Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Scan002.exe.exe

Overview

General Information

Sample Name:Scan002.exe.exe
Analysis ID:338348
MD5:8e2315d05c47fefdddf0a686bf9e353e
SHA1:e56fe197d61518b5ea20696677c3fb444e39860e
SHA256:dd647e98e0bd3b1627a0385970c38cd046883967f39dbf9fe416d5300e8e310a
Tags:exeNanoCoreRATYahoo

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM_3
Yara detected Nanocore RAT
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Protects its processes via BreakOnTermination flag
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Conhost Parent Proces Executions
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • Scan002.exe.exe (PID: 2960 cmdline: 'C:\Users\user\Desktop\Scan002.exe.exe' MD5: 8E2315D05C47FEFDDDF0A686BF9E353E)
    • schtasks.exe (PID: 4564 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp1945.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 5348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • Scan002.exe.exe (PID: 4340 cmdline: {path} MD5: 8E2315D05C47FEFDDDF0A686BF9E353E)
      • schtasks.exe (PID: 4260 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp8ED7.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 5412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 976 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp91C6.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 4812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • Scan002.exe.exe (PID: 204 cmdline: C:\Users\user\Desktop\Scan002.exe.exe 0 MD5: 8E2315D05C47FEFDDDF0A686BF9E353E)
    • schtasks.exe (PID: 5876 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp414F.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 2160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • schtasks.exe (PID: 6608 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp65AF.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
          • conhost.exe (PID: 6644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • dhcpmon.exe (PID: 6712 cmdline: {path} MD5: 8E2315D05C47FEFDDDF0A686BF9E353E)
        • dhcpmon.exe (PID: 6744 cmdline: {path} MD5: 8E2315D05C47FEFDDDF0A686BF9E353E)
        • dhcpmon.exe (PID: 6764 cmdline: {path} MD5: 8E2315D05C47FEFDDDF0A686BF9E353E)
    • Scan002.exe.exe (PID: 4260 cmdline: {path} MD5: 8E2315D05C47FEFDDDF0A686BF9E353E)
  • dhcpmon.exe (PID: 5396 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0 MD5: 8E2315D05C47FEFDDDF0A686BF9E353E)
  • dhcpmon.exe (PID: 2160 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' MD5: 8E2315D05C47FEFDDDF0A686BF9E353E)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"C2: ": ["172.111.249.15"], "Version: ": "NanoCore Client, Version=1.2.2.0"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.274234683.0000000004167000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x1d8595:$x1: NanoCore.ClientPluginHost
  • 0x1d85d2:$x2: IClientNetworkHost
  • 0x1dc105:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000000A.00000002.274234683.0000000004167000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    0000000A.00000002.274234683.0000000004167000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0x1d82fd:$a: NanoCore
    • 0x1d830d:$a: NanoCore
    • 0x1d8541:$a: NanoCore
    • 0x1d8555:$a: NanoCore
    • 0x1d8595:$a: NanoCore
    • 0x1d835c:$b: ClientPlugin
    • 0x1d855e:$b: ClientPlugin
    • 0x1d859e:$b: ClientPlugin
    • 0x127a96:$c: ProjectData
    • 0x1d8483:$c: ProjectData
    • 0x128537:$d: DESCrypto
    • 0x1d8e8a:$d: DESCrypto
    • 0x1e0856:$e: KeepAlive
    • 0x1de844:$g: LogClientMessage
    • 0x1daa3f:$i: get_Connected
    • 0x1d91c0:$j: #=q
    • 0x1d91f0:$j: #=q
    • 0x1d920c:$j: #=q
    • 0x1d923c:$j: #=q
    • 0x1d9258:$j: #=q
    • 0x1d9274:$j: #=q
    0000000D.00000002.286646772.0000000000402000.00000040.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xff8d:$x1: NanoCore.ClientPluginHost
    • 0xffca:$x2: IClientNetworkHost
    • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    0000000D.00000002.286646772.0000000000402000.00000040.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      Click to see the 47 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      13.2.Scan002.exe.exe.400000.0.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0x1018d:$x1: NanoCore.ClientPluginHost
      • 0x101ca:$x2: IClientNetworkHost
      • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      13.2.Scan002.exe.exe.400000.0.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xff05:$x1: NanoCore Client.exe
      • 0x1018d:$x2: NanoCore.ClientPluginHost
      • 0x117c6:$s1: PluginCommand
      • 0x117ba:$s2: FileCommand
      • 0x1266b:$s3: PipeExists
      • 0x18422:$s4: PipeCreated
      • 0x101b7:$s5: IClientLoggingHost
      13.2.Scan002.exe.exe.400000.0.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        13.2.Scan002.exe.exe.400000.0.unpackNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
        • 0xfef5:$a: NanoCore
        • 0xff05:$a: NanoCore
        • 0x10139:$a: NanoCore
        • 0x1014d:$a: NanoCore
        • 0x1018d:$a: NanoCore
        • 0xff54:$b: ClientPlugin
        • 0x10156:$b: ClientPlugin
        • 0x10196:$b: ClientPlugin
        • 0x1007b:$c: ProjectData
        • 0x10a82:$d: DESCrypto
        • 0x1844e:$e: KeepAlive
        • 0x1643c:$g: LogClientMessage
        • 0x12637:$i: get_Connected
        • 0x10db8:$j: #=q
        • 0x10de8:$j: #=q
        • 0x10e04:$j: #=q
        • 0x10e34:$j: #=q
        • 0x10e50:$j: #=q
        • 0x10e6c:$j: #=q
        • 0x10e9c:$j: #=q
        • 0x10eb8:$j: #=q
        3.2.Scan002.exe.exe.6220000.6.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0xf7ad:$x1: NanoCore.ClientPluginHost
        • 0xf7da:$x2: IClientNetworkHost
        Click to see the 17 entries

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Scan002.exe.exe, ProcessId: 4340, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
        Sigma detected: Scheduled temp file as task from temp locationShow sources
        Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp1945.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp1945.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: 'C:\Users\user\Desktop\Scan002.exe.exe' , ParentImage: C:\Users\user\Desktop\Scan002.exe.exe, ParentProcessId: 2960, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp1945.tmp', ProcessId: 4564
        Sigma detected: Conhost Parent Proces ExecutionsShow sources
        Source: Process startedAuthor: omkar72: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp65AF.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp65AF.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, ParentImage: C:\Windows\System32\conhost.exe, ParentProcessId: 2160, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp65AF.tmp', ProcessId: 6608

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: dhcpmon.exe.6764.27.memstrMalware Configuration Extractor: NanoCore {"C2: ": ["172.111.249.15"], "Version: ": "NanoCore Client, Version=1.2.2.0"}
        Multi AV Scanner detection for domain / URLShow sources
        Source: innocentbooii.hopto.orgVirustotal: Detection: 8%Perma Link
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000A.00000002.274234683.0000000004167000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.286646772.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.596528786.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.303779219.00000000047B7000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.313206635.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.302951058.0000000004491000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.314650471.00000000043B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.278150561.0000000004427000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.254700153.0000000003D97000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.314577877.00000000033B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.610027032.0000000006220000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.287850073.0000000002D11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6764, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Scan002.exe.exe PID: 4340, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Scan002.exe.exe PID: 4260, type: MEMORY
        Source: Yara matchFile source: 13.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.Scan002.exe.exe.6220000.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.Scan002.exe.exe.6220000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Machine Learning detection for dropped fileShow sources
        Source: C:\Users\user\AppData\Roaming\UbebSiSIKndjd.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJoe Sandbox ML: detected
        Machine Learning detection for sampleShow sources
        Source: Scan002.exe.exeJoe Sandbox ML: detected
        Source: 3.2.Scan002.exe.exe.6220000.6.unpackAvira: Label: TR/NanoCore.fadte
        Source: 13.2.Scan002.exe.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 27.2.dhcpmon.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 3.2.Scan002.exe.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: Scan002.exe.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: C:\Users\user\Desktop\Scan002.exe.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: Scan002.exe.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: Scan002.exe.exe, 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmp, Scan002.exe.exe, 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmp, dhcpmon.exe, 0000001B.00000002.314650471.00000000043B1000.00000004.00000001.sdmp
        Source: Binary string: mscorrc.pdb source: Scan002.exe.exe, 00000000.00000002.264377341.00000000067C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000003.00000002.609595214.0000000005F20000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.282247924.0000000006D60000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.277107575.0000000006B00000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.308220988.0000000007170000.00000002.00000001.sdmp
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_04BDAF98
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 4x nop then jmp 0667082Dh0_2_066707C8
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 4x nop then jmp 0667082Dh0_2_066707B8
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 4x nop then mov esp, ebp3_2_032D86B1
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h8_2_052AAF98
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h10_2_0504AF88

