Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report New Order.exe

Overview

General Information

Sample Name:New Order.exe
Analysis ID:321195
MD5:689357a46d00a4e9fe51ac4d82d73100
SHA1:dc5bdc1892159b46a78b15b604280781b82d8ae5
SHA256:9f8a277b32edd2d8750e81097320cc31b9089020fa5c7b91613d422a2f55da1e
Tags:exe

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Adds a directory exclusion to Windows Defender
Connects to a pastebin service (likely for C&C)
Creates an undocumented autostart registry key
Creates autostart registry keys with suspicious names
Creates multiple autostart registry keys
Drops PE files to the startup folder
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries disk information (often used to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Stores large binary data to the registry
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • New Order.exe (PID: 1428 cmdline: 'C:\Users\user\Desktop\New Order.exe' MD5: 689357A46D00A4E9FE51AC4D82D73100)
    • powershell.exe (PID: 6520 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 6824 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 6612 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 6764 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\New Order.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • New Order.exe (PID: 7040 cmdline: C:\Users\user\Desktop\New Order.exe MD5: 689357A46D00A4E9FE51AC4D82D73100)
    • WerFault.exe (PID: 1688 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 2476 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • New Order.exe (PID: 5720 cmdline: 'C:\Users\user\Desktop\New Order.exe' MD5: 689357A46D00A4E9FE51AC4D82D73100)
  • New Order.exe (PID: 6284 cmdline: 'C:\Users\user\Desktop\New Order.exe' MD5: 689357A46D00A4E9FE51AC4D82D73100)
  • New Order.exe (PID: 580 cmdline: 'C:\Users\user\Desktop\New Order.exe' MD5: 689357A46D00A4E9FE51AC4D82D73100)
  • New Order.exe (PID: 5312 cmdline: 'C:\Users\user\Desktop\New Order.exe' MD5: 689357A46D00A4E9FE51AC4D82D73100)
  • New Order.exe (PID: 5632 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' MD5: 689357A46D00A4E9FE51AC4D82D73100)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.604840237.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    Process Memory Space: New Order.exe PID: 7040JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      11.2.New Order.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

        Sigma Overview

        No Sigma rule has matched

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Multi AV Scanner detection for dropped fileShow sources
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeVirustotal: Detection: 34%Perma Link
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeReversingLabs: Detection: 27%
        Multi AV Scanner detection for submitted fileShow sources
        Source: New Order.exeVirustotal: Detection: 34%Perma Link
        Source: New Order.exeReversingLabs: Detection: 27%
        Machine Learning detection for dropped fileShow sources
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeJoe Sandbox ML: detected
        Machine Learning detection for sampleShow sources
        Source: New Order.exeJoe Sandbox ML: detected
        Source: 11.2.New Order.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8

        Networking:

        barindex
        Connects to a pastebin service (likely for C&C)Show sources
        Source: unknownDNS query: name: pastebin.com
        Source: unknownDNS query: name: pastebin.com
        Source: unknownDNS query: name: pastebin.com
        Source: unknownDNS query: name: pastebin.com
        Source: unknownDNS query: name: pastebin.com
        Source: unknownDNS query: name: pastebin.com
        Source: Joe Sandbox ViewIP Address: 104.23.98.190 104.23.98.190
        Source: Joe Sandbox ViewIP Address: 104.23.98.190 104.23.98.190
        Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
        Source: unknownDNS traffic detected: queries for: pastebin.com
        Source: powershell.exe, 00000007.00000003.448132179.0000000007E4C000.00000004.00000001.sdmpString found in binary or memory: http://crl.micro
        Source: New Order.exe, 0000000B.00000002.604840237.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot%telegramapi%/
        Source: New Order.exe, 0000000B.00000002.604840237.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443

        System Summary:

        barindex
        Initial sample is a PE file and has a suspicious nameShow sources
        Source: initial sampleStatic PE information: Filename: New Order.exe
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_0310807A3_2_0310807A
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_031064F03_2_031064F0
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_03100EF83_2_03100EF8
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_0311E34A3_2_0311E34A
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_0311C3803_2_0311C380
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_031150C53_2_031150C5
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_0311A7583_2_0311A758
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_0311CEF13_2_0311CEF1
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_0311C3703_2_0311C370
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_031121183_2_03112118
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_031136103_2_03113610
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_0311EA603_2_0311EA60
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_03156F783_2_03156F78
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_03157F603_2_03157F60
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_033567405_2_03356740
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_0335AEE85_2_0335AEE8
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_033555385_2_03355538
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00CB7A107_2_00CB7A10
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00CB9E987_2_00CB9E98
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00CEC8F87_2_00CEC8F8
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00CE24507_2_00CE2450
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00CE58E57_2_00CE58E5
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00CE39F07_2_00CE39F0
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00CEB9037_2_00CEB903
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00CEEDE87_2_00CEEDE8
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00CE3EA87_2_00CE3EA8
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_02DB83D27_2_02DB83D2
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_02DB06607_2_02DB0660
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_02DD6ED07_2_02DD6ED0
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_02DD7F607_2_02DD7F60
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_009039C09_2_009039C0
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_009099E09_2_009099E0
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_009052889_2_00905288
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00901AA09_2_00901AA0
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_0090A2709_2_0090A270
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00905BC09_2_00905BC0
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00904C089_2_00904C08
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00900C489_2_00900C48
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_009242989_2_00924298
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_009968309_2_00996830
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_009900409_2_00990040
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_009987C29_2_009987C2
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_0092CA619_2_0092CA61
        Source: C:\Users\user\Desktop\New Order.exeCode function: 11_2_00B429A311_2_00B429A3
        Source: C:\Users\user\Desktop\New Order.exeCode function: 11_2_00B689BE11_2_00B689BE
        Source: C:\Users\user\Desktop\New Order.exeCode function: 11_2_00B35B9611_2_00B35B96
        Source: C:\Users\user\Desktop\New Order.exeCode function: 11_2_00B4A14E11_2_00B4A14E
        Source: C:\Users\user\Desktop\New Order.exeCode function: 15_2_00CB29A315_2_00CB29A3
        Source: C:\Users\user\Desktop\New Order.exeCode function: 15_2_00CBA14E15_2_00CBA14E
        Source: C:\Users\user\Desktop\New Order.exeCode function: 15_2_00CA5B9615_2_00CA5B96
        Source: C:\Users\user\Desktop\New Order.exeCode function: 15_2_00CD89BE15_2_00CD89BE
        Source: C:\Users\user\Desktop\New Order.exeCode function: 19_2_00AA29A319_2_00AA29A3
        Source: C:\Users\user\Desktop\New Order.exeCode function: 19_2_00AC89BE19_2_00AC89BE
        Source: C:\Users\user\Desktop\New Order.exeCode function: 19_2_00AAA14E19_2_00AAA14E
        Source: C:\Users\user\Desktop\New Order.exeCode function: 19_2_00A95B9619_2_00A95B96
        Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 2476
        Source: New Order.exe, 0000000B.00000002.604840237.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameffec eef.exe2 vs New Order.exe
        Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: sfc.dll
        Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: phoneinfo.dll
        Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: ext-ms-win-xblauth-console-l1.dll
        Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: ext-ms-win-xblauth-console-l1.dll
        Source: classification engineClassification label: mal100.troj.adwa.evad.winEXE@21/19@8/1
        Source: C:\Users\user\Desktop\New Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6608:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6600:120:WilError_01
        Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1428
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6756:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6488:120:WilError_01
        Source: C:\Users\user\Desktop\New Order.exeFile created: C:\Users\user\AppData\Local\Temp\ddb36c97-004c-420f-a997-52c61e1b898aJump to behavior
        Source: New Order.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\New Order.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\New Order.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\New Order.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\New Order.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\New Order.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\New Order.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
        Source: C:\Users\user\Desktop\New Order.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: New Order.exeVirustotal: Detection: 34%
        Source: New Order.exeReversingLabs: Detection: 27%
        Source: C:\Users\user\Desktop\New Order.exeFile read: C:\Users\user\Desktop\New Order.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\New Order.exe 'C:\Users\user\Desktop\New Order.exe'
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -Force
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -Force
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -Force
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\New Order.exe' -Force
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\Desktop\New Order.exe C:\Users\user\Desktop\New Order.exe
        Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 2476
        Source: unknownProcess created: C:\Users\user\Desktop\New Order.exe 'C:\Users\user\Desktop\New Order.exe'
        Source: unknownProcess created: C:\Users\user\Desktop\New Order.exe 'C:\Users\user\Desktop\New Order.exe'
        Source: unknownProcess created: C:\Users\user\Desktop\New Order.exe 'C:\Users\user\Desktop\New Order.exe'
        Source: unknownProcess created: C:\Users\user\Desktop\New Order.exe 'C:\Users\user\Desktop\New Order.exe'
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe'
        Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\New Order.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Users\user\Desktop\New Order.exe C:\Users\user\Desktop\New Order.exeJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\Desktop\New Order.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: New Order.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: New Order.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
        Source: New Order.exeStatic file information: File size 3756032 > 1048576
        Source: New Order.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x394c00
        Source: New Order.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: .pdb'x source: New Order.exe, 0000000F.00000002.699224401.00000000011C9000.00000004.00000001.sdmp
        Source: Binary string: (PmjLC:\Windows\Microsoft.VisualBasic.pdb source: New Order.exe, 0000000F.00000002.699224401.00000000011C9000.00000004.00000001.sdmp
        Source: Binary string: New Order.PDB- source: New Order.exe, 0000000F.00000002.699224401.00000000011C9000.00000004.00000001.sdmp
        Source: Binary string: npxjVisualBasic.pdbD source: New Order.exe, 0000000F.00000002.699224401.00000000011C9000.00000004.00000001.sdmp
        Source: Binary string: C:\Users\user\Desktop\New Order.PDB source: New Order.exe, 0000000F.00000002.699224401.00000000011C9000.00000004.00000001.sdmp
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_031017EA push eax; mov dword ptr [esp], edx3_2_031017FC
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_03105ACF push eax; mov dword ptr [esp], edx3_2_03105AE4
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_0311BB40 push esp; retf 3_2_0311BB41
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_03114F08 push esp; iretd 3_2_03114F15
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_031537E2 push cs; iretd 3_2_031537EF
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_03155D5A push eax; mov dword ptr [esp], edx3_2_03155D6C
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_03350610 push eax; mov dword ptr [esp], edx5_2_03350624
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00CEDF1B push ss; iretd 7_2_00CEDF1C
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_02DB5025 pushfd ; iretd 7_2_02DB5029
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_02DB1A71 push eax; mov dword ptr [esp], edx7_2_02DB1A74
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_02DB1B08 pushad ; iretd 7_2_02DB1B09
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_02DB1888 push eax; retf 7_2_02DB1889
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_02DB5E21 push eax; mov dword ptr [esp], edx7_2_02DB5E24
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_02DD5D30 push eax; mov dword ptr [esp], edx7_2_02DD5D64
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_0090441E push 8B0577A7h; iretd 9_2_00904423
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00924074 push es; retf 9_2_00924087
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00927371 push es; ret 9_2_00927380
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_009274C1 push es; ret 9_2_009274D0
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_009265B0 push es; ret 9_2_009265C0
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00996217 push eax; mov dword ptr [esp], edx9_2_0099622C
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00990F05 push eax; mov dword ptr [esp], edx9_2_00990F3C
        Source: C:\Users\user\Desktop\New Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeJump to dropped file

        Boot Survival:

        barindex
        Creates an undocumented autostart registry key Show sources
        Source: C:\Users\user\Desktop\New Order.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon shellJump to behavior
        Creates autostart registry keys with suspicious namesShow sources
        Source: C:\Users\user\Desktop\New Order.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run <Unknown>Jump to behavior
        Creates multiple autostart registry keysShow sources
        Source: C:\Users\user\Desktop\New Order.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run <Unknown>Jump to behavior
        Source: C:\Users\user\Desktop\New Order.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run New Order.exeJump to behavior
        Drops PE files to the startup folderShow sources
        Source: C:\Users\user\Desktop\New Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeJump to dropped file
        Source: C:\Users\user\Desktop\New Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe\:Zone.Identifier:$DATAJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run <Unknown>Jump to behavior
        Source: C:\Users\user\Desktop\New Order.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run <Unknown>Jump to behavior
        Source: C:\Users\user\Desktop\New Order.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run New Order.exeJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run New Order.exeJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
        Source: C:\Windows\SysWOW64\WerFault.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363} DeviceTicket
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion:

        barindex
        Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
        Source: C:\Users\user\Desktop\New Order.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
        Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
        Source: C:\Users\user\Desktop\New Order.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
        Source: C:\Users\user\Desktop\New Order.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
        Source: C:\Users\user\Desktop\New Order.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
        Source: C:\Users\user\Desktop\New Order.exeFile opened / queried: C:\WINDOWS\SysWOW64\drivers\vmmouse.sysJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: IdentifierJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeFile opened / queried: C:\WINDOWS\SysWOW64\drivers\vmhgfs.sysJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeFile opened / queried: C:\WINDOWS\SysWOW64\drivers\VBoxMouse.sysJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
        Source: C:\Users\user\Desktop\New Order.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum name: 0Jump to behavior
        Source: C:\Users\user\Desktop\New Order.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\New Order.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 840Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 717Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 560Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 525Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 351Jump to behavior
        Source: C:\Users\user\Desktop\New Order.exeWindow / User API: threadDelayed 419
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6712Thread sleep count: 840 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6788Thread sleep count: 312 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3164Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5416Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5416Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6868Thread sleep count: 351 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6868Thread sleep count: 250 > 30Jump to behavior
        Source: C:\Users\user\Desktop\New Order.exe TID: 3312Thread sleep time: -2767011611056431s >= -30000s
        Source: C:\Users\user\Desktop\New Order.exe TID: 7096Thread sleep count: 76 > 30
        Source: C:\Users\user\Desktop\New Order.exe TID: 7096Thread sleep count: 419 > 30
        Source: C:\Users\user\Desktop\New Order.exe TID: 3312Thread sleep time: -30000s >= -30000s
        Source: C:\Windows\SysWOW64\WerFault.exeFile opened: PhysicalDrive0
        Source: C:\Users\user\Desktop\New Order.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\user\Desktop\New Order.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\New Order.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00CBA230 GetSystemInfo,7_2_00CBA230
        Source: New Order.exe, 0000001A.00000002.696829642.0000000000FE1000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: WerFault.exe, 0000000E.00000002.510827492.0000000000756000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
        Source: New Order.exe, 0000001A.00000002.696829642.0000000000FE1000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK
        Source: WerFault.exe, 0000000E.00000002.509765532.0000000000729000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW0}v%SystemRoot%\system32\mswsock.dllid" val=p
        Source: WerFault.exe, 0000000E.00000002.510827492.0000000000756000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWYam
        Source: C:\Users\user\Desktop\New Order.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging:

        barindex
        Hides threads from debuggersShow sources
        Source: C:\Users\user\Desktop\New Order.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess token adjusted: Debug
        Source: C:\Windows\SysWOW64\WerFault.exeProcess token adjusted: Debug
        Source: C:\Users\user\Desktop\New Order.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Adds a directory exclusion to Windows DefenderShow sources
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -Force
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -Force
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -Force
        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\New Order.exe' -Force
        Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\New Order.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\New Order.exe' -ForceJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Users\user\Desktop\New Order.exe C:\Users\user\Desktop\New Order.exeJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Users\user\Desktop\New Order.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Users\user\Desktop\New Order.exe VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Users\user\Desktop\New Order.exe VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Users\user\Desktop\New Order.exe VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Users\user\Desktop\New Order.exe VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Users\user\Desktop\New Order.exe VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe VolumeInformation
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
        Source: C:\Users\user\Desktop\New Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected AgentTeslaShow sources
        Source: Yara matchFile source: 0000000B.00000002.604840237.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: New Order.exe PID: 7040, type: MEMORY
        Source: Yara matchFile source: 11.2.New Order.exe.400000.0.unpack, type: UNPACKEDPE

        Remote Access Functionality:

        barindex
        Yara detected AgentTeslaShow sources
        Source: Yara matchFile source: 0000000B.00000002.604840237.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: New Order.exe PID: 7040, type: MEMORY
        Source: Yara matchFile source: 11.2.New Order.exe.400000.0.unpack, type: UNPACKEDPE

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsWindows Management Instrumentation321Startup Items1Startup Items1Masquerading1OS Credential DumpingQuery Registry1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumWeb Service1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobRegistry Run Keys / Startup Folder421Process Injection11Modify Registry1LSASS MemorySecurity Software Discovery451Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothEncrypted Channel12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)DLL Side-Loading1Registry Run Keys / Startup Folder421Virtualization/Sandbox Evasion37Security Account ManagerVirtualization/Sandbox Evasion37SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)DLL Side-Loading1Disable or Modify Tools11NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection11LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing1DCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobDLL Side-Loading1Proc FilesystemSystem Information Discovery134Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 321195 Sample: New Order.exe Startdate: 20/11/2020 Architecture: WINDOWS Score: 100 42 pastebin.com 2->42 44 g.msn.com 2->44 48 Multi AV Scanner detection for dropped file 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 Yara detected AgentTesla 2->52 56 8 other signatures 2->56 8 New Order.exe 24 6 2->8         started        13 New Order.exe 2->13         started        15 New Order.exe 2->15         started        17 3 other processes 2->17 signatures3 54 Connects to a pastebin service (likely for C&C) 42->54 process4 dnsIp5 46 pastebin.com 104.23.98.190, 443, 49731, 49759 CLOUDFLARENETUS United States 8->46 38 C:\Users\user\AppData\...38ew Order.exe, PE32 8->38 dropped 40 C:\Users\...40ew Order.exe:Zone.Identifier, ASCII 8->40 dropped 58 Creates an undocumented autostart registry key 8->58 60 Creates autostart registry keys with suspicious names 8->60 62 Creates multiple autostart registry keys 8->62 64 2 other signatures 8->64 19 WerFault.exe 8->19         started        22 powershell.exe 12 8->22         started        24 powershell.exe 8 8->24         started        26 3 other processes 8->26 file6 signatures7 process8 file9 36 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 19->36 dropped 28 conhost.exe 22->28         started        30 conhost.exe 24->30         started        32 conhost.exe 26->32         started        34 conhost.exe 26->34         started        process10

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        New Order.exe35%VirustotalBrowse
        New Order.exe27%ReversingLabs
        New Order.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe100%Joe Sandbox ML
        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe35%VirustotalBrowse
        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe27%ReversingLabs

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        11.2.New Order.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://crl.micro0%URL Reputationsafe
        http://crl.micro0%URL Reputationsafe
        http://crl.micro0%URL Reputationsafe
        http://crl.micro0%URL Reputationsafe
        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        pastebin.com
        		104.23.98.190
        		truefalse
          		high
          g.msn.com
          		unknown
          		unknownfalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://crl.micropowershell.exe, 00000007.00000003.448132179.0000000007E4C000.00000004.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            https://api.telegram.org/bot%telegramapi%/New Order.exe, 0000000B.00000002.604840237.0000000000402000.00000040.00000001.sdmpfalse
              		high
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipNew Order.exe, 0000000B.00000002.604840237.0000000000402000.00000040.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown

              Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public

              IPDomainCountryFlagASNASN NameMalicious
              104.23.98.190
              		unknownUnited States
              		13335CLOUDFLARENETUSfalse

              General Information

              Joe Sandbox Version:31.0.0 Red Diamond
              Analysis ID:321195
              Start date:20.11.2020
              Start time:15:34:25
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 14m 43s
              Hypervisor based Inspection enabled:false
              Report type:full
              Sample file name:New Order.exe
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
              Number of analysed new started processes analysed:33
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • HDC enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal100.troj.adwa.evad.winEXE@21/19@8/1
              EGA Information:Failed
              HDC Information:Failed
              HCA Information:
              • Successful, ratio: 99%
              • Number of executed functions: 325
              • Number of non-executed functions: 10
              Cookbook Comments:
              • Adjust boot time
              • Enable AMSI
              • Found application associated with file extension: .exe
              Warnings:
              Show All
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
              • Excluded IPs from analysis (whitelisted): 13.88.21.125, 52.147.198.201, 40.88.32.150, 51.104.139.180, 8.253.204.121, 8.253.95.121, 8.241.123.254, 8.248.113.254, 8.241.9.254, 51.103.5.186, 52.155.217.156, 20.54.26.129, 52.142.114.176, 92.122.213.247, 92.122.213.194, 52.255.188.83, 92.122.144.200
              • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, wns.notify.windows.com.akadns.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, g-msn-com-nsatc.trafficmanager.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, par02p.wns.notify.windows.com.akadns.net, emea1.notify.windows.com.akadns.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, db3p-ris-pf-prod-atm.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, umwatsonrouting.trafficmanager.net, skypedataprdcoleus17.cloudapp.net, skypedataprdcolwus15.cloudapp.net
              • Report creation exceeded maximum time and may have missing disassembly code information.
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              15:35:45AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run <Unknown> C:\Users\user\Desktop\New Order.exe
              15:35:54AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run New Order.exe C:\Users\user\Desktop\New Order.exe
              15:36:02AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run <Unknown> C:\Users\user\Desktop\New Order.exe
              15:36:11AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run New Order.exe C:\Users\user\Desktop\New Order.exe
              15:36:20AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe
              15:36:36API Interceptor1x Sleep call for process: WerFault.exe modified
              15:36:51API Interceptor243x Sleep call for process: New Order.exe modified
              15:37:07API Interceptor56x Sleep call for process: powershell.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              104.23.98.190b095b966805abb7df4ffddf183def880.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              E1Q0TjeN32.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              6YCl3ATKJw.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              Hjnb15Nuc3.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              JDgYMW0LHW.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              4av8Sn32by.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              5T4Ykc0VSK.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              afvhKak0Ir.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              T6OcyQsUsY.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              1KITgJnGbI.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              PxwWcmbMC5.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              XnAJZR4NcN.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              PbTwrajNMX.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              22NO7gVJ7r.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              rE7DwszvrX.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              VjPHSJkwr6.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              wf86K0dpOP.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              VrR9J0FnSG.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              6C1MYmrVl1.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0
              aTZQZVVriQ.exeGet hashmaliciousBrowse
              • pastebin.com/raw/XMKKNkb0

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              pastebin.com23prRlqeGr.exeGet hashmaliciousBrowse
              • 104.23.98.190
              BT2wDapfoI.exeGet hashmaliciousBrowse
              • 104.23.98.190
              23692 ANRITSU PROBE po 29288.exeGet hashmaliciousBrowse
              • 104.23.99.190
              PO #5618896.gz.exeGet hashmaliciousBrowse
              • 104.23.98.190
              ShippingDoc.jarGet hashmaliciousBrowse
              • 104.23.98.190
              a66a5257bb6ee2e690450c48a91815d4.exeGet hashmaliciousBrowse
              • 104.23.99.190
              Status____201711.gz.exeGet hashmaliciousBrowse
              • 104.23.98.190
              b095b966805abb7df4ffddf183def880.exeGet hashmaliciousBrowse
              • 104.23.98.190
              aguhvLvn.exeGet hashmaliciousBrowse
              • 104.23.98.190
              http://151.80.37.64/exploit/description/34365Get hashmaliciousBrowse
              • 104.23.99.190
              order2020.PDF.exeGet hashmaliciousBrowse
              • 104.23.98.190
              web ori2.exeGet hashmaliciousBrowse
              • 104.23.99.190
              Payment Confirmation NOV-85869983TGTTAS.exeGet hashmaliciousBrowse
              • 104.23.99.190
              7fYoHeaCBG.exeGet hashmaliciousBrowse
              • 104.23.99.190
              DETALLE DE PAGO.exeGet hashmaliciousBrowse
              • 104.23.99.190
              E1Q0TjeN32.exeGet hashmaliciousBrowse
              • 104.23.98.190
              O9f3XKg5N7.exeGet hashmaliciousBrowse
              • 104.23.99.190
              6YCl3ATKJw.exeGet hashmaliciousBrowse
              • 104.23.98.190
              r0QRptqiCl.exeGet hashmaliciousBrowse
              • 104.23.99.190
              Hjnb15Nuc3.exeGet hashmaliciousBrowse
              • 104.23.98.190

              ASN

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              CLOUDFLARENETUShttps://eagleeyeproduce-my.sharepoint.com/:o:/p/mckrayp/EtopxtQDn3pOqhvY4g_gG3ABKX9ornSoGNhGOLlXyaU89Q?e=Ee0wW2Get hashmaliciousBrowse
              • 104.16.19.94
              https://certified1.box.com/s/2ta9r7cyn5g09fblryd9xqqpnfxbjqejGet hashmaliciousBrowse
              • 104.16.19.94
              Report.464129889.docGet hashmaliciousBrowse
              • 104.28.21.160
              SecuriteInfo.com.Trojan.PWS.StealerNET.67.29498.exeGet hashmaliciousBrowse
              • 104.28.29.208
              http://s1022.t.en25.com/e/er?s=1022&lid=2184&elqTrackId=BEDFF87609C7D9DEAD041308DD8FFFB8&lb_email=bkirwer%40farbestfoods.com&elq=b095bd096fb54161953a2cf8316b5d13&elqaid=3115&elqat=1Get hashmaliciousBrowse
              • 104.18.27.190
              https://ubereats.app.link/cwmLFZfMz5?%243p=a_custom_354088&%24deeplink_path=promo%2Fapply%3FpromoCode%3DRECONFORT7&%24desktop_url=tracking.spectrumemp.com/el?aid=8feeb968-bdd0-11e8-b27f-22000be0a14e&rid=50048635&pid=285843&cid=513&dest=overlordscan.com/cmV0by5tZXR6bGVyQGlzb2x1dGlvbnMuY2g=%23#kkowfocjoyuynaip#Get hashmaliciousBrowse
              • 104.24.97.83
              https://hastebin.com/raw/xatuvoxixaGet hashmaliciousBrowse
              • 104.24.126.89
              https://bit.ly/35MTO80Get hashmaliciousBrowse
              • 104.31.69.156
              Order List.xlsxGet hashmaliciousBrowse
              • 104.24.122.89
              USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXEGet hashmaliciousBrowse
              • 162.159.133.233
              Request for quotation.xlsxGet hashmaliciousBrowse
              • 172.67.181.41
              MV TBN.exeGet hashmaliciousBrowse
              • 104.28.5.151
              PO 20-11-2020.ppsGet hashmaliciousBrowse
              • 172.67.22.135
              Quotation ATB-PR28500KINH.exeGet hashmaliciousBrowse
              • 1.1.1.1
              23prRlqeGr.exeGet hashmaliciousBrowse
              • 104.23.98.190
              RFQ-HSO-76411758-1.jarGet hashmaliciousBrowse
              • 104.20.23.46
              RFQ-HSO-76411758-1.jarGet hashmaliciousBrowse
              • 104.20.22.46
              iG9YiwEMru.exeGet hashmaliciousBrowse
              • 104.27.132.115
              Avion Quotation Request.docGet hashmaliciousBrowse
              • 104.22.54.159
              SUSPENSION LETTER ON SIM SWAP.pdf.exeGet hashmaliciousBrowse
              • 172.67.131.55

              JA3 Fingerprints

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              54328bd36c14bd82ddaa0c04b25ed9adMV TBN.exeGet hashmaliciousBrowse
              • 104.23.98.190
              23prRlqeGr.exeGet hashmaliciousBrowse
              • 104.23.98.190
              SUSPENSION LETTER ON SIM SWAP.pdf.exeGet hashmaliciousBrowse
              • 104.23.98.190
              BT2wDapfoI.exeGet hashmaliciousBrowse
              • 104.23.98.190
              Bank SWIFT Advice_pdf.exeGet hashmaliciousBrowse
              • 104.23.98.190
              Purchase_Order_11_19_20.exeGet hashmaliciousBrowse
              • 104.23.98.190
              Proforma Invoice.xlsGet hashmaliciousBrowse
              • 104.23.98.190
              1099008FEDEX_090887766.xlsGet hashmaliciousBrowse
              • 104.23.98.190
              quotation_0087210_pdf.exeGet hashmaliciousBrowse
              • 104.23.98.190
              23692 ANRITSU PROBE po 29288.exeGet hashmaliciousBrowse
              • 104.23.98.190
              PO #5618896.gz.exeGet hashmaliciousBrowse
              • 104.23.98.190
              bGtm3bQKUj.exeGet hashmaliciousBrowse
              • 104.23.98.190
              https://greatdownloadplace.net/estate/formated/xlsc/Setup_v177.exeGet hashmaliciousBrowse
              • 104.23.98.190
              BlueJeansInstaller.exeGet hashmaliciousBrowse
              • 104.23.98.190
              JmuEmJ4T4r5bc8S.exeGet hashmaliciousBrowse
              • 104.23.98.190
              List Of Orders.exeGet hashmaliciousBrowse
              • 104.23.98.190
              Status____201711.gz.exeGet hashmaliciousBrowse
              • 104.23.98.190
              Documento relativo al carico e alla spedizione del cliente_italy2020.exeGet hashmaliciousBrowse
              • 104.23.98.190
              b095b966805abb7df4ffddf183def880.exeGet hashmaliciousBrowse
              • 104.23.98.190
              SIN029088.xlsGet hashmaliciousBrowse
              • 104.23.98.190

