e067e1fc0615f
    • Instruction Fuzzy Hash: D75160B2A0CA4282E764DF16D09937D63A1EB86B80F604136CA4DD7B94CF3DD4C5C341
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B2C540 Relevance: 5.1, APIs: 4, Instructions: 87memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Value$AllocCompleteFreeHeapInitOncememcpy
    • String ID:
    • API String ID: 2056961964-0
    • Opcode ID: 3d36755b1126f4025ede6b596fe230b51673313eb3b6f355c072db0d30bbc2e6
    • Instruction ID: 1d9510952c095a7fcf6737aebbd856ff6f28668d8e00c543b3d3cdb751b82dfd
    • Opcode Fuzzy Hash: 3d36755b1126f4025ede6b596fe230b51673313eb3b6f355c072db0d30bbc2e6
    • Instruction Fuzzy Hash: 8031F431B0A54682FB699F2694013BD6691FF4AB90F349238CA5DC77C1CF2CE8838394
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B78780 Relevance: 5.1, APIs: 4, Instructions: 85memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeapmemcpy
    • String ID:
    • API String ID: 673829100-0
    • Opcode ID: c65c389a02e260c2437102bb50368b8f90ee1ee674dc96d873e3176a45086954
    • Instruction ID: 199f0815458add2bd2b9a2225982c3a2558c24a09c8124a5a180a5d7c6c3dfff
    • Opcode Fuzzy Hash: c65c389a02e260c2437102bb50368b8f90ee1ee674dc96d873e3176a45086954
    • Instruction Fuzzy Hash: 03414C3261CBC582E7618B25E0403EEA7B1FB99794F545221EBCC47A99DF7CE285CB40
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BA58D0 Relevance: 5.1, APIs: 4, Instructions: 79COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: Value
    • String ID:
    • API String ID: 3702945584-0
    • Opcode ID: c7f21c156cddb4560f55ccdb465273042542b6806f39c28ecb4b3ae0dac2ca14
    • Instruction ID: edc9c7b7310ce3a64fa98118a409ca2aec4176f46c37006f8d6e3bad3c6c611b
    • Opcode Fuzzy Hash: c7f21c156cddb4560f55ccdb465273042542b6806f39c28ecb4b3ae0dac2ca14
    • Instruction Fuzzy Hash: 9E31F431F0D34668FF786B20A05137D17929F52750F688439D84EC73D2DE2CB9858300
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BD4430 Relevance: 5.1, APIs: 4, Instructions: 74memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 8543a8d132ba9d188871bc975f7547589e5b2f32cb69f599dc4a322ad7743bc1
    • Instruction ID: e3cd978a9df64d56a50b9e89a6d1b0bb1f6fec0fc45b58cbc0140acfc675e600
    • Opcode Fuzzy Hash: 8543a8d132ba9d188871bc975f7547589e5b2f32cb69f599dc4a322ad7743bc1
    • Instruction Fuzzy Hash: D621A762F0968281FB65DB66A4442781361EF85BA4F684632CE5C873D5EF3CECC38754
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607BD4530 Relevance: 5.1, APIs: 4, Instructions: 64memoryCOMMON
    Download Yara Rule
    APIs
    • HeapFree.KERNEL32(?,00019001,-7F7F7F7F7F7F7F80,00007FF607BC2ECF), ref: 00007FF607BD4562
    • HeapFree.KERNEL32(?,00019001,-7F7F7F7F7F7F7F80,00007FF607BC2ECF), ref: 00007FF607BD4582
    • HeapFree.KERNEL32(?,00019001,-7F7F7F7F7F7F7F80,00007FF607BC2ECF), ref: 00007FF607BD45A2
    • HeapFree.KERNEL32(?,00019001,-7F7F7F7F7F7F7F80,00007FF607BC2ECF), ref: 00007FF607BD45BB
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 41b513648458f328718f5405d6a58631487fca2fec647ae09ce6dd5a0e759642
    • Instruction ID: ea919a73b33382d1ea6216bcc9def40a8818a2389d1cf76e706c5d5919637792
    • Opcode Fuzzy Hash: 41b513648458f328718f5405d6a58631487fca2fec647ae09ce6dd5a0e759642
    • Instruction Fuzzy Hash: 57217762B0968292FA959F22D5413B91361FF857A4F644632CE1C877D0DF3CF8A1C364
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607B4B747 Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: FreeHeap
    • String ID:
    • API String ID: 3298025750-0
    • Opcode ID: 2f1671d26b3a349ffafa142c47478c72c79ce10e2cadbda153e3bf31303b6e38
    • Instruction ID: 6a40bd23b0ae43d6f4f1e0f63dcd590f4aadde4b2da721db0ec3f7d3e2498d8b
    • Opcode Fuzzy Hash: 2f1671d26b3a349ffafa142c47478c72c79ce10e2cadbda153e3bf31303b6e38
    • Instruction Fuzzy Hash: 312130B5F08A4295F661AF2D84887BB2761FF4A754F754136C60C862D1CF3CE481E351
    Uniqueness

    Uniqueness Score: -1.00%

    Function 00007FF607C6F790 Relevance: 5.0, APIs: 4, Instructions: 17COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.1735107273.00007FF607B11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF607B10000, based on PE: true
    • Associated: 00000000.00000002.1735079951.00007FF607B10000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735235201.00007FF607CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735260080.00007FF607CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735325702.00007FF607D5E000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735350486.00007FF607D5F000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.1735378913.00007FF607D62000.00000002.00000001.01000000.00000003.sdmpDownload File
    Similarity
    • API ID: free
    • String ID:
    • API String ID: 1294909896-0
    • Opcode ID: a9c212f514e4b15f0ecee877db57ab5d3e24861c48b3a1d6bd6924132bfdb68a
    • Instruction ID: c33e5fa49f07546f2f0256a6e499db064b80f1df7452b9115824272726f487d2
    • Opcode Fuzzy Hash: a9c212f514e4b15f0ecee877db57ab5d3e24861c48b3a1d6bd6924132bfdb68a
    • Instruction Fuzzy Hash: 86D01205F2540796EF04FBB2D4510BC03A05FC5F41F692130ED0DDA642DD2CDC824380
    Uniqueness

    Uniqueness Score: -1.00%