        Networking:

        barindex
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorIPs: 172.111.249.15
        Source: Joe Sandbox ViewASN Name: AS45671-NET-AUWholesaleServicesProviderAU AS45671-NET-AUWholesaleServicesProviderAU
        Source: unknownDNS traffic detected: queries for: innocentbooii.hopto.org
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000000.00000003.227051250.0000000004EED000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
        Source: dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
        Source: Scan002.exe.exe, 00000000.00000003.232966975.0000000004ECF000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
        Source: Scan002.exe.exe, 00000000.00000003.235619449.0000000004EC2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.htmlh
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
        Source: Scan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designerss
        Source: Scan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comF
        Source: Scan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comFk/
        Source: Scan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comN/
        Source: Scan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comTTFY/
        Source: Scan002.exe.exe, 00000000.00000002.255981298.0000000004EB0000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.coma
        Source: Scan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comalsa
        Source: Scan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comalsd
        Source: Scan002.exe.exe, 00000000.00000002.255981298.0000000004EB0000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comcoma
        Source: Scan002.exe.exe, 00000000.00000003.226824848.0000000004EED000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
        Source: Scan002.exe.exe, 00000000.00000003.226884104.0000000004EED000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com4
        Source: Scan002.exe.exe, 00000000.00000003.228394731.0000000004EC1000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
        Source: Scan002.exe.exe, 00000000.00000003.229248591.0000000004EB4000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
        Source: Scan002.exe.exe, 00000000.00000003.228156025.0000000004EB3000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn8
        Source: Scan002.exe.exe, 00000000.00000003.228230964.0000000004EBE000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnI
        Source: Scan002.exe.exe, 00000000.00000003.228156025.0000000004EB3000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cne-di.
        Source: Scan002.exe.exe, 00000000.00000003.228156025.0000000004EB3000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnoftA.
        Source: Scan002.exe.exe, 00000000.00000003.228156025.0000000004EB3000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnorm
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
        Source: Scan002.exe.exe, 00000000.00000003.231098088.0000000004EB5000.00000004.00000001.sdmp, Scan002.exe.exe, 00000000.00000003.231221602.0000000004EB6000.00000004.00000001.sdmp, Scan002.exe.exe, 00000000.00000003.231280337.0000000004EB6000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
        Source: Scan002.exe.exe, 00000000.00000003.231221602.0000000004EB6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/40
        Source: Scan002.exe.exe, 00000000.00000003.231098088.0000000004EB5000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/G/
        Source: Scan002.exe.exe, 00000000.00000003.231280337.0000000004EB6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/N/
        Source: Scan002.exe.exe, 00000000.00000003.231221602.0000000004EB6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Pogr
        Source: Scan002.exe.exe, 00000000.00000003.231280337.0000000004EB6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0P
        Source: Scan002.exe.exe, 00000000.00000003.231447812.0000000004EB6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0Y/
        Source: Scan002.exe.exe, 00000000.00000003.231447812.0000000004EB6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
        Source: Scan002.exe.exe, 00000000.00000003.231447812.0000000004EB6000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/k/
        Source: Scan002.exe.exe, 00000000.00000003.231098088.0000000004EB5000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/k/
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
        Source: Scan002.exe.exe, 00000000.00000003.229248591.0000000004EB4000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.
        Source: dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
        Source: Scan002.exe.exe, 00000000.00000003.236674676.0000000004ECF000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.de
        Source: Scan002.exe.exe, 00000000.00000003.232418765.0000000004ECF000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.de2
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
        Source: Scan002.exe.exe, 00000000.00000003.232418765.0000000004ECF000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.dei
        Source: Scan002.exe.exe, 00000000.00000003.232418765.0000000004ECF000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deod
        Source: Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
        Source: Scan002.exe.exe, 00000000.00000002.251177607.0000000000AE9000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
        Source: Scan002.exe.exe, 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000A.00000002.274234683.0000000004167000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.286646772.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.596528786.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.303779219.00000000047B7000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.313206635.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.302951058.0000000004491000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.314650471.00000000043B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.278150561.0000000004427000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.254700153.0000000003D97000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.314577877.00000000033B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.610027032.0000000006220000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.287850073.0000000002D11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6764, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Scan002.exe.exe PID: 4340, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Scan002.exe.exe PID: 4260, type: MEMORY
        Source: Yara matchFile source: 13.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.Scan002.exe.exe.6220000.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.Scan002.exe.exe.6220000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE

        Operating System Destruction:

        barindex
        Protects its processes via BreakOnTermination flagShow sources
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: 01 00 00 00 Jump to behavior