              Dropped Files

              No context

              Created / dropped Files

              C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_New Order.exe_f5a230c79de9a71bf07561ca332f5bc9c4cbd_65f4d1e6_06c06390\Report.wer
              Process:C:\Windows\SysWOW64\WerFault.exe
              File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
              Category:dropped
              Size (bytes):6684
              Entropy (8bit):3.7283570594197863
              Encrypted:false
              SSDEEP:96:14tDZhr9p6PTbMlHHxpLUpXItc/NZAXGng5FMTPSkvPkpXmTAafnVXT5Ur9BUhTD:+h5EWmo/u7slS274ItqBl
              MD5:2C2585FD3E5C123F47FA63FB3E25A0F6
              SHA1:4F0FE002607C168882ACE7AD1CAE8393BBADD606
              SHA-256:6542D4AD7F3B826CB16C17115F022CBAB83B261D87950A165F10FE0F2E2445E1
              SHA-512:7A08011D26EBA72C2C409345F6502337743173EC93CFD6DBAA4FD67D1387D23EABDAD0E74D72828CC7B5E223548664F666A405DCD46CF21961615039C19220C1
              Malicious:true
              Reputation:low
              Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.0.3.8.8.9.5.5.8.7.8.6.3.1.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.0.3.8.8.9.9.3.5.6.5.9.5.6.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.5.6.6.5.2.8.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.7.1.9.4.7.7.d.-.8.c.a.a.-.4.b.0.1.-.b.b.a.4.-.e.6.3.f.c.a.b.c.d.7.d.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.2.6.7.4.a.5.7.-.3.b.3.b.-.4.f.f.5.-.9.4.1.a.-.1.d.2.5.3.4.d.5.5.6.d.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.N.e.w. .O.r.d.e.r...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.5.9.4.-.0.0.0.1.-.0.0.1.7.-.b.a.9.d.-.4.a.c.e.9.5.b.f.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.d.4.f.8.5.4.1.1.3.b.7.9.9.d.5.c.e.a.b.4.0.b.4.8.c.9.b.7.d.c.3.0.0.0.0.f.f.f.f.!.0.0.0.0.d.c.5.b.d.c.1.8.9.2.1.5.9.b.4.6.a.7.8.b.1.5.b.6.0.4.2.8.0.7.8.1.b.8.2.d.8.a.e.5.!.N.e.w. .O.r.d.e.r...e.x.e.....T.a.r.g.e.t.A.p.p.
              C:\ProgramData\Microsoft\Windows\WER\Temp\WERD5F8.tmp.WERInternalMetadata.xml
              Process:C:\Windows\SysWOW64\WerFault.exe
              File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
              Category:dropped
              Size (bytes):7974
              Entropy (8bit):3.69132242435665
              Encrypted:false
              SSDEEP:192:Rrl7r3GLNile6vY6YJBSUIEXigmfZDSGw8CprS89bF2sfuXm:RrlsNis6A6Y/SUIEXigmfNStFVff
              MD5:3B9FAE55CF5EA3932115E628C3C70C71
              SHA1:1D527CFEDC65D9D6CE6D851CBF345D84117D03D4
              SHA-256:15F2F3C1A4AB232D56130136B01056E76796249177A297E4B4EA4CDBB61D2AEE
              SHA-512:18BBBF81E55A02661DF0A99D570C48F439F5F7DD49729176C7E7ABB5E2E744F5AE22643B74DFA5FEE0B47AA670FB4869C1E66CBA8CA7910D7137B26EEFEC6F10
              Malicious:false
              Reputation:low
              Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.4.2.8.<./.P.i.d.>.......
              C:\ProgramData\Microsoft\Windows\WER\Temp\WERE53B.tmp.xml
              Process:C:\Windows\SysWOW64\WerFault.exe
              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):4680
              Entropy (8bit):4.450945953131055
              Encrypted:false
              SSDEEP:48:cvIwSD8zsZJgtWI9nzzHWSC8BG8fm8M4JxOFFaq+q8vxO0lHCvLbd:uITfrk6SNxJ+KblHCvLbd
              MD5:2FC6EC8140614D1EE54AAE6E28B8FB29
              SHA1:672ED993BC32B617E5384359B7CFF7B1F0755165
              SHA-256:F4824912397A203272369B256FFAACAEEF884ABCC968B1E3977D5211B36A561F
              SHA-512:44890FDB20EFF7CB854474B9D92A66B8C437B874CB970EA6BD35BCAD9C3F0E7675733F68C2D967AA401B3B4541569E2E3035411C751B30CB2172F661895D69CF
              Malicious:false
              Reputation:low
              Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="737806" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:data
              Category:modified
              Size (bytes):698
              Entropy (8bit):5.049094101509586
              Encrypted:false
              SSDEEP:12:reVGyMYx2Y5BYtmWNUc5AtYX5E4a2KryMYGH+ptsxptsOtw9O9S8:reUyMGF5ytmLcetYX5E2KryMb+zsxzsk
              MD5:B0CEEA53B3467F59FD8E87F80213BDE9
              SHA1:D9E6D1CBB480E7248658DF935648DFA733745602
              SHA-256:D9C93CB64E6F1F5BDC94581CEEA99F759EE1E35716EAF623C61962EA0152F9DD
              SHA-512:DDAA6C9FA3535B4926C60B692F8E202D10EB160D1F8BE7A9DE79239EF75AFD470403DF1D8F0CBF29A5F819E907D02E8E656BB9A52E71E30D9259987EAE881655
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview: PSMODULECACHE......w.e...a...C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1........Set-PackageSource........Unregister-PackageSource........Get-PackageSource........Install-Package........Save-Package........Get-Package........Find-Package........Install-PackageProvider........Import-PackageProvider........Get-PackageProvider........Register-PackageSource........Uninstall-Package........Find-PackageProvider........D..8.......C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.psd1........Get-OperationValidation........Invoke-OperationValidation........
              C:\Users\user\AppData\Local\Temp\WERC628.tmp.WERDataCollectionStatus.txt
              Process:C:\Windows\SysWOW64\WerFault.exe
              File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
              Category:dropped
              Size (bytes):4894
              Entropy (8bit):3.2694451486441247
              Encrypted:false
              SSDEEP:96:pwpIiEkXkkX8k+1uWm0Qz0QF0Qgds0QXz0Qb0Qa3SgLXWdszeuzSzbxGQI5OmYsk:p5lNTuSl0oeyOkNfQ
              MD5:C1113E8E1C4E3AB2C3A4EDE41FF2E39A
              SHA1:CD478057635929CA69FC4FCA8A67DD290E4B41F1
              SHA-256:2940E2EC1C4D0D9B730FB6A41E75A626FC6D8D8F07A1F733B3E4E8C8C228CDFF
              SHA-512:9E8FD863ACE83534BFB589BEFC9BB921D6D8277597842ABF76FCC0F141997616599A09D722C949545E75B3AFD555E2B1D9FD866B91F73597A396E0D51AF30307
              Malicious:false
              Preview: ......S.n.a.p.s.h.o.t. .s.t.a.t.i.s.t.i.c.s.:.....-. .S.i.g.n.a.t.u.r.e. . . . . . . . . . . . . . . . .:. .P.S.S.D.......-. .F.l.a.g.s./.C.a.p.t.u.r.e.F.l.a.g.s. . . . . . . .:. .0.0.0.0.0.0.0.1./.d.0.0.0.3.9.f.f.......-. .A.u.x. .p.a.g.e.s. . . . . . . . . . . . . . . . .:. .1. .e.n.t.r.i.e.s. .l.o.n.g.......-. .V.A. .s.p.a.c.e. .s.t.r.e.a.m. . . . . . . . . . .:. .1.3.0.4.2.4. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .H.a.n.d.l.e. .t.r.a.c.e. .s.t.r.e.a.m. . . . . . .:. .0. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .H.a.n.d.l.e. .s.t.r.e.a.m. . . . . . . . . . . . .:. .6.6.4.9.4. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .T.h.r.e.a.d.s. . . . . . . . . . . . . . . . . . .:. .1.8. .t.h.r.e.a.d.s.......-. .T.h.r.e.a.d. .s.t.r.e.a.m. . . . . . . . . . . . .:. .1.2.0.9.6. .b.y.t.e.s. .i.n. .s.i.z.e...........S.n.a.p.s.h.o.t. .p.e.r.f.o.r.m.a.n.c.e. .c.o.u.n.t.e.r.s.:.....-. .T.o.t.a.l.C.y.c.l.e.C.o.u.n.t. . . . . . . . . . .:. .2.6.7.9.7.5.1.6.4. .c.y.c.l.e.s.......-. .V.a.C.l.o.n.e.C.y.c.l.e.C.o.u.n.t.
              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2bstbykx.syk.psm1
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:U:U
              MD5:C4CA4238A0B923820DCC509A6F75849B
              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
              Malicious:false
              Preview: 1
              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3bliep4j.bin.psm1
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:U:U
              MD5:C4CA4238A0B923820DCC509A6F75849B
              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
              Malicious:false
              Preview: 1
              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_chqdqdxi.uqm.psm1
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:U:U
              MD5:C4CA4238A0B923820DCC509A6F75849B
              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
              Malicious:false
              Preview: 1
              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d3vsr3um.4sq.ps1
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:U:U
              MD5:C4CA4238A0B923820DCC509A6F75849B
              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
              Malicious:false
              Preview: 1
              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ewiel5mn.hui.ps1
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:U:U
              MD5:C4CA4238A0B923820DCC509A6F75849B
              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
              Malicious:false
              Preview: 1
              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hty5fodu.olo.ps1
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:U:U
              MD5:C4CA4238A0B923820DCC509A6F75849B
              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
              Malicious:false
              Preview: 1
              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pdthudso.jij.ps1
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:U:U
              MD5:C4CA4238A0B923820DCC509A6F75849B
              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
              Malicious:false
              Preview: 1
              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_plhi2hju.0rn.psm1
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:very short file (no magic)
              Category:dropped
              Size (bytes):1
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:3:U:U
              MD5:C4CA4238A0B923820DCC509A6F75849B
              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
              Malicious:false
              Preview: 1
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe
              Process:C:\Users\user\Desktop\New Order.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):3756032
              Entropy (8bit):5.137264171676077
              Encrypted:false
              SSDEEP:98304:JsecZvSutK+2OgmdV2iyxjNTmtjuMV2XyjzKw:eNh9oNTm9
              MD5:689357A46D00A4E9FE51AC4D82D73100
              SHA1:DC5BDC1892159B46A78B15B604280781B82D8AE5
              SHA-256:9F8A277B32EDD2D8750E81097320CC31B9089020FA5C7B91613D422A2F55DA1E
              SHA-512:3F3EC2FA1CF2BA33C4E221A358E1EFEC82313A80D8BEE3F1EBBB0FBA17051BA92CF274EF23CC4CF134537C0F3A8D22C1EFB478B6461F4B84AFF422DC2AD44F66
              Malicious:true
              Antivirus:
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: Virustotal, Detection: 35%, Browse
              • Antivirus: ReversingLabs, Detection: 27%
              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O._.................L9..........j9.. ....9...@.. ........................9...........@.................................`j9.K.............................9...................................................... ............... ..H............text....J9.. ...L9................. ..`.reloc........9......N9.............@..B.........................................................j9.....H.......x.8.............................................................*..(....*...0..3$8..... .........% .....M.% .....Z.% .... .....% ......% ......% ......% ......% ......% ......% ......% ......% ......% .... .....% .... .....% ......% ......% .... .....% ......% ......% ......% ......% ......% ......% ......% .....@.% ......% ......% ......% ......% ......% ......% ......% .....% !.....% ".....% #.....% $.....% %.....% &.....% '.....% (.....% ).....% *.....% +.....% ,
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe:Zone.Identifier
              Process:C:\Users\user\Desktop\New Order.exe
              File Type:ASCII text, with CRLF line terminators
              Category:modified
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:true
              Preview: [ZoneTransfer]....ZoneId=0
              C:\Users\user\Documents\20201120\PowerShell_transcript.585948.3UB+MGH5.20201120153545.txt
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
              Category:dropped
              Size (bytes):741
              Entropy (8bit):5.350430975598896
              Encrypted:false
              SSDEEP:12:57DtSA6N47bv3fBbBB5oizx2DOzzUjjIneSuL+HSuVM1t21SWoWtPw6jewGxMKjB:BxSAx7vBVLHzx2DOXUWeSuLbuVMwSWXc
              MD5:25B7C3AB84A67DEB88FCB59E1D76EA69
              SHA1:15846219734D8CF6937D81E2D7C1E571618F81CB
              SHA-256:E8D6602EFFF74D4CB921A6CB4984CDF1BDAB07FB88C5C251C242F0E4D4297DB6
              SHA-512:4327BDC6C0D01305DB550F259E4776AFB35793BB86B610E06925F202AB7714AFC651D570757A7F0904E55D09300525F4DDF1D7CFEBC3995EA4EEB5C4088403B5
              Malicious:false
              Preview: .**********************..Windows PowerShell transcript start..Start time: 20201120153701..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 585948 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe -Force..Process ID: 6612..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..
              C:\Users\user\Documents\20201120\PowerShell_transcript.585948.7Q6cFLSd.20201120153545.txt
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
              Category:dropped
              Size (bytes):962
              Entropy (8bit):5.301380258823377
              Encrypted:false
              SSDEEP:24:BxSA17vBVLHzx2DOXUWeSuLbuVMwSW8UHjeTKKjX4CIym1ZJX/6duLbuVMwG:BZ9vTLHzoO+SUu5ltqDYB1ZMdUu5G
              MD5:001F16B92073DF84D1DDB40593C801E3
              SHA1:B528E2A9D47761CDF656ADC2446331EC00A20091
              SHA-256:DF9DE86D0B509FF0A5CEBFFF5AAFC8F74182360E10B560A5FF260294E4C51828
              SHA-512:B7613A87BED44E5A1847AD85508E744C6878DCDD4E6D8646ACF048489C468529C1C74A4139BB3CCB8F586420A28DA17D7EC8B842E7B64AD5578E7EBAB3ED5548
              Malicious:false
              Preview: .**********************..Windows PowerShell transcript start..Start time: 20201120153648..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 585948 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe -Force..Process ID: 6520..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20201120153649..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe -Force..
              C:\Users\user\Documents\20201120\PowerShell_transcript.585948.ECkwqDy2.20201120153546.txt
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
              Category:dropped
              Size (bytes):687
              Entropy (8bit):5.344634267685728
              Encrypted:false
              SSDEEP:12:57DtSA6N4Ebv3fBbBB5oizx2DOzzUjjIneSuL2GWoWPw6jewGxMKjX4CIymgSs2m:BxSAq7vBVLHzx2DOXUWeSuLNWXHjeTKy
              MD5:B8DE820473C0E7741CFA8F10D8243207
              SHA1:68340D89C86CBAEE471F015BEBEA6980900B55E6
              SHA-256:95BE6454F7D8AD05975425DAB203BA288632DFB3B65FC0BAC9466D6E1D5A442D
              SHA-512:BF60D55FB192DDBB015E5257DDD09367D27923EFB1526C7F16809DBB1752E40F33AD0F55A2C85BC552AD9A867B404FCDA068A027DD7A421127C018233346AA60
              Malicious:false
              Preview: .**********************..Windows PowerShell transcript start..Start time: 20201120153708..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 585948 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\Desktop\New Order.exe -Force..Process ID: 6764..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..
              C:\Users\user\Documents\20201120\PowerShell_transcript.585948.LYmT1g2d.20201120153544.txt
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
              Category:dropped
              Size (bytes):962
              Entropy (8bit):5.300326727587063
              Encrypted:false
              SSDEEP:24:BxSAMD7vBVLHzx2DOXUWeSuLbuVMwSWMHjeTKKjX4CIym1ZJXUuLbuVMwG:BZMnvTLHzoO+SUu5lMqDYB1ZSUu5G
              MD5:F7942579BF455B4BD0DAFE2D894A0306
              SHA1:8A12F53F4729FE91E64595F2304908CC9F6EA187
              SHA-256:90622B07A18FA783B755F61DE287A09CC75A191A8139BED4961AB3D46E13868D
              SHA-512:A5D9D0FE8CEE352761DB0EDA70F6FAF25C7347B2C8659091DBB16D9ECD21C35CDB6E6DBBC8BA02F7006040B231E6F17AB9B819F9CD314EC7B01F65C0720EC569
              Malicious:false
              Preview: .**********************..Windows PowerShell transcript start..Start time: 20201120153629..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 585948 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe -Force..Process ID: 6824..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20201120153630..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe -Force..

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):5.137264171676077
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              • Win32 Executable (generic) a (10002005/4) 49.78%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Win16/32 Executable Delphi generic (2074/23) 0.01%
              • Generic Win/DOS Executable (2004/3) 0.01%
              File name:New Order.exe
              File size:3756032
              MD5:689357a46d00a4e9fe51ac4d82d73100
              SHA1:dc5bdc1892159b46a78b15b604280781b82d8ae5
              SHA256:9f8a277b32edd2d8750e81097320cc31b9089020fa5c7b91613d422a2f55da1e
              SHA512:3f3ec2fa1cf2ba33c4e221a358e1efec82313a80d8bee3f1ebbb0fba17051ba92cf274ef23cc4cf134537c0f3a8d22c1efb478b6461f4b84aff422dc2ad44f66
              SSDEEP:98304:JsecZvSutK+2OgmdV2iyxjNTmtjuMV2XyjzKw:eNh9oNTm9
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O._.................L9..........j9.. ....9...@.. ........................9...........@................................

              File Icon

              Icon Hash:00828e8e8686b000

              Static PE Info

              General

              Entrypoint:0x796aae
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Time Stamp:0x5FB74FFA [Fri Nov 20 05:11:22 2020 UTC]
              TLS Callbacks:
              CLR (.Net) Version:v4.0.30319
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x396a600x4b.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x3980000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000x394ab40x394c00unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              .reloc0x3980000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Nov 20, 2020 15:35:44.063740969 CET49731443192.168.2.6104.23.98.190
              Nov 20, 2020 15:35:44.080203056 CET44349731104.23.98.190192.168.2.6
              Nov 20, 2020 15:35:44.080351114 CET49731443192.168.2.6104.23.98.190
              Nov 20, 2020 15:35:44.105235100 CET49731443192.168.2.6104.23.98.190
              Nov 20, 2020 15:35:44.121670008 CET44349731104.23.98.190192.168.2.6
              Nov 20, 2020 15:35:44.124989033 CET44349731104.23.98.190192.168.2.6
              Nov 20, 2020 15:35:44.125042915 CET44349731104.23.98.190192.168.2.6
              Nov 20, 2020 15:35:44.125085115 CET44349731104.23.98.190192.168.2.6
              Nov 20, 2020 15:35:44.125336885 CET49731443192.168.2.6104.23.98.190
              Nov 20, 2020 15:35:44.131493092 CET49731443192.168.2.6104.23.98.190
              Nov 20, 2020 15:35:44.147908926 CET44349731104.23.98.190192.168.2.6
              Nov 20, 2020 15:35:44.148396969 CET44349731104.23.98.190192.168.2.6
              Nov 20, 2020 15:35:44.201792002 CET49731443192.168.2.6104.23.98.190
              Nov 20, 2020 15:35:44.218112946 CET44349731104.23.98.190192.168.2.6
              Nov 20, 2020 15:35:44.232145071 CET44349731104.23.98.190192.168.2.6
              Nov 20, 2020 15:35:44.232166052 CET44349731104.23.98.190192.168.2.6
              Nov 20, 2020 15:35:44.232372046 CET49731443192.168.2.6104.23.98.190
              Nov 20, 2020 15:35:53.934467077 CET49731443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.059398890 CET49759443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.075812101 CET44349759104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.077441931 CET49759443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.078515053 CET49759443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.094750881 CET44349759104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.098380089 CET44349759104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.098409891 CET44349759104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.098422050 CET44349759104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.098710060 CET49759443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.119215012 CET49759443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.120881081 CET49760443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.135544062 CET44349759104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.135742903 CET44349759104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.137116909 CET44349760104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.137484074 CET49760443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.141237020 CET49760443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.146167040 CET49759443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.157565117 CET44349760104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.162441969 CET44349759104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.165091038 CET44349760104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.165115118 CET44349760104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.165126085 CET44349760104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.165219069 CET49760443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.168593884 CET49760443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.179536104 CET44349759104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.179555893 CET44349759104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.180694103 CET49759443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.184861898 CET44349760104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.186389923 CET44349760104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.192365885 CET49760443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.208690882 CET44349760104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.217147112 CET44349760104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.217175961 CET44349760104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.217392921 CET49760443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.556237936 CET49761443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.572659969 CET44349761104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.572823048 CET49761443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.580148935 CET49761443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.596461058 CET44349761104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.600106001 CET44349761104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.600133896 CET44349761104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.600147009 CET44349761104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.600220919 CET49761443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.601732016 CET49761443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.618087053 CET44349761104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.618206978 CET44349761104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.623626947 CET49761443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.640110970 CET44349761104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.645976067 CET44349761104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.646003008 CET44349761104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.646073103 CET49761443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.711172104 CET49763443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.727478027 CET44349763104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.727611065 CET49763443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.730321884 CET49763443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.748900890 CET44349763104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.751056910 CET44349763104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.751080990 CET44349763104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.751096010 CET44349763104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.751240969 CET49763443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.752656937 CET49763443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.769115925 CET44349763104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.769146919 CET44349763104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.775429964 CET49763443192.168.2.6104.23.98.190
              Nov 20, 2020 15:37:29.791745901 CET44349763104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.802270889 CET44349763104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.802408934 CET44349763104.23.98.190192.168.2.6
              Nov 20, 2020 15:37:29.802472115 CET49763443192.168.2.6104.23.98.190

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Nov 20, 2020 15:35:12.916580915 CET5606153192.168.2.68.8.8.8
              Nov 20, 2020 15:35:12.943708897 CET53560618.8.8.8192.168.2.6
              Nov 20, 2020 15:35:14.002284050 CET5833653192.168.2.68.8.8.8
              Nov 20, 2020 15:35:14.029586077 CET53583368.8.8.8192.168.2.6
              Nov 20, 2020 15:35:14.660422087 CET5378153192.168.2.68.8.8.8
              Nov 20, 2020 15:35:14.687665939 CET53537818.8.8.8192.168.2.6
              Nov 20, 2020 15:35:15.754883051 CET5406453192.168.2.68.8.8.8
              Nov 20, 2020 15:35:15.781958103 CET53540648.8.8.8192.168.2.6
              Nov 20, 2020 15:35:16.417238951 CET5281153192.168.2.68.8.8.8
              Nov 20, 2020 15:35:16.444391012 CET53528118.8.8.8192.168.2.6
              Nov 20, 2020 15:35:17.068367958 CET5529953192.168.2.68.8.8.8
              Nov 20, 2020 15:35:17.095542908 CET53552998.8.8.8192.168.2.6
              Nov 20, 2020 15:35:18.493010044 CET6374553192.168.2.68.8.8.8
              Nov 20, 2020 15:35:18.520283937 CET53637458.8.8.8192.168.2.6
              Nov 20, 2020 15:35:20.337762117 CET5005553192.168.2.68.8.8.8
              Nov 20, 2020 15:35:20.364923954 CET53500558.8.8.8192.168.2.6
              Nov 20, 2020 15:35:22.532880068 CET6137453192.168.2.68.8.8.8
              Nov 20, 2020 15:35:22.570643902 CET53613748.8.8.8192.168.2.6
              Nov 20, 2020 15:35:23.351021051 CET5033953192.168.2.68.8.8.8
              Nov 20, 2020 15:35:23.378056049 CET53503398.8.8.8192.168.2.6
              Nov 20, 2020 15:35:24.003668070 CET6330753192.168.2.68.8.8.8
              Nov 20, 2020 15:35:24.030774117 CET53633078.8.8.8192.168.2.6
              Nov 20, 2020 15:35:40.763583899 CET4969453192.168.2.68.8.8.8
              Nov 20, 2020 15:35:40.790786982 CET53496948.8.8.8192.168.2.6
              Nov 20, 2020 15:35:44.005836010 CET5498253192.168.2.68.8.8.8
              Nov 20, 2020 15:35:44.041527987 CET53549828.8.8.8192.168.2.6
              Nov 20, 2020 15:36:03.539654970 CET5001053192.168.2.68.8.8.8
              Nov 20, 2020 15:36:03.566967010 CET53500108.8.8.8192.168.2.6
              Nov 20, 2020 15:36:04.880924940 CET6371853192.168.2.68.8.8.8
              Nov 20, 2020 15:36:04.907879114 CET53637188.8.8.8192.168.2.6
              Nov 20, 2020 15:36:08.273483038 CET6211653192.168.2.68.8.8.8
              Nov 20, 2020 15:36:08.309026957 CET53621168.8.8.8192.168.2.6
              Nov 20, 2020 15:36:09.314721107 CET6381653192.168.2.68.8.8.8
              Nov 20, 2020 15:36:09.342010021 CET53638168.8.8.8192.168.2.6
              Nov 20, 2020 15:36:10.252074957 CET5501453192.168.2.68.8.8.8
              Nov 20, 2020 15:36:10.279213905 CET53550148.8.8.8192.168.2.6
              Nov 20, 2020 15:36:13.531627893 CET6220853192.168.2.68.8.8.8
              Nov 20, 2020 15:36:13.558928967 CET53622088.8.8.8192.168.2.6
              Nov 20, 2020 15:36:14.381637096 CET5757453192.168.2.68.8.8.8
              Nov 20, 2020 15:36:14.427799940 CET53575748.8.8.8192.168.2.6
              Nov 20, 2020 15:36:14.438451052 CET5181853192.168.2.68.8.8.8
              Nov 20, 2020 15:36:14.474061966 CET53518188.8.8.8192.168.2.6
              Nov 20, 2020 15:36:15.287141085 CET5662853192.168.2.68.8.8.8
              Nov 20, 2020 15:36:15.323086977 CET53566288.8.8.8192.168.2.6
              Nov 20, 2020 15:36:17.201430082 CET6077853192.168.2.68.8.8.8
              Nov 20, 2020 15:36:17.228569031 CET53607788.8.8.8192.168.2.6
              Nov 20, 2020 15:36:18.653315067 CET5379953192.168.2.68.8.8.8
              Nov 20, 2020 15:36:18.680938959 CET53537998.8.8.8192.168.2.6
              Nov 20, 2020 15:36:21.597731113 CET5468353192.168.2.68.8.8.8
              Nov 20, 2020 15:36:21.633219957 CET53546838.8.8.8192.168.2.6
              Nov 20, 2020 15:36:22.763257980 CET5932953192.168.2.68.8.8.8
              Nov 20, 2020 15:36:22.798948050 CET53593298.8.8.8192.168.2.6
              Nov 20, 2020 15:36:24.243469954 CET6402153192.168.2.68.8.8.8
              Nov 20, 2020 15:36:24.278980017 CET53640218.8.8.8192.168.2.6
              Nov 20, 2020 15:36:26.917253971 CET5612953192.168.2.68.8.8.8
              Nov 20, 2020 15:36:26.953285933 CET53561298.8.8.8192.168.2.6
              Nov 20, 2020 15:36:36.781316042 CET5817753192.168.2.68.8.8.8
              Nov 20, 2020 15:36:36.808420897 CET53581778.8.8.8192.168.2.6
              Nov 20, 2020 15:36:52.586647987 CET5070053192.168.2.68.8.8.8
              Nov 20, 2020 15:36:52.613817930 CET53507008.8.8.8192.168.2.6
              Nov 20, 2020 15:36:52.757464886 CET5406953192.168.2.68.8.8.8
              Nov 20, 2020 15:36:52.794836044 CET53540698.8.8.8192.168.2.6
              Nov 20, 2020 15:37:10.819080114 CET6117853192.168.2.68.8.8.8
              Nov 20, 2020 15:37:10.854651928 CET53611788.8.8.8192.168.2.6
              Nov 20, 2020 15:37:28.862159967 CET5701753192.168.2.68.8.8.8
              Nov 20, 2020 15:37:28.897542953 CET53570178.8.8.8192.168.2.6
              Nov 20, 2020 15:37:28.965116978 CET5632753192.168.2.68.8.8.8
              Nov 20, 2020 15:37:29.000781059 CET53563278.8.8.8192.168.2.6
              Nov 20, 2020 15:37:29.385303020 CET5024353192.168.2.68.8.8.8
              Nov 20, 2020 15:37:29.433594942 CET53502438.8.8.8192.168.2.6
              Nov 20, 2020 15:37:29.542293072 CET6205553192.168.2.68.8.8.8
              Nov 20, 2020 15:37:29.561456919 CET6124953192.168.2.68.8.8.8
              Nov 20, 2020 15:37:29.577861071 CET53620558.8.8.8192.168.2.6
              Nov 20, 2020 15:37:29.596904039 CET53612498.8.8.8192.168.2.6

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
              Nov 20, 2020 15:35:44.005836010 CET192.168.2.68.8.8.80x1fbfStandard query (0)pastebin.comA (IP address)IN (0x0001)
              Nov 20, 2020 15:36:14.381637096 CET192.168.2.68.8.8.80x9b1aStandard query (0)g.msn.comA (IP address)IN (0x0001)
              Nov 20, 2020 15:37:10.819080114 CET192.168.2.68.8.8.80x6092Standard query (0)g.msn.comA (IP address)IN (0x0001)
              Nov 20, 2020 15:37:28.862159967 CET192.168.2.68.8.8.80xbaa7Standard query (0)pastebin.comA (IP address)IN (0x0001)
              Nov 20, 2020 15:37:28.965116978 CET192.168.2.68.8.8.80x1f6Standard query (0)pastebin.comA (IP address)IN (0x0001)
              Nov 20, 2020 15:37:29.385303020 CET192.168.2.68.8.8.80xca0aStandard query (0)pastebin.comA (IP address)IN (0x0001)
              Nov 20, 2020 15:37:29.542293072 CET192.168.2.68.8.8.80x217dStandard query (0)pastebin.comA (IP address)IN (0x0001)
              Nov 20, 2020 15:37:29.561456919 CET192.168.2.68.8.8.80xa37bStandard query (0)pastebin.comA (IP address)IN (0x0001)

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
              Nov 20, 2020 15:35:44.041527987 CET8.8.8.8192.168.2.60x1fbfNo error (0)pastebin.com104.23.98.190A (IP address)IN (0x0001)
              Nov 20, 2020 15:35:44.041527987 CET8.8.8.8192.168.2.60x1fbfNo error (0)pastebin.com104.23.99.190A (IP address)IN (0x0001)
              Nov 20, 2020 15:36:14.427799940 CET8.8.8.8192.168.2.60x9b1aNo error (0)g.msn.comg-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)
              Nov 20, 2020 15:37:10.854651928 CET8.8.8.8192.168.2.60x6092No error (0)g.msn.comg-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)
              Nov 20, 2020 15:37:28.897542953 CET8.8.8.8192.168.2.60xbaa7No error (0)pastebin.com104.23.98.190A (IP address)IN (0x0001)
              Nov 20, 2020 15:37:28.897542953 CET8.8.8.8192.168.2.60xbaa7No error (0)pastebin.com104.23.99.190A (IP address)IN (0x0001)
              Nov 20, 2020 15:37:29.000781059 CET8.8.8.8192.168.2.60x1f6No error (0)pastebin.com104.23.98.190A (IP address)IN (0x0001)
              Nov 20, 2020 15:37:29.000781059 CET8.8.8.8192.168.2.60x1f6No error (0)pastebin.com104.23.99.190A (IP address)IN (0x0001)
              Nov 20, 2020 15:37:29.433594942 CET8.8.8.8192.168.2.60xca0aNo error (0)pastebin.com104.23.98.190A (IP address)IN (0x0001)
              Nov 20, 2020 15:37:29.433594942 CET8.8.8.8192.168.2.60xca0aNo error (0)pastebin.com104.23.99.190A (IP address)IN (0x0001)
              Nov 20, 2020 15:37:29.577861071 CET8.8.8.8192.168.2.60x217dNo error (0)pastebin.com104.23.99.190A (IP address)IN (0x0001)
              Nov 20, 2020 15:37:29.577861071 CET8.8.8.8192.168.2.60x217dNo error (0)pastebin.com104.23.98.190A (IP address)IN (0x0001)
              Nov 20, 2020 15:37:29.596904039 CET8.8.8.8192.168.2.60xa37bNo error (0)pastebin.com104.23.98.190A (IP address)IN (0x0001)
              Nov 20, 2020 15:37:29.596904039 CET8.8.8.8192.168.2.60xa37bNo error (0)pastebin.com104.23.99.190A (IP address)IN (0x0001)

              HTTPS Packets

              TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
              Nov 20, 2020 15:35:44.125085115 CET104.23.98.190443192.168.2.649731CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Aug 17 02:00:00 CEST 2020 Mon Jan 27 13:46:39 CET 2020Tue Aug 17 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
              CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:46:39 CET 2020Wed Jan 01 00:59:59 CET 2025
              Nov 20, 2020 15:37:29.098422050 CET104.23.98.190443192.168.2.649759CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Aug 17 02:00:00 CEST 2020 Mon Jan 27 13:46:39 CET 2020Tue Aug 17 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
              CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:46:39 CET 2020Wed Jan 01 00:59:59 CET 2025
              Nov 20, 2020 15:37:29.165126085 CET104.23.98.190443192.168.2.649760CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Aug 17 02:00:00 CEST 2020 Mon Jan 27 13:46:39 CET 2020Tue Aug 17 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
              CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:46:39 CET 2020Wed Jan 01 00:59:59 CET 2025
              Nov 20, 2020 15:37:29.600147009 CET104.23.98.190443192.168.2.649761CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Aug 17 02:00:00 CEST 2020 Mon Jan 27 13:46:39 CET 2020Tue Aug 17 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
              CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:46:39 CET 2020Wed Jan 01 00:59:59 CET 2025
              Nov 20, 2020 15:37:29.751096010 CET104.23.98.190443192.168.2.649763CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Aug 17 02:00:00 CEST 2020 Mon Jan 27 13:46:39 CET 2020Tue Aug 17 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
              CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:46:39 CET 2020Wed Jan 01 00:59:59 CET 2025

              Code Manipulations

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              Analysis Process: New Order.exe PID: 1428 Parent PID: 5952

              General

              Start time:15:35:19
              Start date:20/11/2020
              Path:C:\Users\user\Desktop\New Order.exe
              Wow64 process (32bit):true
              Commandline:'C:\Users\user\Desktop\New Order.exe'
              Imagebase:0x4d0000
              File size:3756032 bytes
              MD5 hash:689357A46D00A4E9FE51AC4D82D73100
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Reputation:low

              Chronological Activities

              Analysis Process: powershell.exe PID: 6520 Parent PID: 1428

              General

              Start time:15:35:41
              Start date:20/11/2020
              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              Wow64 process (32bit):true
              Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -Force
              Imagebase:0xd30000
              File size:430592 bytes
              MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Reputation:high

              Chronological Activities

              Analysis Process: conhost.exe PID: 6488 Parent PID: 6520

              General

              Start time:15:35:41
              Start date:20/11/2020
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff61de10000
              File size:625664 bytes
              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high

              Chronological Activities

              Analysis Process: powershell.exe PID: 6824 Parent PID: 1428

              General

              Start time:15:35:41
              Start date:20/11/2020
              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              Wow64 process (32bit):true
              Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -Force
              Imagebase:0xd30000
              File size:430592 bytes
              MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Reputation:high

              Chronological Activities

              Analysis Process: conhost.exe PID: 6608 Parent PID: 6824

              General

              Start time:15:35:42
              Start date:20/11/2020
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff61de10000
              File size:625664 bytes
              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high

              Chronological Activities

              Analysis Process: powershell.exe PID: 6612 Parent PID: 1428

              General

              Start time:15:35:42
              Start date:20/11/2020
              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              Wow64 process (32bit):true
              Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe' -Force
              Imagebase:0xd30000
              File size:430592 bytes
              MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Reputation:high

              Chronological Activities

              Analysis Process: conhost.exe PID: 6756 Parent PID: 6612

              General

              Start time:15:35:42
              Start date:20/11/2020
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff61de10000
              File size:625664 bytes
              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high

              Chronological Activities

              Analysis Process: powershell.exe PID: 6764 Parent PID: 1428

              General

              Start time:15:35:42
              Start date:20/11/2020
              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              Wow64 process (32bit):true
              Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\New Order.exe' -Force
              Imagebase:0xd30000
              File size:430592 bytes
              MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Reputation:high

              Chronological Activities

              Analysis Process: conhost.exe PID: 6600 Parent PID: 6764

              General

              Start time:15:35:42
              Start date:20/11/2020
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff61de10000
              File size:625664 bytes
              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high

              Chronological Activities

              Analysis Process: New Order.exe PID: 7040 Parent PID: 1428

              General

              Start time:15:35:45
              Start date:20/11/2020
              Path:C:\Users\user\Desktop\New Order.exe
              Wow64 process (32bit):true
              Commandline:C:\Users\user\Desktop\New Order.exe
              Imagebase:0xb30000
              File size:3756032 bytes
              MD5 hash:689357A46D00A4E9FE51AC4D82D73100
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Yara matches:
              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.604840237.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
              Reputation:low

              Chronological Activities

              Analysis Process: WerFault.exe PID: 1688 Parent PID: 1428

              General

              Start time:15:35:49
              Start date:20/11/2020
              Path:C:\Windows\SysWOW64\WerFault.exe
              Wow64 process (32bit):true
              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 2476
              Imagebase:0xef0000
              File size:434592 bytes
              MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high