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 0000000A.00000002.274234683.0000000004167000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000A.00000002.274234683.0000000004167000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000D.00000002.286646772.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000D.00000002.286646772.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000003.00000002.596528786.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000003.00000002.596528786.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000003.00000002.609798776.0000000005F80000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000F.00000002.303779219.00000000047B7000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000F.00000002.303779219.00000000047B7000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001B.00000002.313206635.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001B.00000002.313206635.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000003.00000002.609917775.00000000060D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000F.00000002.302951058.0000000004491000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000F.00000002.302951058.0000000004491000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001B.00000002.314650471.00000000043B1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000008.00000002.278150561.0000000004427000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000008.00000002.278150561.0000000004427000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000002.254700153.0000000003D97000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.254700153.0000000003D97000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001B.00000002.314577877.00000000033B1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000003.00000002.610027032.0000000006220000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000D.00000002.287850073.0000000002D11000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 6764, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 6764, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: Scan002.exe.exe PID: 4340, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: Scan002.exe.exe PID: 4340, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: Scan002.exe.exe PID: 4260, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: Scan002.exe.exe PID: 4260, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 13.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 3.2.Scan002.exe.exe.6220000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 3.2.Scan002.exe.exe.6220000.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 3.2.Scan002.exe.exe.5f80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 3.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 3.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 3.2.Scan002.exe.exe.60d0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_03341622 NtSetInformationProcess,3_2_03341622
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_033418E6 NtQuerySystemInformation,3_2_033418E6
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_033418AB NtQuerySystemInformation,3_2_033418AB
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_033415F1 NtSetInformationProcess,3_2_033415F1
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_06CF1C9E NtQuerySystemInformation,8_2_06CF1C9E
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_06CF1C64 NtQuerySystemInformation,8_2_06CF1C64
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BDDA800_2_04BDDA80
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BDE2E00_2_04BDE2E0
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BDAF980_2_04BDAF98
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BDF5840_2_04BDF584
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BDB7780_2_04BDB778
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BDB4D00_2_04BDB4D0
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BDE2D00_2_04BDE2D0
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BDB4C10_2_04BDB4C1
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BDAF880_2_04BDAF88
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BDB7700_2_04BDB770
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BDDB400_2_04BDDB40
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_06677F750_2_06677F75
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_06677B250_2_06677B25
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_066707C80_2_066707C8
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_066707B80_2_066707B8
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BD3B3F0_2_04BD3B3F
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BD3B500_2_04BD3B50
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BD09500_2_04BD0950
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BD09410_2_04BD0941
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_032DB7483_2_032DB748
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_032D2FA83_2_032D2FA8
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_032D23A03_2_032D23A0
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_032D9A783_2_032D9A78
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_032D8E783_2_032D8E78
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_032D9B3F3_2_032D9B3F
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_032D306F3_2_032D306F
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052AB7788_2_052AB778
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052AF5848_2_052AF584
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052AAF988_2_052AAF98
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052ADA808_2_052ADA80
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052AE2E08_2_052AE2E0
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052AB76A8_2_052AB76A
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052ADB408_2_052ADB40
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052AE35C8_2_052AE35C
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052AAF888_2_052AAF88
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052AB4C18_2_052AB4C1
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052AB4D08_2_052AB4D0
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052AE2D08_2_052AE2D0
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_068A7B258_2_068A7B25
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_068A81348_2_068A8134
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_068A7F758_2_068A7F75
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052A3B3F8_2_052A3B3F
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052A09418_2_052A0941
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052A09508_2_052A0950
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052A3B508_2_052A3B50
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0504B77810_2_0504B778
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0504F58410_2_0504F584
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0504AF8810_2_0504AF88
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0504DA8010_2_0504DA80
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0504E2E010_2_0504E2E0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0504DB4010_2_0504DB40
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0504B4C110_2_0504B4C1
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0504B4D010_2_0504B4D0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0504E2D010_2_0504E2D0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_06BF7B2510_2_06BF7B25
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_06BF7F7510_2_06BF7F75
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_05043B3F10_2_05043B3F
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0504094110_2_05040941
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0504095010_2_05040950
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_05043B5010_2_05043B50
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 13_2_04F123A013_2_04F123A0
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 13_2_04F12FA813_2_04F12FA8
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 13_2_04F1385013_2_04F13850
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 13_2_04F1306F13_2_04F1306F
        Source: Scan002.exe.exeBinary or memory string: OriginalFilename vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000000.00000002.264686233.0000000006A60000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000000.00000002.264377341.00000000067C0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000000.00000002.256132215.00000000050A0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTypeLibImporterFlags.dll4 vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000000.00000002.267133655.00000000073B0000.00000002.00000001.sdmpBinary or memory string: originalfilename vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000000.00000002.267133655.00000000073B0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000000.00000000.225279011.0000000000322000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameQ& vs Scan002.exe.exe
        Source: Scan002.exe.exeBinary or memory string: OriginalFilename vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000003.00000003.252025197.0000000001653000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameQ& vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000003.00000002.609798776.0000000005F80000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameNanoProtectClient.dllT vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000003.00000002.610681716.0000000006AE0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000003.00000002.609595214.0000000005F20000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000003.00000002.603697296.00000000015FA000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000003.00000002.604453423.0000000003330000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs Scan002.exe.exe
        Source: Scan002.exe.exeBinary or memory string: OriginalFilename vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000008.00000000.256183402.0000000000A02000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameQ& vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000008.00000002.282371680.0000000006DC0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTypeLibImporterFlags.dll4 vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000008.00000002.282516385.0000000006E80000.00000002.00000001.sdmpBinary or memory string: originalfilename vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000008.00000002.282516385.0000000006E80000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000008.00000002.282247924.0000000006D60000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Scan002.exe.exe
        Source: Scan002.exe.exe, 00000008.00000002.282968651.00000000072E0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs Scan002.exe.exe
        Source: Scan002.exe.exeBinary or memory string: OriginalFilename vs Scan002.exe.exe
        Source: Scan002.exe.exe, 0000000D.00000002.288483394.0000000005020000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs Scan002.exe.exe
        Source: Scan002.exe.exe, 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs Scan002.exe.exe
        Source: Scan002.exe.exe, 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameNanoProtectClient.dllT vs Scan002.exe.exe
        Source: Scan002.exe.exe, 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs Scan002.exe.exe
        Source: Scan002.exe.exe, 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs Scan002.exe.exe
        Source: Scan002.exe.exe, 0000000D.00000002.286701957.0000000000662000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameQ& vs Scan002.exe.exe
        Source: Scan002.exe.exeBinary or memory string: OriginalFilenameQ& vs Scan002.exe.exe
        Source: Scan002.exe.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: 0000000A.00000002.274234683.0000000004167000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000A.00000002.274234683.0000000004167000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000D.00000002.286646772.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000D.00000002.286646772.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000003.00000002.596528786.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000003.00000002.596528786.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000003.00000002.609798776.0000000005F80000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000003.00000002.609798776.0000000005F80000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000F.00000002.303779219.00000000047B7000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000F.00000002.303779219.00000000047B7000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001B.00000002.313206635.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001B.00000002.313206635.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000003.00000002.609917775.00000000060D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000003.00000002.609917775.00000000060D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000F.00000002.302951058.0000000004491000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000F.00000002.302951058.0000000004491000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001B.00000002.314650471.00000000043B1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000008.00000002.278150561.0000000004427000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000008.00000002.278150561.0000000004427000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000002.254700153.0000000003D97000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000000.00000002.254700153.0000000003D97000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001B.00000002.314577877.00000000033B1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000003.00000002.610027032.0000000006220000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000003.00000002.610027032.0000000006220000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000D.00000002.287850073.0000000002D11000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 6764, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 6764, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: Scan002.exe.exe PID: 4340, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: Scan002.exe.exe PID: 4340, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: Scan002.exe.exe PID: 4260, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: Scan002.exe.exe PID: 4260, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 13.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 13.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 3.2.Scan002.exe.exe.6220000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 3.2.Scan002.exe.exe.6220000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 3.2.Scan002.exe.exe.6220000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 3.2.Scan002.exe.exe.6220000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 3.2.Scan002.exe.exe.5f80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 3.2.Scan002.exe.exe.5f80000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 3.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 3.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 3.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 3.2.Scan002.exe.exe.60d0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 3.2.Scan002.exe.exe.60d0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: Scan002.exe.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: UbebSiSIKndjd.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: dhcpmon.exe.3.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: 3.2.Scan002.exe.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 3.2.Scan002.exe.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 3.2.Scan002.exe.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: classification engineClassification label: mal100.troj.evad.winEXE@29/12@6/2
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_033414A6 AdjustTokenPrivileges,3_2_033414A6
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_0334146F AdjustTokenPrivileges,3_2_0334146F
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_06CF1BCE AdjustTokenPrivileges,8_2_06CF1BCE
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_06CF1B97 AdjustTokenPrivileges,8_2_06CF1B97
        Source: C:\Users\user\Desktop\Scan002.exe.exeFile created: C:\Program Files (x86)\DHCP MonitorJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeFile created: C:\Users\user\AppData\Roaming\UbebSiSIKndjd.exeJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMutant created: \Sessions\1\BaseNamedObjects\HJFlgkyVhFQuadxHkBKPB
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4812:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5412:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6644:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5348:120:WilError_01
        Source: C:\Users\user\Desktop\Scan002.exe.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
        Source: C:\Users\user\Desktop\Scan002.exe.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{f54d19ad-33bd-4372-9241-49940a512cfd}
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2160:120:WilError_01
        Source: C:\Users\user\Desktop\Scan002.exe.exeFile created: C:\Users\user\AppData\Local\Temp\tmp1945.tmpJump to behavior
        Source: Scan002.exe.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Scan002.exe.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\Scan002.exe.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeFile read: C:\Users\user\Desktop\Scan002.exe.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Scan002.exe.exe 'C:\Users\user\Desktop\Scan002.exe.exe'
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp1945.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\Desktop\Scan002.exe.exe {path}
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp8ED7.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp91C6.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\Desktop\Scan002.exe.exe C:\Users\user\Desktop\Scan002.exe.exe 0
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp414F.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\Desktop\Scan002.exe.exe {path}
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp65AF.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp1945.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess created: C:\Users\user\Desktop\Scan002.exe.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp8ED7.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp91C6.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp414F.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess created: C:\Users\user\Desktop\Scan002.exe.exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp65AF.tmp'
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Users\user\Desktop\Scan002.exe.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
        Source: Scan002.exe.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: C:\Users\user\Desktop\Scan002.exe.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: Scan002.exe.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: Scan002.exe.exe, 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmp, Scan002.exe.exe, 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmp, dhcpmon.exe, 0000001B.00000002.314650471.00000000043B1000.00000004.00000001.sdmp
        Source: Binary string: mscorrc.pdb source: Scan002.exe.exe, 00000000.00000002.264377341.00000000067C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000003.00000002.609595214.0000000005F20000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.282247924.0000000006D60000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.277107575.0000000006B00000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.308220988.0000000007170000.00000002.00000001.sdmp

        Data Obfuscation:

        barindex
        .NET source code contains potential unpackerShow sources
        Source: Scan002.exe.exe, OSTBseLT?j??r/?N?R?wiDP.cs.Net Code: J?DpCTV?y System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: UbebSiSIKndjd.exe.0.dr, OSTBseLT?j??r/?N?R?wiDP.cs.Net Code: J?DpCTV?y System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 0.2.Scan002.exe.exe.320000.0.unpack, OSTBseLT?j??r/?N?R?wiDP.cs.Net Code: J?DpCTV?y System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 0.0.Scan002.exe.exe.320000.0.unpack, OSTBseLT?j??r/?N?R?wiDP.cs.Net Code: J?DpCTV?y System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: dhcpmon.exe.3.dr, OSTBseLT?j??r/?N?R?wiDP.cs.Net Code: J?DpCTV?y System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 3.2.Scan002.exe.exe.d30000.1.unpack, OSTBseLT?j??r/?N?R?wiDP.cs.Net Code: J?DpCTV?y System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 3.0.Scan002.exe.exe.d30000.0.unpack, OSTBseLT?j??r/?N?R?wiDP.cs.Net Code: J?DpCTV?y System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 3.2.Scan002.exe.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 3.2.Scan002.exe.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 8.0.Scan002.exe.exe.a00000.0.unpack, OSTBseLT?j??r/?N?R?wiDP.cs.Net Code: J?DpCTV?y System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 0_2_04BDC928 push eax; iretd 0_2_04BDC929
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_015374B8 push ebp; ret 3_2_015374B9
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_015374AC push ecx; ret 3_2_015374AD
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 8_2_052AC928 push eax; iretd 8_2_052AC929
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0504C928 push eax; iretd 10_2_0504C929
        Source: initial sampleStatic PE information: section name: .text entropy: 7.70309811015
        Source: initial sampleStatic PE information: section name: .text entropy: 7.70309811015
        Source: initial sampleStatic PE information: section name: .text entropy: 7.70309811015
        Source: 3.2.Scan002.exe.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 3.2.Scan002.exe.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: C:\Users\user\Desktop\Scan002.exe.exeFile created: C:\Users\user\AppData\Roaming\UbebSiSIKndjd.exeJump to dropped file
        Source: C:\Users\user\Desktop\Scan002.exe.exeFile created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to dropped file

        Boot Survival:

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp1945.tmp'