              Chronological Activities

              Analysis Process: New Order.exe PID: 5720 Parent PID: 3440

              General

              Start time:15:35:54
              Start date:20/11/2020
              Path:C:\Users\user\Desktop\New Order.exe
              Wow64 process (32bit):true
              Commandline:'C:\Users\user\Desktop\New Order.exe'
              Imagebase:0xca0000
              File size:3756032 bytes
              MD5 hash:689357A46D00A4E9FE51AC4D82D73100
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Reputation:low

              Chronological Activities

              Analysis Process: New Order.exe PID: 6284 Parent PID: 3440

              General

              Start time:15:36:03
              Start date:20/11/2020
              Path:C:\Users\user\Desktop\New Order.exe
              Wow64 process (32bit):true
              Commandline:'C:\Users\user\Desktop\New Order.exe'
              Imagebase:0xa90000
              File size:3756032 bytes
              MD5 hash:689357A46D00A4E9FE51AC4D82D73100
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Reputation:low

              Chronological Activities

              Analysis Process: New Order.exe PID: 580 Parent PID: 3440

              General

              Start time:15:36:11
              Start date:20/11/2020
              Path:C:\Users\user\Desktop\New Order.exe
              Wow64 process (32bit):true
              Commandline:'C:\Users\user\Desktop\New Order.exe'
              Imagebase:0x560000
              File size:3756032 bytes
              MD5 hash:689357A46D00A4E9FE51AC4D82D73100
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Reputation:low

              Chronological Activities

              Analysis Process: New Order.exe PID: 5312 Parent PID: 3440

              General

              Start time:15:36:20
              Start date:20/11/2020
              Path:C:\Users\user\Desktop\New Order.exe
              Wow64 process (32bit):true
              Commandline:'C:\Users\user\Desktop\New Order.exe'
              Imagebase:0xd40000
              File size:3756032 bytes
              MD5 hash:689357A46D00A4E9FE51AC4D82D73100
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Reputation:low

              Chronological Activities

              Analysis Process: New Order.exe PID: 5632 Parent PID: 3440

              General

              Start time:15:36:30
              Start date:20/11/2020
              Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe
              Wow64 process (32bit):true
              Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Order.exe'
              Imagebase:0x6b0000
              File size:3756032 bytes
              MD5 hash:689357A46D00A4E9FE51AC4D82D73100
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Antivirus matches:
              • Detection: 100%, Joe Sandbox ML
              • Detection: 35%, Virustotal, Browse
              • Detection: 27%, ReversingLabs
              Reputation:low

              Chronological Activities

              Disassembly

              Code Analysis

              Reset < >

                Analysis Process: powershell.exe PID: 6520 Parent PID: 1428 powershell.exeCOMMON

                Executed Functions

                Function 0310807A, Relevance: 2.9, Strings: 2, Instructions: 385COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID: p\bk$p\bk
                • API String ID: 0-3712670942
                • Opcode ID: bcf6af2716d2bda1bf0e0fa109b704f444eeafd171bfe6a1e9ba8aaa48a35a8c
                • Instruction ID: 2eb9c0f232106ba784a2dfbbb6ac6fe92ab7abf712ba597e9948127a5d7a2ac7
                • Opcode Fuzzy Hash: bcf6af2716d2bda1bf0e0fa109b704f444eeafd171bfe6a1e9ba8aaa48a35a8c
                • Instruction Fuzzy Hash: E5E13A34B102148FCB54EF78D894BAEB7E2AF88204F1584A9E50AEF794DF749D428F51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311CEF1, Relevance: .6, Instructions: 576COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 71fef680490ee56ebb94b6fcc9541b27f5a9061fc0693e72c5e5e5fbd4513fa5
                • Instruction ID: a3fe73ecea900856186bdd4add2185ccd63e5a186d313ea4af98a24fc5151af2
                • Opcode Fuzzy Hash: 71fef680490ee56ebb94b6fcc9541b27f5a9061fc0693e72c5e5e5fbd4513fa5
                • Instruction Fuzzy Hash: 3C322974B00219CFDB68DB68D854AAEB7F2AF89204F1580B9D40AEB354DF349D91CF61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311E34A, Relevance: .5, Instructions: 518COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6100cb3e404810c478c1b615fb36da092ce4b71509fcc6e7f448b956eb9842e1
                • Instruction ID: 299edaf6de4051a6d49285d7ff736e4004d917297606ad400bfd4c93c8fb2794
                • Opcode Fuzzy Hash: 6100cb3e404810c478c1b615fb36da092ce4b71509fcc6e7f448b956eb9842e1
                • Instruction Fuzzy Hash: EC122D38B01214DFDB14EFA9C5549ADBBF6EF88304B198479D906DB394DB34AC52CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311C380, Relevance: .5, Instructions: 474COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b121f83523819f79088be1e7a187d8c5f170b6356602c54e3b5064aff98e49e8
                • Instruction ID: 21c18d0c6619d5d77c1dd8e0f65e7d10092b8fc530da94222624f21127ecc41d
                • Opcode Fuzzy Hash: b121f83523819f79088be1e7a187d8c5f170b6356602c54e3b5064aff98e49e8
                • Instruction Fuzzy Hash: 7A123B35B402048FCB18DBA8C555AAEB7F2AF88354F1AC579D406EB364DB34EC52CB94
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311A758, Relevance: .2, Instructions: 245COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bb5f3e1e70525a80855a4ee895df6a6e84456d33ca4d260b6341d0ef879ba004
                • Instruction ID: 4732dfd65d43b488c7789b425d3db5a76e27bd539089a56df083888d8638bc3f
                • Opcode Fuzzy Hash: bb5f3e1e70525a80855a4ee895df6a6e84456d33ca4d260b6341d0ef879ba004
                • Instruction Fuzzy Hash: 76816B35B012089FDB18EFB4C8556AEBBB2EF88204F158539D906DB394EF749C56CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 031150C5, Relevance: .2, Instructions: 236COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4cc6079ffc33533039dcac52abfbaac81dc994d933ac1533aa32b03f420c7ca8
                • Instruction ID: 47dc52603e430711b7f2359164b0c7a90498eac2607981ea420735f06c4087f1
                • Opcode Fuzzy Hash: 4cc6079ffc33533039dcac52abfbaac81dc994d933ac1533aa32b03f420c7ca8
                • Instruction Fuzzy Hash: 25816C34B002059FDB24DB78C855AAEB7A7AFC9204F1AC479E906EF394DF349C518B64
                Uniqueness