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
        Source: C:\Users\user\Desktop\Scan002.exe.exeFile opened: C:\Users\user\Desktop\Scan002.exe.exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion:

        barindex
        Yara detected AntiVM_3Show sources
        Source: Yara matchFile source: 0000000A.00000002.270860826.0000000002E41000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5396, type: MEMORY
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
        Source: Scan002.exe.exe, 00000000.00000002.252199504.0000000002A71000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.275208784.0000000003101000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.270929601.0000000002EDF000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.302189845.000000000352F000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLLX1
        Source: Scan002.exe.exe, 00000000.00000002.252540430.0000000002AE5000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.275304601.000000000319F000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.270860826.0000000002E41000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.302154152.00000000034EF000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
        Source: Scan002.exe.exe, 00000000.00000002.252540430.0000000002AE5000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.275304601.000000000319F000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.270860826.0000000002E41000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.302154152.00000000034EF000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
        Source: Scan002.exe.exe, 00000000.00000002.252199504.0000000002A71000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.275208784.0000000003101000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.270929601.0000000002EDF000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.302189845.000000000352F000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAMEX1
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: C:\Users\user\Desktop\Scan002.exe.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\Desktop\Scan002.exe.exeWindow / User API: threadDelayed 1027Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeWindow / User API: foregroundWindowGot 1245Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeWindow / User API: foregroundWindowGot 434Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exe TID: 2172Thread sleep time: -31500s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exe TID: 5916Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exe TID: 5952Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exe TID: 5416Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exe TID: 5416Thread sleep count: 74 > 30Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exe TID: 5416Thread sleep count: 255 > 30Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exe TID: 4628Thread sleep count: 1027 > 30Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exe TID: 3008Thread sleep time: -180000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exe TID: 4660Thread sleep time: -31500s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exe TID: 892Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5056Thread sleep time: -31500s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 4728Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exe TID: 5308Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 4488Thread sleep time: -31500s >= -30000s
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5896Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6812Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_033416CA GetSystemInfo,3_2_033416CA
        Source: dhcpmon.exe, 0000000F.00000002.302189845.000000000352F000.00000004.00000001.sdmpBinary or memory string: VMware
        Source: dhcpmon.exe, 0000000F.00000002.302189845.000000000352F000.00000004.00000001.sdmpBinary or memory string: vmwareX1
        Source: dhcpmon.exe, 0000000F.00000002.302189845.000000000352F000.00000004.00000001.sdmpBinary or memory string: VMWARE|9
        Source: dhcpmon.exe, 0000000F.00000002.302189845.000000000352F000.00000004.00000001.sdmpBinary or memory string: q#"SOFTWARE\VMware, Inc.\VMware ToolsX1
        Source: Scan002.exe.exe, 00000003.00000002.610681716.0000000006AE0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
        Source: dhcpmon.exe, 0000000F.00000002.302189845.000000000352F000.00000004.00000001.sdmpBinary or memory string: q&%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\X1
        Source: dhcpmon.exe, 0000000F.00000002.302189845.000000000352F000.00000004.00000001.sdmpBinary or memory string: VMware|9
        Source: dhcpmon.exe, 0000000F.00000002.302189845.000000000352F000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIX1
        Source: dhcpmon.exe, 0000000F.00000002.302189845.000000000352F000.00000004.00000001.sdmpBinary or memory string: VMware |9
        Source: Scan002.exe.exe, 00000003.00000003.516542699.0000000001674000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
        Source: dhcpmon.exe, 0000000F.00000002.302189845.000000000352F000.00000004.00000001.sdmpBinary or memory string: VMWARE
        Source: dhcpmon.exe, 0000000F.00000002.302154152.00000000034EF000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: Scan002.exe.exe, 00000003.00000002.610681716.0000000006AE0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
        Source: Scan002.exe.exe, 00000003.00000002.610681716.0000000006AE0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
        Source: dhcpmon.exe, 0000000F.00000002.302189845.000000000352F000.00000004.00000001.sdmpBinary or memory string: VMWAREX1
        Source: dhcpmon.exe, 0000000F.00000002.302154152.00000000034EF000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
        Source: dhcpmon.exe, 0000000F.00000002.302154152.00000000034EF000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
        Source: dhcpmon.exe, 0000000F.00000002.302189845.000000000352F000.00000004.00000001.sdmpBinary or memory string: VMware
        Source: Scan002.exe.exe, 00000000.00000002.252199504.0000000002A71000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.275208784.0000000003101000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.270929601.0000000002EDF000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.302189845.000000000352F000.00000004.00000001.sdmpBinary or memory string: QEMUX1
        Source: Scan002.exe.exe, 00000003.00000003.516542699.0000000001674000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllceProviderElement, System.WorkflowServices, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
        Source: dhcpmon.exe, 0000000F.00000002.302154152.00000000034EF000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
        Source: Scan002.exe.exe, 00000003.00000002.610681716.0000000006AE0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess token adjusted: Debug
        Source: C:\Users\user\Desktop\Scan002.exe.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Injects a PE file into a foreign processesShow sources
        Source: C:\Users\user\Desktop\Scan002.exe.exeMemory written: C:\Users\user\Desktop\Scan002.exe.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeMemory written: C:\Users\user\Desktop\Scan002.exe.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMemory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5A
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp1945.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess created: C:\Users\user\Desktop\Scan002.exe.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp8ED7.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp91C6.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp414F.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeProcess created: C:\Users\user\Desktop\Scan002.exe.exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp65AF.tmp'
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: Scan002.exe.exe, 00000003.00000002.604032239.0000000001D80000.00000002.00000001.sdmpBinary or memory string: uProgram Manager
        Source: Scan002.exe.exe, 00000003.00000002.607858525.000000000396A000.00000004.00000001.sdmpBinary or memory string: Program Manager
        Source: Scan002.exe.exe, 00000003.00000002.604032239.0000000001D80000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
        Source: Scan002.exe.exe, 00000003.00000002.604032239.0000000001D80000.00000002.00000001.sdmpBinary or memory string: Progman
        Source: Scan002.exe.exe, 00000003.00000002.603815130.0000000001674000.00000004.00000020.sdmpBinary or memory string: Program Managerp#|
        Source: Scan002.exe.exe, 00000003.00000002.604032239.0000000001D80000.00000002.00000001.sdmpBinary or memory string: Progmanlock
        Source: Scan002.exe.exe, 00000003.00000002.603815130.0000000001674000.00000004.00000020.sdmpBinary or memory string: Program Managerkt\,S
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_0151AF9A GetUserNameW,3_2_0151AF9A
        Source: C:\Users\user\Desktop\Scan002.exe.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000A.00000002.274234683.0000000004167000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.286646772.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.596528786.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.303779219.00000000047B7000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.313206635.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.302951058.0000000004491000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.314650471.00000000043B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.278150561.0000000004427000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.254700153.0000000003D97000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.314577877.00000000033B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.610027032.0000000006220000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.287850073.0000000002D11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6764, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Scan002.exe.exe PID: 4340, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Scan002.exe.exe PID: 4260, type: MEMORY
        Source: Yara matchFile source: 13.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.Scan002.exe.exe.6220000.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.Scan002.exe.exe.6220000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: Scan002.exe.exe, 00000003.00000002.596528786.0000000000402000.00000040.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: Scan002.exe.exe, 00000003.00000002.609798776.0000000005F80000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: Scan002.exe.exe, 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
        Source: Scan002.exe.exe, 0000000D.00000002.286646772.0000000000402000.00000040.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: Scan002.exe.exe, 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: Scan002.exe.exe, 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
        Source: dhcpmon.exe, 0000001B.00000002.313206635.0000000000402000.00000040.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 0000001B.00000002.314650471.00000000043B1000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: dhcpmon.exe, 0000001B.00000002.314650471.00000000043B1000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000A.00000002.274234683.0000000004167000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.286646772.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.596528786.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.303779219.00000000047B7000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.313206635.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.302951058.0000000004491000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.314650471.00000000043B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.278150561.0000000004427000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.254700153.0000000003D97000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.314577877.00000000033B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.610027032.0000000006220000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.287850073.0000000002D11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6764, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Scan002.exe.exe PID: 4340, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Scan002.exe.exe PID: 4260, type: MEMORY
        Source: Yara matchFile source: 13.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.Scan002.exe.exe.6220000.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.Scan002.exe.exe.6220000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 3.2.Scan002.exe.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_03342B26 bind,3_2_03342B26
        Source: C:\Users\user\Desktop\Scan002.exe.exeCode function: 3_2_03342AF6 bind,3_2_03342AF6

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsScheduled Task/Job1Scheduled Task/Job1Access Token Manipulation1Masquerading2Input Capture21Security Software Discovery111Remote ServicesInput Capture21Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection112Virtualization/Sandbox Evasion3LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data11Exfiltration Over BluetoothRemote Access Software1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Scheduled Task/Job1Disable or Modify Tools1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Access Token Manipulation1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol11SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection112LSA SecretsAccount Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Owner/User Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsHidden Files and Directories1DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobObfuscated Files or Information3Proc FilesystemFile and Directory Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Software Packing13/etc/passwd and /etc/shadowSystem Information Discovery13Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 338348 Sample: Scan002.exe.exe Startdate: 12/01/2021 Architecture: WINDOWS Score: 100 68 Multi AV Scanner detection for domain / URL 2->68 70 Found malware configuration 2->70 72 Malicious sample detected (through community Yara rule) 2->72 74 11 other signatures 2->74 9 Scan002.exe.exe 6 2->9         started        13 Scan002.exe.exe 4 2->13         started        15 dhcpmon.exe 2->15         started        17 dhcpmon.exe 3 2->17         started        process3 file4 58 C:\Users\user\AppData\...\UbebSiSIKndjd.exe, PE32 9->58 dropped 60 C:\Users\user\AppData\Local\...\tmp1945.tmp, XML 9->60 dropped 62 C:\Users\user\AppData\...\Scan002.exe.exe.log, ASCII 9->62 dropped 80 Injects a PE file into a foreign processes 9->80 19 Scan002.exe.exe 1 14 9->19         started        24 schtasks.exe 1 9->24         started        26 schtasks.exe 1 13->26         started        28 Scan002.exe.exe 2 13->28         started        signatures5 process6 dnsIp7 64 innocentbooii.hopto.org 172.111.249.15, 55420 AS45671-NET-AUWholesaleServicesProviderAU United States 19->64 66 192.168.2.1 unknown unknown 19->66 52 C:\Program Files (x86)\...\dhcpmon.exe, PE32 19->52 dropped 54 C:\Users\user\AppData\Roaming\...\run.dat, ISO-8859 19->54 dropped 56 C:\...\dhcpmon.exe:Zone.Identifier, ASCII 19->56 dropped 76 Protects its processes via BreakOnTermination flag 19->76 78 Hides that the sample has been downloaded from the Internet (zone.identifier) 19->78 30 schtasks.exe 1 19->30         started        32 schtasks.exe 1 19->32         started        34 conhost.exe 24->34         started        36 conhost.exe 26->36         started        file8 signatures9 process10 process11 38 conhost.exe 30->38         started        40 conhost.exe 32->40         started        42 schtasks.exe 36->42         started        44 dhcpmon.exe 36->44         started        46 dhcpmon.exe 36->46         started        48 dhcpmon.exe 36->48         started        process12 50 conhost.exe 42->50         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Scan002.exe.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Roaming\UbebSiSIKndjd.exe100%Joe Sandbox ML
        C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe100%Joe Sandbox ML

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        3.2.Scan002.exe.exe.6220000.6.unpack100%AviraTR/NanoCore.fadteDownload File
        13.2.Scan002.exe.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        27.2.dhcpmon.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        3.2.Scan002.exe.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

        Domains

        SourceDetectionScannerLabelLink
        innocentbooii.hopto.org8%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://www.fontbureau.comalsa0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/Y0Y/0%Avira URL Cloudsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.founder.com.cn/cnI0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/k/0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/N/0%Avira URL Cloudsafe
        http://www.founder.com.cn/cnorm0%Avira URL Cloudsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/Pogr0%Avira URL Cloudsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://www.founder.com.cn/cne-di.0%Avira URL Cloudsafe
        http://www.urwpp.deod0%Avira URL Cloudsafe
        http://www.urwpp.de20%Avira URL Cloudsafe
        http://www.fontbureau.comN/0%Avira URL Cloudsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.fontbureau.comFk/0%Avira URL Cloudsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/400%Avira URL Cloudsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.de0%URL Reputationsafe
        http://www.urwpp.de0%URL Reputationsafe
        http://www.urwpp.de0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.founder.com.cn/cnoftA.0%Avira URL Cloudsafe
        http://www.fontbureau.comalsd0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/G/0%Avira URL Cloudsafe
        http://www.fontbureau.comF0%URL Reputationsafe
        http://www.fontbureau.comF0%URL Reputationsafe
        http://www.fontbureau.comF0%URL Reputationsafe
        http://www.fontbureau.comcoma0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/Y0P0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.fontbureau.coma0%URL Reputationsafe
        http://www.fontbureau.coma0%URL Reputationsafe
        http://www.fontbureau.coma0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.tiro.0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/0%URL Reputationsafe
        http://www.founder.com.cn/cn/0%URL Reputationsafe
        http://www.founder.com.cn/cn/0%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/k/0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn80%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.urwpp.dei0%Avira URL Cloudsafe
        http://www.fonts.com40%Avira URL Cloudsafe
        http://www.fontbureau.comTTFY/0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        innocentbooii.hopto.org
        		172.111.249.15
        		truetrueunknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.fontbureau.comalsaScan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.fontbureau.com/designersGScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
          		high
          http://www.fontbureau.com/designers/?Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
            		high
            http://www.founder.com.cn/cn/bTheScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designers?Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
              		high
              http://www.jiyu-kobo.co.jp/Y0Y/Scan002.exe.exe, 00000000.00000003.231447812.0000000004EB6000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.tiro.comdhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.com/designersdhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                		high
                http://www.goodfont.co.krScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.founder.com.cn/cnIScan002.exe.exe, 00000000.00000003.228230964.0000000004EBE000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.jiyu-kobo.co.jp/k/Scan002.exe.exe, 00000000.00000003.231098088.0000000004EB5000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.jiyu-kobo.co.jp/N/Scan002.exe.exe, 00000000.00000003.231280337.0000000004EB6000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.founder.com.cn/cnormScan002.exe.exe, 00000000.00000003.228156025.0000000004EB3000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.sajatypeworks.comScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.typography.netDScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.founder.com.cn/cn/cTheScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/PogrScan002.exe.exe, 00000000.00000003.231221602.0000000004EB6000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.galapagosdesign.com/staff/dennis.htmScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://fontfabrik.comScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000000.00000003.227051250.0000000004EED000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.founder.com.cn/cne-di.Scan002.exe.exe, 00000000.00000003.228156025.0000000004EB3000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.urwpp.deodScan002.exe.exe, 00000000.00000003.232418765.0000000004ECF000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.urwpp.de2Scan002.exe.exe, 00000000.00000003.232418765.0000000004ECF000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.fontbureau.comN/Scan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.galapagosdesign.com/DPleaseScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.fontbureau.comFk/Scan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.fonts.comScan002.exe.exe, 00000000.00000003.226824848.0000000004EED000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                  		high
                  http://www.sandoll.co.krScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/40Scan002.exe.exe, 00000000.00000003.231221602.0000000004EB6000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.urwpp.deDPleaseScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.urwpp.deScan002.exe.exe, 00000000.00000003.236674676.0000000004ECF000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.zhongyicts.com.cnScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.sakkal.comScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.founder.com.cn/cnoftA.Scan002.exe.exe, 00000000.00000003.228156025.0000000004EB3000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fontbureau.com/designerssScan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.comalsdScan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.jiyu-kobo.co.jp/G/Scan002.exe.exe, 00000000.00000003.231098088.0000000004EB5000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.apache.org/licenses/LICENSE-2.0Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                      		high
                      http://www.fontbureau.comScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.com/designers/frere-jones.htmlhScan002.exe.exe, 00000000.00000003.235619449.0000000004EC2000.00000004.00000001.sdmpfalse
                          		high
                          http://www.fontbureau.comFScan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.comcomaScan002.exe.exe, 00000000.00000002.255981298.0000000004EB0000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/Y0PScan002.exe.exe, 00000000.00000003.231280337.0000000004EB6000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/jp/Scan002.exe.exe, 00000000.00000003.231447812.0000000004EB6000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.comaScan002.exe.exe, 00000000.00000002.255981298.0000000004EB0000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.carterandcone.comlScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.tiro.Scan002.exe.exe, 00000000.00000003.229248591.0000000004EB4000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.founder.com.cn/cn/Scan002.exe.exe, 00000000.00000003.229248591.0000000004EB4000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers/cabarga.htmlNScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                            		high
                            http://www.founder.com.cn/cnScan002.exe.exe, 00000000.00000003.228394731.0000000004EC1000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/frere-jones.htmlScan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                              		high
                              http://www.jiyu-kobo.co.jp/jp/k/Scan002.exe.exe, 00000000.00000003.231447812.0000000004EB6000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.founder.com.cn/cn8Scan002.exe.exe, 00000000.00000003.228156025.0000000004EB3000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/Scan002.exe.exe, 00000000.00000003.231098088.0000000004EB5000.00000004.00000001.sdmp, Scan002.exe.exe, 00000000.00000003.231221602.0000000004EB6000.00000004.00000001.sdmp, Scan002.exe.exe, 00000000.00000003.231280337.0000000004EB6000.00000004.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers8Scan002.exe.exe, 00000000.00000002.256151393.00000000050C0000.00000002.00000001.sdmp, Scan002.exe.exe, 00000008.00000002.278996252.00000000056E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275007588.00000000054A0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.306107796.0000000005AF0000.00000002.00000001.sdmpfalse
                                		high
                                http://www.urwpp.deiScan002.exe.exe, 00000000.00000003.232418765.0000000004ECF000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.fonts.com4Scan002.exe.exe, 00000000.00000003.226884104.0000000004EED000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.fontbureau.com/designers/Scan002.exe.exe, 00000000.00000003.232966975.0000000004ECF000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.fontbureau.comTTFY/Scan002.exe.exe, 00000000.00000003.236366761.0000000004EB6000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public