                Uniqueness Score: -1.00%

                Function 031086C8, Relevance: 4.2, Strings: 3, Instructions: 435COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID: p\bk$;3$K3
                • API String ID: 0-1179384038
                • Opcode ID: 4a6a4bee739089994597204a3647d5b70b00f7d435b960aa68f903926366166a
                • Instruction ID: 312df2a86d6a565b10c5f8bcf7a3a832c8791f49bcf5a5f0be48fe2ca2b266c4
                • Opcode Fuzzy Hash: 4a6a4bee739089994597204a3647d5b70b00f7d435b960aa68f903926366166a
                • Instruction Fuzzy Hash: D4025D74B046148FCB14EFA8D494AAEB7F6AF8C204F158569E506EB394DF74EC01CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03158EF0, Relevance: 3.1, Strings: 2, Instructions: 626COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok$`ok
                • API String ID: 0-1202323832
                • Opcode ID: 0c02287be51d91229d4e1dd75e3c4a8f38beb912af7db96e00586347a2d3a28f
                • Instruction ID: 54864c5144d74bd5ac3e320838c39cf56bef33566ee5f8caf748e919a15d5973
                • Opcode Fuzzy Hash: 0c02287be51d91229d4e1dd75e3c4a8f38beb912af7db96e00586347a2d3a28f
                • Instruction Fuzzy Hash: B8428A34A00605CFCB14EF64C484A9AB7F2FF88314F15C9A9E959AB291DB30ED85CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03107448, Relevance: 2.8, Strings: 2, Instructions: 273COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID: p\bk$p\bk
                • API String ID: 0-3712670942
                • Opcode ID: 380917ecd50a84b027cb60d84e242e7ceb8c15ede27b32e389a2841237b60901
                • Instruction ID: 2b100ee52d20d2e7951a4f25ea11dc7ef99a9ed10c3abb604b89be0576f432b3
                • Opcode Fuzzy Hash: 380917ecd50a84b027cb60d84e242e7ceb8c15ede27b32e389a2841237b60901
                • Instruction Fuzzy Hash: BDA13E38B006059FDB14EF75C854AAFB7A3AF88344F158879E506AF394DF74AC018BA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03107439, Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID: p\bk$p\bk
                • API String ID: 0-3712670942
                • Opcode ID: 892638105da05635953933e5e928fd60c4a0ffc075a8782f5a7f14f0a590c281
                • Instruction ID: 1115c8e79e40162d5de62248903735170fd613c2ecbc21bf33b72299bdb094bf
                • Opcode Fuzzy Hash: 892638105da05635953933e5e928fd60c4a0ffc075a8782f5a7f14f0a590c281
                • Instruction Fuzzy Hash: 1A917D34B006059FDB14EF78C854AAFB7B3AF88204F158879E506AF794DF74AD018BA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03107FA6, Relevance: 2.7, Strings: 2, Instructions: 152COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID: p\bk$p\bk
                • API String ID: 0-3712670942
                • Opcode ID: 1f7355ba72704bd4a94e9519fce5aafaeedb84a19fff6a53cbc4a6bd4e0d9cc4
                • Instruction ID: 8dc7d81c7be4059a55898f8480ff6b366ffe870f2a0324e4ccfe60105625e2c1
                • Opcode Fuzzy Hash: 1f7355ba72704bd4a94e9519fce5aafaeedb84a19fff6a53cbc4a6bd4e0d9cc4
                • Instruction Fuzzy Hash: 29513B74B102248FDB64DF68C850B9EB7F2AF88308F1085A9D109AB395DF749D868F91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03158A88, Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok
                • API String ID: 0-1765920259
                • Opcode ID: 4a736a970105015f43de03b858f13a6a6fa60fd6bb245c81e41af5718405b300
                • Instruction ID: 39a5fcc229914b42ee76aef851c88792be62508d0436c08f7edb6fa2e10b1fec
                • Opcode Fuzzy Hash: 4a736a970105015f43de03b858f13a6a6fa60fd6bb245c81e41af5718405b300
                • Instruction Fuzzy Hash: 29B14A34A00209CFCB18DFA4C954AAEBBF2FF88304F158569E915AB395DB74AD46CF50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0315D4D0, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok
                • API String ID: 0-1765920259
                • Opcode ID: f8657abc0fe406c255bbf511021bed1eac88f45f99f51e5d71967f75f6951092
                • Instruction ID: 10b2d81648a331a415a7bba3c4a93884440e79d03479d1b23b7530e984c3ec8f
                • Opcode Fuzzy Hash: f8657abc0fe406c255bbf511021bed1eac88f45f99f51e5d71967f75f6951092
                • Instruction Fuzzy Hash: BE518B34A11204DFD714EF68D484BAEBBB2AF8C305F158169E816AB395CB35EC40CF60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0315D4E0, Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok
                • API String ID: 0-1765920259
                • Opcode ID: 8bbf321864bc31a59b373dcb8c7b889aa6efbaf8384ef689bd0b5059f82f029d
                • Instruction ID: 525a7356f46a5e6fbb04396ccfde8730483f9d92f8fb4741ab1630ec6dbd6538
                • Opcode Fuzzy Hash: 8bbf321864bc31a59b373dcb8c7b889aa6efbaf8384ef689bd0b5059f82f029d
                • Instruction Fuzzy Hash: 93516C34A21214DFD708EF68D494BAEB7B2EF8C305F158069E916AB394CB35AC45CF60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03110097, Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID: 8
                • API String ID: 0-4194326291
                • Opcode ID: 215ec346b3f0783d5ad56db4a3fbc12cae5e2c094b9d0d0a90856fdcb317e5c9
                • Instruction ID: cd1f5297e419c65593d8dba0191b8c7fc8ff2fecfa1b5593484551ca3c334430
                • Opcode Fuzzy Hash: 215ec346b3f0783d5ad56db4a3fbc12cae5e2c094b9d0d0a90856fdcb317e5c9
                • Instruction Fuzzy Hash: A6519C34B042458FCB95DF74C894AEEBBF1AF4D244F1944A9E801EB252DB38DD91CB61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03158BA8, Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok
                • API String ID: 0-1765920259
                • Opcode ID: dbb9b81b8669b992b6ac254cf9ad9936eb2e60a7fe5f58f6800a89e54c3a47ff
                • Instruction ID: 72d73e56684d00a7ed923316be151623a7d623f033e549ceab5ba38ebff551f9
                • Opcode Fuzzy Hash: dbb9b81b8669b992b6ac254cf9ad9936eb2e60a7fe5f58f6800a89e54c3a47ff
                • Instruction Fuzzy Hash: 05511730A01209CFCB18DF65C984A9EB7F2FF88304F158569E915AF3A5DB74AD46CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03159AF0, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok
                • API String ID: 0-1765920259
                • Opcode ID: 4997b55776cb2588a02393f5624d3e80a8d045a09fcedb8c5b8da14fe20eeaa3
                • Instruction ID: 2d8ce785512f58f16932e303e8452ede41cc5b3a67cb1d5768885d33841d06a1
                • Opcode Fuzzy Hash: 4997b55776cb2588a02393f5624d3e80a8d045a09fcedb8c5b8da14fe20eeaa3
                • Instruction Fuzzy Hash: F841AD346047069FCB04EF35C48099ABBB2FF84209B118E68E6458F665DB31FD59CBE0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03159B00, Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok
                • API String ID: 0-1765920259
                • Opcode ID: 3f84729c4f20ad81b1744800dc5e9a879204e0d6f2c09229afb7d5c4dedc151f
                • Instruction ID: 4e3916adb59125c05a8a25eb3ca9ee77bde31b63edf618977b2bdf9dd348dd63
                • Opcode Fuzzy Hash: 3f84729c4f20ad81b1744800dc5e9a879204e0d6f2c09229afb7d5c4dedc151f
                • Instruction Fuzzy Hash: EC416A346007069FCB04EF34C48099AB7B2FF84209B118E68E6598F665DB31FD59CBE0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0315383A, Relevance: .8, Instructions: 827COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8e25e817664f6349d9a12bb3d7f672d77387530536f2c145d0a2649492a9d804
                • Instruction ID: cd6b832d5744afa45b1e39e0a967c4ec5dbcd64c54830bad89aa0f1f50c4f230
                • Opcode Fuzzy Hash: 8e25e817664f6349d9a12bb3d7f672d77387530536f2c145d0a2649492a9d804
                • Instruction Fuzzy Hash: 7662FA79700628CFC758EF68C894E6977B2FF89604B1245A8E5169F3B1DB31EC81CB61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310C118, Relevance: .5, Instructions: 508COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3d4679482e23aed76274b3df30f5d78aaba5f1878affa2df2c31cd16062f29b2
                • Instruction ID: 8d9c4c7f3ee84c6bd6f8b261340944572916507304a23273437a3389f190a54b
                • Opcode Fuzzy Hash: 3d4679482e23aed76274b3df30f5d78aaba5f1878affa2df2c31cd16062f29b2
                • Instruction Fuzzy Hash: 3D223938600304CFCB18EFA4C594AADB7B2FF89315B148969D5069B794DB75EC85CF90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311D828, Relevance: .4, Instructions: 385COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 576bfb91d49658a2bffdecfc6b511a86908f5952c0c8016b380f43aae92ff386
                • Instruction ID: 9708c65db8e9625900f76df1254c4cd0c1ebeb070e392742c0b740bcf7bd08fb
                • Opcode Fuzzy Hash: 576bfb91d49658a2bffdecfc6b511a86908f5952c0c8016b380f43aae92ff386
                • Instruction Fuzzy Hash: 2AF14C74A01209DFCB14DFA8D595AADBBF2EF88314F15C469E405AB3A5DB34AC51CF80
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310B428, Relevance: .3, Instructions: 313COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 209fe5d81367eb72a1238b51922c840c6078ec6bfec87ad28ab82356652cdb8c
                • Instruction ID: fa29c106ec37798220710425ae6be6f1e505c00a64de9d006df79e6c0a2a661a
                • Opcode Fuzzy Hash: 209fe5d81367eb72a1238b51922c840c6078ec6bfec87ad28ab82356652cdb8c
                • Instruction Fuzzy Hash: 89A1FF34B085518F864DA7ABA06843DF5A79FDC611316802AE713CB7E8CFB4CDC24BA5
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03115438, Relevance: .3, Instructions: 295COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1f18e3adb15e1d55fb288f68fd77af19d3da56815548d0f932c993991e7da385
                • Instruction ID: f1192672547ec714a40a33f6885e0662528c5a7104c4cc0b6e0e6c82924a4411
                • Opcode Fuzzy Hash: 1f18e3adb15e1d55fb288f68fd77af19d3da56815548d0f932c993991e7da385
                • Instruction Fuzzy Hash: 6AB1BE74B002059FCB14DB69D895AAEBBB7EFC9204F15843AE506DB390DB34DD11CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03104738, Relevance: .3, Instructions: 286COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c5bad9184847b0e85607060439f397697bbf9b16a0d31a4e77594c1a70fbdbeb
                • Instruction ID: 110d56d8b61475bbbfab6961d05f7debb689ba106f31a9a9c6bf0838986eb162
                • Opcode Fuzzy Hash: c5bad9184847b0e85607060439f397697bbf9b16a0d31a4e77594c1a70fbdbeb
                • Instruction Fuzzy Hash: 11C13A30600606CFCB24EF75C5C499EB7F6BF89209B018929E6469B7A4DB74ED45CFA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03103D08, Relevance: .3, Instructions: 271COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 281e2383e3c00acc412e55538fb4a5e3788a360ea75a5cafdba2e9483800eea2
                • Instruction ID: 7a488a6920bfdbcffe57fe386e7a482a2d9a09cb97e539ffc681943cd3770475
                • Opcode Fuzzy Hash: 281e2383e3c00acc412e55538fb4a5e3788a360ea75a5cafdba2e9483800eea2
                • Instruction Fuzzy Hash: 8191F374B002455FEB14DB76D4847AEBBE6EF88304F08882ED655EB3C0DFB598058B61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0315E9F8, Relevance: .3, Instructions: 254COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 28e35313e54661dbcbcc4320a1b0df45b2a0eed040ab436cdaf9538b00c78db1
                • Instruction ID: 3e2087bacdc680595d683f374a3ae74d1a42189288da62ee0430b0593310ced8
                • Opcode Fuzzy Hash: 28e35313e54661dbcbcc4320a1b0df45b2a0eed040ab436cdaf9538b00c78db1
                • Instruction Fuzzy Hash: 40B12A34A01204DFDB14EFA5C584AAEBBF2EF88315F158469E916AF794CB31EC41CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310C108, Relevance: .2, Instructions: 234COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3dabea57f47c0f40ae341d9e28d2f25f9d0bc13b5ab61ea3a7e03ea1e7d3850b
                • Instruction ID: e4d19d670ff2d0e43db045554deb20f38b123dce25cdfce1b01df0bc72a773e7
                • Opcode Fuzzy Hash: 3dabea57f47c0f40ae341d9e28d2f25f9d0bc13b5ab61ea3a7e03ea1e7d3850b
                • Instruction Fuzzy Hash: 16A14838A00605CFCB18EFA4C584A6EB7B2FF89315B158569D4069F7A4DB71EC86CF90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310472A, Relevance: .2, Instructions: 231COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2d321fd4885ad7abafc21b36ba90b00437a193a2a0492876130de3e22003cbe7
                • Instruction ID: cc4948935e66b2a0a54b80b7b58e9729f526a9a1c5cd910dec8d830b85dd8fea
                • Opcode Fuzzy Hash: 2d321fd4885ad7abafc21b36ba90b00437a193a2a0492876130de3e22003cbe7
                • Instruction Fuzzy Hash: 18A17C30600705CFCB24EF76C8C499EB7F6BF49209B058929E6469B7A4DB74E845CFA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311E0B8, Relevance: .2, Instructions: 217COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b1f293dca996a904786f85e2259ed7bf2b6a7ba53690300832f1f2141e2d4f3
                • Instruction ID: 4a3bb4f2a62e32f5c95c53f3506bd6d020f11df5a7f39a1440b7a7429e231fc3
                • Opcode Fuzzy Hash: 6b1f293dca996a904786f85e2259ed7bf2b6a7ba53690300832f1f2141e2d4f3
                • Instruction Fuzzy Hash: 2281A274B00214CFCB14DBA9D8549AEBBF6EF88214B158479E80ADB390DB34DD41CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03111CA0, Relevance: .2, Instructions: 217COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f33ff4f24a7d814c905dd74f0368ce735a43b5d6c70175c766b4902eab107c4
                • Instruction ID: 38532c86092a1fe5d31682c0ae9e2500ad2d758b3b0b2576dfdff7037f134f96
                • Opcode Fuzzy Hash: 7f33ff4f24a7d814c905dd74f0368ce735a43b5d6c70175c766b4902eab107c4
                • Instruction Fuzzy Hash: 6081AF30704210DFCB19EB74C458AAEB7F2AF8D604B1684B9E606CB3A5DB74DC55CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03156388, Relevance: .2, Instructions: 203COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d9985f00dfeae8ec063c881a33270f0c832d9007d517a1fb3b3a23998974809e
                • Instruction ID: 78ca270935b1cd0ef7e5898625d4963bf18c814debe6fb3024c7e8cd17e6a522
                • Opcode Fuzzy Hash: d9985f00dfeae8ec063c881a33270f0c832d9007d517a1fb3b3a23998974809e
                • Instruction Fuzzy Hash: B171AB346042089FCB14EF74D854AAA7BA6EF89309F55487DEA068F394DB31A905CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310FB00, Relevance: .2, Instructions: 191COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6ea87fcfb054401b4d62cfdfd5ca53329b720b169ec85e50a9d2fe6bcdfe8432
                • Instruction ID: 91da7f906a8cfe166c3986cef31c02bad2a0c10ad2f95de3caef30ed294709c5
                • Opcode Fuzzy Hash: 6ea87fcfb054401b4d62cfdfd5ca53329b720b169ec85e50a9d2fe6bcdfe8432
                • Instruction Fuzzy Hash: E561AF35B042148FCB24EF28D49586EBBF6FF8D21471985A9E549CB3A5DB70EC42CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03104F00, Relevance: .2, Instructions: 172COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 951ae5c7bec5c90032544755af4fecaed843c7cc5f921853dcee9fc48157d743
                • Instruction ID: 7b0ecb3a673a5bc96c1b8506497bd72276300c96969b61abff418c1ede7c348a
                • Opcode Fuzzy Hash: 951ae5c7bec5c90032544755af4fecaed843c7cc5f921853dcee9fc48157d743
                • Instruction Fuzzy Hash: E1613930A042099FDB18EF69D998AAEBBF6BF49301F158129E506EB395DF709C41CF50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03114530, Relevance: .2, Instructions: 166COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 31757d5b33608596b7e928f039d4950e4e88ddc25d3896d8f063ec378a60a546
                • Instruction ID: e2c8a0ce3fad78a52c6a97cbe34e35a3c57373cdcef904d20478b3bdee8f9c80
                • Opcode Fuzzy Hash: 31757d5b33608596b7e928f039d4950e4e88ddc25d3896d8f063ec378a60a546
                • Instruction Fuzzy Hash: B9617C75A102189FCB14DFA6E454AEEBBB2BF88718F148079E405AB754DF34AC45CF90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03155E30, Relevance: .2, Instructions: 166COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 051aaaead5202338e0934c1555012fa2142632cec30804fe0e4feb4bafac12f1
                • Instruction ID: 800008a15ccc7dbb64f300c78168ad1f9fc811364365d2e6dfe7c1f78aedde7a
                • Opcode Fuzzy Hash: 051aaaead5202338e0934c1555012fa2142632cec30804fe0e4feb4bafac12f1
                • Instruction Fuzzy Hash: A9611679E002189FCB04DFA9D8449AEBBF6FF8C310F15846AE915AB350DB359D01CBA4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310E1AF, Relevance: .2, Instructions: 165COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6f53a0ec38fcfa0e9cea021abd9585ad406f193ac5af28d26353388c4116a8f2
                • Instruction ID: c5dd21a10f9da48284d30a3f750d66bc4d8afd8107fc7f7ffdb2fd354d43dd19
                • Opcode Fuzzy Hash: 6f53a0ec38fcfa0e9cea021abd9585ad406f193ac5af28d26353388c4116a8f2
                • Instruction Fuzzy Hash: 48614B74B046058FCB05DF79C5949A9BBF2AF8D314B1984A9E445DF3A6DB70EC01CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311FC80, Relevance: .2, Instructions: 165COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3389b2211b4cbd6cfe3aa6c1bfb95c286ce3569ab0dbb9ecc99a809c7c7da48
                • Instruction ID: 5429620d7d45cefd1bc6fcac853396d1ed5db235553cb5a678f5fa613d319764
                • Opcode Fuzzy Hash: a3389b2211b4cbd6cfe3aa6c1bfb95c286ce3569ab0dbb9ecc99a809c7c7da48
                • Instruction Fuzzy Hash: DA51E3353053048FCB10EF75D854AAF77E6EF88215F044A3ADA468B681DF34A916CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03106FA1, Relevance: .2, Instructions: 163COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c682dda1d4af5f7cc46ab82d0827c793bb834b5a30f814e06c49089123874977
                • Instruction ID: 1dafdc235cd1c8e62d35fa4547dd89cffaeef54ff8c89ba8f6654a6359c69f5e
                • Opcode Fuzzy Hash: c682dda1d4af5f7cc46ab82d0827c793bb834b5a30f814e06c49089123874977
                • Instruction Fuzzy Hash: 5561D330A042458FCB05DF65C894AAFBBF2FF8D304F1886A9D545AB395DB74AC05CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03111C90, Relevance: .2, Instructions: 163COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 55dd5ffa86a6b2101c973b839a7cb59a254677fd9ab73cd90f800bdd679e49f3
                • Instruction ID: 50c4249c14f6e78780c2c3b56d014f62e9803b77084cbe055d116cded9cada27
                • Opcode Fuzzy Hash: 55dd5ffa86a6b2101c973b839a7cb59a254677fd9ab73cd90f800bdd679e49f3
                • Instruction Fuzzy Hash: 9851BD307042109FCB18EB74D488AEEB7F2AF8D208B1545B9E602DB3A1DB75EC55CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310BB28, Relevance: .2, Instructions: 160COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9bbb2ef19d8c8f277bedfae8f4794f7cf4944c1cd787724c60279cc843f8b82c
                • Instruction ID: b26967647169b402c2207ef3e227ec741e417f53a5f13aa8b0b3743eadcafe9d
                • Opcode Fuzzy Hash: 9bbb2ef19d8c8f277bedfae8f4794f7cf4944c1cd787724c60279cc843f8b82c
                • Instruction Fuzzy Hash: 75515B75A042198FCB04DF69D9849AEBBF2FF8D311B1580AAE405EB365DB30EC01CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03119238, Relevance: .1, Instructions: 144COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 274f08f54b905b00f64ac2dc973afc173d39c2dfe678382c9c766c3b9d2b579f
                • Instruction ID: 92689fba81f70420c00281d9914d82f21984f93ec169a1857494a3bc02c76e07
                • Opcode Fuzzy Hash: 274f08f54b905b00f64ac2dc973afc173d39c2dfe678382c9c766c3b9d2b579f
                • Instruction Fuzzy Hash: 0951B130A11219AFCB14DFA4C854AEEB7B5FF88304F14856AE915AB390DB30AD51CBE0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03114520, Relevance: .1, Instructions: 144COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 04fe3afe3a74e714d4e9b90f4cf94796108872373efc7d8d75cb23f9bf81f604
                • Instruction ID: eef47177b288cbf907b3a573fcec4f7c3e591bfb605fec510ada6aa77c1edd8a
                • Opcode Fuzzy Hash: 04fe3afe3a74e714d4e9b90f4cf94796108872373efc7d8d75cb23f9bf81f604
                • Instruction Fuzzy Hash: 3051AE75A102189FCB14DFA5E454AEEBBB2BF88718F148079E405AB794DF34AC45CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0315AB10, Relevance: .1, Instructions: 143COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 237812a5c26821210a0c524e4d8425764c1d5241f1c89dbf38540b2f48dc3855
                • Instruction ID: 17b469b1722771f9717e51ea50d250a0fee716a17743e4f8a05905bbdb6f73a7
                • Opcode Fuzzy Hash: 237812a5c26821210a0c524e4d8425764c1d5241f1c89dbf38540b2f48dc3855
                • Instruction Fuzzy Hash: 13518370A04398CFCB16CF79C4507EDBFB2AF49204F0944A9E8A5AB392D734D845CB61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311DEE8, Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 76538a85571edc955d08b79d0ea58c51d82fd09d39885a5a16702e8f9db808bf
                • Instruction ID: 74bb86c5319028d1de1704b4b9a4bb412ed08084616be89e4c57bb519b099443
                • Opcode Fuzzy Hash: 76538a85571edc955d08b79d0ea58c51d82fd09d39885a5a16702e8f9db808bf
                • Instruction Fuzzy Hash: 87410E717081229FC7189B78A4541BE73E7EBCD2A171A897BDA07C7344DF358C9287A1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03106FE8, Relevance: .1, Instructions: 134COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 597909ad7de744d1b06503eac67d7ac6eaf865680b0378f2b5773c28a61d17ed
                • Instruction ID: 0f500c5bf14935b1c786efef7a011abf5c567fa7e18f55ddff6747317efbf14c
                • Opcode Fuzzy Hash: 597909ad7de744d1b06503eac67d7ac6eaf865680b0378f2b5773c28a61d17ed
                • Instruction Fuzzy Hash: C6513870A006098FDB14DF65C984AAFB7F6FF8C204F148A29D509A7394DBB5ED41CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03115964, Relevance: .1, Instructions: 131COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b5fcb8d8b60b1fb7660294f55c2c4e1ed493137f9cd463408538460cc7eeda8e
                • Instruction ID: 985645937edc8378f047d734dff2c18488f335a0f2a97602ce3a33d262c06b4c
                • Opcode Fuzzy Hash: b5fcb8d8b60b1fb7660294f55c2c4e1ed493137f9cd463408538460cc7eeda8e
                • Instruction Fuzzy Hash: 60418F34B042188FDB24EB78C4547AEB6E6AF89208F168439E446EB790DF74DC02CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311C120, Relevance: .1, Instructions: 127COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a85b6b283e36afe28fa907774964da6673669eba86b61af146b0896ea452653f
                • Instruction ID: 4920d87242f46c3573e34bbc9e08b29e0c060e015e4251189088408cfed28c5b
                • Opcode Fuzzy Hash: a85b6b283e36afe28fa907774964da6673669eba86b61af146b0896ea452653f
                • Instruction Fuzzy Hash: 61413B75A0021A9FCF40DFA9D844AEEBBF5FB88300F14492AE515EB394DB749911CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0315AB40, Relevance: .1, Instructions: 126COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9b16b352b39fd88ccee232d02c35efbf2a8d3e2cb94599d4395c29663ed19b1a
                • Instruction ID: e8f187fbc75276edc6b5d7e9df2ad27cbc7a54e23155a20d0c7b6c82a3e59835
                • Opcode Fuzzy Hash: 9b16b352b39fd88ccee232d02c35efbf2a8d3e2cb94599d4395c29663ed19b1a
                • Instruction Fuzzy Hash: 83518F74A043998FCB16CF79C050BBEBFF2AF49204F0944A9E8A5AB391D734D845CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311D7E8, Relevance: .1, Instructions: 125COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 94e9f7aaa4b684eaa4f665a9b3f211c4f1ab0a5fd806eb5429495fefc0c2a89f
                • Instruction ID: 66e52e1c9c4fa33eb13079d79d54c619c87f6b4ee7191540a5a7c92aa5312274
                • Opcode Fuzzy Hash: 94e9f7aaa4b684eaa4f665a9b3f211c4f1ab0a5fd806eb5429495fefc0c2a89f
                • Instruction Fuzzy Hash: 7441B035A052089FCB14DF64E5449ADBBF2EF48310F2A84B9E805DB3A1DB74ED01CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03118D30, Relevance: .1, Instructions: 125COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7f4ea9aa793d61a80fce0c8b1d0e9b0883eb102e26b0c8d38c2e5a514fcdf2e
                • Instruction ID: e6dfa4b5393ce58d2f3c145dce247637d95715d7a9082486c881e48118ba9ba2
                • Opcode Fuzzy Hash: e7f4ea9aa793d61a80fce0c8b1d0e9b0883eb102e26b0c8d38c2e5a514fcdf2e
                • Instruction Fuzzy Hash: 0A512174A002099FDB18CFA4C595FEEBBB2BF89304F258469E501AB361DB70ED52CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 031034A0, Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b2474cfcfb46fa218d770783fe168fccc6dcde13b0e26b7b7acf0d31efc051ca
                • Instruction ID: 9cdcf1c306bc1d66fb37f2f9558a3b5f62463146d47fc53634f10786dcc4bf00
                • Opcode Fuzzy Hash: b2474cfcfb46fa218d770783fe168fccc6dcde13b0e26b7b7acf0d31efc051ca
                • Instruction Fuzzy Hash: 594115387043508FCB25DF79D4546AABBF1EF89204F08887ED586CB691DB79A805CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 031193F3, Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a5c14e267bf7a7b3a0b6e8bffab64698293f46279f4116cebf0d224d35d21899
                • Instruction ID: c1237f4b8ebbcd570c99b9e459c72e7891f14dfcb395d9277aadb342b6247f01
                • Opcode Fuzzy Hash: a5c14e267bf7a7b3a0b6e8bffab64698293f46279f4116cebf0d224d35d21899
                • Instruction Fuzzy Hash: 0F41BE30A007059FCB24DF65D890B9EBBF2FF88304F10896DE1599B791DB34A855CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03157D48, Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7ed6824878f993661f4b91c73384ee55f95c3d8a37cd837169304f0026546da2
                • Instruction ID: d1a8070aa5f0ef097223dbf04d76d2de4fa553f489da2fae7471800586d45122
                • Opcode Fuzzy Hash: 7ed6824878f993661f4b91c73384ee55f95c3d8a37cd837169304f0026546da2
                • Instruction Fuzzy Hash: C441E2607043989FDB19AB35C49473E7BA2DF8A604F59445EEA428F3C2DF61DD0287B1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03156218, Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bdae730febab033388c1f40387519e5246017a100486b23813f7833b1aaef468
                • Instruction ID: b3299fa296df41c5ff8f85fd384ed525d00f545221fa23bca68f2b6f839289cf
                • Opcode Fuzzy Hash: bdae730febab033388c1f40387519e5246017a100486b23813f7833b1aaef468
                • Instruction Fuzzy Hash: 14418E34B002149FCB18DFA9C8546AEB7A6EF88205F54847DE905DB394DF399D41CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03116D98, Relevance: .1, Instructions: 120COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abf8568e3d4f93708e35667be7a9ba98111f2f374f79306b41ad5c6ca31800bc
                • Instruction ID: ae04247117f5526bfbd2fc4c5d8005dd9ec3640e0246a6a0715eb62f481bc6e4
                • Opcode Fuzzy Hash: abf8568e3d4f93708e35667be7a9ba98111f2f374f79306b41ad5c6ca31800bc
                • Instruction Fuzzy Hash: 4B416E30A0120A8FDB14DFA5C454BEEFBF2AF48714F198569E812AB290CB759D95CF90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03118D21, Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 11fc2cdc0ca62862b29bbe8d43254884b6dec2e6aba56c98d29df581bf59cfb0
                • Instruction ID: 223eb94dbb74983f4c7bfa14f5e8f35e01d4907ecc15b5c5084b249938ae60c5
                • Opcode Fuzzy Hash: 11fc2cdc0ca62862b29bbe8d43254884b6dec2e6aba56c98d29df581bf59cfb0
                • Instruction Fuzzy Hash: 39415E74A002099FCB18CFA4D585AEDBBB2FF88304F258159E901AB761DB70ED42CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03155D5A, Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4dd98f459b6dea0af9ff98df8ab0651db4cb1282833aa3856e04f74722bdc539
                • Instruction ID: 69b20465e7fc83cfe25cc3f902f1367077c1d03dfe6b56cc34bc22a93c239759
                • Opcode Fuzzy Hash: 4dd98f459b6dea0af9ff98df8ab0651db4cb1282833aa3856e04f74722bdc539
                • Instruction Fuzzy Hash: 9B419B75A042058FCB04EFA8D8805DDBBF2FF89304F11896AD959AB350EB34A901CBA4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 031042C8, Relevance: .1, Instructions: 117COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 91b52a4f66c70dd0588c30a0e115fb072bff9502c57c30016ae9f8df6d327744
                • Instruction ID: 4d480a057561b5f73a6f673e548eb8ff414074de7f9be235245bec2ce49c2343
                • Opcode Fuzzy Hash: 91b52a4f66c70dd0588c30a0e115fb072bff9502c57c30016ae9f8df6d327744
                • Instruction Fuzzy Hash: 1541A235B012059FCB14EF7AD9806EEB7E5EF88218B048579D619DF680DB71E805CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310FE10, Relevance: .1, Instructions: 117COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aca6cdec4578d0d13732ba0553a67756f0502d13cfbff8a6e9cbe8254deaff63
                • Instruction ID: 5fcbf00aeab7b27d8b0cd950e4d2c8099fbd72e20bf610b1b351b045c7be53e8
                • Opcode Fuzzy Hash: aca6cdec4578d0d13732ba0553a67756f0502d13cfbff8a6e9cbe8254deaff63
                • Instruction Fuzzy Hash: 6441C071A007548FDB25CF29C84069EBBF1FF8D300F158A6AD496EB792D730A895CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311DED8, Relevance: .1, Instructions: 112COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 42f45db993e01f4ce37626a271c7ecc33dce12a869deb665d0254f2f131d677d
                • Instruction ID: 001e93dd58b4508c38502ba2fa36f4ba62f9c13adb45169225b740c002ee82c9
                • Opcode Fuzzy Hash: 42f45db993e01f4ce37626a271c7ecc33dce12a869deb665d0254f2f131d677d
                • Instruction Fuzzy Hash: 6B31FB36B081229FCB24DA64B4544BFB7FAD7CD2A13194577E917C3380DB358DA287A1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03110D68, Relevance: .1, Instructions: 110COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1a9ea28e55eb9312ebde61b2fd40043688f4158eece6b75535f78e56542a61e
                • Instruction ID: 8d2b5afbed636c1e6b9e70660cfe6befa8d37651bb611bb2ecd80abe7048065c
                • Opcode Fuzzy Hash: f1a9ea28e55eb9312ebde61b2fd40043688f4158eece6b75535f78e56542a61e
                • Instruction Fuzzy Hash: 2D415B75A007049FC714DF79C4809AAB7F2AF8D314B258A6AE546AB361DB30AC85CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0315D179, Relevance: .1, Instructions: 110COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6d5ea343d7634a02bb30a9492cc7f0f88c7fbcdfcf69dc41d28738782cf4579d
                • Instruction ID: aacfb06d511df83d99dfd21cd72fc77171346d41c3b6dffd47bb47efc8cd3ca5
                • Opcode Fuzzy Hash: 6d5ea343d7634a02bb30a9492cc7f0f88c7fbcdfcf69dc41d28738782cf4579d
                • Instruction Fuzzy Hash: F841DD34600204DFCB04FF65D584A9EBBB2EF8C304F158969DA16AF795CB74AC05CBA5
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03159C88, Relevance: .1, Instructions: 109COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 505c85363a564632eea395f0a73d47b5da2139ed92e810c60d8e3a164b31b774
                • Instruction ID: a38c8fef6b0c7a3a8b31e0e3bea14cd3f9add0c21cbde8d010b0141768df8571
                • Opcode Fuzzy Hash: 505c85363a564632eea395f0a73d47b5da2139ed92e810c60d8e3a164b31b774
                • Instruction Fuzzy Hash: 99419F35600218DFCB14DFA4D848ADDBBB6FF8D321F194169E816AB3A1CB349D41CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03119408, Relevance: .1, Instructions: 108COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 51ab97dd8499e40e5b4e3752c07f5337c9443f23dc72ba7f72477a3cf87bf1b0
                • Instruction ID: 792911b67db53066e1d8aa1118ad888ab61fe6fb9b36c38b66f28e728cda8871
                • Opcode Fuzzy Hash: 51ab97dd8499e40e5b4e3752c07f5337c9443f23dc72ba7f72477a3cf87bf1b0
                • Instruction Fuzzy Hash: 6C415B74A007059FCB24DF65D890B9EB7F2FF88304F108929E5599B790DB34A955CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310A3D8, Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ab9e07ad02c19668c3a36f5aea9d98b960eb29a7c22c79d1e161b8223a9cebd
                • Instruction ID: 2df82c1f1765d06d20afaa0420f0f96cbd450bfc8b600131da71681c707fe0e2
                • Opcode Fuzzy Hash: 1ab9e07ad02c19668c3a36f5aea9d98b960eb29a7c22c79d1e161b8223a9cebd
                • Instruction Fuzzy Hash: 2A41AB38B002058FC714EF64D4899AEBBF2FF8C200B048469DA06DB395DB70EC81CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310A530, Relevance: .1, Instructions: 103COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 743e1bb070fe79586c78204e6801639f605b64bde26b88e16f10a8844f14906a
                • Instruction ID: 0fe8add0dc71aebb977bdece7fdbd101c3e5b9d9b4548c41cdcf0d8fe07ad1e3
                • Opcode Fuzzy Hash: 743e1bb070fe79586c78204e6801639f605b64bde26b88e16f10a8844f14906a
                • Instruction Fuzzy Hash: 5C414C74A003099FCB04DF65C58099EBBF2FF88314B10CA69E519DB394EB71E946CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03108570, Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bac5fddff3c0f14661aaefaa9815ed1804511463e5b673cd4b7bf39c5cd45c07
                • Instruction ID: 03bd3ca9ef686e791547f949ad0c1f9c17ac4e150817bdf2ea8081f8e21d1422
                • Opcode Fuzzy Hash: bac5fddff3c0f14661aaefaa9815ed1804511463e5b673cd4b7bf39c5cd45c07
                • Instruction Fuzzy Hash: 8A3170B47046154FC308EB7AD96496AB2EAAFCD210B17407AD606CB7D5EF70DC018B71
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03110D78, Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8e028fb8cf38c8d77f5f25b4e298d1d10746114b7bb4a2e9ac234b516a08ea17
                • Instruction ID: e279560e868530a14fb14501f4233a5d0532b5cda8243266c29bd43403fe1f9c
                • Opcode Fuzzy Hash: 8e028fb8cf38c8d77f5f25b4e298d1d10746114b7bb4a2e9ac234b516a08ea17
                • Instruction Fuzzy Hash: 4C416974A00704DFC724DF69C4809AEF7F2AF8D304B258A69E546AB361DB30AC85CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03103BB0, Relevance: .1, Instructions: 98COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 582cfe885eada4401d84f781074127fb0eb2cd46ef861583e78559d7fc440c1b
                • Instruction ID: 2a08f9ff8fcefc3129b8142e8ce3e9aaa5ad5c916a03ebfe4b46bf8304dc92fc
                • Opcode Fuzzy Hash: 582cfe885eada4401d84f781074127fb0eb2cd46ef861583e78559d7fc440c1b
                • Instruction Fuzzy Hash: E231D238B043458FCB15DF68C854BAEBBF2AF8A300F1884AAD816DB391CB759D41CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0315D190, Relevance: .1, Instructions: 98COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 22926a3158fba36272f05870f879bf194720052ccc517f276c904409f4e12d84
                • Instruction ID: 36583cee185f9ea91082c6f9b68a4ac2d187a203b5823581562fcf8bf714f1cc
                • Opcode Fuzzy Hash: 22926a3158fba36272f05870f879bf194720052ccc517f276c904409f4e12d84
                • Instruction Fuzzy Hash: C731AB34700605DFCB04EF65D184AAEB7A2EF8C205F14892DDA16AF394DB74AC45CBA5
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310A520, Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b88ad1d5e4450ff8515ed67fa7675fabe0a9d132082cfecdb2bd833255743a55
                • Instruction ID: 309ebbd384ef10cf8d5e674253a35849df61563f3f58a1c20094e104f97b3f04
                • Opcode Fuzzy Hash: b88ad1d5e4450ff8515ed67fa7675fabe0a9d132082cfecdb2bd833255743a55
                • Instruction Fuzzy Hash: 1D415B74A0030ADFCB14DF64C480A9EBBF5FF88314B148A69E5159B395DB74E945CFA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03107318, Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 580de461961f90457374a0f12d6c7869b53a91b222308a269d6584eba0578478
                • Instruction ID: c00d54f0a358907fdfd4a9b7a76c3473679a1ca017ffe40268777db5f1c90cdf
                • Opcode Fuzzy Hash: 580de461961f90457374a0f12d6c7869b53a91b222308a269d6584eba0578478
                • Instruction Fuzzy Hash: F7310874B00205CFDB55DF69C58066ABBF2FF88204B18C479D949DB385DB75A842CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03115B92, Relevance: .1, Instructions: 94COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ffa2e7f791f69582a95d9e19183dc42b0d1c500b87a7dafb17e2d1fc81d0836c
                • Instruction ID: d4bf7c6d049f13901f8de0932639929fa250b654b35646530051f9840fbba608
                • Opcode Fuzzy Hash: ffa2e7f791f69582a95d9e19183dc42b0d1c500b87a7dafb17e2d1fc81d0836c
                • Instruction Fuzzy Hash: 3D3102356043088FCB20DF65D880ADFBBB7EFC9228F19856AE901D7280CB349945CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03103A60, Relevance: .1, Instructions: 93COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ef2714ad10b2e8c69d196aba6ed3cdb35b190ff157ec50b1bdae6d8bf6d49f18
                • Instruction ID: 47dcf2bbc664caf4281efb811343836d6f0f16cfb460fe78822e44b2db0d6de6
                • Opcode Fuzzy Hash: ef2714ad10b2e8c69d196aba6ed3cdb35b190ff157ec50b1bdae6d8bf6d49f18
                • Instruction Fuzzy Hash: 8B310735A043948FCB25CB25D8157A97BB59F8E314F0D48EED051EB1C2CBB85845C7A1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03152020, Relevance: .1, Instructions: 93COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ea9a13afed52b3cd0c6e5cebb0c3bf36eb7e53686bdce5a216b730fa99ac201c
                • Instruction ID: f4047efe18543664c03ebad9ee5a85f315f5c8870fb99b35f816c4e0dc5c19d1
                • Opcode Fuzzy Hash: ea9a13afed52b3cd0c6e5cebb0c3bf36eb7e53686bdce5a216b730fa99ac201c
                • Instruction Fuzzy Hash: 9631B875A002098FCF44EFA8D5849CDB7F1FF88319B158965EA18AB325D771AD06CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 031041F0, Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a048b9c07a910310506beb3bd514549fb7120c3912cecdec785f5e56fb42559
                • Instruction ID: c09d92bbae010e7fae0ce5ac26c9f40fb02edd0c6564e6f1ad591edf61d3bb44
                • Opcode Fuzzy Hash: 8a048b9c07a910310506beb3bd514549fb7120c3912cecdec785f5e56fb42559
                • Instruction Fuzzy Hash: A84102B59002599FCB10CF9AD888BDEFBF4FB4D324F10851AE528A7250D7B4A954CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03107308, Relevance: .1, Instructions: 91COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3d504be122cec0a0cf16dfb33f097897c70444800b2c3b13bb307f2f6174620d
                • Instruction ID: 5a783d8d7ae75d2226474b1916c70cbb24f1c0844f41d953bce031d44a6b6688
                • Opcode Fuzzy Hash: 3d504be122cec0a0cf16dfb33f097897c70444800b2c3b13bb307f2f6174620d
                • Instruction Fuzzy Hash: BC313C75B00205CFDB55DF69C5806AAFBF2FF89204B18C4A9D948DF285D771A942CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03156378, Relevance: .1, Instructions: 91COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b0b2e05615105c3252964bb40cc7f3bd9c4b6be76c86b55e5631d55c8d548e4
                • Instruction ID: 0cadc896555fa63f2979835f85ce3b5485cf547b9a6156be75089ab3844281b6
                • Opcode Fuzzy Hash: 4b0b2e05615105c3252964bb40cc7f3bd9c4b6be76c86b55e5631d55c8d548e4
                • Instruction Fuzzy Hash: C6317E302043059FC714EF34D885A9ABBE5FF88309B408D29F6568F6A5DB71F945CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311CD85, Relevance: .1, Instructions: 90COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b3d2d961056e75338f1039e7b4d3c1254ba3a2dc77f6eb09788de2ca59687ca0
                • Instruction ID: 91091a645b1df157525b9ac5e85808088d6c4d075c6b6ed898826f10162f8dea
                • Opcode Fuzzy Hash: b3d2d961056e75338f1039e7b4d3c1254ba3a2dc77f6eb09788de2ca59687ca0
                • Instruction Fuzzy Hash: E241C834A01618CFDB64DF19C884B9ABBF2BF48310F45C4A9D449AB361DB34AD95CFA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311CD88, Relevance: .1, Instructions: 90COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 644a1445f7bb130b41c015fc693f1289470ba08a18e98871db58eeffcc753804
                • Instruction ID: 013d7c4f8a9bc4c6bd0e973a697ce18b57bb58c6ca8866f1694f3811e0e95d0b
                • Opcode Fuzzy Hash: 644a1445f7bb130b41c015fc693f1289470ba08a18e98871db58eeffcc753804
                • Instruction Fuzzy Hash: 0541C834A01614CFDB64DF19C844B9ABBF1AF48310F45C4A9D449AB361DB34AD95CFA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03103BC8, Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ed8d884e912fa08cb4d60f2c965fefb507c80a9b0f6748c2f232cb1d47b63bb7
                • Instruction ID: e77bf220beb35dd405f00abd6c0655c83a73b205b358929750229b1416632b11
                • Opcode Fuzzy Hash: ed8d884e912fa08cb4d60f2c965fefb507c80a9b0f6748c2f232cb1d47b63bb7
                • Instruction Fuzzy Hash: 1C318F38B002058FCB14DF69D459BAEBBF2EF89305F148469D816EB390CB759C41CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310C010, Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5789a501ed3d7651dc780f650b2c39875a23463a15dcaad33442e50d695a6936
                • Instruction ID: 74ebcdccf95b7ddd7ad846c2ed8214b23ae90c37a95718bc9bd282de499f75ca
                • Opcode Fuzzy Hash: 5789a501ed3d7651dc780f650b2c39875a23463a15dcaad33442e50d695a6936
                • Instruction Fuzzy Hash: 712188783042008FD728DB28D58896EB7A69B8D714B19866BD106CF3E5CFE1DC85CF91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0315620A, Relevance: .1, Instructions: 83COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 18f4c8ac8e399a198caac10274d0abc833ee064075921ccd4013557d68ca159b
                • Instruction ID: 845ddad8c8a4f063090ba62bce98096c1ed24eec13d977119f942c2c872074f7
                • Opcode Fuzzy Hash: 18f4c8ac8e399a198caac10274d0abc833ee064075921ccd4013557d68ca159b
                • Instruction Fuzzy Hash: 2E21AD347002158FDB18CF68C890BBE7BA6AF88305F48447DE915CB3A0DB39C941CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03119220, Relevance: .1, Instructions: 77COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5c9d871d061ac6a3c0903658a02ce0e525b90e4506b63acd2d0483444e85cf34
                • Instruction ID: eb01ccd133754704e8002ee8e43e5ccd237b00874052af751cdf5f3500d5d17c
                • Opcode Fuzzy Hash: 5c9d871d061ac6a3c0903658a02ce0e525b90e4506b63acd2d0483444e85cf34
                • Instruction Fuzzy Hash: 78310131A057859FCF11DF74C8905EABBB5FF89304F10866ED594AB241EB34A902CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03152840, Relevance: .1, Instructions: 76COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ed62521eaef24f428648e346c3929fbd583b1d76b3e86e6ce87a66590e71bab4
                • Instruction ID: c230e8c66b5a92df13441eb6358e67e66eece82b56df4d2bc342281c6be3c915
                • Opcode Fuzzy Hash: ed62521eaef24f428648e346c3929fbd583b1d76b3e86e6ce87a66590e71bab4
                • Instruction Fuzzy Hash: AA316571D093998FCB01DFB9D8801CEBBF1BF8E214B1445AAE598F7201E734A944CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311C2A8, Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0c6ea4fc9f300b36fc357d355195e70f8b21c08feaf7c5aa65346566ac7270aa
                • Instruction ID: ae173d451e26cb34070393853cb4e64147fe6c916abf20047d236739e86b399f
                • Opcode Fuzzy Hash: 0c6ea4fc9f300b36fc357d355195e70f8b21c08feaf7c5aa65346566ac7270aa
                • Instruction Fuzzy Hash: 43218E35B1121A8BCB15EAA9D4945AEF7A6FF8C315B14813EC50687740DF31D822CBD1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03118BC0, Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d27aa519706e64f5ab06dd8d44319fb12446669eccb2d8857d50498c9f7f2b47
                • Instruction ID: 20eb338b8812398547ca229cefd4fc62c53fabaa90dba564c71a3e8c8110ea16
                • Opcode Fuzzy Hash: d27aa519706e64f5ab06dd8d44319fb12446669eccb2d8857d50498c9f7f2b47
                • Instruction Fuzzy Hash: 7021B034A052548FCB05DFA9D8152EDBBF0AF09700F1581AAC418EB7A2D7399D46CFA6
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311C2A2, Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d053b16b3ae76c4384d19a76fda85cede8bbee8a0ae2e9f270570d7ba8275ab0
                • Instruction ID: 73357662c26ffd8720946cc97c02ffcee23b71e968e19a3f26cc9bb1467f1ab9
                • Opcode Fuzzy Hash: d053b16b3ae76c4384d19a76fda85cede8bbee8a0ae2e9f270570d7ba8275ab0
                • Instruction Fuzzy Hash: D721CD35B1121A8BCB15EBB9C4944AEF7AABF8C314B24817DC9068B340DF31D962CBD1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311FC70, Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9b5ace8ba862633214e5a2ed89b8d368bf0edd74e2719088853e9dc025dbcb8e
                • Instruction ID: 0cb6a3de13885776a07693e7089e4ed23fb8f2f792ef8bab6bd50d8b16d76f0a
                • Opcode Fuzzy Hash: 9b5ace8ba862633214e5a2ed89b8d368bf0edd74e2719088853e9dc025dbcb8e
                • Instruction Fuzzy Hash: 2611D2353053454FCB24EF35D850ABF77A6EB88200B14462AEA428B685CF74DC5687E1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03118DF1, Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 85fdb59b7c90722f219fa5e536da2a96b61d3c1e5e015c68fcc438d161d91892
                • Instruction ID: e33d5c2e2aedc289de9202cd54692958660696947049a97f764b9746f2a02ed4
                • Opcode Fuzzy Hash: 85fdb59b7c90722f219fa5e536da2a96b61d3c1e5e015c68fcc438d161d91892
                • Instruction Fuzzy Hash: C4215C34E006099FCB18CFA4D581ADEB7B2BF88308F218559E901AF761DB70ED428F91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 031028A8, Relevance: .1, Instructions: 64COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 492ded6d3143c014d32c7d1757e108572c01b35123aa71bb9aefe1eefd35a738
                • Instruction ID: 5799a43778accfff6fa0b1798880f180842564501040d160cfef7686703ca63b
                • Opcode Fuzzy Hash: 492ded6d3143c014d32c7d1757e108572c01b35123aa71bb9aefe1eefd35a738
                • Instruction Fuzzy Hash: 7E2103B59002499FCB10CF9AD888BDEBBF4FB4C314F10852AE919A7250D7B4A944CFA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 031042BA, Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fb532a9bdaabc81d83cf8dd2c425c289e2b851bc32a465170aa97461d86e6f3d
                • Instruction ID: f4a94172cc82ea710eb70fcc2e8d99dda208d0ea834b8f972b07a0e5b290fbbc
                • Opcode Fuzzy Hash: fb532a9bdaabc81d83cf8dd2c425c289e2b851bc32a465170aa97461d86e6f3d
                • Instruction Fuzzy Hash: 4F11E4347053059FCB18EF7AD9806AEBBF5EF89214705C56DD249DF680DB30A805CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03119628, Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fddafbc0370cac4cbdd3fd16f2e2b885570776dabd3dd3996563a9a0df3bab89
                • Instruction ID: 8edc283415211c08707f9a771a384134e05a407f38ea94bea9ca45321b16e0f0
                • Opcode Fuzzy Hash: fddafbc0370cac4cbdd3fd16f2e2b885570776dabd3dd3996563a9a0df3bab89
                • Instruction Fuzzy Hash: 14112031B01204CFCB06CF69D8588EEBFBAEF89610714816AE959D7341CB349D12CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310BA6B, Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ae44d20c88a7c9a75c326bc5cc759fcb62842a727ea1e6de9d054b56f78013fd
                • Instruction ID: 0e3c2181a81dd5e581052ef8ed946db25aa2dd18762d7142c72a2274fcb5ef1a
                • Opcode Fuzzy Hash: ae44d20c88a7c9a75c326bc5cc759fcb62842a727ea1e6de9d054b56f78013fd
                • Instruction Fuzzy Hash: 8F1181357092548FCB19DF29D884959BFB1FF8E21171885AAE505DB397DB70DC04CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03152A68, Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0822a2009b141093c21082761dff094b482cd27cdca9989af3d6d8616b6117ca
                • Instruction ID: 26fbe52fd1b8233e7d7360a972bcb69692bb6c1e449293524685e1ed575919dc
                • Opcode Fuzzy Hash: 0822a2009b141093c21082761dff094b482cd27cdca9989af3d6d8616b6117ca
                • Instruction Fuzzy Hash: A21173397006158BC728BB2AE54456EF7D6EBCC625704893AEA1AC7744DF70A84687E0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311A748, Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9917079b26da8bc90502942bf39db95f2bc1c49ac0bc406ad37d014d322db517
                • Instruction ID: 9a1df3099a3a67d18fd0e95962b43ebb0109ceb3e1396ee784d5cd19737f76a8
                • Opcode Fuzzy Hash: 9917079b26da8bc90502942bf39db95f2bc1c49ac0bc406ad37d014d322db517
                • Instruction Fuzzy Hash: 1E0145367052088BDB14DA69A8945EEFBFAEFC8261F14803AD10AD7241CB36596987D0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03116C51, Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 106baeda38be4bc1ba9182af69c1f9f568add6fc669f1560bd508ee9251f9b14
                • Instruction ID: b5f5dde4868f10062b18157421166bd0d81586e29e07d7b2932a0db0fdfe6c72
                • Opcode Fuzzy Hash: 106baeda38be4bc1ba9182af69c1f9f568add6fc669f1560bd508ee9251f9b14
                • Instruction Fuzzy Hash: 8911A9707055915FD71ADB2F9408BEEBBE6DF85624F0980AAD408CB291DF39D901CBA2
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0315996A, Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1817a33e1fe55d47822d1d116ca3f822bc1f7a52d020659fcaa6d07d6fd76fae
                • Instruction ID: e44c688e5df01d456bb3901befc7107f22313313429e594addc0a9a8dea63f5e
                • Opcode Fuzzy Hash: 1817a33e1fe55d47822d1d116ca3f822bc1f7a52d020659fcaa6d07d6fd76fae
                • Instruction Fuzzy Hash: 6E21B275A00229CFCB08EF68D99899DB7B1FF8C305B1105A9E906EB361CB35AD01CF60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311AA88, Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 87a99886072b456edeba9567897dced16f97d8fc0878364ba807dba18f0bde1c
                • Instruction ID: ee21de27845482f43e51929edf5dae0b8f263e82ffdd330e5a1b4be5b7be7462
                • Opcode Fuzzy Hash: 87a99886072b456edeba9567897dced16f97d8fc0878364ba807dba18f0bde1c
                • Instruction Fuzzy Hash: CF01F5327056251FCB14A739A8541AFB7A9DFC8165B09853AE609CB284EF64DC1483F0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310FE02, Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5c9e89c8ed10d60e88756efbbf6329ef6ce2c042b5312444c396a9db515c8af8
                • Instruction ID: ad07c36f818b70fd5ec52ee502f255395aab7ab98081979e4ffe1847e5f54653
                • Opcode Fuzzy Hash: 5c9e89c8ed10d60e88756efbbf6329ef6ce2c042b5312444c396a9db515c8af8
                • Instruction Fuzzy Hash: BE11E931A042645FCF25CF68C8405DEBBF6EF8E600B0989A9D485E7645D770A85ACBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03105CB0, Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 26de82779455b8eb55d01c72a8c9fe5312149cee0d9cfc6b4f820e88523bba44
                • Instruction ID: a413978a8b42e2c4a2be3c163ac859282dbe2def6424da742c7af1932fcfcce5
                • Opcode Fuzzy Hash: 26de82779455b8eb55d01c72a8c9fe5312149cee0d9cfc6b4f820e88523bba44
                • Instruction Fuzzy Hash: 01116D35A08115CFCB04DB24DD59AADBBF6BF4E301F0406AAD402AB2A5CFB49841CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311CC6F, Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fc9705806fb16eeb8c4d42f1eea31af8acdfd28d57ff1332285f6a966cb62db4
                • Instruction ID: 8046c6b42302a3bc036d4ca28a07a62e9f1b30b1b402a1c03e3a54ea8810964a
                • Opcode Fuzzy Hash: fc9705806fb16eeb8c4d42f1eea31af8acdfd28d57ff1332285f6a966cb62db4
                • Instruction Fuzzy Hash: 8F01F5312483619FC716DBA4E811AD9BBE4EF4A710B4E48B7D841CB296C728AC6587E1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03109A18, Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d768ab2613ea075e820129147279ec0cb2cd5c751d34be6df02ea0d435b01f80
                • Instruction ID: 5bd7ac8b17c2ee3e8b3dde1fc366bcea0598dd728e661b9b0342673842e96138
                • Opcode Fuzzy Hash: d768ab2613ea075e820129147279ec0cb2cd5c751d34be6df02ea0d435b01f80
                • Instruction Fuzzy Hash: A001D677B042104F5314A67E785042EEB8BDBDD2713158237E715C72D6EF708C4582B4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03105C08, Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ba890a991de5790b67b436c3f00b9f911e4636a31017810970f40ccb8738dd48
                • Instruction ID: 12b18fdc89e26ac9d493ac8244b1c04d831b9a382eaf6d4ad573dced0574cc54
                • Opcode Fuzzy Hash: ba890a991de5790b67b436c3f00b9f911e4636a31017810970f40ccb8738dd48
                • Instruction Fuzzy Hash: 581136783056118FC318DF29D594C22BBBABF8E61131545A9E40ACBB71CB70EC05CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311AA82, Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4d54cbd3d0766a08b1d7e69cf225bb50253d5df42fe730c0ea74da30b6660dd8
                • Instruction ID: 0465287ff9bb0050177c138156e19640475c20528d4508ddb6438cfffe2e43ea
                • Opcode Fuzzy Hash: 4d54cbd3d0766a08b1d7e69cf225bb50253d5df42fe730c0ea74da30b6660dd8
                • Instruction Fuzzy Hash: 0D012871705A251FCB10E735A9141AF7AA99FC8164B099539E605CB284EF74CC10C3F0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03152B98, Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7cb926666413463b60aae5b116113b2a0e4f4ff023c99c8d596ba6af4087857
                • Instruction ID: e6ce5294ded6964916b5f4e86cce2e04dc5b39e1cc9be723b172e1496b009280
                • Opcode Fuzzy Hash: e7cb926666413463b60aae5b116113b2a0e4f4ff023c99c8d596ba6af4087857
                • Instruction Fuzzy Hash: C5115B71A002198BDB18DFB5C854BEEBBF1AF4C304F148429E811FB381DB759986CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310BA98, Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d5e64e261eee63c602355626c29b900d3bdc9e208cb085b04010a16cac32f9d5
                • Instruction ID: c88a2bb2f9af034e20d58e10cf8b5c37948f56727b266ebc1819d0ef3d99227e
                • Opcode Fuzzy Hash: d5e64e261eee63c602355626c29b900d3bdc9e208cb085b04010a16cac32f9d5
                • Instruction Fuzzy Hash: B3016D753081148F9748EB29E85892ABBE6FB8D2117158479E50ACB3A5DF75DC40CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03118BE8, Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 690dac6aadec307e32c421b3ce2c7acc329ccce79a21b97595606ee1e9b99bc8
                • Instruction ID: 60094528ad65cb4853bf75ebdbf3bd7e33019e6a90d8b01b6771e8d2505c44c6
                • Opcode Fuzzy Hash: 690dac6aadec307e32c421b3ce2c7acc329ccce79a21b97595606ee1e9b99bc8
                • Instruction Fuzzy Hash: D5112570E012188FCB44EFA9C5446EDB7F5AF49704F0180AAD419EB390EB399E46CF95
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03159978, Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 607cdef4f15cbcc59c0f716c3eb5a0fb7048416970e33b80b24e89a068a3abac
                • Instruction ID: cef3b29b7c31038529ad652ccd538102d110097dac62a889350d522c7a0258ee
                • Opcode Fuzzy Hash: 607cdef4f15cbcc59c0f716c3eb5a0fb7048416970e33b80b24e89a068a3abac
                • Instruction Fuzzy Hash: 9121C375A00228CFCB08EF68D99899DB7B1FF8C305B1105A9E916EB361DB35AC01CF60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311AA60, Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c4337059bb4f49fba4ba1a7a867e7cf59a8e4acc22907c2bd7fbac06eb417157
                • Instruction ID: 7273929c3db216ff65ea5496005158c945a6db4eb137e4cf98b439cf7384aa89
                • Opcode Fuzzy Hash: c4337059bb4f49fba4ba1a7a867e7cf59a8e4acc22907c2bd7fbac06eb417157
                • Instruction Fuzzy Hash: 010128717066610FCB11EB34B9502AE7BA19F88265B0D957AD505CF285DF38CC14C7E0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03119638, Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 97b01e6130aa2e75ec63bf16fd4782e4d47d4e818b17b587865772746c4a6f66
                • Instruction ID: 8604e8dd4767d715d7b1e3fe541c7c9f8d04c252e248e4083da1625eb53142df
                • Opcode Fuzzy Hash: 97b01e6130aa2e75ec63bf16fd4782e4d47d4e818b17b587865772746c4a6f66
                • Instruction Fuzzy Hash: 72118B35B016159FCB15DF69D4588AEBBBAFF886117148029E81A93340DB349E12CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0315D8C1, Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c238c39d59833ab4a2aa05438465ac254484e951ce3cd4efea36903c196702cf
                • Instruction ID: 8d67d57f91e1433628f41e3772c6db47fc64aa7737f7ab0a88428961c6a47aab
                • Opcode Fuzzy Hash: c238c39d59833ab4a2aa05438465ac254484e951ce3cd4efea36903c196702cf
                • Instruction Fuzzy Hash: 1921EA34A10205CFCB09EF64D494A9D7BB2FF4C325F159569E501AB3A5DB35D881CF60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03110232, Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5229707dd87a9fe1b64e49dbbe6244b5be305a3cd13f5350cf573000b9e165e3
                • Instruction ID: 3c49ef91b9eaeb5a0a82d39bbc4bd1d13a5d64d7d001d390a22400c35711214c
                • Opcode Fuzzy Hash: 5229707dd87a9fe1b64e49dbbe6244b5be305a3cd13f5350cf573000b9e165e3
                • Instruction Fuzzy Hash: 24119E74B112049FCB58EBB4D5696BEBAF2AB8C244F15002EE506EB380DF388C41CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03116C60, Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 39b6c95e784db161fd612fd92064673524a34d5a23351284a3dd0a729adc11f6
                • Instruction ID: 51b24e403d0171977c448ea66cbbf3970502a877c655e9074a4cc6571c29e740
                • Opcode Fuzzy Hash: 39b6c95e784db161fd612fd92064673524a34d5a23351284a3dd0a729adc11f6
                • Instruction Fuzzy Hash: 7C01B5707005559FC71ADB2F9408BAEBBD29FC8624F09C0AED4188B390DF39D901CB92
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03105C18, Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3d99340eb85e57fa43c5881e770c0dafc83cb8466813b2de52a74029032239b3
                • Instruction ID: 557aa5c14f911cd61f30fca952e12a17926b134e72fa4bad2652bbbbcc542050
                • Opcode Fuzzy Hash: 3d99340eb85e57fa43c5881e770c0dafc83cb8466813b2de52a74029032239b3
                • Instruction Fuzzy Hash: 0D01EE743016118FC728DF29D688C16B7AABF8961531545A8E40A8BB71CB70EC06CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03103A88, Relevance: .0, Instructions: 44COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b75909082f22c08b413069a1dcca39d8ada3c104dc45bb3f79a4d6d70a451eed
                • Instruction ID: 9e118894c46be087b2de60c315805cb46ec6b424b59f5040d1420b24332f7415
                • Opcode Fuzzy Hash: b75909082f22c08b413069a1dcca39d8ada3c104dc45bb3f79a4d6d70a451eed
                • Instruction Fuzzy Hash: 8601D639700B54CFCB38D979980933AB6A55BCC615F0D6CBDD026D22C1CBF984858750
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03103B10, Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 04e59c7a905a144866cfb5c99f04dc6cbf1198d0a348de9654183805fd69eff8
                • Instruction ID: 6813f42eee8d8a1db59543744fbd322a1c9452c20b0e7d4ba3b152bea41dd603
                • Opcode Fuzzy Hash: 04e59c7a905a144866cfb5c99f04dc6cbf1198d0a348de9654183805fd69eff8
                • Instruction Fuzzy Hash: 00019274A043588BEB18DB64C4097EEBAB26B49708F04486DD051B62C1CFF90944C7E1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03105CC0, Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d3500bcbd4023d5155f5f25e8945b03089da0ed6485497448c846a7bcb4d1db0
                • Instruction ID: d4ccb135fd576fa882fa2b2ca9c4fa0e1547c2e814e5cfaebda49b16172e445e
                • Opcode Fuzzy Hash: d3500bcbd4023d5155f5f25e8945b03089da0ed6485497448c846a7bcb4d1db0
                • Instruction Fuzzy Hash: 3D010C31A04115CBCB14EF54DD58AADBBF6BF4D701F14056AD402BB2A4DFB4A840CFA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03159C77, Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a318691cd7aae7930751d0574b72ca711313316a9e77e4934b7e68fdbd2c9019
                • Instruction ID: e5e90cf18a210a8ae99ba5681dfb065a8c23ab1ce6e3486f20e7b0d80fe983d7
                • Opcode Fuzzy Hash: a318691cd7aae7930751d0574b72ca711313316a9e77e4934b7e68fdbd2c9019
                • Instruction Fuzzy Hash: 27018635200210DFC311DF59E484D5ABBE6EFC5361F1584A9E8598B251CB35E941CB65
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03155EA4, Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e47177b31f9968e0e3e68e9f8cb6cae3d45865cf5b144a399e001ed54591f1fc
                • Instruction ID: c4442dc1cd1eab23d3db1323fd19f36d8cda39051de6f16bdff1bf3acd2cea4e
                • Opcode Fuzzy Hash: e47177b31f9968e0e3e68e9f8cb6cae3d45865cf5b144a399e001ed54591f1fc
                • Instruction Fuzzy Hash: C501FB39B11119CFCB08DFA4D4549ADB7B2FF88640F118456ED129B390DB74AD02CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311E0A8, Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f80a71ce862a6b2fbf9ed6abd07bc6ec2e25f4b2fbdcad5298e6cce3550ebcc7
                • Instruction ID: b4d015671932b87d244a9f6d6b0d1d408deb72507aea1afbabbfd6ecdf133457
                • Opcode Fuzzy Hash: f80a71ce862a6b2fbf9ed6abd07bc6ec2e25f4b2fbdcad5298e6cce3550ebcc7
                • Instruction Fuzzy Hash: 0EF02771A082646FCB21966DBC092DFBFBCDB86360F0802BBE849D7691C3300954C7E2
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03152B40, Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b67c52a1e516b9c3893d291b2955113f5d69941fdc320c45850369c640f7cd1
                • Instruction ID: 62dafe4c992c2d39a9c59bb3c599b43f39fb6024c6036184a5f5409c1f566836
                • Opcode Fuzzy Hash: 0b67c52a1e516b9c3893d291b2955113f5d69941fdc320c45850369c640f7cd1
                • Instruction Fuzzy Hash: 07E065363001105B8705DB9DF845999FBD9DECD26530C40A6E50DC7261CF25DA1387A0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310B031, Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 89d2e01a888483138891a84052aeb473b2e2076ae41c3940a93bfb83f5dc2cef
                • Instruction ID: 15c91f99ca4b36dd9a528c2ee2c727089b43942a9dce99f1cf7ce6811811cad1
                • Opcode Fuzzy Hash: 89d2e01a888483138891a84052aeb473b2e2076ae41c3940a93bfb83f5dc2cef
                • Instruction Fuzzy Hash: E9F02E3130D3904FC7269B2AA4C4956FFF6AFCD11530D81AAD144CB257CB609C05CB61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0315D9FF, Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a25ecb5326ec0de4f4d47fc38f507110d6e6d1c6dd6c05dd8eb895c10812af9f
                • Instruction ID: 0aeeae6e3dc9fbc56856a1b6c9e73177f07e61bf117b04bd82beb776fdc51402
                • Opcode Fuzzy Hash: a25ecb5326ec0de4f4d47fc38f507110d6e6d1c6dd6c05dd8eb895c10812af9f
                • Instruction Fuzzy Hash: 0C01B635A11109CFEB08EB94E899ADDBBB2FF8C325F145016E501A7284CB712D81CF60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03116F3B, Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8ac2a7b3c8a6b75dfc9b330a2f61f973364ae61e50b5bca2c23b97d2483a8d9
                • Instruction ID: 07cadf2f92ebdf04c979b2760f499f3a58210b5d63286e8fbffb8dba888158f5
                • Opcode Fuzzy Hash: e8ac2a7b3c8a6b75dfc9b330a2f61f973364ae61e50b5bca2c23b97d2483a8d9
                • Instruction Fuzzy Hash: BFF03030A1020A8FCB54EF64D464BEEB7B1AB48709F018938E412BB284CB355858CF95
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310255F, Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c051b7631eb2076cf0b62927185ae9609bfbcd65c3f0568785c04c076b71cda0
                • Instruction ID: 77da0f4fecd416d721d04def80587fa3d5349b9b9b3e0dd7eed798c4ce1d76c8
                • Opcode Fuzzy Hash: c051b7631eb2076cf0b62927185ae9609bfbcd65c3f0568785c04c076b71cda0
                • Instruction Fuzzy Hash: C3E04F7244E3918FC7525B68D8907803F70AF2B210F4E15D6C0848B167E62DB41AD762
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310B040, Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fe2f5a81e12a14c79761af80d3fccaed2286040964af5e328266d801cf9ca6e5
                • Instruction ID: 72d095aa3e5e5ae8f3d65727c98e41d66bfc8c7d8c652f2d5f8d207e72ae73be
                • Opcode Fuzzy Hash: fe2f5a81e12a14c79761af80d3fccaed2286040964af5e328266d801cf9ca6e5
                • Instruction Fuzzy Hash: AAE0D8313042005B4314AF5BE488857FBFAEBCC525308812AE209C7315CFA0DC058B61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 031024DF, Relevance: .0, Instructions: 25COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cc57a4febeb391776e72f92c464bcf179e39301722f9f79cb641be50e6362eaa
                • Instruction ID: 02281f59ac0c71cee2aee5a7093b216ff8496619e59a31e1120dcc03ba1a0229
                • Opcode Fuzzy Hash: cc57a4febeb391776e72f92c464bcf179e39301722f9f79cb641be50e6362eaa
                • Instruction Fuzzy Hash: 60E0126280D3C58FC3175BA49965A017FB46E4B115B1E05DEC0C18F953D628E518D792
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03116470, Relevance: .0, Instructions: 24COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cbadc21f4f9c3b0e9f4e5241df62989b1be117576525b7ce9e34a6b8ec81ae96
                • Instruction ID: f2988a00a89772842435766f6501c6159276e41233fd819a419bdb830c6a59a0
                • Opcode Fuzzy Hash: cbadc21f4f9c3b0e9f4e5241df62989b1be117576525b7ce9e34a6b8ec81ae96
                • Instruction Fuzzy Hash: ADE092342002508FC301DB25E858E517FF5EF4A655B0681F6E948CF763CA3498158BA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03155E92, Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ff8b485a05a66fce49112de6b308af846d7fb58dfdd5161c377f831ab0e7d9cc
                • Instruction ID: 68ce8858a38b3c430be8218bbdf5a1679561e5b7d4aa39d5a4a19040da80f55f
                • Opcode Fuzzy Hash: ff8b485a05a66fce49112de6b308af846d7fb58dfdd5161c377f831ab0e7d9cc
                • Instruction Fuzzy Hash: 83E0ED39E10109CFCB14DFA4D5808EEB372EF48254B128495ED26AB350D734ED12CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03155E9B, Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ff8b485a05a66fce49112de6b308af846d7fb58dfdd5161c377f831ab0e7d9cc
                • Instruction ID: 68ce8858a38b3c430be8218bbdf5a1679561e5b7d4aa39d5a4a19040da80f55f
                • Opcode Fuzzy Hash: ff8b485a05a66fce49112de6b308af846d7fb58dfdd5161c377f831ab0e7d9cc
                • Instruction Fuzzy Hash: 83E0ED39E10109CFCB14DFA4D5808EEB372EF48254B128495ED26AB350D734ED12CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 031561D0, Relevance: .0, Instructions: 19COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e0dc449343115e2da42659e3a85d43798644b88654e3f74c4381f4909404c582
                • Instruction ID: bb118a2c7af1eaad5c203b6abb25d337d93060815732b6346937f3526f8eca13
                • Opcode Fuzzy Hash: e0dc449343115e2da42659e3a85d43798644b88654e3f74c4381f4909404c582
                • Instruction Fuzzy Hash: 67E04F34104784CFC721EB60E8559A37BA9AF49218B0549CDE5924B661DBB4E942CB80
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310526C, Relevance: .0, Instructions: 18COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ee346a3c00f81bcb7674958d90b3059f364712bd15e65b67d2b8cb5216e66d38
                • Instruction ID: 1f429636837096bc81ca4795cfb01cc48525601b95f40fdec546fd34889ab1d3
                • Opcode Fuzzy Hash: ee346a3c00f81bcb7674958d90b3059f364712bd15e65b67d2b8cb5216e66d38
                • Instruction Fuzzy Hash: 32E04635A04118DFCB04DF94F8889ACBBB2FF89311F108066E902A73A1CB309D50CF50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03116F94, Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3849928eba433b20fc3660a408225241025f9f883835c4d6147d71b1118aa5f8
                • Instruction ID: 43dde046954c99cf96cc5325ee394039af54987512943e8b1d2883898efc02e7
                • Opcode Fuzzy Hash: 3849928eba433b20fc3660a408225241025f9f883835c4d6147d71b1118aa5f8
                • Instruction Fuzzy Hash: D1E0B63190420ACBDB14DFA4D4797EEBBB0AB08309F108069D812BB194C77544A8CF91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03116F9D, Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3849928eba433b20fc3660a408225241025f9f883835c4d6147d71b1118aa5f8
                • Instruction ID: 43dde046954c99cf96cc5325ee394039af54987512943e8b1d2883898efc02e7
                • Opcode Fuzzy Hash: 3849928eba433b20fc3660a408225241025f9f883835c4d6147d71b1118aa5f8
                • Instruction Fuzzy Hash: D1E0B63190420ACBDB14DFA4D4797EEBBB0AB08309F108069D812BB194C77544A8CF91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03116480, Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b3dbd900789a84a77cd5450b56713922c4132724c6a8bc1317cba5cbd1c62457
                • Instruction ID: 72300982cb2b9c5c8b6677584a15e610eecca6d75b879afd57131fe05ae839a2
                • Opcode Fuzzy Hash: b3dbd900789a84a77cd5450b56713922c4132724c6a8bc1317cba5cbd1c62457
                • Instruction Fuzzy Hash: 75D05E392401149FC700EB69E848E567BE9EF48229B0241A6EA0DCB3A2CB35DC018B91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 031104A3, Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 211ca7d93158a5f126f0a0ca1f88208c1d594b22eacc19654ce2e282f43ae5bc
                • Instruction ID: a9447e9fc49af1dc21753c04fe0265c54abfdfd93d78b928de9f01331a97148c
                • Opcode Fuzzy Hash: 211ca7d93158a5f126f0a0ca1f88208c1d594b22eacc19654ce2e282f43ae5bc
                • Instruction Fuzzy Hash: 9AE0B670D0520ACFDB24CF94D2997EDBBB1BB0C309F2084AAD402B6A91CB794D94DB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311CCD0, Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d960cc4b2a776a562f659e0aba113d78fcda0d0fdea7881ec67eb553f4c1410
                • Instruction ID: f4950efa73304c16924a7ac957b5c6ef38e28de028ee595310308efb374d8616
                • Opcode Fuzzy Hash: 0d960cc4b2a776a562f659e0aba113d78fcda0d0fdea7881ec67eb553f4c1410
                • Instruction Fuzzy Hash: 6FC01231244324534A18617565145FDBADCB949A61705143AD80BC6640DF559C5089D5
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03105C90, Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 04b8d475617501dccd3293eadb13e340f21e1770b4d0d0ae356a523265d94377
                • Instruction ID: 69cde00ec283457fea7e186b153636924da1e85ee7c06f70c1740934d3fb5d0d
                • Opcode Fuzzy Hash: 04b8d475617501dccd3293eadb13e340f21e1770b4d0d0ae356a523265d94377
                • Instruction Fuzzy Hash: E5D012245093D24FCF07873048D56D17F70AD4721232C56C3C0C08A197C1158853C793
                Uniqueness