                                  IPDomainCountryFlagASNASN NameMalicious
                                  172.111.249.15
                                  		unknownUnited States
                                  		45671AS45671-NET-AUWholesaleServicesProviderAUtrue

                                  Private

                                  IP
                                  192.168.2.1

                                  General Information

                                  Joe Sandbox Version:31.0.0 Red Diamond
                                  Analysis ID:338348
                                  Start date:12.01.2021
                                  Start time:07:18:34
                                  Joe Sandbox Product:CloudBasic
                                  Overall analysis duration:0h 14m 36s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Sample file name:Scan002.exe.exe
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                  Number of analysed new started processes analysed:40
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • HDC enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal100.troj.evad.winEXE@29/12@6/2
                                  EGA Information:Failed
                                  HDC Information:Failed
                                  HCA Information:
                                  • Successful, ratio: 92%
                                  • Number of executed functions: 459
                                  • Number of non-executed functions: 6
                                  Cookbook Comments:
                                  • Adjust boot time
                                  • Enable AMSI
                                  • Found application associated with file extension: .exe
                                  Warnings:
                                  Show All
                                  • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                  • Excluded IPs from analysis (whitelisted): 40.88.32.150, 13.88.21.125, 104.79.90.110, 51.104.139.180, 92.122.213.247, 92.122.213.194, 93.184.221.240, 51.103.5.186, 52.155.217.156, 20.54.26.129, 51.11.168.160
                                  • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, wns.notify.windows.com.akadns.net, arc.msn.com, wu.azureedge.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, par02p.wns.notify.windows.com.akadns.net, emea1.notify.windows.com.akadns.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, wu.ec.azureedge.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net
                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  07:19:29API Interceptor1267x Sleep call for process: Scan002.exe.exe modified
                                  07:19:35Task SchedulerRun new task: DHCP Monitor path: "C:\Users\user\Desktop\Scan002.exe.exe" s>$(Arg0)
                                  07:19:38Task SchedulerRun new task: DHCP Monitor Task path: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" s>$(Arg0)
                                  07:19:39AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                  07:19:40API Interceptor3x Sleep call for process: dhcpmon.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  No context

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  innocentbooii.hopto.orgFile.exeGet hashmaliciousBrowse
                                  • 194.5.98.108
                                  SWB copy.exeGet hashmaliciousBrowse
                                  • 194.5.98.108
                                  0LGpT3WYf1.exeGet hashmaliciousBrowse
                                  • 154.120.96.115

                                  ASN

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  AS45671-NET-AUWholesaleServicesProviderAUhttp://s3-eu-west-1.amazonaws.com/hjdpjni/ogbim#qs=r-acacaeeikdgeadkieeefjaehbihabababaefahcaccajbiackdcagfkbkacbGet hashmaliciousBrowse
                                  • 203.26.196.25
                                  Check.vbsGet hashmaliciousBrowse
                                  • 27.50.75.62
                                  ano.exeGet hashmaliciousBrowse
                                  • 27.50.80.18
                                  jbs.exeGet hashmaliciousBrowse
                                  • 221.121.151.3
                                  https://noosahealth.com/vnotice/w9k6dnqb128gjgj9oklfih2f.php?MTYwMTU2MDcyMGYwN2NlMDllN2Q1NTNlNWU1ODcwZGM1N2RhOWQ1ZWFkNDNiZTIxZTUxNGRkYjQ0MzNmNDNlNTRlNDgzMzI1YzM5NGZhODY4ZA==&data=a2lhbWV0dGlAY29leHBhbi5jb20=Get hashmaliciousBrowse
                                  • 103.13.103.135
                                  https://rgmgalaxy.com/cgi/?email=cgarcia@dataxu.comGet hashmaliciousBrowse
                                  • 180.92.196.41
                                  https://bnet.alpha-fem.com/rt/dmZpYWxsb3NAYmFjZmxvcmlkYS5jb20=Get hashmaliciousBrowse
                                  • 45.74.14.19
                                  ali.exeGet hashmaliciousBrowse
                                  • 27.50.80.18
                                  CZP44EvQFN.docGet hashmaliciousBrowse
                                  • 118.127.60.139
                                  svPo783mk8.docGet hashmaliciousBrowse
                                  • 118.127.60.139
                                  9NLNYxPRWg.docGet hashmaliciousBrowse
                                  • 118.127.60.139
                                  gN7CiLPI2w.docGet hashmaliciousBrowse
                                  • 118.127.60.139
                                  b8X9P4f011.docGet hashmaliciousBrowse
                                  • 118.127.60.139
                                  lRxIRaWSZK.docGet hashmaliciousBrowse
                                  • 118.127.60.139
                                  T08KQuKIgs.docGet hashmaliciousBrowse
                                  • 118.127.60.139
                                  GhM6Zmi4U1.docGet hashmaliciousBrowse
                                  • 118.127.60.139
                                  mhaoMky8ES.docGet hashmaliciousBrowse
                                  • 118.127.60.139
                                  LApPQ8KJHO.docGet hashmaliciousBrowse
                                  • 118.127.60.139
                                  Sv5mt8dv9I.docGet hashmaliciousBrowse
                                  • 118.127.60.139
                                  BIri1a275h.docGet hashmaliciousBrowse
                                  • 118.127.60.139