                Uniqueness Score: -1.00%

                Function 031102D3, Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3543594cefebbad7f357d94d4ca891486bb79a0d67da2a61fdfd292c73342e8f
                • Instruction ID: cb64dca6c51dd4da20581c595fcfae54f3b22c4e488c6a7ea90467487c6e7721
                • Opcode Fuzzy Hash: 3543594cefebbad7f357d94d4ca891486bb79a0d67da2a61fdfd292c73342e8f
                • Instruction Fuzzy Hash: 09C0023AA54004CF8708DA99E5958D8BBB4EF98322B5100A6E6019B621C731ADA4CA60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0315AD10, Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd3981c5324547446e4b8b3fddefda4a72aa23b7df0c6db85640edcc8af97875
                • Instruction ID: 87f0c13e7c98bdce59ae745145ebdef8820896e841b70727c443ef575a762964
                • Opcode Fuzzy Hash: bd3981c5324547446e4b8b3fddefda4a72aa23b7df0c6db85640edcc8af97875
                • Instruction Fuzzy Hash: 25C01230200A30CBCB30DA24E008AAAB3F4BF48621F04464AED4243644C7B8AC42CA80
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310B83E, Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b6e832a9987ddad069fe55eaac567110f134f9c72c862b38a0c6399d88ff118
                • Instruction ID: 1c35ddbcbab01a835fd1d2c69d18b8327a595107c44f95d1c8b52af2004eb188
                • Opcode Fuzzy Hash: 3b6e832a9987ddad069fe55eaac567110f134f9c72c862b38a0c6399d88ff118
                • Instruction Fuzzy Hash: BFB012373080104B040C214FB05886CE766DAC81363108033D30AC40588F5288820A90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0310B89B, Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ec9d1ec4d5cefee751d062efc0a861edb70c290b9197bca977dd080fbf4f354a
                • Instruction ID: 1402d22531c74d179b12572ce009ce765b0c05460253c181e289cb8c9bbfc9a9
                • Opcode Fuzzy Hash: ec9d1ec4d5cefee751d062efc0a861edb70c290b9197bca977dd080fbf4f354a
                • Instruction Fuzzy Hash: 32B0127734801047040CA24FB05446CE326DAD81363114033D30BC00548F6149820690
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03115B25, Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9cd65ac8088162eb86669cddb40bed573300df39dff9567dfcf6a989254af49
                • Instruction ID: 5e7ba8b796c4fd04a993fc30ff12ce53e834d5f3076f43e7d11eeb650a89ac35
                • Opcode Fuzzy Hash: f9cd65ac8088162eb86669cddb40bed573300df39dff9567dfcf6a989254af49
                • Instruction Fuzzy Hash: 20C0927BF0510A8FDB04DBA5F8858EDF732EBD8236B048033D211A2010CA35116ADB61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03102510, Relevance: .0, Instructions: 6COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 34199587c36b59dd01cb5a3323747ec4c8584ed8c0a8360b3da273adb2a77abd
                • Instruction ID: 565c47ff859f2243701b9696423b56b40add33345232bdea5890b8bd60cabb6e
                • Opcode Fuzzy Hash: 34199587c36b59dd01cb5a3323747ec4c8584ed8c0a8360b3da273adb2a77abd
                • Instruction Fuzzy Hash: 8AA0223000030C8B82A832B8380C888338CA0808223808228E00E8B0088F32E000C0C0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03102590, Relevance: .0, Instructions: 6COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 72da3f5dfaead80d8bdb2224889edfa36a7b96faf95a884c36c97af0d2666694
                • Instruction ID: 2f1d0f14efc19b6d7aa66d4370dc437a36a6381a9b6adc251ac8e4049b906155
                • Opcode Fuzzy Hash: 72da3f5dfaead80d8bdb2224889edfa36a7b96faf95a884c36c97af0d2666694
                • Instruction Fuzzy Hash: 93A0223000030CCF830832B03008808338CB080C00B808028E00E8B0088F33E00002C0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 031104D4, Relevance: .0, Instructions: 5COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fd4f39059a0e8bd16c8822c59f1dd9f60eee27cb16b022dd57868fbeff01f087
                • Instruction ID: b66035d60c8111f0637af581d49cb821178b82014fbe170fb054a33cbcb1c09a
                • Opcode Fuzzy Hash: fd4f39059a0e8bd16c8822c59f1dd9f60eee27cb16b022dd57868fbeff01f087
                • Instruction Fuzzy Hash: 78A01132808000CBCB00ABB0E82A0AC3330AB08228B208888EA03E2280CB2828008B30
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Function 03100EF8, Relevance: 3.1, Strings: 2, Instructions: 622COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID: Mh$ah
                • API String ID: 0-3820676340
                • Opcode ID: 9a6e5b5250731295a25421c9f39be39b0d79072c47d681397fe937f83e438e40
                • Instruction ID: 9f9ef5ede99e78721fc9c2ac3a746dfbadabe14872f5be9aafd7ed4b4240a56c
                • Opcode Fuzzy Hash: 9a6e5b5250731295a25421c9f39be39b0d79072c47d681397fe937f83e438e40
                • Instruction Fuzzy Hash: E9327974B002049FCB14DFA9D890AAEBBF2AF89304F15857AD546DF794DB74E805CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311EA60, Relevance: 3.1, Strings: 2, Instructions: 601COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID: "$@
                • API String ID: 0-1136454570
                • Opcode ID: 663005d4d909b058bbc0e8330b04c0f299df43f43ba0e2fd8b36f639114d751e
                • Instruction ID: 6d721711c86c594a412843b525cd78c12ac176b13d75bdf9d61db95a77841491
                • Opcode Fuzzy Hash: 663005d4d909b058bbc0e8330b04c0f299df43f43ba0e2fd8b36f639114d751e
                • Instruction Fuzzy Hash: A5229134B012058FDB68DBB8C9946AEB7E7AF88204F198439D906DB794DF34D8528B61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03113610, Relevance: 1.1, Instructions: 1115COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b990d072f1c4682debb54e5074a9bb2d8ad868f409dd94da5fc9314ed94a0d3c
                • Instruction ID: e29fc58f1dcf62fdd3aaee91588279a9e65cba6321156862e5467fa432629293
                • Opcode Fuzzy Hash: b990d072f1c4682debb54e5074a9bb2d8ad868f409dd94da5fc9314ed94a0d3c
                • Instruction Fuzzy Hash: 85A2CF35E0061ACFCB10DF69D8406DEF7B2FF89310F15C6AAE519AB254DB30A995CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03157F60, Relevance: .5, Instructions: 524COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 61a67794e3536d0392a18e8133018665448c70386e10df3850148b2202d75074
                • Instruction ID: 91626d35773551701262e8d993946a278fd9eaea8d62e8c8fd48f906b06ee39e
                • Opcode Fuzzy Hash: 61a67794e3536d0392a18e8133018665448c70386e10df3850148b2202d75074
                • Instruction Fuzzy Hash: B7127D34B007088FDB14EF75C44459EBBF2BFC8308F158A29E946AB754EB74A846CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03156F78, Relevance: .4, Instructions: 436COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4a824f66aad4a0531f885d316391cb4e6e3bf3742e26397313d9fafedf2b0cae
                • Instruction ID: 0680e4037042e634eabfc84ff78e03b7c0d697f264e467384898543c536c61ed
                • Opcode Fuzzy Hash: 4a824f66aad4a0531f885d316391cb4e6e3bf3742e26397313d9fafedf2b0cae
                • Instruction Fuzzy Hash: 42F15D747046058FCB04EF78C495A6EB7F6EF89208B1584A9E916DF3A1DB34EC05CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03112118, Relevance: .4, Instructions: 363COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3dc34ba919f2f2a0e15e4cbfec71cf1165db376b822ab443b38def1a6abf36d0
                • Instruction ID: 0993c0b440b95a01527b3e6df23474d28d7fe124bd0f57b5ab5885c44f132076
                • Opcode Fuzzy Hash: 3dc34ba919f2f2a0e15e4cbfec71cf1165db376b822ab443b38def1a6abf36d0
                • Instruction Fuzzy Hash: E5E16E34B002049FDB14DF68D499AAEBBF6EF88315F19C869E5069B395CB34DC46CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 031064F0, Relevance: .4, Instructions: 361COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.690014741.0000000003100000.00000040.00000001.sdmp, Offset: 03100000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce006fe4a87e7cfc809604a9e3c3547a9e1b68002301efdd5de822401f9f5f55
                • Instruction ID: 67da6cc642054e17c1f859036e9bb6f1daa425a31e9db2d4c3baef5a6b7a9ab4
                • Opcode Fuzzy Hash: ce006fe4a87e7cfc809604a9e3c3547a9e1b68002301efdd5de822401f9f5f55
                • Instruction Fuzzy Hash: 26E15C30A003198FCB14DF64C480B9EF7B2FF89314F1585AAD909AB795DBB0A985CF91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0311C370, Relevance: .2, Instructions: 231COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.691294581.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d0b2cd885eeac11023ece1667b74d2317de8a9c2896bdb7b6f5b03f0868fd5dd
                • Instruction ID: 524add2adac128285f3c65ef49ef8dcce34014ac1c0b709e1b2b86754cb408f1
                • Opcode Fuzzy Hash: d0b2cd885eeac11023ece1667b74d2317de8a9c2896bdb7b6f5b03f0868fd5dd
                • Instruction Fuzzy Hash: 23911B35A402048FCB14DBA9C584AAEB7F6EF88355F29C469D805EB360DB34ED52CF84
                Uniqueness

                Uniqueness Score: -1.00%

                Function 03154C18, Relevance: 6.6, Strings: 5, Instructions: 397COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.693670050.0000000003150000.00000040.00000001.sdmp, Offset: 03150000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok$`ok$`ok$`ok$*
                • API String ID: 0-3139575268
                • Opcode ID: caa92a14ab5ab24619e6968941e28fba29c0373287e281852813f433603d3cab
                • Instruction ID: 82e6a5b8da173a5ada00ab5eb179812e2588baf7cf24c76d43a12afa9af8490d
                • Opcode Fuzzy Hash: caa92a14ab5ab24619e6968941e28fba29c0373287e281852813f433603d3cab
                • Instruction Fuzzy Hash: 4EF17E34B04205CFCB14EF65C188A6AB7F2EF89209F1A8969E5169F355DB34EC45CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Analysis Process: powershell.exe PID: 6824 Parent PID: 1428 powershell.exeCOMMON

                Executed Functions

                Function 0335AEE8, Relevance: 5.1, APIs: 3, Instructions: 576COMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.681030599.0000000003350000.00000040.00000001.sdmp, Offset: 03350000, based on PE: false
                Similarity
                • API ID: LongWindow
                • String ID:
                • API String ID: 1378638983-0
                • Opcode ID: d5c2df371b671b787c3a93f98f0fdae72e72637e0c23d35085e3cb0c4e3bd577
                • Instruction ID: f7170c6ddfabbe425c52e01bad402569ae95cd846f91e28389e3a17e5e7c7837
                • Opcode Fuzzy Hash: d5c2df371b671b787c3a93f98f0fdae72e72637e0c23d35085e3cb0c4e3bd577
                • Instruction Fuzzy Hash: C8322774A00208CFCB14EFA4C484AAEB7F6FF89315F158969E8169B764DB35EC45CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0335AED7, Relevance: 1.7, APIs: 1, Instructions: 234COMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.681030599.0000000003350000.00000040.00000001.sdmp, Offset: 03350000, based on PE: false
                Similarity
                • API ID: LongWindow
                • String ID:
                • API String ID: 1378638983-0
                • Opcode ID: 5ba52192f91e0bd4a71250ac956e8700461e96a4f79ff7ef46319fd44eb2d261
                • Instruction ID: b2da9143d6f5d513d6a5c4a6dca16c6fb33bd10375b75dd212293a9b9485d2df
                • Opcode Fuzzy Hash: 5ba52192f91e0bd4a71250ac956e8700461e96a4f79ff7ef46319fd44eb2d261
                • Instruction Fuzzy Hash: 9CA12774A00605CFCB14EFA4C584AAEB7F6FF89305F158969E80A9B754DB71EC42CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 033548C8, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.681030599.0000000003350000.00000040.00000001.sdmp, Offset: 03350000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a2c7257659b437d6d958be48ca8241cb5a77f26dd1800f8e5430e8d56a5388df
                • Instruction ID: b6c85db85aad67810ea6fe0912bb94c435ed26a7dfdb0df467f857db96ebd707
                • Opcode Fuzzy Hash: a2c7257659b437d6d958be48ca8241cb5a77f26dd1800f8e5430e8d56a5388df
                • Instruction Fuzzy Hash: 0D01D6377092144B5714E67F788042EA78FDBD62757158237E61AC7284DE318C4192A5
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Analysis Process: powershell.exe PID: 6612 Parent PID: 1428 powershell.exeCOMMON