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                  Process:C:\Users\user\Desktop\Scan002.exe.exe
                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Category:dropped
                                  Size (bytes):910848
                                  Entropy (8bit):7.69470592663904
                                  Encrypted:false
                                  SSDEEP:12288:YMbCszXQrmZDevwQoqqj7h8tT8kqfbPVdhZu9TitgOLdKYy02UB+4zgl:DbCszXvvcwXh5gYK3029Ag
                                  MD5:8E2315D05C47FEFDDDF0A686BF9E353E
                                  SHA1:E56FE197D61518B5EA20696677C3FB444E39860E
                                  SHA-256:DD647E98E0BD3B1627A0385970C38CD046883967F39DBF9FE416D5300E8E310A
                                  SHA-512:D052FADFE382F2910992677F65BFDD1C5CDABD50837925B6B5EA14038026EC49E30112DE25D3E88A78CE832CEE7D79AE66A0821C2570276C12FBCAD2676050CC
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_............................N.... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................0.......H.......................t{..8............................................0............o.... ...._ ..........,.....8.....o....t..... . &.......o.....o....(........o......o.......o.....o....Z.Z..................(........+E......X.Y........,.+*......X.....X.....X........X......X.l.Z.....X.......i......-........(.......o........+...*^..}.....(.......(.....*.0...........s......o.......(.....*.".(.....*....0...........s......o.......(.....*..0..+.........,..{.......+....,...{....o
                                  C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
                                  Process:C:\Users\user\Desktop\Scan002.exe.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):26
                                  Entropy (8bit):3.95006375643621
                                  Encrypted:false
                                  SSDEEP:3:ggPYV:rPYV
                                  MD5:187F488E27DB4AF347237FE461A079AD
                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                  Malicious:true
                                  Preview: [ZoneTransfer]....ZoneId=0
                                  C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Scan002.exe.exe.log
                                  Process:C:\Users\user\Desktop\Scan002.exe.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):525
                                  Entropy (8bit):5.2874233355119316
                                  Encrypted:false
                                  SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T
                                  MD5:61CCF53571C9ABA6511D696CB0D32E45
                                  SHA1:A13A42A20EC14942F52DB20FB16A0A520F8183CE
                                  SHA-256:3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
                                  SHA-512:90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F
                                  Malicious:true
                                  Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..
                                  C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
                                  Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):525
                                  Entropy (8bit):5.2874233355119316
                                  Encrypted:false
                                  SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T
                                  MD5:61CCF53571C9ABA6511D696CB0D32E45
                                  SHA1:A13A42A20EC14942F52DB20FB16A0A520F8183CE
                                  SHA-256:3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
                                  SHA-512:90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F
                                  Malicious:false
                                  Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..
                                  C:\Users\user\AppData\Local\Temp\tmp1945.tmp
                                  Process:C:\Users\user\Desktop\Scan002.exe.exe
                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1662
                                  Entropy (8bit):5.1728135789612715
                                  Encrypted:false
                                  SSDEEP:24:2dH4+SEqC/dp7hdMlNMFpdU/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBJtn:cbhH7MlNQ8/rydbz9I3YODOLNdq39
                                  MD5:AA28189D75A160986C9DDF1DE1CBD68C
                                  SHA1:5C5EA1B0C1CA0BDEB33320AABD86BA464E4D432B
                                  SHA-256:845906543657D1AB101D9B1819DF5CFF158C8F397F7506FEEC42891CD78A1A1B
                                  SHA-512:5DBB5CB20838D719F0B3532AE5DBAD235F78BC0DE8954783FB98344218D06083BAB808E29363C9901973FFDAF746FE06ACE3CF29D1CCEB623A94245DDE4FBB53
                                  Malicious:true
                                  Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAv
                                  C:\Users\user\AppData\Local\Temp\tmp414F.tmp
                                  Process:C:\Users\user\Desktop\Scan002.exe.exe
                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1662
                                  Entropy (8bit):5.1728135789612715
                                  Encrypted:false
                                  SSDEEP:24:2dH4+SEqC/dp7hdMlNMFpdU/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBJtn:cbhH7MlNQ8/rydbz9I3YODOLNdq39
                                  MD5:AA28189D75A160986C9DDF1DE1CBD68C
                                  SHA1:5C5EA1B0C1CA0BDEB33320AABD86BA464E4D432B
                                  SHA-256:845906543657D1AB101D9B1819DF5CFF158C8F397F7506FEEC42891CD78A1A1B
                                  SHA-512:5DBB5CB20838D719F0B3532AE5DBAD235F78BC0DE8954783FB98344218D06083BAB808E29363C9901973FFDAF746FE06ACE3CF29D1CCEB623A94245DDE4FBB53
                                  Malicious:false
                                  Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAv
                                  C:\Users\user\AppData\Local\Temp\tmp65AF.tmp
                                  Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1662
                                  Entropy (8bit):5.1728135789612715
                                  Encrypted:false
                                  SSDEEP:24:2dH4+SEqC/dp7hdMlNMFpdU/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBJtn:cbhH7MlNQ8/rydbz9I3YODOLNdq39
                                  MD5:AA28189D75A160986C9DDF1DE1CBD68C
                                  SHA1:5C5EA1B0C1CA0BDEB33320AABD86BA464E4D432B
                                  SHA-256:845906543657D1AB101D9B1819DF5CFF158C8F397F7506FEEC42891CD78A1A1B
                                  SHA-512:5DBB5CB20838D719F0B3532AE5DBAD235F78BC0DE8954783FB98344218D06083BAB808E29363C9901973FFDAF746FE06ACE3CF29D1CCEB623A94245DDE4FBB53
                                  Malicious:false
                                  Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAv
                                  C:\Users\user\AppData\Local\Temp\tmp8ED7.tmp
                                  Process:C:\Users\user\Desktop\Scan002.exe.exe
                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1305
                                  Entropy (8bit):5.096557144339906
                                  Encrypted:false
                                  SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0XExtn:cbk4oL600QydbQxIYODOLedq3hj
                                  MD5:29C2992183264E85915470135EDB70C9
                                  SHA1:AE42A898163FDDD286F9CC036789BDEE76BBCA79
                                  SHA-256:BAEE5F35FF81D3654E18E7356CAEE7D51CD198CAB7DD368E8D5FF5C408CA2BCC
                                  SHA-512:C28C9C8D86D1A38915AC69E50183319DE9F08ACCBB576933B2F68C9FE7F925ADF4B031733279E9B7C7791890FA2701235D3DF6915A47A26879D5EC3910A26F8C
                                  Malicious:false
                                  Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                  C:\Users\user\AppData\Local\Temp\tmp91C6.tmp
                                  Process:C:\Users\user\Desktop\Scan002.exe.exe
                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                  Category:modified
                                  Size (bytes):1310
                                  Entropy (8bit):5.109425792877704
                                  Encrypted:false
                                  SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j
                                  MD5:5C2F41CFC6F988C859DA7D727AC2B62A
                                  SHA1:68999C85FC7E37BAB9216E0099836D40D4545C1C
                                  SHA-256:98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
                                  SHA-512:B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334
                                  Malicious:false
                                  Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                  C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                  Process:C:\Users\user\Desktop\Scan002.exe.exe
                                  File Type:ISO-8859 text, with CR line terminators
                                  Category:dropped
                                  Size (bytes):8
                                  Entropy (8bit):3.0
                                  Encrypted:false
                                  SSDEEP:3:hat:hat
                                  MD5:2C91F0DF6F187C76EADD8473749B5E06
                                  SHA1:C5D523419059FC3AC148A041E7DCC3EAB4500677
                                  SHA-256:A20F2288309FC1823C655409F922A077422D2DCD0BDF75104064B8A97177180E
                                  SHA-512:E207A7B37E5B154F0C44D5506DDC62BDC1FA5FF19676549174F581DF6141EAE512DE559ABA585815A9418533A296352DD2B3089C9E0B32AAFF506FDAACE33057
                                  Malicious:true
                                  Preview: ...w...H
                                  C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
                                  Process:C:\Users\user\Desktop\Scan002.exe.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):42
                                  Entropy (8bit):4.162520173864397
                                  Encrypted:false
                                  SSDEEP:3:oN0naRR2GiAIN:oNcSR2DAI
                                  MD5:5A95A542025A94567015BC5FB4638686
                                  SHA1:65939CC89B4611F466E62AA799325B72ED12FD71
                                  SHA-256:0D4F4D965CB445119C1A5D9266593A1081C4E97E3403905366B98ADC9D7709F7
                                  SHA-512:EE0A17A0DC7F4D3A815CBC4BA873E5661D7C51A6788CBBCDB5EF01415EC18EBED4740AE9839B704201EECC4B4FC1D6B2DF1D7EC1A1BA4346A386BE0D0BA7E40D
                                  Malicious:false
                                  Preview: C:\Users\user\Desktop\Scan002.exe.exe
                                  C:\Users\user\AppData\Roaming\UbebSiSIKndjd.exe
                                  Process:C:\Users\user\Desktop\Scan002.exe.exe
                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Category:dropped
                                  Size (bytes):910848
                                  Entropy (8bit):7.69470592663904
                                  Encrypted:false
                                  SSDEEP:12288:YMbCszXQrmZDevwQoqqj7h8tT8kqfbPVdhZu9TitgOLdKYy02UB+4zgl:DbCszXvvcwXh5gYK3029Ag
                                  MD5:8E2315D05C47FEFDDDF0A686BF9E353E
                                  SHA1:E56FE197D61518B5EA20696677C3FB444E39860E
                                  SHA-256:DD647E98E0BD3B1627A0385970C38CD046883967F39DBF9FE416D5300E8E310A
                                  SHA-512:D052FADFE382F2910992677F65BFDD1C5CDABD50837925B6B5EA14038026EC49E30112DE25D3E88A78CE832CEE7D79AE66A0821C2570276C12FBCAD2676050CC
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_............................N.... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................0.......H.......................t{..8............................................0............o.... ...._ ..........,.....8.....o....t..... . &.......o.....o....(........o......o.......o.....o....Z.Z..................(........+E......X.Y........,.+*......X.....X.....X........X......X.l.Z.....X.......i......-........(.......o........+...*^..}.....(.......(.....*.0...........s......o.......(.....*.".(.....*....0...........s......o.......(.....*..0..+.........,..{.......+....,...{....o

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Entropy (8bit):7.69470592663904
                                  TrID:
                                  • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                  • Win32 Executable (generic) a (10002005/4) 49.97%
                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                  • DOS Executable Generic (2002/1) 0.01%
                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                  File name:Scan002.exe.exe
                                  File size:910848
                                  MD5:8e2315d05c47fefdddf0a686bf9e353e
                                  SHA1:e56fe197d61518b5ea20696677c3fb444e39860e
                                  SHA256:dd647e98e0bd3b1627a0385970c38cd046883967f39dbf9fe416d5300e8e310a
                                  SHA512:d052fadfe382f2910992677f65bfdd1c5cdabd50837925b6b5ea14038026ec49e30112de25d3e88a78ce832cee7d79ae66a0821c2570276c12fbcad2676050cc
                                  SSDEEP:12288:YMbCszXQrmZDevwQoqqj7h8tT8kqfbPVdhZu9TitgOLdKYy02UB+4zgl:DbCszXvvcwXh5gYK3029Ag
                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_............................N.... ........@.. .......................@............@................................

                                  File Icon

                                  Icon Hash:00828e8e8686b000

                                  Static PE Info

                                  General

                                  Entrypoint:0x4df84e
                                  Entrypoint Section:.text
                                  Digitally signed:false
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                  DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                  Time Stamp:0x5FFCCC88 [Mon Jan 11 22:09:12 2021 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:v2.0.50727
                                  OS Version Major:4
                                  OS Version Minor:0
                                  File Version Major:4
                                  File Version Minor:0
                                  Subsystem Version Major:4
                                  Subsystem Version Minor:0
                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                  Entrypoint Preview

                                  Instruction
                                  jmp dword ptr [00402000h]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al

                                  Data Directories

                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xdf8000x4b.text
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xe00000x800.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xe20000xc.reloc
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                  Sections

                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  .text0x20000xdd8540xdda00False0.822365869994data7.70309811015IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                  .rsrc0xe00000x8000x800False0.3330078125data3.49807917331IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .reloc0xe20000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                  Resources

                                  NameRVASizeTypeLanguageCountry
                                  RT_VERSION0xe00900x388data
                                  RT_MANIFEST0xe04280x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                  Imports

                                  DLLImport
                                  mscoree.dll_CorExeMain

                                  Version Infos

                                  DescriptionData
                                  Translation0x0000 0x04b0
                                  LegalCopyrightCopyright Overwolf 2011 - 2020
                                  Assembly Version2.159.0.0
                                  InternalNameQ.exe
                                  FileVersion2.159.0.0
                                  CompanyNameOverwolf Ltd.
                                  LegalTrademarks
                                  CommentsOverwolf Launcher
                                  ProductNameOverwolfLauncher
                                  ProductVersion2.159.0.0
                                  FileDescriptionOverwolfLauncher
                                  OriginalFilenameQ.exe