                Executed Functions

                Function 02DB83D2, Relevance: 2.9, Strings: 2, Instructions: 381COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID: p\bk$p\bk
                • API String ID: 0-3712670942
                • Opcode ID: 95a40028dec586a71ec4b980be3bbe8c25378aacb3efb8f16dc2e2bf490ba078
                • Instruction ID: 3f4bcfd491b97beaee5183e4d830c8764ab5269a3bec17636406e8e45941bb46
                • Opcode Fuzzy Hash: 95a40028dec586a71ec4b980be3bbe8c25378aacb3efb8f16dc2e2bf490ba078
                • Instruction Fuzzy Hash: 46E13C34B102148FDB54EF78D8A4BAE77E6AF88204F1184A9E50AEB794DF349D41CF91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00CB7A10, Relevance: 2.1, APIs: 1, Instructions: 590COMMON
                Download Yara Rule
                APIs
                • IdentifyCodeAuthzLevelW.ADVAPI32(00000001,?,?,00000000), ref: 00CB81EA
                Memory Dump Source
                • Source File: 00000007.00000002.607801471.0000000000CB0000.00000040.00000001.sdmp, Offset: 00CB0000, based on PE: false
                Similarity
                • API ID: AuthzCodeIdentifyLevel
                • String ID:
                • API String ID: 1431151113-0
                • Opcode ID: 0c2944308a49aae7825acfa6b087ffbed5c7298babd264981bb9c0597d5ed180
                • Instruction ID: 78d22816a32d996ea9568ab6dce26414d95dc0816e05e120f359cad17a028022
                • Opcode Fuzzy Hash: 0c2944308a49aae7825acfa6b087ffbed5c7298babd264981bb9c0597d5ed180
                • Instruction Fuzzy Hash: EC325B34A04218DFCB24DF64D844BEDBBB2FF84354F118569E806AB360DB759D89CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00CBA230, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.607801471.0000000000CB0000.00000040.00000001.sdmp, Offset: 00CB0000, based on PE: false
                Similarity
                • API ID: InfoSystem
                • String ID:
                • API String ID: 31276548-0
                • Opcode ID: 2e5c2eb47cb8c52b576fd0037ad08480ea6e01e852a159d786dd65177a77ebf2
                • Instruction ID: e47146ee4d8a46306a61a2ce881349f090ac73b5fe3826611db198ee33f241ca
                • Opcode Fuzzy Hash: 2e5c2eb47cb8c52b576fd0037ad08480ea6e01e852a159d786dd65177a77ebf2
                • Instruction Fuzzy Hash: 6C11F2B0C006599BCB10CF9AD884BDEFBB4FB48324F10852AD428A3200D3756A44CFE2
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB8A20, Relevance: 4.2, Strings: 3, Instructions: 435COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID: p\bk$c)$s)
                • API String ID: 0-3923482260
                • Opcode ID: 52993c0d79dabbe79b2e83432ce0061a32a19c520d946a7ed7a70b2a07003b33
                • Instruction ID: ffe7a8d6e5586eb0f3250e29757fde3423f4e9076a345dc614355e9338d578bd
                • Opcode Fuzzy Hash: 52993c0d79dabbe79b2e83432ce0061a32a19c520d946a7ed7a70b2a07003b33
                • Instruction Fuzzy Hash: 8E023D74B006158FCB15EB78D4A4AAEB7F6AF88344F158469E506EB394DF34EC01CB61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00CB1290, Relevance: 3.2, APIs: 2, Instructions: 182COMMON
                Download Yara Rule
                APIs
                • IdentifyCodeAuthzLevelW.ADVAPI32(00000001,?,?,00000000), ref: 00CB81EA
                • ComputeAccessTokenFromCodeAuthzLevel.ADVAPI32(?,00000000,?,?,?), ref: 00CB9D9E
                Memory Dump Source
                • Source File: 00000007.00000002.607801471.0000000000CB0000.00000040.00000001.sdmp, Offset: 00CB0000, based on PE: false
                Similarity
                • API ID: AuthzCodeLevel$AccessComputeFromIdentifyToken
                • String ID:
                • API String ID: 2068474892-0
                • Opcode ID: 1b187022125fef4eda946617caff039a2668807184294c5e960fb60036fc8a95
                • Instruction ID: 68bd7b382f9451b8090579d024dc51abe7ca12a3f8690f09dbc62e396dabd31a
                • Opcode Fuzzy Hash: 1b187022125fef4eda946617caff039a2668807184294c5e960fb60036fc8a95
                • Instruction Fuzzy Hash: 5D711CB1C04259CFDB20CF9AC884BDEBBF4FB48314F5484AAD919A7251D7749A88CF61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD8EF0, Relevance: 3.0, Strings: 2, Instructions: 494COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok$`ok
                • API String ID: 0-1202323832
                • Opcode ID: 49a926e8f9d8a7b67a86b4ba03db25b30063360d9995b9a95bfef5cb04260ea3
                • Instruction ID: 87297010b7ba856f95a5dc3a6f63a977e0c4ab71cf7d74564e3e816cd378c777
                • Opcode Fuzzy Hash: 49a926e8f9d8a7b67a86b4ba03db25b30063360d9995b9a95bfef5cb04260ea3
                • Instruction Fuzzy Hash: 4B225834A006058FCB10EF64C494B9AB7B2FF84318F15CAA9D949AB352DB71FD85CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB77A0, Relevance: 2.8, Strings: 2, Instructions: 273COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID: p\bk$p\bk
                • API String ID: 0-3712670942
                • Opcode ID: 271f096156b3a88ad0fd866206140f29e937ec02740409e7d3e5b6f14acf2e48
                • Instruction ID: 3bfc0948862973ae14f4305896aa52385170e6f1d483055af37be1157f8fe875
                • Opcode Fuzzy Hash: 271f096156b3a88ad0fd866206140f29e937ec02740409e7d3e5b6f14acf2e48
                • Instruction Fuzzy Hash: 76A13E38B006059FDB15EF78C854BAFB7A3AFC8344F158468E506AB794DF74AC018BA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB7791, Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID: p\bk$p\bk
                • API String ID: 0-3712670942
                • Opcode ID: 6112509836fbc25789123726c65cbe6de91d39819d6803a002ade465d4dbf6b2
                • Instruction ID: bbc1a0c69e4f22ce57a0cf9306774ba8a7f699d4afc16956e3740ec54a01e876
                • Opcode Fuzzy Hash: 6112509836fbc25789123726c65cbe6de91d39819d6803a002ade465d4dbf6b2
                • Instruction Fuzzy Hash: FC816E34B006059FDB15EF74C854BEFB7A3AFC9244F118568E506AB794DF38AC018BA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00CE30B0, Relevance: 1.7, APIs: 1, Instructions: 173COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.618640125.0000000000CE0000.00000040.00000001.sdmp, Offset: 00CE0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d91f37c4e2c38e890dcb5f3d2f66cc32d7c732580b97e58f153e8f61376b17d7
                • Instruction ID: 609ebfcf829660616bc084485228533d21cfee5b45110187665f365eeea996a8
                • Opcode Fuzzy Hash: d91f37c4e2c38e890dcb5f3d2f66cc32d7c732580b97e58f153e8f61376b17d7
                • Instruction Fuzzy Hash: 2851E434A042889FCB10DFA5C888BAFBBF1EF85314F1584AED5499B351CB34AE45CB95
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00CB129C, Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                Download Yara Rule
                APIs
                • IdentifyCodeAuthzLevelW.ADVAPI32(00000001,?,?,00000000), ref: 00CB81EA
                Memory Dump Source
                • Source File: 00000007.00000002.607801471.0000000000CB0000.00000040.00000001.sdmp, Offset: 00CB0000, based on PE: false
                Similarity
                • API ID: AuthzCodeIdentifyLevel
                • String ID:
                • API String ID: 1431151113-0
                • Opcode ID: 22507cd48c4906afb784ab71dd2b96f0c0f2114eba82ecd1ee3074ca82290dc0
                • Instruction ID: 99fa7cc03ccf9e7e595962231f7be7a67a193dea005846070280f3daaf796780
                • Opcode Fuzzy Hash: 22507cd48c4906afb784ab71dd2b96f0c0f2114eba82ecd1ee3074ca82290dc0
                • Instruction Fuzzy Hash: FF41C2B0901269CFEB24CF59C985BDDBBB5AB48304F1085EAD90DB7240DB755A88CF60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD89D0, Relevance: 1.6, Strings: 1, Instructions: 316COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok
                • API String ID: 0-1765920259
                • Opcode ID: 4c6d3a078b82f7cb87bb3ecca43340bdf677e9aa74b4fccb00a8749e7a1c3c40
                • Instruction ID: 0999c3ba90e07eceef92fba0daf81e5f7d6eb1fb6249bf90fea5bc6fc41aef8b
                • Opcode Fuzzy Hash: 4c6d3a078b82f7cb87bb3ecca43340bdf677e9aa74b4fccb00a8749e7a1c3c40
                • Instruction Fuzzy Hash: ABC1D230A05648CFCB15DFA4C854AAEBBF2EF85304F1589A9E405DB391DB34AD46CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00CB12A8, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                Download Yara Rule
                APIs
                • ComputeAccessTokenFromCodeAuthzLevel.ADVAPI32(?,00000000,?,?,?), ref: 00CB9D9E
                Memory Dump Source
                • Source File: 00000007.00000002.607801471.0000000000CB0000.00000040.00000001.sdmp, Offset: 00CB0000, based on PE: false
                Similarity
                • API ID: AccessAuthzCodeComputeFromLevelToken
                • String ID:
                • API String ID: 132034935-0
                • Opcode ID: f5d0b1ee86603c6aefc68e41e60e6b07ca66498f778975f841432f31b608b074
                • Instruction ID: 6cf726c6d84c1d2731e503f2327af0a3ffef981327525c3c32fe553aea5dd729
                • Opcode Fuzzy Hash: f5d0b1ee86603c6aefc68e41e60e6b07ca66498f778975f841432f31b608b074
                • Instruction Fuzzy Hash: D52129B59006499FCB10CF9AC884BDEBBF4FF48324F108429E929A7250D775A954CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00CB9D22, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                Download Yara Rule
                APIs
                • ComputeAccessTokenFromCodeAuthzLevel.ADVAPI32(?,00000000,?,?,?), ref: 00CB9D9E
                Memory Dump Source
                • Source File: 00000007.00000002.607801471.0000000000CB0000.00000040.00000001.sdmp, Offset: 00CB0000, based on PE: false
                Similarity
                • API ID: AccessAuthzCodeComputeFromLevelToken
                • String ID:
                • API String ID: 132034935-0
                • Opcode ID: 148eb8fb1ad8e4dea1835ff092abfaf52c59ce4725bba02b0db233efc4eea61f
                • Instruction ID: 1856c6c70e0709bb5e02bc0f6bc0fed69abb64e6704c08c8a1364cc994691e45
                • Opcode Fuzzy Hash: 148eb8fb1ad8e4dea1835ff092abfaf52c59ce4725bba02b0db233efc4eea61f
                • Instruction Fuzzy Hash: 472127B5D002499FCB10CF9AC884BDEBBF5FF48324F118429E928A7250D779A545CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00CBA228, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.607801471.0000000000CB0000.00000040.00000001.sdmp, Offset: 00CB0000, based on PE: false
                Similarity
                • API ID: InfoSystem
                • String ID:
                • API String ID: 31276548-0
                • Opcode ID: c88f1599f652f14baf278e58c1e057b62e0192e9f86ab5e5406b8f1f0a597031
                • Instruction ID: ceb29938c465cd8b39d0af6344fdc56e12de085cd4aa1bf4be8eadb90e65f014
                • Opcode Fuzzy Hash: c88f1599f652f14baf278e58c1e057b62e0192e9f86ab5e5406b8f1f0a597031
                • Instruction Fuzzy Hash: 961116B1C046599FCB10CFAAD884BDEFBB4BB48314F10851AD418A3200D3756A04CFA2
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DDD4E0, Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok
                • API String ID: 0-1765920259
                • Opcode ID: e776bd3794d5a5906940c81e4a8f65d05abb3b8445c980fb13c7be99f2bb08b3
                • Instruction ID: e64ccc03faacb27a5fa71a4a35a93f7e996bea488910e940071ee5a0423a5589
                • Opcode Fuzzy Hash: e776bd3794d5a5906940c81e4a8f65d05abb3b8445c980fb13c7be99f2bb08b3
                • Instruction Fuzzy Hash: 04518135A012149FDB14EF78D494BAEB7B2EF89305F118069E816AB394DB75EC44CFA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB82FF, Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID: p\bk
                • API String ID: 0-2725648801
                • Opcode ID: f49b52ebf1c2943904a256fadd7ffa824f367f80358ea9e8d1181c45175314f8
                • Instruction ID: daeb086e75b383bcc95dca84024d8ae1fc0ca995b1e6e3a5724901e24298802b
                • Opcode Fuzzy Hash: f49b52ebf1c2943904a256fadd7ffa824f367f80358ea9e8d1181c45175314f8
                • Instruction Fuzzy Hash: A751F974B102288FDB54DF78C854B9EB3B2AF88308F1085A9E509EB794DB749D858F91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DDD4D0, Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok
                • API String ID: 0-1765920259
                • Opcode ID: 1782af346f39af59871e645a00e2efa6f78ed5e4a7618282d095473469e573f2
                • Instruction ID: 8391c8ec8751f993685d652c23911496f41d2346459402cd582d8fa6c1dab0ab
                • Opcode Fuzzy Hash: 1782af346f39af59871e645a00e2efa6f78ed5e4a7618282d095473469e573f2
                • Instruction Fuzzy Hash: 58519135A012049FDB14EF64D494BAEB7F2EF89314F118169E816AB394DB75EC44CF60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD8BA8, Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok
                • API String ID: 0-1765920259
                • Opcode ID: d118ee1712955e1e70c7601b32c8dd666519e771c492d06894c4f053f048092e
                • Instruction ID: 71cd6f35beaa8f7bef4afd88a8f8c340b8a95c9bdf7e92370709ac998185d7cd
                • Opcode Fuzzy Hash: d118ee1712955e1e70c7601b32c8dd666519e771c492d06894c4f053f048092e
                • Instruction Fuzzy Hash: 12517B30A01609CFCB19DFA5C584A9EB7B2FF84304F158969E805AF3A5DB74AD4ACF40
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD9AF3, Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok
                • API String ID: 0-1765920259
                • Opcode ID: 645214d36ba57ddebe5893ddfa2a3b94e396124da63c9c376ab535f0bd70ba79
                • Instruction ID: ae93e659429ce2950527dea548358674e156c0dd1cba21f3a6fd3afe892def4c
                • Opcode Fuzzy Hash: 645214d36ba57ddebe5893ddfa2a3b94e396124da63c9c376ab535f0bd70ba79
                • Instruction Fuzzy Hash: F741903060470A9FC701EF74C490A9ABBB2FF85209B118E58E6458F665DB31FD59CBE0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD9B00, Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID: `ok
                • API String ID: 0-1765920259
                • Opcode ID: c78deadbb9f947137d3af093356177c38806794e6c5d818bd55e6488dd9b0771
                • Instruction ID: 744579d4451be2167fd11b6fd2b1ab28b7111489581af2e4550e2f75aaa87848
                • Opcode Fuzzy Hash: c78deadbb9f947137d3af093356177c38806794e6c5d818bd55e6488dd9b0771
                • Instruction Fuzzy Hash: 94415E3460470A9FC704FF74C490A9AB7B2FF84209B119E68E6458B665DB31FD59CBE0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD36B8, Relevance: 1.0, Instructions: 1002COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eb804367ef68a268346c8fc051c19a460b71b1ce28b1a4a9e90ee79cca3a2fbd
                • Instruction ID: 0ca7d44704d871242a5eda7e04c457a9255ab26466e850332c736846168ebba2
                • Opcode Fuzzy Hash: eb804367ef68a268346c8fc051c19a460b71b1ce28b1a4a9e90ee79cca3a2fbd
                • Instruction Fuzzy Hash: 63823D75700A148FC754EF68D894E6EB7B2FF89214B1285E8E5069B3B1DB31EC41CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBC300, Relevance: .5, Instructions: 517COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f46d560efc4f00ad4a34cb73422dc7531338330b023d77acbffccfa00f988577
                • Instruction ID: a84fdf42a19bb5b6f370baf33e03cd5003477b971e9c2c3fd0cf0974ea31ab0e
                • Opcode Fuzzy Hash: f46d560efc4f00ad4a34cb73422dc7531338330b023d77acbffccfa00f988577
                • Instruction Fuzzy Hash: 05224A34A00306CFCB15DFA4D494AAEB7B2FF88305B648969E44A9B764CB35EC46CF50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBB610, Relevance: .3, Instructions: 313COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3ffbf1221d027f988a416195e7886a8426dddc30ba7ea76fad9bc78aec6eb273
                • Instruction ID: fa292a7b6b3a7203bbda5007a7da81ef9a56ba899e7a6b82881387f5cd821bcb
                • Opcode Fuzzy Hash: 3ffbf1221d027f988a416195e7886a8426dddc30ba7ea76fad9bc78aec6eb273
                • Instruction Fuzzy Hash: ACA1CD30F48422CB864E5B69E02857EF7A79FD6606375840AE447CB7A8CFB4CD52C786
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBB600, Relevance: .3, Instructions: 303COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2728bb01c9cf0af6c04d5887849b7286139ac250ba2d4de63e2a1fac5f1e62fc
                • Instruction ID: 19dba9315a030a382bedbd964e8c91d975813efbc80d282716fd18fba17a8b21
                • Opcode Fuzzy Hash: 2728bb01c9cf0af6c04d5887849b7286139ac250ba2d4de63e2a1fac5f1e62fc
                • Instruction Fuzzy Hash: ACA1CA30F48412CB864E5B69E02857EF7A7AFD6606375840AE447CB7A8CFB4CD52C786
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB4A78, Relevance: .3, Instructions: 286COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 17642ea19a53de81e477626aff78e80e30a582db49bfa01ed17e383c0fe38348
                • Instruction ID: 6950b8cb642942f2449eddae68c1f38ca1b05fee6da0d86817bc7c5e14a056e2
                • Opcode Fuzzy Hash: 17642ea19a53de81e477626aff78e80e30a582db49bfa01ed17e383c0fe38348
                • Instruction Fuzzy Hash: ADC14C7060070ADFCB50EF75D4A4A9EB7F2FF48209B018928E6469B765DB34ED45CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB4048, Relevance: .3, Instructions: 272COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 90c51539594a686294122b2f5a0baf0f0559262afdd7552070c8bace4186232f
                • Instruction ID: fc974ba8421bc4474fcfc7d9c07207b9386b6b6c8b3071546a903257d7dab6ff
                • Opcode Fuzzy Hash: 90c51539594a686294122b2f5a0baf0f0559262afdd7552070c8bace4186232f
                • Instruction Fuzzy Hash: EE910E70B002449BEB15DBB9D4643EEBAE6EFC5348F084029E946AB381DFB49C05CB61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB4A67, Relevance: .2, Instructions: 235COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a1e317df41bf68cb183380ba156705e3f48c200ae56184f224dffa452c926997
                • Instruction ID: abdfc46314a0a49697fcab24537f2b080f37f852bd209932e475e0d72a8730ae
                • Opcode Fuzzy Hash: a1e317df41bf68cb183380ba156705e3f48c200ae56184f224dffa452c926997
                • Instruction Fuzzy Hash: 63A15E70600705DFCB21EF75D4A4AAEB7F1FF48209B048929E6469B765DB34EC45CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBC2F0, Relevance: .2, Instructions: 233COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1f24d08d394e5abb03c7a7cf10d6c74ece3333ddc0bb134367195404949b7d8e
                • Instruction ID: a7fd8b669303bac9a45c812737237d1424e9911fddc34949d5cdd0b5b1299b8a
                • Opcode Fuzzy Hash: 1f24d08d394e5abb03c7a7cf10d6c74ece3333ddc0bb134367195404949b7d8e
                • Instruction Fuzzy Hash: B5A11934A00306CFCB15DF64C4A4AAEB7F2FF88305B648969D44A9B365DB35EC46CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB90B0, Relevance: .2, Instructions: 223COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f0a0bde9c1558bb868cb4aca38e173198185c6bab3c9596b1c33c13461e533c
                • Instruction ID: 8766bf0e5b9267d7232c990b05cdc8da674d7f1c7b58c8fbf9a1cf48e7aaa2e7
                • Opcode Fuzzy Hash: 7f0a0bde9c1558bb868cb4aca38e173198185c6bab3c9596b1c33c13461e533c
                • Instruction Fuzzy Hash: 82813D74B041148FCB14EB64D5A86AE7BF2EF88240F158069EA0ADB395DF74DC41CB61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBFCD8, Relevance: .2, Instructions: 189COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 23dba3a8f08c334eb38a82edf69c1a2a186efcd0f0872a1416d2f63282ddeeb7
                • Instruction ID: bd261907a4c29bb0ab8a66cf0ce63064dda37ee0941fe131dcd1bf6c8f36cc58
                • Opcode Fuzzy Hash: 23dba3a8f08c334eb38a82edf69c1a2a186efcd0f0872a1416d2f63282ddeeb7
                • Instruction Fuzzy Hash: 20618035B04215CFCB15DF78D4A49AEB7F2EF8921471584AAE54ACB762DB30EC06CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB5240, Relevance: .2, Instructions: 172COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 906982cc92ebada3e2b3406c3b348ee042586f98958baa2f7d55011bc9357e76
                • Instruction ID: 93b6d8fde49ae2b7a5fa274517280d67dbbcd293adaf33960fb078c4dcc38afc
                • Opcode Fuzzy Hash: 906982cc92ebada3e2b3406c3b348ee042586f98958baa2f7d55011bc9357e76
                • Instruction Fuzzy Hash: 15611870A01209DFDB14EF69E968AAEBBF6BF48305F158029E806E7391DB749D41CF50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD5E28, Relevance: .2, Instructions: 165COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7e8978db4cd70988302530f3231009fadd86dd2eaf060caab0389484b2aa876d
                • Instruction ID: 4f32959a96d0648b83aec1ec0347ade178a6bdf477d0a72a3e5e93b21cba70e9
                • Opcode Fuzzy Hash: 7e8978db4cd70988302530f3231009fadd86dd2eaf060caab0389484b2aa876d
                • Instruction Fuzzy Hash: 88610875E012199FCB05DFA8D894AAEBBF2FF88314F11846AE915AB350DB359D01CF90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBE380, Relevance: .2, Instructions: 162COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b9121d99caf5dcad7aeac05e94167c6c82628633fc1b87a44490bfb5332ba6d
                • Instruction ID: 1ea840d1f964f99cec43215ef4f3ae4d0cc384fabf213dcd9ea94d0c2a03f358
                • Opcode Fuzzy Hash: 4b9121d99caf5dcad7aeac05e94167c6c82628633fc1b87a44490bfb5332ba6d
                • Instruction Fuzzy Hash: 18514E34704245CFC716DF38C5A4AAABBF2EF89215B5584A9E446DB3A2DB34EC01CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB90A0, Relevance: .2, Instructions: 162COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4dba184d0207615b66b1aaefb823409f0589b62f9d327aa8af43369d23ebea94
                • Instruction ID: 3f5b4842ba7822896a3794edd75d60d0977da81f56ee98077a044920f9efadf3
                • Opcode Fuzzy Hash: 4dba184d0207615b66b1aaefb823409f0589b62f9d327aa8af43369d23ebea94
                • Instruction Fuzzy Hash: F6517C75B041048FDB14EB74D5A86AE7BA2EF88240B168069EA0ACB399DF34DC01CF61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBBD10, Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 883ad8cf2e8b4de41f61eddcc08d7e8184fa38c44005addf8e529bf9b0855558
                • Instruction ID: d89ede94b05466d67c5e2fae5f022eac470c1def13307278830be6542697b7f3
                • Opcode Fuzzy Hash: 883ad8cf2e8b4de41f61eddcc08d7e8184fa38c44005addf8e529bf9b0855558
                • Instruction Fuzzy Hash: F0510A75A00215CFCB05DF64D9949AEBBF1FF88315B1584AAE906EB361DB34EC02CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB7303, Relevance: .2, Instructions: 155COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5539653fcb8b94981b211e20b64afdeae8caa57561a26be230d9a1baa2669f4e
                • Instruction ID: 994b919740259c5cf71421a334fe5e1313290789ed28ee979397a0f170203b65
                • Opcode Fuzzy Hash: 5539653fcb8b94981b211e20b64afdeae8caa57561a26be230d9a1baa2669f4e
                • Instruction Fuzzy Hash: 2D519B35A00209CFDB06DFB5D854AEEBBF2FF88204F14866AD546A7351DB34AC45CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DDAAF1, Relevance: .2, Instructions: 150COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 160ad4ab78171e1c46a036df29438eb0fd803556f3c45613c4146dd38656ea38
                • Instruction ID: fa6bddbb4a09dbb5cc69318d2bfaa0d07ce55d647f8a135272a34645b3be2d6a
                • Opcode Fuzzy Hash: 160ad4ab78171e1c46a036df29438eb0fd803556f3c45613c4146dd38656ea38
                • Instruction Fuzzy Hash: 9651E534A093D98FCB16CB78C450BADBFB2AF46214F0984DAE491EB392D724DC45CB61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD5D30, Relevance: .1, Instructions: 135COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 20fee62624df35faa460b28f99c3f2f5f9cad43e55315175cf400b0a53599406
                • Instruction ID: ad37904eb1d25604c2d11ce943e96a004efef09e736a229403893e089098534f
                • Opcode Fuzzy Hash: 20fee62624df35faa460b28f99c3f2f5f9cad43e55315175cf400b0a53599406
                • Instruction Fuzzy Hash: 8F41DE759093448FCB06DFB4D8546DDBBB1EF89204B0585AAD984EB351EB34AC05CBA2
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB7330, Relevance: .1, Instructions: 134COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09bf7bf165a989bb657bb831dbff1abd8eb170bf6f491c2f44a06ff8655659a3
                • Instruction ID: f49a22e4476d1b1b675564c2719654dcbd5d93c029501c0cb31f0b1f1318e2ec
                • Opcode Fuzzy Hash: 09bf7bf165a989bb657bb831dbff1abd8eb170bf6f491c2f44a06ff8655659a3
                • Instruction Fuzzy Hash: 1B515A75A00209CFDB05DFB5D994AEEBBF2BF88304F148629D906A7354DB74AC41CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBC148, Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7540cf111ed4efaa6964b521ae9d0145f9cbf6eab764053cf4e40123854e590
                • Instruction ID: 878d331d72316ef4edd94de6df4c98635c7d957b34cd465a7eb0c26617841ee5
                • Opcode Fuzzy Hash: e7540cf111ed4efaa6964b521ae9d0145f9cbf6eab764053cf4e40123854e590
                • Instruction Fuzzy Hash: 42412A357056408FC7269B68D4A0AAB77A6EFC6614B1589BBE506CF362CF30DC05C761
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DDAB40, Relevance: .1, Instructions: 126COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5a3bb6f4e7f427ecb41c76fdde526e4d6989afed57d7cf062101a11e917094e8
                • Instruction ID: 0642e7973d34fd721bbac51f0c3e8be7ccfebeacd34897bda6462e7341e13a96
                • Opcode Fuzzy Hash: 5a3bb6f4e7f427ecb41c76fdde526e4d6989afed57d7cf062101a11e917094e8
                • Instruction Fuzzy Hash: E951C434A097998FCB15CB79C050BBEBFF2AF45214F0988A9E495AB391D734DC41CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD7D48, Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1d933c2740250006686bd9a302d5c3f8c0fee4b8a27c9f12358beef694ac8cd1
                • Instruction ID: 83c838d2e06f090603cea2f0eff68f5186d9b35c89cbf8cb8f451ee55b323074
                • Opcode Fuzzy Hash: 1d933c2740250006686bd9a302d5c3f8c0fee4b8a27c9f12358beef694ac8cd1
                • Instruction Fuzzy Hash: D84143607096949FDB2AAB74846033A7BE69FC2608F15449DE642CF3C6CF64DC02C7B1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB33C8, Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5e8f747533794bfcf42b1d3404801857e2f1a7835d1715a7f84ec399d3c77c5a
                • Instruction ID: 3f9a1cf056539068b2b0270acad45613d14716288d58635919cc2b851d4c5bcf
                • Opcode Fuzzy Hash: 5e8f747533794bfcf42b1d3404801857e2f1a7835d1715a7f84ec399d3c77c5a
                • Instruction Fuzzy Hash: B94125346047148FCB66DB39C4647AABBF2EF85204F1448BED54687391DB39EC0ACB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD6210, Relevance: .1, Instructions: 118COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5f17f275c2bcc3b09c46edd504eb22ec8a2a52767d09adbe80ecf44d6b665b42
                • Instruction ID: 7aa8f1855e49597c0341dd7d12d7c8a74a32f62b60cf32e9db738480737b6554
                • Opcode Fuzzy Hash: 5f17f275c2bcc3b09c46edd504eb22ec8a2a52767d09adbe80ecf44d6b665b42
                • Instruction Fuzzy Hash: 7341DD34A002149FCB09DBB4D8547AF7BAAEF89209F1484BDE5059B391EB35DE01CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB4608, Relevance: .1, Instructions: 117COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 16bb202617ead08ef9ef6826c7dce175573e6af28a0fabd68db9e418ae84010d
                • Instruction ID: 3a6563c60420f6671cb9b5c8712d8da84391356535c1fa1d7f3480397dfa1f9b
                • Opcode Fuzzy Hash: 16bb202617ead08ef9ef6826c7dce175573e6af28a0fabd68db9e418ae84010d
                • Instruction Fuzzy Hash: 9841A235B00209ABCB15EF79E4606EEB7E1EF84258B048579E61ADB351EB31EC05CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD9C88, Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8dd23e72942561a7548e658eac8a97e23635f2051aba567d42b1d0dba986dee2
                • Instruction ID: f039abc41e991db6b6cac1226b5e86134e1dbfc77aed9eaf80f2a704e501da57
                • Opcode Fuzzy Hash: 8dd23e72942561a7548e658eac8a97e23635f2051aba567d42b1d0dba986dee2
                • Instruction Fuzzy Hash: 7541D035700618DFCB14DF65D868ADEBBB1FF89321F15816AE405AB3A0CB35AC41CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBA5C8, Relevance: .1, Instructions: 108COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7be7f3e4dc17720de35ca2e194136efe494c559a22d6e6fcd2c5084ebd8484fe
                • Instruction ID: 7a2379731622cee561554b783baa95ac66d646991f702acec64b48d13691d1e8
                • Opcode Fuzzy Hash: 7be7f3e4dc17720de35ca2e194136efe494c559a22d6e6fcd2c5084ebd8484fe
                • Instruction Fuzzy Hash: F8418C74A006168FC710EF74D495AAEBBF2FF88205B118969E946CB365DB30EC45CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DDD179, Relevance: .1, Instructions: 107COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c245800147518469226aedb87ba9de792a6e16277d562f547cc5cef88e169619
                • Instruction ID: 0769ed9e52e4a864a85fa7ebbde18c0c98ccb79e229b37c0835db6ac022e9536
                • Opcode Fuzzy Hash: c245800147518469226aedb87ba9de792a6e16277d562f547cc5cef88e169619
                • Instruction Fuzzy Hash: 4941DD316007049FCB05EF74C4A4B9EBBB2EF89204F15CA69D5469B351CB74AC45CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD6380, Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dad7292638779fa6ebea8fbfb487044c5dbf3a61b7b2fb791600261edbed8fc9
                • Instruction ID: ec2a41a7ff86ef39a0ee6bb4c037ef97310a128c160cac60037934270cc081f9
                • Opcode Fuzzy Hash: dad7292638779fa6ebea8fbfb487044c5dbf3a61b7b2fb791600261edbed8fc9
                • Instruction Fuzzy Hash: F0419D302087048FC710EF34D894A9ABBB5FF85309B418D69E6468F6A5DB75FD05CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBA720, Relevance: .1, Instructions: 103COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1a1b62b8b44a9f4f411359f9822b8f069cea72dfcd0e8a2e0d331bb87ab2d089
                • Instruction ID: c0446880807d9919853d192d502b445ad5f0075cef6ad7e35fe5eabb69e09aa5
                • Opcode Fuzzy Hash: 1a1b62b8b44a9f4f411359f9822b8f069cea72dfcd0e8a2e0d331bb87ab2d089
                • Instruction Fuzzy Hash: 4B41EB74A0030ADFCB14DF64C490A9BB7B6FF88314B208A69E9199B355DB31ED05CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB88C8, Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ffbfb5846978a924ecd34575dde548185589685affe75ce3a5572a261bae84b7
                • Instruction ID: 5b2ba7484921b72f789bfa2e3ea4e66b41624d3fc2c3e7cf80a6125237d1c15c
                • Opcode Fuzzy Hash: ffbfb5846978a924ecd34575dde548185589685affe75ce3a5572a261bae84b7
                • Instruction Fuzzy Hash: 0431BE75B052508B8B09AB29D46466B63EEBFC9258B13803EEA07CB785DF31EC01C771
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBA711, Relevance: .1, Instructions: 98COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 437fbff315e76e1c61e889cff1561473ac335a823ef3c6749f0d677fe599d611
                • Instruction ID: 6858e8e2cada18432b40ec99b7e50e5e7c90e9132a985820d073025a0885e341
                • Opcode Fuzzy Hash: 437fbff315e76e1c61e889cff1561473ac335a823ef3c6749f0d677fe599d611
                • Instruction Fuzzy Hash: EC411A74A0430ADFCB11DF64C490AABB7F5FF88314B108A69E95A9B355DB34ED05CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB7670, Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3faf40e1c5b7ac30bdede85f1ea1c8babca7acb7f776ffc3fe0069bc5c550919
                • Instruction ID: bea0f57d9a2cb21a1bf12303d640dc456584e249bfc5a5095303bd23a7726e24
                • Opcode Fuzzy Hash: 3faf40e1c5b7ac30bdede85f1ea1c8babca7acb7f776ffc3fe0069bc5c550919
                • Instruction Fuzzy Hash: 48310675A00209CFDB95DF6DD590AAAF7F2EF88204B19C469E90ADB345D731DC42CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB7661, Relevance: .1, Instructions: 93COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 42268acf944338a5e6b9d3f385141c6d43229703e13d189eb5be739694b2fbdd
                • Instruction ID: 5682bee8ac17743419d4092a6870a00e6f298fa0caa6aae732db3a40f04caa6f
                • Opcode Fuzzy Hash: 42268acf944338a5e6b9d3f385141c6d43229703e13d189eb5be739694b2fbdd
                • Instruction Fuzzy Hash: 29316C35A04345CFDB56CF69C490AAAFBF2EF88204B18C469E84ADB345D731DC42CB60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB3EE8, Relevance: .1, Instructions: 93COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 597e47cc35543ecd5ccbe384a849673cf93032995b5507572da50622a3d879c2
                • Instruction ID: cc611ef676d133e03a0bb316ea7066ce6ee4a3380a012876b22b803f522fb9f5
                • Opcode Fuzzy Hash: 597e47cc35543ecd5ccbe384a849673cf93032995b5507572da50622a3d879c2
                • Instruction Fuzzy Hash: 5E31B674B053458FCB16DB65D868BAEBBF2AF89301F1440AAE406D7391CB389C41CB11
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD6200, Relevance: .1, Instructions: 90COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 78bcc1fd5369dc434d919253b47641dc9629ede03ef1163df2bf36dfc64217e8
                • Instruction ID: a30741da98e280eb2913d532ad38de531bde975432aa26152ae1c464ba5b0f8d
                • Opcode Fuzzy Hash: 78bcc1fd5369dc434d919253b47641dc9629ede03ef1163df2bf36dfc64217e8
                • Instruction Fuzzy Hash: 5031FF357047108FDB158B78D844BAB7BAAEF85215F0480BDE4008B3A1DB35DD01CBE0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB3F00, Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 28e4ff30154d6fee0809b31c2a10b27be8a8f2fa1dabee296043096c5eba9f9c
                • Instruction ID: 6ee1249341d02f2856e87daec7360c07c274a88ff33e9e7c7c2e9575617064a3
                • Opcode Fuzzy Hash: 28e4ff30154d6fee0809b31c2a10b27be8a8f2fa1dabee296043096c5eba9f9c
                • Instruction Fuzzy Hash: DD317274B002459FCB15DBA9D868BAEBBF2FF88305F1480A9E80AD7395DB359C41CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBC1F8, Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 454bb49d5aa7c7931da0deea4eb7680b1884108f1cac77b00b319e064f2cb146
                • Instruction ID: d7ff02f69397686161f884a12d095304a89c31e486d0680eb2f52fbbad106dac
                • Opcode Fuzzy Hash: 454bb49d5aa7c7931da0deea4eb7680b1884108f1cac77b00b319e064f2cb146
                • Instruction Fuzzy Hash: 13219431B14600CFC72A9BA884A49BE73A7BF86B19F14856BE407CB3A1CF60DC45CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD637F, Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 01797778221688c6006fc11e5edec05e0a664dc17c39032d2b5cc9689e526561
                • Instruction ID: 487b831b954e324e3c64837d1ea4d1a2103d5d7cfff0e30ae4baa72268b136bf
                • Opcode Fuzzy Hash: 01797778221688c6006fc11e5edec05e0a664dc17c39032d2b5cc9689e526561
                • Instruction Fuzzy Hash: FE313A352047059FC754EF74D884A9BB7A5FF84309B408E28F6468B6A9DBB1F905CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB45F8, Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 63157b4098d98da513b3fb1e97cf03d0304f66d1e2f4cc0dbfb2d81a6b2bab1f
                • Instruction ID: eaf70d2453ec586b9c6d38d23a80c2ab30e65b3aee1d8b4b4973dc6627ecce49
                • Opcode Fuzzy Hash: 63157b4098d98da513b3fb1e97cf03d0304f66d1e2f4cc0dbfb2d81a6b2bab1f
                • Instruction Fuzzy Hash: 43115775704308AFCB05EF75D4606EEBBE5EF84254700866AE545CB381DB31DC06CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB361C, Relevance: .1, Instructions: 64COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 906d532a0ca0fa43eb65326baf2316b8fc68bdb0601aae9fb6fda0247c673835
                • Instruction ID: dce355c8bc90f2cbe46f0b1117eeb5a86c5e6aee90abf118cd01a37ba9870c05
                • Opcode Fuzzy Hash: 906d532a0ca0fa43eb65326baf2316b8fc68bdb0601aae9fb6fda0247c673835
                • Instruction Fuzzy Hash: 832122B0900649DFCB10CF9AD884ADEBBF4FF48314F00882AE919A7340D774AA44CFA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD636F, Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 651972588106d6ef1b5fd537b88351599f8cbde571e785330cfa95fde0d21710
                • Instruction ID: df091f980636043cd00026befdb87bbcc6d37bca2cd0be430dd54bae3fc29eb0
                • Opcode Fuzzy Hash: 651972588106d6ef1b5fd537b88351599f8cbde571e785330cfa95fde0d21710
                • Instruction Fuzzy Hash: F721B431208704CFC714EF30D844A9A77B5FF84309F008D2AE6568B699DB75F905CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD2A68, Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3caad0c9933360b527cd0f545db2cdcc74eea78839796361abd7f37125c8a573
                • Instruction ID: 42d027c713e2455efaa230d7ddcc7769d80fcad003d0f6a3b8d272d106b88438
                • Opcode Fuzzy Hash: 3caad0c9933360b527cd0f545db2cdcc74eea78839796361abd7f37125c8a573
                • Instruction Fuzzy Hash: 49118231704A168FC714AB29E4885ABB7A6EBC422A7108D3EE50AC3744DF70EC16C7D0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB4530, Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2bc6f658408077afc3394cab55a37670be422bcac8121b526bcd30b34689f0f2
                • Instruction ID: 4967234372b167740e45bc4f713c1d93f074e978ccde2544a3d058d0096294b7
                • Opcode Fuzzy Hash: 2bc6f658408077afc3394cab55a37670be422bcac8121b526bcd30b34689f0f2
                • Instruction Fuzzy Hash: CA2134B5900649DFCB11CF9AD884ADEBBF0FF48314F10891AE819A3350D374AA54CFA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBBC55, Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b7328b25659160b2c6a6c14a8d90f554422b7a9e4be566c354ab3949c53d4afa
                • Instruction ID: 8bc3c0d633a77d9cd7cb7d95ec8f7e591ca62118e845f89f0e7a8faa5bb10cbc
                • Opcode Fuzzy Hash: b7328b25659160b2c6a6c14a8d90f554422b7a9e4be566c354ab3949c53d4afa
                • Instruction Fuzzy Hash: 6511517570A151CFD716DF29D468969BBB2BF8921632584ABE846C7365CB34CC05CB10
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB3D9F, Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fcba8ae9997eef47d3ea151b56016f5be78e357bee59c05b203459c2f75f219c
                • Instruction ID: 8ce42b20bd9cb41f843086bcf27646928e47bd44eec6c2d1381ffb31c6caf51c
                • Opcode Fuzzy Hash: fcba8ae9997eef47d3ea151b56016f5be78e357bee59c05b203459c2f75f219c
                • Instruction Fuzzy Hash: A801922160D794CFC76B162198397B53FB56F82210F1901EFE18787692CB288C4AE7A2
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD2B98, Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dc0db3dcfafc02330d46f8019173729aced87ec4a336a965019b8b39331c2f89
                • Instruction ID: 1df3337dcd7a8d5edf60a5d72cd7a3a1ff9d111295d90e9473f21ad8f210e464
                • Opcode Fuzzy Hash: dc0db3dcfafc02330d46f8019173729aced87ec4a336a965019b8b39331c2f89
                • Instruction Fuzzy Hash: E2115E70E046198BEB15DFB8C858BEEBBF5AB48304F148469D802B7381DB759D45CFA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBA010, Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d0e410d5fb52a0751a763b3aec10e32347cda786f111b53fde5a46cfee63e8cc
                • Instruction ID: b95b7fb65a8fe8903860f18bb686fa575a3904db556e14f80a5a894b82af6a1f
                • Opcode Fuzzy Hash: d0e410d5fb52a0751a763b3aec10e32347cda786f111b53fde5a46cfee63e8cc
                • Instruction Fuzzy Hash: 58012137B082208B4311A6BE74905AFA78BEFD92727358637E61AC7384CE31CC0193A4
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD9978, Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 854f4099e12c9703ade800d44b2f53bad4ccb6ffe02765676d1d46d240d5dd2f
                • Instruction ID: c7726d01e818d3cc1a7dc6f1cf9c811ae108142e6bac86fb427a43ae242b35e3
                • Opcode Fuzzy Hash: 854f4099e12c9703ade800d44b2f53bad4ccb6ffe02765676d1d46d240d5dd2f
                • Instruction Fuzzy Hash: F721B475A00218CFCB08EF68C9989DDB7B1FF4C304B1105A9E506AB361DB35AD05CF60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD9973, Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a1907c479defa259976d937cf5bb728fbdf61fec6c807bef650b2b241d9e0f51
                • Instruction ID: 11a24cfe9873aa37a22f45740209cfa803e86d3a0695477c5b05ccc25640c56c
                • Opcode Fuzzy Hash: a1907c479defa259976d937cf5bb728fbdf61fec6c807bef650b2b241d9e0f51
                • Instruction Fuzzy Hash: BA21B375A00218CFCB08EF68C99899DB7B2FF8C304B110599E506BB361CB35AD05CF60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBBC80, Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 04e7ffa3c6d92728e782334ef3c66fe6cc1d57a9f9082bfbe0cc64b2cd2afe2a
                • Instruction ID: 05f01a6337b2664754d6b0ca3c7f90deccc7cce41ed7d87bd2b9f4c20749c810
                • Opcode Fuzzy Hash: 04e7ffa3c6d92728e782334ef3c66fe6cc1d57a9f9082bfbe0cc64b2cd2afe2a
                • Instruction Fuzzy Hash: 57015B31B04515CF9749EB29D868A6EBBA6FFC9216724847AE80ACB364DF30DC01CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DDD8C1, Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a8b16e33c08dd7e44426a5f155910da4b10a4b720bf22d3101bf0468702a6dea
                • Instruction ID: 6632e5cec14d02dee81a7e2a9ed9868bc26cbfd64292200177f63ef368ce79e8
                • Opcode Fuzzy Hash: a8b16e33c08dd7e44426a5f155910da4b10a4b720bf22d3101bf0468702a6dea
                • Instruction Fuzzy Hash: FE211734A00205CFCB09EF64D494E9EBBB2BF88315F1595A8E501AB365CB35EC41CF60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0305D01D, Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.690015456.000000000305D000.00000040.00000001.sdmp, Offset: 0305D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 10613eb5d38af178f8a90bb7402225b95ae5830115e43894cae79220d05d21f2
                • Instruction ID: 635bbbb5eacdfca4ac0229316d399c633751f8b43e67e09894a4669ab78f0180
                • Opcode Fuzzy Hash: 10613eb5d38af178f8a90bb7402225b95ae5830115e43894cae79220d05d21f2
                • Instruction Fuzzy Hash: CA01DB724093409AD720DB25CCC4767FBDCEF41678F18945BFE055B286C3799945C6B1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBB200, Relevance: .0, Instructions: 44COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 77993976acf8a92ee47c1de857e80050906007fa022fd6b39871208bbd14e21c
                • Instruction ID: 8b9561c8f47fd6eeb69095418f3907e6865065dbc54e028180de1bb76a5382ac
                • Opcode Fuzzy Hash: 77993976acf8a92ee47c1de857e80050906007fa022fd6b39871208bbd14e21c
                • Instruction Fuzzy Hash: 1701F42234E3C14FC3034BB5A8658657FF54FC302971A88EBD589CB2B3C5588C0AC362
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB3DC0, Relevance: .0, Instructions: 44COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca910765994062769887f53b9acd08a93e3be09442809434379a7a6d68fa0d81
                • Instruction ID: ab0a411aad61be2c0fe3b5048eb0146873a705faac549be26dd9c4680bea4cf8
                • Opcode Fuzzy Hash: ca910765994062769887f53b9acd08a93e3be09442809434379a7a6d68fa0d81
                • Instruction Fuzzy Hash: 6F01D635704B50CFCB77562594393BA7AA6AFC0615F0401BEE14783380DB6DDC46E790
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0305D006, Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.690015456.000000000305D000.00000040.00000001.sdmp, Offset: 0305D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 234b9ee426050dbc7b2cccc65138ef272d578f32d3e2744afa026230e21d5da6
                • Instruction ID: ee4aac2d2283ddf8284c0de0a13d6383c738d79b05a20389f6ddba321b460a38
                • Opcode Fuzzy Hash: 234b9ee426050dbc7b2cccc65138ef272d578f32d3e2744afa026230e21d5da6
                • Instruction Fuzzy Hash: 1201527240E3C05ED7128B258C94752BFA8DF43224F1D80DBE9848F297C2695848D772
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB3E48, Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 62462aad8bdd0540b16b3e7f6d83ff38dc105142ee31344ca5dec16c8fadf77b
                • Instruction ID: 268b7e80feeed637cbf18df36e836387c299d5e0bfeeca1c340803ea1abbcf13
                • Opcode Fuzzy Hash: 62462aad8bdd0540b16b3e7f6d83ff38dc105142ee31344ca5dec16c8fadf77b
                • Instruction Fuzzy Hash: ED01B574A04358C6EB16DB64C4257EFBBF1AF44308F04459ED542B6380DBB55D08D7E1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD9C77, Relevance: .0, Instructions: 38COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 817b7c65084a7c18af6ddb57fa39ab16db7575ea064d237e94352b9b8b986dc4
                • Instruction ID: 1938b7bdf76406ef5fe9e1e8e9352d4b7d42333ca1c499e90caa079346f80d39
                • Opcode Fuzzy Hash: 817b7c65084a7c18af6ddb57fa39ab16db7575ea064d237e94352b9b8b986dc4
                • Instruction Fuzzy Hash: FC01D6353052409FC7129B14D454A967FF6EFC6321F05C0FAE4488B352C7359C06CB61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB34D8, Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 22b8bd75b79bb1e15bf38c1366a0ce8daca98e337bdcb0dce27e56ca7e9a9d4d
                • Instruction ID: 0ac556f96a031f117577144c6f69f2f3a7d818d2229a0ea5aa99c945610ac0c4
                • Opcode Fuzzy Hash: 22b8bd75b79bb1e15bf38c1366a0ce8daca98e337bdcb0dce27e56ca7e9a9d4d
                • Instruction Fuzzy Hash: 75011A30109B65CFC329DB35D054A96B7F1EF4120A7148CADE6874BA51C776E849DF90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD5E9C, Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 42668022744bb96327806b109a34cdce2a7eb89a7a3ec2c97e421377b5f3432c
                • Instruction ID: b3a01f96a03f9b61a43f64950b7a0d6c4de9483e73649143a15783d04107fab0
                • Opcode Fuzzy Hash: 42668022744bb96327806b109a34cdce2a7eb89a7a3ec2c97e421377b5f3432c
                • Instruction Fuzzy Hash: 9A01FB35F002198FCB04EFA4D498AADB372EF88344F11815AEE129B390DB34AD02CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD2B40, Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 94f5c463cb0f2c266c5657d055c5ff473df019dfeed4e197449fdbbdf53e4d29
                • Instruction ID: 93de0d274e97235ab106cf4080e8b5bb70e18aeecff81cafa3b6b68405cbd0c2
                • Opcode Fuzzy Hash: 94f5c463cb0f2c266c5657d055c5ff473df019dfeed4e197449fdbbdf53e4d29
                • Instruction Fuzzy Hash: C6E0ED323001115BC7059AAEA854059FB9ADFC922472880BAE50EC3392DF318C02C390
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DDD9FF, Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f0a9e707fcd64a43c09f05981cf4563ed4ff496f3c1ee179b688d5ab0fd59f6e
                • Instruction ID: 773263a1f721cf1291075c963c53814ba181de7874e476c982668576ad8526d7
                • Opcode Fuzzy Hash: f0a9e707fcd64a43c09f05981cf4563ed4ff496f3c1ee179b688d5ab0fd59f6e
                • Instruction Fuzzy Hash: 8401C435A02209CFDB00EB90E499BDCBFB2FB88725F245015E50667694CB756D85CF60
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB27E0, Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e53fbd1cc6936cbe1652ae593e6d80ad7795044c120df70701ac5574ef11320
                • Instruction ID: 8b07e8f00f5972bf1ddb06f801ed2c3d34b2c440b972a7a2c4ac71ca37102aae
                • Opcode Fuzzy Hash: 6e53fbd1cc6936cbe1652ae593e6d80ad7795044c120df70701ac5574ef11320
                • Instruction Fuzzy Hash: A2E0E592A4E7C48FC70753705C6A6883F308A13441F2A48DBD4C0CA0B7A409481AD7A3
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBB228, Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 45a06f36d2a5ee672dbfd53f788973a9c942e55d201dca885345159b455994a9
                • Instruction ID: 1ef0dfd269c739c7a13f53f4b8af60faee1999f25539c631946a074a26d9eba4
                • Opcode Fuzzy Hash: 45a06f36d2a5ee672dbfd53f788973a9c942e55d201dca885345159b455994a9
                • Instruction Fuzzy Hash: 92E048317042119F47109B9AE488C6BB7EA9BC552A315C56AE54DC7311DA609C058765
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD5E93, Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 310a20630b19aa49b375f5bce3adbe077b14f360f66168ad861ec5e8d42e9cf4
                • Instruction ID: 189a50f26ecd2a5714b138b4533d961d32af073d358cad08cb18b86346b8e3b6
                • Opcode Fuzzy Hash: 310a20630b19aa49b375f5bce3adbe077b14f360f66168ad861ec5e8d42e9cf4
                • Instruction Fuzzy Hash: 91E0C935E40119CFCB14EBA4E4949EEB371EF48354B118196EE11AB3A0DB34ED02CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD5E8A, Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 310a20630b19aa49b375f5bce3adbe077b14f360f66168ad861ec5e8d42e9cf4
                • Instruction ID: 189a50f26ecd2a5714b138b4533d961d32af073d358cad08cb18b86346b8e3b6
                • Opcode Fuzzy Hash: 310a20630b19aa49b375f5bce3adbe077b14f360f66168ad861ec5e8d42e9cf4
                • Instruction Fuzzy Hash: 91E0C935E40119CFCB14EBA4E4949EEB371EF48354B118196EE11AB3A0DB34ED02CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DDACFE, Relevance: .0, Instructions: 19COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eac6060596663bb5ca2c8d75408503000370223d8c689dd5855944cb13d249a2
                • Instruction ID: c32829508e31b470ae8b79e6dd1853ad8ff4b0cef6d0803f3c83034db39d5409
                • Opcode Fuzzy Hash: eac6060596663bb5ca2c8d75408503000370223d8c689dd5855944cb13d249a2
                • Instruction Fuzzy Hash: 9AE0C27A50DA808FD7238B30E8526C57BF0AF67200B0A14CAC0C187793D7286946CB11
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DD61C9, Relevance: .0, Instructions: 18COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 690c3781927d5178ba784e2a4e5f9843eb810796271b6d014cb264ae42720d60
                • Instruction ID: 242967fe5c249492ec9e0da4763158ed9ae4cd0b24c216375e3ffb73c60e22e2
                • Opcode Fuzzy Hash: 690c3781927d5178ba784e2a4e5f9843eb810796271b6d014cb264ae42720d60
                • Instruction Fuzzy Hash: 48E01A301097C18FC722DB60D894A92BBF1AF42219B19899ED0868B566C3B4A885DB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB55AC, Relevance: .0, Instructions: 18COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f52b70c6053527c6e939163b1e4dda9218aaa6cda800580f93c58da966955b59
                • Instruction ID: 0b6750595f61c73c777dba4b303326e51e8e2952adf934956581e69c2e11cad4
                • Opcode Fuzzy Hash: f52b70c6053527c6e939163b1e4dda9218aaa6cda800580f93c58da966955b59
                • Instruction Fuzzy Hash: 49E04635A04059DFCB00DF94F8989ACBBB2FF88312F108066E946A7360CB30AD50CF50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB2780, Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7038cc22381df210bcb6dfbad8ae79722bb9ca36e1dba49266e8eccef21ca860
                • Instruction ID: 50722e717551b91083c1d5f507db198951720b8185b6edc2076dc44d93df4270
                • Opcode Fuzzy Hash: 7038cc22381df210bcb6dfbad8ae79722bb9ca36e1dba49266e8eccef21ca860
                • Instruction Fuzzy Hash: 84D0127394E3845FC753237498A64C93F309412480B3599D7C085DB46BAD1B480F8A81
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB2740, Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: df5684b089265e5fd5f1bff96ae2bb8cf2b21e5f8e7c4531c849ab108adae6c8
                • Instruction ID: ae83074bd2e28a7052c0c22cf8346529efcd4135124b9910121a2c563094a28a
                • Opcode Fuzzy Hash: df5684b089265e5fd5f1bff96ae2bb8cf2b21e5f8e7c4531c849ab108adae6c8
                • Instruction Fuzzy Hash: C8C08C3040E3D44FC313A33068698893F301C0704072844EFC08ACB8A3CEAA440FCB22
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DDAD10, Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.668903236.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 765f8f55a51095bc9d7637cf7c0027b445d87b191bebba45ca4e44335f323c09
                • Instruction ID: 1ba4f78b255264195ae9dad2214f36e90b2bbb070e2f48613f1d72ff52f380ca
                • Opcode Fuzzy Hash: 765f8f55a51095bc9d7637cf7c0027b445d87b191bebba45ca4e44335f323c09
                • Instruction Fuzzy Hash: 1DC08C30200A30CFCB38CB24F004B8A73F4BB88611F00450ED94243700CB74EC41CB80
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DBBA83, Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c2894abae6f56ded7e340a1899da0ba30d6e24f2a1bbc031e5c0ef3969ed4932
                • Instruction ID: f0bde5266fa5372b86edc2f0c9e16141990000e257f265f536d13ffd8a071452
                • Opcode Fuzzy Hash: c2894abae6f56ded7e340a1899da0ba30d6e24f2a1bbc031e5c0ef3969ed4932
                • Instruction Fuzzy Hash: F1B01233B48012CB04051149B0140BDE32ADEC003B3304023D14BC42088E618D134140
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB270E, Relevance: .0, Instructions: 7COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 64ab6361f829050f5f1b0c6c985ee5b86e941a43f06a4c25a3b6a088f2a9f120
                • Instruction ID: ab030d29e935d3ab3c102a794645fbda5d1eeef161cfd2bdf424ec01f193be49
                • Opcode Fuzzy Hash: 64ab6361f829050f5f1b0c6c985ee5b86e941a43f06a4c25a3b6a088f2a9f120
                • Instruction Fuzzy Hash: 00A0223000830C8B8B2033B23C08A2A330CB080A00BA0802AF00CA300C8F3BF00080C8
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB2790, Relevance: .0, Instructions: 6COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ba493d92b1d2b13324620ac9d716a9717070f554197945a79da9c1bd3037bea8
                • Instruction ID: 96a9426b63fadd57a968d64aa84f1bf4ce75cc7dc99f3844c8227c18edf9ecd4
                • Opcode Fuzzy Hash: ba493d92b1d2b13324620ac9d716a9717070f554197945a79da9c1bd3037bea8
                • Instruction Fuzzy Hash: 32A0223200030C8B82A033B83808888330CA08082A380802AE00C830088F3BE000C0C0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB2750, Relevance: .0, Instructions: 6COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ba813236de24f5751b998928b9ebb5ea45221d03a395c6d2d5f4db899a2a01f2
                • Instruction ID: 04aa715ab25c4d49ee6c8d913b036d48dcd829551301d8fbc1b4f8f0b823c4f9
                • Opcode Fuzzy Hash: ba813236de24f5751b998928b9ebb5ea45221d03a395c6d2d5f4db899a2a01f2
                • Instruction Fuzzy Hash: 01A0223000030C8B822033B03808808330CA880800380802AE00C830088F3BE00080C0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB2710, Relevance: .0, Instructions: 6COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 914887d5d2c65f03d93173b3ac6fb70d39b49fe52aa3e4adc8d28999a1b32aa6
                • Instruction ID: 06d6f51795554441a405209f2255a6ac12ad0dfa649fa86c678c647fd7c41ee5
                • Opcode Fuzzy Hash: 914887d5d2c65f03d93173b3ac6fb70d39b49fe52aa3e4adc8d28999a1b32aa6
                • Instruction Fuzzy Hash: EBA0223000830C8B832033B0380880A330CB080800B80802AE00C8300C8F3BE00080C0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 02DB2810, Relevance: .0, Instructions: 6COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.667339633.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 312c4daa45af5c970706831c8b9612f42ce1d1b11122009dd73087a620ec3705
                • Instruction ID: 94695080b5df72058c53aa440c3914573514204701e71418a2cc10f18ba61f0f
                • Opcode Fuzzy Hash: 312c4daa45af5c970706831c8b9612f42ce1d1b11122009dd73087a620ec3705
                • Instruction Fuzzy Hash: 8FA0223000030CCB8B0033B03008808330CB080800B80802AE00C830088F3BE0000AC0
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Analysis Process: powershell.exe PID: 6764 Parent PID: 1428 powershell.exeCOMMON

                Executed Functions

                Function 00997788, Relevance: 2.8, Strings: 2, Instructions: 273COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID: p\bk$p\bk
                • API String ID: 0-3712670942
                • Opcode ID: ba837942ed4c2504a6f4a2034f311f533f037e282a93dd1632bc8ca543547f00
                • Instruction ID: bef55f4b0aad327aa3ee2ebf58409acf99629ed8a75b19339e1ba670800ff399
                • Opcode Fuzzy Hash: ba837942ed4c2504a6f4a2034f311f533f037e282a93dd1632bc8ca543547f00
                • Instruction Fuzzy Hash: 81A17334B006099FDB14EF78D851BAFB7A7AF88304F118938E5099B395DF79AD018B91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00997778, Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID: p\bk$p\bk
                • API String ID: 0-3712670942
                • Opcode ID: ef3af26fcc2c47da1c5946227d0608b2c320bc0fe2e4a2ecbff293207354b645
                • Instruction ID: 84cff57bdc8ed7d85b13b361ce7f0d43165d3bbf6b32c63f1c5f62f9373ff364
                • Opcode Fuzzy Hash: ef3af26fcc2c47da1c5946227d0608b2c320bc0fe2e4a2ecbff293207354b645
                • Instruction Fuzzy Hash: AD91A230B006059FDB14EF78D855BAFB7A7AF88304F158928E5099B395DF78AD01CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00994A00, Relevance: 2.6, Strings: 2, Instructions: 117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID: |_z$c>
                • API String ID: 0-85936910
                • Opcode ID: a79f23b61aacafe2de158fd80ee5aa2eda101880fe2ff32cbbce7e5e2496c60e
                • Instruction ID: 230ea2b7be431755fc139d7f4df649a013923620338341b5f37d7ac9df8340f5
                • Opcode Fuzzy Hash: a79f23b61aacafe2de158fd80ee5aa2eda101880fe2ff32cbbce7e5e2496c60e
                • Instruction Fuzzy Hash: 4F41B232B002059FCF14EF79E8416AEB7E5EF85318B00C539E619DB280EB31E916CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00920B33, Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: b5b9ee74256ca1bef94022094c9d9f919a20f3ac4440b16cb2594f310d62a45d
                • Instruction ID: 25b61ad550dd55cdc7f68436a1772655bc727a1fb78d12ab34e6573ea72991f1
                • Opcode Fuzzy Hash: b5b9ee74256ca1bef94022094c9d9f919a20f3ac4440b16cb2594f310d62a45d
                • Instruction Fuzzy Hash: F3613B34A01219CFCB54EFA8E49499DB7F6FF84318B118969E9069B369DB70FC05CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00997328, Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID: |_z
                • API String ID: 0-794399135
                • Opcode ID: 8810c95b443e826ab0813b9805c83dc0d8264f7dc64c8dd8aa5a714aed7b79cf
                • Instruction ID: 58e63dc0040ec2819351f3447d73129b9b4a7aec3a2c742796138e60d5b94a94
                • Opcode Fuzzy Hash: 8810c95b443e826ab0813b9805c83dc0d8264f7dc64c8dd8aa5a714aed7b79cf
                • Instruction Fuzzy Hash: B0513D70A102098FCB14DFA9D485AAFF7F6FF88308F148629E509A7354DB74AD45DBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00997325, Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID: |_z
                • API String ID: 0-794399135
                • Opcode ID: aecd59ced6718db4ebb1427ffbc2e47e812583ad03aee22e3a22e68c8fa48af6
                • Instruction ID: c093edbf3f387cfb6c82d8c2fc21390d404a5ce22bd489a32fed127970172e0d
                • Opcode Fuzzy Hash: aecd59ced6718db4ebb1427ffbc2e47e812583ad03aee22e3a22e68c8fa48af6
                • Instruction Fuzzy Hash: B3515D30A102098FCB14DFA9D485AAFF7F6FF88308F148629E509A7354DB74AD45CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009949F0, Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID: c>
                • API String ID: 0-1803596115
                • Opcode ID: 89336416cc48d22ef35b7b73033f80cbafb3f7dd2359c2ad1c864318989464c9
                • Instruction ID: 7bb0f9db12b9b95c1002b84ca270d725b7f32361a3dd1a11902dba91402af769
                • Opcode Fuzzy Hash: 89336416cc48d22ef35b7b73033f80cbafb3f7dd2359c2ad1c864318989464c9
                • Instruction Fuzzy Hash: 46210732605209AFCF14EF79D84199DBBF9EF8A314704C57DE109CB291EB31A912CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00927C30, Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID: P
                • API String ID: 0-3110715001
                • Opcode ID: 7fc92dcebb28f5781e3fc1a95e1d48e1146ad13b18e3ab6eb2f52a5354a0bdd0
                • Instruction ID: 1ac275d877d504cf35b14f8ddf42ad143472e40ca1760727e05189357ba1ddf5
                • Opcode Fuzzy Hash: 7fc92dcebb28f5781e3fc1a95e1d48e1146ad13b18e3ab6eb2f52a5354a0bdd0
                • Instruction Fuzzy Hash: 0401D231A08B304BDB30DEB4E400B66B7DC9B41350F0584A9E885AB796D664DC408791
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0099BA10, Relevance: .3, Instructions: 313COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 180cfdf3316fdfbc8a258e6f144c724964f42d3185f1260ad6e52126658a1f5e
                • Instruction ID: a0b560972948cb3238ff53032b89518fa0733e3d3e0375b15b4428f07e8cc35f
                • Opcode Fuzzy Hash: 180cfdf3316fdfbc8a258e6f144c724964f42d3185f1260ad6e52126658a1f5e
                • Instruction Fuzzy Hash: A8A1E0317044108BCA1DABADB56847DB6EB9FE6701B64C429E143CB3B4CF6D8D0297C9
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0099B9E8, Relevance: .3, Instructions: 311COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 46d82441d75949dd90e1122356b335975d2f3973c4fff6abb9b36154ca19e914
                • Instruction ID: 2899a424c8b8ccd4699c11d590b0e96aa139fd3961df4bf8fa7720aa60a773b6
                • Opcode Fuzzy Hash: 46d82441d75949dd90e1122356b335975d2f3973c4fff6abb9b36154ca19e914
                • Instruction Fuzzy Hash: 30A1FF317045108BCA1D9BADA56847DB6EB9FE6701B24C46AE143CB3B4CF6D8D02D7CA
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0090B9B0, Relevance: .3, Instructions: 288COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.664101583.0000000000900000.00000040.00000001.sdmp, Offset: 00900000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8265886570dabf07ae3299904508653b9868622638e1f20e7d01da7f991fb804
                • Instruction ID: 517a77c15c68a6906402b1bd22f02771394256038e9341ef0a03ed916b9b117b
                • Opcode Fuzzy Hash: 8265886570dabf07ae3299904508653b9868622638e1f20e7d01da7f991fb804
                • Instruction Fuzzy Hash: 8EB17A342117009FD724BB34D859B6A77A7ABC5325F21CA2CE2568B7D0DF79E8029F81
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00994E78, Relevance: .3, Instructions: 286COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9d0e8248ad216487d2608aaa84ac25802167d1b66016f8ab02863a95110b57d2
                • Instruction ID: f60df90a55a73d107fc8d2d02e242456a662a61b395bdc89060f2cf27a33aeda
                • Opcode Fuzzy Hash: 9d0e8248ad216487d2608aaa84ac25802167d1b66016f8ab02863a95110b57d2
                • Instruction Fuzzy Hash: B5C15030600B058FCB14EF79C58499FB7F5BF88309B118A28E64A9B764DB74ED45CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0090B9C0, Relevance: .3, Instructions: 279COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.664101583.0000000000900000.00000040.00000001.sdmp, Offset: 00900000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5f7542174a4d7626391da2f96bac4e5537e4abda92b74d7f17c17959c43c9f26
                • Instruction ID: 23efdbfa005d4c2054673ee24423d882920472c53c727c4d9ddc9cda6152837b
                • Opcode Fuzzy Hash: 5f7542174a4d7626391da2f96bac4e5537e4abda92b74d7f17c17959c43c9f26
                • Instruction Fuzzy Hash: 22A16A342116009FD724BB34D849B2A77A7ABC5325F21CA2CE6578B7C0DF79E8029F81
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009930C8, Relevance: .3, Instructions: 270COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 298909620378016888ae08a70212544d32e8a7c19ebb58027616a77b427f9e0d
                • Instruction ID: 8fe3efe81e7eecd2a80887c12254f59dc1eb3912793a0b3bd9e8d5bcfe2cf50e
                • Opcode Fuzzy Hash: 298909620378016888ae08a70212544d32e8a7c19ebb58027616a77b427f9e0d
                • Instruction Fuzzy Hash: A791E071B042049BEF149FB8D4457AEBBEAEFC9304F148429E606EB381DF799D058B61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00994E68, Relevance: .2, Instructions: 235COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 488d7ecd127dad6ccf3b66597dfafc5cbdea003ae2fefd4b6fdbd0d878f3fc01
                • Instruction ID: 29c09aa7d4463161cfdd94458e7442c213894cc5bc4d7955d6676b247b111e32
                • Opcode Fuzzy Hash: 488d7ecd127dad6ccf3b66597dfafc5cbdea003ae2fefd4b6fdbd0d878f3fc01
                • Instruction Fuzzy Hash: BFA14C30600705CFCB21DF69D984A9FBBF5BF49305B118929E64A9B761DB34EC45CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00990D10, Relevance: .2, Instructions: 211COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2e0ac521bb5844cd2dc6e355af1ebb5cd5b6bbc771fed6a48d7e96cbd976d299
                • Instruction ID: ebb1def61fcfc24292fea06e0861ac0762c9c7c7696867a857b24413e7f79351
                • Opcode Fuzzy Hash: 2e0ac521bb5844cd2dc6e355af1ebb5cd5b6bbc771fed6a48d7e96cbd976d299
                • Instruction Fuzzy Hash: 7771C2718093889FCB12CFA9C8546DEBFB4FF4A314F05849BE554E7252D378A909CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00920DA8, Relevance: .2, Instructions: 201COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1137298ddf7177d0bbd104193a19ac2d1e2bd135102416d16434f5245ba7f1ed
                • Instruction ID: ad2c6d2fcd56b4f8d01581b0d28dea569c45cceeaffc0f1a3f3580de6f398d60
                • Opcode Fuzzy Hash: 1137298ddf7177d0bbd104193a19ac2d1e2bd135102416d16434f5245ba7f1ed
                • Instruction Fuzzy Hash: D6716A75A002198FDB24CF68D544AAEBBF6EF88300F168569E806EB361DB31ED45CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00927CD8, Relevance: .2, Instructions: 200COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1e84dd9e376e8f5ba0ec166a232f8f1c02c6bdcbb84a01481d1f69051d5c9ca1
                • Instruction ID: 324637d9cceb50a4068e16e94aae8bc1a58d818a54e28bd70e262685424c453a
                • Opcode Fuzzy Hash: 1e84dd9e376e8f5ba0ec166a232f8f1c02c6bdcbb84a01481d1f69051d5c9ca1
                • Instruction Fuzzy Hash: 6B719C30A042188FCB14EFB8E8446ADFBF6EF89314F158469D906E7391DB34AC45CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00995240, Relevance: .2, Instructions: 172COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ae73b15df77c912a7dc201d8c17e8d7b24900308498fa5e24ae258aa3e5fd502
                • Instruction ID: 45f921a1098b8cd0c8e4a3a98c2b1681c6fc80f7e7345a7dca44997fc4791935
                • Opcode Fuzzy Hash: ae73b15df77c912a7dc201d8c17e8d7b24900308498fa5e24ae258aa3e5fd502
                • Instruction Fuzzy Hash: EB615A34A00608DFDB14DF68D899BAEBBB6FF48345F268029E902D72A1DB749C41CF51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00926158, Relevance: .2, Instructions: 164COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d517ff0b684a54894f4d5c434e41f996aabe837a2d1768b74cc18722565ac508
                • Instruction ID: 6bfbbfd477461c93fe1d71472840d72bdaf9851db49484257ddfa6bcdb4dc37d
                • Opcode Fuzzy Hash: d517ff0b684a54894f4d5c434e41f996aabe837a2d1768b74cc18722565ac508
                • Instruction Fuzzy Hash: 0B615A30A00228DFCB04EFA4E9849EDBBF2FF88304B158569E505EB765DB31AC05CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00921208, Relevance: .1, Instructions: 134COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f867ef0a0092cd8525fdd3333c0354f84e4a1c7532df23f47ee2e3a0fd72b8d0
                • Instruction ID: 23c578974ba41eab7a4a806197cc35da7e3adc3b5d1c4a046a77df6f6b3311fb
                • Opcode Fuzzy Hash: f867ef0a0092cd8525fdd3333c0354f84e4a1c7532df23f47ee2e3a0fd72b8d0
                • Instruction Fuzzy Hash: DA41B031F002299BCF14DFA5E440AEEB7F9EF98354F158429E915E7244D731AD21CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0099C549, Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bf1542700a3933a438ae46fdfa2835ca2343ffb9b6c8979e9e42f3cd4abc285c
                • Instruction ID: da9423f6b0210442bb40d648cb432003efde863903055453b9378bdebabd6d9e
                • Opcode Fuzzy Hash: bf1542700a3933a438ae46fdfa2835ca2343ffb9b6c8979e9e42f3cd4abc285c
                • Instruction Fuzzy Hash: 2C4129B13046018FCF24AB6CD994A6B77AAEFC5315B1584BAE109CB3A2CF31EC05C761
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00921038, Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6dfde76fb3db121a6f90c99fdf60d2969275148e132cbd585ea19797c2ff9dc9
                • Instruction ID: ee026265d1677bdaf8d9a89b5104d12583606842d77a3469f7b37339c82fd63d
                • Opcode Fuzzy Hash: 6dfde76fb3db121a6f90c99fdf60d2969275148e132cbd585ea19797c2ff9dc9
                • Instruction Fuzzy Hash: 4741B335704614AFDB24DF64D840BAEB7F7AF8C340F118528EA06AB394DB75AC51CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00927CC8, Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29246e806cc356a7e45ed27e394902d000c2a73427a01928f223f7dea2ec0544
                • Instruction ID: c17a20242794d5444da83df4c138c01d3a246ea493d18ad31e23607efdd36d46
                • Opcode Fuzzy Hash: 29246e806cc356a7e45ed27e394902d000c2a73427a01928f223f7dea2ec0544
                • Instruction Fuzzy Hash: 5C414830E042288FCB14DFA8E444AEDF7F6AF88310F158469D805B73A4DB759C45CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00921048, Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1e6af2dfb9ef775f8427ac1d994812a7dfc46f5db8ba79eee9a9e1d6a942d12
                • Instruction ID: b37a661e976286cb02585f090600bd04f15f914c12dd1a28681ebddef590f46b
                • Opcode Fuzzy Hash: d1e6af2dfb9ef775f8427ac1d994812a7dfc46f5db8ba79eee9a9e1d6a942d12
                • Instruction Fuzzy Hash: D1419035704214AFDB14DF64D840BAEB7B7AF8C340F118528EA0AAB394DB75AC51CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00926BB8, Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3e34fa977ca1061d2e82ce05760d885c995b381e9dcff273da6ba81587e5b0b7
                • Instruction ID: ebe3d165f267688a132d4b6c93b3235e800b66606147fcf296fe0edc0350c5dc
                • Opcode Fuzzy Hash: 3e34fa977ca1061d2e82ce05760d885c995b381e9dcff273da6ba81587e5b0b7
                • Instruction Fuzzy Hash: 8541AC75711114AFCF04EF28E454A6E7BBAEFC8320F208429E906CB791CB35ED158BA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009927E0, Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 71d94cb9df127adc24a7aea02c603f20976b5a1fa1cf36dd38029876de257b8b
                • Instruction ID: 24e050ebae644a54d6caa8d572f03c8c737d94d35dee2e9b8437359050b9d7f8
                • Opcode Fuzzy Hash: 71d94cb9df127adc24a7aea02c603f20976b5a1fa1cf36dd38029876de257b8b
                • Instruction Fuzzy Hash: BD4122306043149FCB28EB39D85466ABBF6EF86304F14887DD54687791CB39E906CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00921398, Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5aa76a17fba27adf268621d2c98eed371530f882ae3660e2a773f38a110312ad
                • Instruction ID: 1474fe0414bf2e849d2ec965d3c29d34579f423a3faa289824192a252953b9bf
                • Opcode Fuzzy Hash: 5aa76a17fba27adf268621d2c98eed371530f882ae3660e2a773f38a110312ad
                • Instruction Fuzzy Hash: A9417474B002298BDF14DF65E854BAEBBF6BFD8744F158029E80AA7364DB748C10CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0099A5C8, Relevance: .1, Instructions: 99COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b010827000bab5cbe1bc2bbc38eeeb8eccfe76487d23e2233761b0aebe12bc8
                • Instruction ID: 55d54bcd75b22f617089a0be2c8c12b6144382c107cc5fe789c9cc758a795511
                • Opcode Fuzzy Hash: 3b010827000bab5cbe1bc2bbc38eeeb8eccfe76487d23e2233761b0aebe12bc8
                • Instruction Fuzzy Hash: 0A418D34B006058FCB14EF74D9949AEB7F2FF89305B118829E506977A1DB30EC41CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00992F70, Relevance: .1, Instructions: 98COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 39ce9d6c5bc2854deb78e250961bb6e92fddb0bb3431182408f948aa8f216534
                • Instruction ID: b1969dcbcdf349ddacff3312ef1fc5720718b918190d9d40df7c4d0e5a07e6c4
                • Opcode Fuzzy Hash: 39ce9d6c5bc2854deb78e250961bb6e92fddb0bb3431182408f948aa8f216534
                • Instruction Fuzzy Hash: BB31B034A043459FCB119B69D858BAEBFF6FF8A304F1481A9E405DB3A2CB359D41CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00997658, Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a8011b9fe8910ca6bcd76d49886f673edf59265baa6ad30a4a2a81a9832f7ad3
                • Instruction ID: 4d7fc5424f1fb4105edf826cf96210169ea5b50a3f3c676abd3806b0d4f8e83e
                • Opcode Fuzzy Hash: a8011b9fe8910ca6bcd76d49886f673edf59265baa6ad30a4a2a81a9832f7ad3
                • Instruction Fuzzy Hash: DC31F8B4A046199FCF54DF9DC480AAAFBF6EB88304B18C469E509DB311DB329C458FA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00921B98, Relevance: .1, Instructions: 94COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cf5c3bd63b9ca7fb6e9a6751591a54b865f69a4b6112e6238992fd98a11c157e
                • Instruction ID: c58b81d01f229b6c52b51262a4384c04955f08f3a44698ea79811033cd8f39f5
                • Opcode Fuzzy Hash: cf5c3bd63b9ca7fb6e9a6751591a54b865f69a4b6112e6238992fd98a11c157e
                • Instruction Fuzzy Hash: AA2133367542244FCB29EB3CE45496C37EDEF8575570500EAE50ACF7A2DA29DC11C781
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0099B190, Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 94bb732e198eaadec016cc10a467d616ddc6f439bb093c5512f56ebb7106ba7c
                • Instruction ID: c836a64013528f09733e787a29903c8ea610ca28f4b464a7b32af6c957d4d341
                • Opcode Fuzzy Hash: 94bb732e198eaadec016cc10a467d616ddc6f439bb093c5512f56ebb7106ba7c
                • Instruction Fuzzy Hash: 6A21833220D7D08FC7278B78BC646A57FB5AF87215B0944EBD085CB5A3D618A809C766
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00992F88, Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cddb3e08e755ce38efb73c4328ed2617c2007ebf186658615683611d7ebc7fcd
                • Instruction ID: 0371c24f71aeaa3b9abfa4dcabcc24fbb7b304e7ef5a14ccedd17ce1c71995b1
                • Opcode Fuzzy Hash: cddb3e08e755ce38efb73c4328ed2617c2007ebf186658615683611d7ebc7fcd
                • Instruction Fuzzy Hash: A931AD34B002099FCB14DBA9D848BAEBBF6FF89304F248169E90AD7391DB359D41CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00921388, Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cdb917789752972b3b10edd3e98394dc1f8402bcd1f462a46213c367c21cc037
                • Instruction ID: 7871add0c8b0333b2ca754afb2e421dae63fe62d6c0a013bcd26d443c102c197
                • Opcode Fuzzy Hash: cdb917789752972b3b10edd3e98394dc1f8402bcd1f462a46213c367c21cc037
                • Instruction Fuzzy Hash: 8C319374A012289FDB14DF69E844AEEBBF6BFC9344F158069E80AE7364DB349C11CB50
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0099C5F8, Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c01aeae3e268430211b336063db27ec9033facae6f9cebe89e72ab71cab957e
                • Instruction ID: dbb0161e1a3343e54341ab8b7d446d0b40b99ca1c3c9f453562e25925bf1c590
                • Opcode Fuzzy Hash: 6c01aeae3e268430211b336063db27ec9033facae6f9cebe89e72ab71cab957e
                • Instruction Fuzzy Hash: 4E21BAB13042018FDF249B6CD994A3E77AAABC5705B25586AE106CB3B2CB76EC41CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00997650, Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aa6b70c272a124d190be85dc5782a96ff1cc5b67fc855bc287bc3246ffafacf1
                • Instruction ID: 2900b484993ee8699403cc1d2785e8a352537d9b33d845c9b590d759bf1e79b2
                • Opcode Fuzzy Hash: aa6b70c272a124d190be85dc5782a96ff1cc5b67fc855bc287bc3246ffafacf1
                • Instruction Fuzzy Hash: 953137B4A046099FCF54CF9DC580AAAFBF6EF88304B18C469E9099B211DB329C45CF61
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00926240, Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c29a8db8eab301281d5fdb99a555075ed67fc2f91e135575ba8fcea7a32211f1
                • Instruction ID: 4efbdcc38956019815d3be8a4af6c3a13ed1ca66cb41de1d6b3d865b9aeae600
                • Opcode Fuzzy Hash: c29a8db8eab301281d5fdb99a555075ed67fc2f91e135575ba8fcea7a32211f1
                • Instruction Fuzzy Hash: 90314834A00228DFCB14EBA8E894DEDB7F2FF89308B158158E506AB765CB31EC05CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00926247, Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7677705f04c8832ebe38b0fb4fc9ecda65451dec563658d8c75a36f0aa4f404d
                • Instruction ID: 4efbdcc38956019815d3be8a4af6c3a13ed1ca66cb41de1d6b3d865b9aeae600
                • Opcode Fuzzy Hash: 7677705f04c8832ebe38b0fb4fc9ecda65451dec563658d8c75a36f0aa4f404d
                • Instruction Fuzzy Hash: 90314834A00228DFCB14EBA8E894DEDB7F2FF89308B158158E506AB765CB31EC05CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0092624E, Relevance: .1, Instructions: 83COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50bfbfe4a0f9e68cdb21ce41d38ddd907aeaaede2df4b69a7d112ba90fabe1d6
                • Instruction ID: 56625885e322513e713511547a29f27189c8905e0c96573d867d5b15759e93af
                • Opcode Fuzzy Hash: 50bfbfe4a0f9e68cdb21ce41d38ddd907aeaaede2df4b69a7d112ba90fabe1d6
                • Instruction Fuzzy Hash: A4312935A00228DFCB14EBA8E894DEDB7F2FF89318B158158E905AB765CB31EC05CB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0099A5B8, Relevance: .1, Instructions: 77COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e78d0654cfdf7d0b3427faa87d142e5c0093db7588fa1b9f63a211b405c50872
                • Instruction ID: f85d6458ef1a412e2e7a32fd3b564816bf636c17bb7cf87062c0c803a8de8002
                • Opcode Fuzzy Hash: e78d0654cfdf7d0b3427faa87d142e5c0093db7588fa1b9f63a211b405c50872
                • Instruction Fuzzy Hash: 2621D2357046058FC714EF74D99596EBBB2EF893007158579D606C77A1DB70AC04CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00920B7D, Relevance: .1, Instructions: 77COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 33f71f937b91d6a3ed54ee5bdc1db4b024a5ae7f50fb6e9f641d9cc25820f50d
                • Instruction ID: 39954fb5192df1e332098e64fb5ddf5b3ddf00d78dd6228f4eab5a39697c2be6
                • Opcode Fuzzy Hash: 33f71f937b91d6a3ed54ee5bdc1db4b024a5ae7f50fb6e9f641d9cc25820f50d
                • Instruction Fuzzy Hash: 14315C75A01214CFCB20EF64E45499EB3F6EFC4318B158968E6429B759EB74FC05CBA0
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00929D18, Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3e75cd7e1e39bb03157ba7e55e5a626396833c27a23e9722eee6e3f6b543db12
                • Instruction ID: b5c38b1bdf8395daf8cc6b3d85c1d817dc3f6b4e1df8db7062240b43f2d91728
                • Opcode Fuzzy Hash: 3e75cd7e1e39bb03157ba7e55e5a626396833c27a23e9722eee6e3f6b543db12
                • Instruction Fuzzy Hash: 68219AB1C006599FCB10CF9AD845BEEFBB8FB09324F10862AE854A3640D774A545CBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00990E68, Relevance: .1, Instructions: 64COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: baedc914a750389a0412c9d486309471778dc6ffbbd8054c2af17ba33917854e
                • Instruction ID: 32bae78f59b451c9f6717bbe697d04ab3905decbb8638337e0d5100ee443a01c
                • Opcode Fuzzy Hash: baedc914a750389a0412c9d486309471778dc6ffbbd8054c2af17ba33917854e
                • Instruction Fuzzy Hash: 3421E3B59003499FCF10DF9AD884BDEBBF4FB48314F10842AE919A7650D774AA54CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009225AB, Relevance: .1, Instructions: 64COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 21fe244321374c98f280a0f0dddade1e9e2b4a036a5c924ce4026d74c4f46927
                • Instruction ID: 736531d0bc8406f8d0dff6eccefb9af8a19b871ea8d512b22a0fb05a9c5ba61d
                • Opcode Fuzzy Hash: 21fe244321374c98f280a0f0dddade1e9e2b4a036a5c924ce4026d74c4f46927
                • Instruction Fuzzy Hash: ED11E372B011186BDB00FB78E8112AF76EBDBC4315F51842AE205DB789DF715E164BE2
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00993848, Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 25255cc2c7d1b780651c576e5c08799f840d2274ad7e9a3222d3aabbe43b2537
                • Instruction ID: 8c8db3dc57ad74c2db35c28695ad1255a2190bed16ac2007ae7fc92d3a3cc53f
                • Opcode Fuzzy Hash: 25255cc2c7d1b780651c576e5c08799f840d2274ad7e9a3222d3aabbe43b2537
                • Instruction Fuzzy Hash: AA21E0B59002499FCF10CF9AD884ADEBBF4FF48324F10852AE919A7350D774AA54CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00926149, Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 47fdaddcf94125a73fd403d7e37d8e77c9576a978a603718af6addf46a0492d3
                • Instruction ID: 468b35397d6d68f35c600de3fcae8ceb994b4eb265061c3bd6eb7020131ebb9a
                • Opcode Fuzzy Hash: 47fdaddcf94125a73fd403d7e37d8e77c9576a978a603718af6addf46a0492d3
                • Instruction Fuzzy Hash: 0A219D71D002299FCB04EFA9E8406EDBBF6EF88314F148529D508EB645E730A905CFA5
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00992DC8, Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7aa0e83106352da84ac0e8c68b2fd83f0b563a00f797483dd211a8451030f5a0
                • Instruction ID: 39f07384e498f0374a1449f6d18d6d8b27600ba86ae758881b7525bd772afe5f
                • Opcode Fuzzy Hash: 7aa0e83106352da84ac0e8c68b2fd83f0b563a00f797483dd211a8451030f5a0
                • Instruction Fuzzy Hash: F011E031A05244AFDF24EBB8E85437D3BBA9F81301F1448ADD146CB692DB394E0ACB51
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009257F4, Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7ba04b037f54ff35f7e986f5b2d467348fb0b6c0db679ca1bd67819a0ed10e11
                • Instruction ID: e1d15b64f98c1bd4bbe7b0f4d0eeb5fa4bcea3abb142209403160080ba104152
                • Opcode Fuzzy Hash: 7ba04b037f54ff35f7e986f5b2d467348fb0b6c0db679ca1bd67819a0ed10e11
                • Instruction Fuzzy Hash: 9E2136B1C006199BCB10CF9AD444BEEFBB8FB48320F10852AE918B3640D778A954CFA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00927C40, Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 930b68725d6562e67d0acb0f267af8be78588e58d1728d6b9b18b6831576b14c
                • Instruction ID: 26c6099fb2de1e27cd96c5d4930df643a7e1582b4d90b8fe233f353e37e45dcd
                • Opcode Fuzzy Hash: 930b68725d6562e67d0acb0f267af8be78588e58d1728d6b9b18b6831576b14c
                • Instruction Fuzzy Hash: 4F01D432708B304BEB20DAB8F440BA6B3DD9B80365F05447AE88DEB395D669EC408790
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009225B8, Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65d45e4bfb5940250316e514e12c91289e43e2fe37e72c5622b340e782965a75
                • Instruction ID: a2ad5329ba0d95cdd56b00bc087a9e9223ac7bdbbbb6137aa6b9cba93e304238
                • Opcode Fuzzy Hash: 65d45e4bfb5940250316e514e12c91289e43e2fe37e72c5622b340e782965a75
                • Instruction Fuzzy Hash: BD11CE71B051186BDB40FB78A8012AF76EBEBC8305F518839E209DB385EF355E194BE1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00999FF8, Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 57a0e0914a7f23f4e72108597c5f3e3826cb9b95e234aadaa22488f12043ed97
                • Instruction ID: 210e952071a3465b78ee404f7ad44f4e578350d04e9043de97b5342ce4e6c979
                • Opcode Fuzzy Hash: 57a0e0914a7f23f4e72108597c5f3e3826cb9b95e234aadaa22488f12043ed97
                • Instruction Fuzzy Hash: E901D6737041100B4B14A7BDB84046EA7CBDBD73B13148237E616CB291DD368C4292B9
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0099C080, Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 383aecb3530305ecadbef70d1da82c5d21622a3a27b1f1c988af5b9ac23bc624
                • Instruction ID: 57b31ea10ab8a977569964082e59630ce3c270514c228c962f7de603b8439d7c
                • Opcode Fuzzy Hash: 383aecb3530305ecadbef70d1da82c5d21622a3a27b1f1c988af5b9ac23bc624
                • Instruction Fuzzy Hash: 6E0187713041108F9B58DB2DE958A2EBBAAEBCA2117208079E40AC7360CF35DC00CB90
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00929CF0, Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d5822ad765be3db117c252bf269d4792c8e8284cb29311eeaa6d290373c8cade
                • Instruction ID: 6ac0f0111af7f2e86d06b092a8be1327d988ab46e90d99e4d8e814615e1e4fd6
                • Opcode Fuzzy Hash: d5822ad765be3db117c252bf269d4792c8e8284cb29311eeaa6d290373c8cade
                • Instruction Fuzzy Hash: 530149318087958FDB01CF59E8403E8BFB4EF16328F0881CAE1589B293D33C1559DBA1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00992E39, Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1c2a486f8e292c6ce3b3fb51263e623c251dd599ff4a1b1b4595eec0e4d9098
                • Instruction ID: d28c117e75b6bc31307da045c338049ccb27d1fc4d71dd0bcd93845aa098d4e2
                • Opcode Fuzzy Hash: d1c2a486f8e292c6ce3b3fb51263e623c251dd599ff4a1b1b4595eec0e4d9098
                • Instruction Fuzzy Hash: 0D01F932609740AFEF351BADA8587393BBE9FC1721F18047EE04687582CB3D5C499755
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00A0D01D, Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.693014722.0000000000A0D000.00000040.00000001.sdmp, Offset: 00A0D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 549698e9a9be34203f053a5d76e4a891b6d85d9a2f8a6c11743548fdc8b3923f
                • Instruction ID: 2671dbddc27a57aaa62e474c935aab217fe0db7c65dc2979e57d1fe4a56c86b5
                • Opcode Fuzzy Hash: 549698e9a9be34203f053a5d76e4a891b6d85d9a2f8a6c11743548fdc8b3923f
                • Instruction Fuzzy Hash: CD01F7724083489AE7204F65E8C4767BB98EF41328F188459ED4A5B2C2C3799845C6B1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00992E48, Relevance: .0, Instructions: 44COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f673b8da5bf679b9d975265cff008623db3f6b1bb20d5953ec284ff2b9a19627
                • Instruction ID: 329f7777724d35381ff4b816da1cd1038fce2c31df97116b43530f0b1f50e101
                • Opcode Fuzzy Hash: f673b8da5bf679b9d975265cff008623db3f6b1bb20d5953ec284ff2b9a19627
                • Instruction Fuzzy Hash: A701D136701A146BEF346BAEA88833E76AE5BD0721F18092DE14782681CB398C498751
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009241B8, Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 519a7f63f34e7b0ce73f6349442dddb2e9a9aac50c571d9b53611538172d1cea
                • Instruction ID: c0d2d87f971d7fe88de2c9d829655ee3640e30a2b992250bff5854359122436f
                • Opcode Fuzzy Hash: 519a7f63f34e7b0ce73f6349442dddb2e9a9aac50c571d9b53611538172d1cea
                • Instruction Fuzzy Hash: 19F046762097002FC721A774E89186E7FEA9FC212C300897EE159CB752EF289C4583F6
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00A0D006, Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.693014722.0000000000A0D000.00000040.00000001.sdmp, Offset: 00A0D000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 654c064362cb6a81ee80557f654d0ef0350203c8f9b8c53d48e3f3a8d004ba5b
                • Instruction ID: 9216d25585ae88f1aa2106ff49bba341eb7a01880db024344af709e5b4004921
                • Opcode Fuzzy Hash: 654c064362cb6a81ee80557f654d0ef0350203c8f9b8c53d48e3f3a8d004ba5b
                • Instruction Fuzzy Hash: 42015E7140D3C45FD7128B259C94B62BFB8EF53224F1980CBE9899F2D3C2695849CB72
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00992ED0, Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1d93a5135ec58e8acdd4266d1acba4eeaaf1f44cd4b642590f2a1bb14439891f
                • Instruction ID: 4595825612354b36e931e54d7d7876464343aafb6aeb368ffbb12c2a3a410770
                • Opcode Fuzzy Hash: 1d93a5135ec58e8acdd4266d1acba4eeaaf1f44cd4b642590f2a1bb14439891f
                • Instruction Fuzzy Hash: 0D01B170A04358AAEF14EB68C409BEEBAF1AB89308F14446DD141B62C0CFB90948C7A1
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00991CA0, Relevance: .0, Instructions: 38COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9ce4f240688e79bc5a77ef25c5f98c30e1a5266a1430eb5f2287750158b78780
                • Instruction ID: 2ef19896277e074c5a13a6d354924beb3e5d76f3ffc6cd9fd4415aece0993109
                • Opcode Fuzzy Hash: 9ce4f240688e79bc5a77ef25c5f98c30e1a5266a1430eb5f2287750158b78780
                • Instruction Fuzzy Hash: 13F0F23A15E7D59FD7235778A8222913FB0AE47210B5A08CBC1C08F0A7D628984AC326
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00924608, Relevance: .0, Instructions: 38COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: af60a23c09f9ceeacff8a21bbd57b799622f7df983b039a226aa9067ebec5553
                • Instruction ID: be2215af896140059fb85a30e76271b813377961cd90e5ab1d1a0845942bcb5f
                • Opcode Fuzzy Hash: af60a23c09f9ceeacff8a21bbd57b799622f7df983b039a226aa9067ebec5553
                • Instruction Fuzzy Hash: 29F090363102148BDB15AB79F404B9A37DEEBC5716F0540B9E119CB791CA66DC058761
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009241C8, Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 64b581c45546966c772b37e1a3af6bbc8702547a90900c476d7206b8a0f0ed55
                • Instruction ID: 34bb133ae429dedbce1ebe135289beabec49138f0d3fe2d3a1e347a805525917
                • Opcode Fuzzy Hash: 64b581c45546966c772b37e1a3af6bbc8702547a90900c476d7206b8a0f0ed55
                • Instruction Fuzzy Hash: FFF0E23A3016005B8624AB74A49186E77DB9BC522C300893CE10EC7701EF35AC0183E5
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00922010, Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f8a5a106112fce22ed0ee53c6a6757242520c1982a06741dbc45348c22126ae3
                • Instruction ID: a65d35132e0afb3ca0b01737f378c2c11b8e7c1eba482c07ea9b16fb32b0f344
                • Opcode Fuzzy Hash: f8a5a106112fce22ed0ee53c6a6757242520c1982a06741dbc45348c22126ae3
                • Instruction Fuzzy Hash: 60F024322047801FD7235B24B41069B3B99DFC2311F0589BFD0008F686CB358D82CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0092EAAE, Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cfdc1dbd9f456007cff9fc96a40dd040fa2d2f455df4648ab62cecc34d9e6d0d
                • Instruction ID: 5a8b7fa80977801d3659cd6b8c170fd5597a37f4ce595840843ccb45c4891a45
                • Opcode Fuzzy Hash: cfdc1dbd9f456007cff9fc96a40dd040fa2d2f455df4648ab62cecc34d9e6d0d
                • Instruction Fuzzy Hash: 80018C31621204CFD724EB24E491669B3B3FF88319B60C56DE11A87B84CF39EC46EB80
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009217A0, Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 13a0ded4001a3ad5e7b2d257380ed5a183170a39012e4344ce6319215e16b5fe
                • Instruction ID: b544cf34b8aa5a09b65cd08549c2c0c539705b2606fc2255df9d3f58ccab4ac3
                • Opcode Fuzzy Hash: 13a0ded4001a3ad5e7b2d257380ed5a183170a39012e4344ce6319215e16b5fe
                • Instruction Fuzzy Hash: F0E0DF323402280BDB2467B9A815BA9738CDB80BA4F048074FA09CF791EB25EC114390
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009245F8, Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b5cf2a619320779f0581d42202f424ec2f3f92f44419839d15ef6096167e3726
                • Instruction ID: 52bea5a2feba9477f1a248e15cf66b0cb630a5f36dffcf07721042b5f7a299ea
                • Opcode Fuzzy Hash: b5cf2a619320779f0581d42202f424ec2f3f92f44419839d15ef6096167e3726
                • Instruction Fuzzy Hash: 02E0D8363089900BC7125A59F40069627A89BD7B21F0240A7E104CF396D551CC434750
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0099B220, Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9d76a996ae98ca0992273e3acc75710be4409101a907ed3bfa62514eb4dd3b1
                • Instruction ID: d131756bbd6dcdd07ab01c60e892f1bcbe5baa270e4690d4324c96d59984f38c
                • Opcode Fuzzy Hash: f9d76a996ae98ca0992273e3acc75710be4409101a907ed3bfa62514eb4dd3b1
                • Instruction Fuzzy Hash: BAE04F323042505B4720AF9EF888D6BBBEEEBC9625309C57AE10DC7221DEA49C0587A5
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00921B88, Relevance: .0, Instructions: 24COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bc2a6a1cbd903039deefabf3c26e17659920bb523b6e19e69e90d53073ac5a87
                • Instruction ID: f07a47a584ef2ce5fdbf5b647d3c680eb452369e098e7ed682edf3cfa40a4f63
                • Opcode Fuzzy Hash: bc2a6a1cbd903039deefabf3c26e17659920bb523b6e19e69e90d53073ac5a87
                • Instruction Fuzzy Hash: ACE0263160D3A40FCB23126878151EA3BA99B56311B0500A7D901CF6D6ED684C0243E3
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0092EB27, Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 822c81cbd2a910e70d3401a6744d6e4a64ad641b33741204956d5c5d13c4ce6c
                • Instruction ID: 2172cabe343ac4fd63bc53a3652d073fa48cb328b144ee111b18dd6740334209
                • Opcode Fuzzy Hash: 822c81cbd2a910e70d3401a6744d6e4a64ad641b33741204956d5c5d13c4ce6c
                • Instruction Fuzzy Hash: D4E026726041008BD310EB50F4413ADB3A2DBC0314F00C839E21BC3640CB38A802AB52
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0090C38A, Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.664101583.0000000000900000.00000040.00000001.sdmp, Offset: 00900000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5298bc7f0efa5fcaaa83aa31960feba279532c386dca007f0dc7d4c499325527
                • Instruction ID: f440294114cb0a21a70c9b87c4419a6b9133a1fd0930f7ed2701dc72c9a7e10e
                • Opcode Fuzzy Hash: 5298bc7f0efa5fcaaa83aa31960feba279532c386dca007f0dc7d4c499325527
                • Instruction Fuzzy Hash: 34E08C36A041008BD710EBA0F4463AEB366EB84325F04C92AE61787A80CB7998066B82
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0090C40A, Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.664101583.0000000000900000.00000040.00000001.sdmp, Offset: 00900000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5d134ba87400361cfd063cd8d68d87ec9febb781511bc2efa1f5df33ddc80069
                • Instruction ID: 3d454e66207bd99aa37ceeed1008cf44e96faaf0b8ba255a6bc44b9e78f84507
                • Opcode Fuzzy Hash: 5d134ba87400361cfd063cd8d68d87ec9febb781511bc2efa1f5df33ddc80069
                • Instruction Fuzzy Hash: FBE0C276A051008BD710EBA0F4493BDB7A6DBC0325F00C935E717C7680CF3D9A06AB82
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009955AC, Relevance: .0, Instructions: 18COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3f0704e3711507f61c610f2b2de0939c7bf059db5a8c57b4b16ae109deba241
                • Instruction ID: 2ca0de2b829989210e6d4ce40ba1fb77d8352fd598803f614fee3ac62f1ad534
                • Opcode Fuzzy Hash: a3f0704e3711507f61c610f2b2de0939c7bf059db5a8c57b4b16ae109deba241
                • Instruction Fuzzy Hash: 7BE04F39A10018DFCB00DF54E898A9DBF72FF85311F104156F60297261CB309D14CB91
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009208A0, Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3138d1701103939c2e38c10f310f79e240583395bc57f32e320dc31eef2dbf6d
                • Instruction ID: 5fd69d938239de5559e9e144b0e0430a793948c10ce1fbce8e13ce37e4577698
                • Opcode Fuzzy Hash: 3138d1701103939c2e38c10f310f79e240583395bc57f32e320dc31eef2dbf6d
                • Instruction Fuzzy Hash: 28D05E201093C44FC7039B68B8148947FB46E4651070A81DAE1488B673D608AC14C312
                Uniqueness

                Uniqueness Score: -1.00%

                Function 0099BE83, Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d2b09f76442aeef29db487ca3531eb01cf3d5e072cafa20b095f0e6db9dd4e4c
                • Instruction ID: 79e29f762ce76f98835abb23fc6a998969d5761eee2a14c2f5b89051f3439bd6
                • Opcode Fuzzy Hash: d2b09f76442aeef29db487ca3531eb01cf3d5e072cafa20b095f0e6db9dd4e4c
                • Instruction Fuzzy Hash: 6EB012333054104B490412CD74040BEE36AD6D02366204073D20AC04108B2D094311C9
                Uniqueness

                Uniqueness Score: -1.00%

                Function 009208B0, Relevance: .0, Instructions: 8COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.666812003.0000000000920000.00000040.00000001.sdmp, Offset: 00920000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 84b53698d60ade03efe5b0085646b8e39afe01f72e9225b330835887b615a830
                • Instruction ID: ec4eb1ec98accffe31bebd63862de299920251ec409da6d2908aa82640fe9283
                • Opcode Fuzzy Hash: 84b53698d60ade03efe5b0085646b8e39afe01f72e9225b330835887b615a830
                • Instruction Fuzzy Hash: 02B092352406088F8604DB5DD448C54B3E9AF8CA2530540A4E10D8B332DA21FC40CA40
                Uniqueness

                Uniqueness Score: -1.00%

                Function 00991CD0, Relevance: .0, Instructions: 6COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 004d5c6d851a4e13bfd8453a704bd36f8119391a6693f486a25e6e453f5ef4a6
                • Instruction ID: d349d04a6ad1c41d919d2ac1b6ef07215848aa613730f4abbb3e1b3c17c2a828
                • Opcode Fuzzy Hash: 004d5c6d851a4e13bfd8453a704bd36f8119391a6693f486a25e6e453f5ef4a6
                • Instruction Fuzzy Hash: DEA0223088030CCB830023F03808B0C330CB080802BA08028E20C830008F33E00002C2
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Function 00998E10, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000009.00000002.687362050.0000000000990000.00000040.00000001.sdmp, Offset: 00990000, based on PE: false
                Similarity
                • API ID:
                • String ID: \{$p\bk$["$k"$o9m^
                • API String ID: 0-2469755413
                • Opcode ID: 2db4ed3f6d4a463eb8f7b6ef9b43ab936d87259f4c5e89ae7f1a06ae131cb77a
                • Instruction ID: 0aa31bf2f8d3b4d668ccf57db6ecfff9021ebe71e6915369d16232338a7b52eb
                • Opcode Fuzzy Hash: 2db4ed3f6d4a463eb8f7b6ef9b43ab936d87259f4c5e89ae7f1a06ae131cb77a
                • Instruction Fuzzy Hash: 29024034B006158FDB14EFA8D894AAEB7F6AF89304F158529E506DB395DF34EC01CBA1
                Uniqueness

                Uniqueness Score: -1.00%