                                  Network Behavior

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Jan 12, 2021 07:19:40.595899105 CET4972755420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:19:43.684853077 CET4972755420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:19:49.721853018 CET4972755420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:19:58.445087910 CET4973455420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:20:01.500910044 CET4973455420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:20:07.499305010 CET4973455420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:20:15.415180922 CET4973855420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:20:18.515856981 CET4973855420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:20:24.516421080 CET4973855420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:20:34.534430981 CET4975555420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:20:37.564301014 CET4975555420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:20:43.580476046 CET4975555420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:20:52.333379030 CET4975655420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:20:55.347028017 CET4975655420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:21:01.347537994 CET4975655420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:21:09.444519997 CET4975955420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:21:12.457886934 CET4975955420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:21:18.474034071 CET4975955420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:21:26.655808926 CET4976055420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:21:29.662377119 CET4976055420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:21:35.678492069 CET4976055420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:21:46.271538019 CET4976155420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:21:49.273406982 CET4976155420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:21:55.275988102 CET4976155420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:22:07.603441954 CET4976255420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:22:10.614824057 CET4976255420192.168.2.7172.111.249.15
                                  Jan 12, 2021 07:22:16.646604061 CET4976255420192.168.2.7172.111.249.15

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Jan 12, 2021 07:19:18.152117968 CET5432953192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:18.200064898 CET53543298.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:18.964063883 CET5805253192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:19.011945009 CET53580528.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:19.881375074 CET5400853192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:19.937824965 CET53540088.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:21.058495998 CET5945153192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:21.106384993 CET53594518.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:22.325422049 CET5291453192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:22.373280048 CET53529148.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:23.213429928 CET6456953192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:23.264168024 CET53645698.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:24.256078005 CET5281653192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:24.304791927 CET53528168.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:26.286309004 CET5078153192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:26.342607975 CET53507818.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:27.442418098 CET5423053192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:27.490415096 CET53542308.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:28.286562920 CET5491153192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:28.337373018 CET53549118.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:29.390938044 CET4995853192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:29.438986063 CET53499588.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:30.754242897 CET5086053192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:30.802162886 CET53508608.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:35.108879089 CET5045253192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:35.160171986 CET53504528.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:37.243352890 CET5973053192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:37.302474976 CET53597308.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:40.520523071 CET5931053192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:40.580750942 CET53593108.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:40.851744890 CET5191953192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:40.902472019 CET53519198.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:42.807303905 CET6429653192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:42.868114948 CET53642968.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:48.744684935 CET5668053192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:48.792726040 CET53566808.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:54.854744911 CET5882053192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:54.915824890 CET53588208.8.8.8192.168.2.7
                                  Jan 12, 2021 07:19:58.382730007 CET6098353192.168.2.78.8.8.8
                                  Jan 12, 2021 07:19:58.441404104 CET53609838.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:06.797521114 CET4924753192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:06.857518911 CET53492478.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:07.473124981 CET5228653192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:07.529843092 CET53522868.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:10.751045942 CET5606453192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:10.811461926 CET53560648.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:15.331238031 CET6374453192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:15.387641907 CET53637448.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:18.836529016 CET6145753192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:18.921111107 CET53614578.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:19.487760067 CET5836753192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:20.192961931 CET6059953192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:20.263411999 CET53605998.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:20.547858953 CET5836753192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:20.604576111 CET53583678.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:21.196160078 CET5957153192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:21.252669096 CET53595718.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:21.264338017 CET5268953192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:21.321696043 CET53526898.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:21.808481932 CET5029053192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:21.856370926 CET53502908.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:22.473449945 CET6042753192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:22.521362066 CET53604278.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:23.164798021 CET5620953192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:23.215529919 CET53562098.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:24.170682907 CET5958253192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:24.227459908 CET53595828.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:25.426131964 CET6094953192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:25.484685898 CET53609498.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:26.502346992 CET5854253192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:26.561548948 CET53585428.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:27.169562101 CET5917953192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:27.225817919 CET53591798.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:53.947197914 CET6092753192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:53.998007059 CET53609278.8.8.8192.168.2.7
                                  Jan 12, 2021 07:20:55.887434006 CET5785453192.168.2.78.8.8.8
                                  Jan 12, 2021 07:20:55.947515965 CET53578548.8.8.8192.168.2.7
                                  Jan 12, 2021 07:21:26.595901966 CET6202653192.168.2.78.8.8.8
                                  Jan 12, 2021 07:21:26.653759003 CET53620268.8.8.8192.168.2.7
                                  Jan 12, 2021 07:21:46.213160992 CET5945353192.168.2.78.8.8.8
                                  Jan 12, 2021 07:21:46.269490004 CET53594538.8.8.8192.168.2.7
                                  Jan 12, 2021 07:22:07.541016102 CET6246853192.168.2.78.8.8.8
                                  Jan 12, 2021 07:22:07.599673986 CET53624688.8.8.8192.168.2.7

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                  Jan 12, 2021 07:19:40.520523071 CET192.168.2.78.8.8.80x3f71Standard query (0)innocentbooii.hopto.orgA (IP address)IN (0x0001)
                                  Jan 12, 2021 07:19:58.382730007 CET192.168.2.78.8.8.80x4a9bStandard query (0)innocentbooii.hopto.orgA (IP address)IN (0x0001)
                                  Jan 12, 2021 07:20:15.331238031 CET192.168.2.78.8.8.80x241bStandard query (0)innocentbooii.hopto.orgA (IP address)IN (0x0001)
                                  Jan 12, 2021 07:21:26.595901966 CET192.168.2.78.8.8.80xf9bbStandard query (0)innocentbooii.hopto.orgA (IP address)IN (0x0001)
                                  Jan 12, 2021 07:21:46.213160992 CET192.168.2.78.8.8.80x3240Standard query (0)innocentbooii.hopto.orgA (IP address)IN (0x0001)
                                  Jan 12, 2021 07:22:07.541016102 CET192.168.2.78.8.8.80xcfe2Standard query (0)innocentbooii.hopto.orgA (IP address)IN (0x0001)

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                  Jan 12, 2021 07:19:40.580750942 CET8.8.8.8192.168.2.70x3f71No error (0)innocentbooii.hopto.org172.111.249.15A (IP address)IN (0x0001)
                                  Jan 12, 2021 07:19:58.441404104 CET8.8.8.8192.168.2.70x4a9bNo error (0)innocentbooii.hopto.org172.111.249.15A (IP address)IN (0x0001)
                                  Jan 12, 2021 07:20:15.387641907 CET8.8.8.8192.168.2.70x241bNo error (0)innocentbooii.hopto.org172.111.249.15A (IP address)IN (0x0001)
                                  Jan 12, 2021 07:21:26.653759003 CET8.8.8.8192.168.2.70xf9bbNo error (0)innocentbooii.hopto.org172.111.249.15A (IP address)IN (0x0001)
                                  Jan 12, 2021 07:21:46.269490004 CET8.8.8.8192.168.2.70x3240No error (0)innocentbooii.hopto.org172.111.249.15A (IP address)IN (0x0001)
                                  Jan 12, 2021 07:22:07.599673986 CET8.8.8.8192.168.2.70xcfe2No error (0)innocentbooii.hopto.org172.111.249.15A (IP address)IN (0x0001)

                                  Code Manipulations

                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  Analysis Process: Scan002.exe.exe PID: 2960 Parent PID: 5600

                                  General

                                  Start time:07:19:21
                                  Start date:12/01/2021
                                  Path:C:\Users\user\Desktop\Scan002.exe.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\Desktop\Scan002.exe.exe'
                                  Imagebase:0x320000
                                  File size:910848 bytes
                                  MD5 hash:8E2315D05C47FEFDDDF0A686BF9E353E
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Yara matches:
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.254700153.0000000003D97000.00000004.00000001.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.254700153.0000000003D97000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.254700153.0000000003D97000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: schtasks.exe PID: 4564 Parent PID: 2960

                                  General

                                  Start time:07:19:32
                                  Start date:12/01/2021
                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp1945.tmp'
                                  Imagebase:0x12a0000
                                  File size:185856 bytes
                                  MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: conhost.exe PID: 5348 Parent PID: 4564

                                  General

                                  Start time:07:19:32
                                  Start date:12/01/2021
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff774ee0000
                                  File size:625664 bytes
                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: Scan002.exe.exe PID: 4340 Parent PID: 2960

                                  General

                                  Start time:07:19:33
                                  Start date:12/01/2021
                                  Path:C:\Users\user\Desktop\Scan002.exe.exe
                                  Wow64 process (32bit):true
                                  Commandline:{path}
                                  Imagebase:0xd30000
                                  File size:910848 bytes
                                  MD5 hash:8E2315D05C47FEFDDDF0A686BF9E353E
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Yara matches:
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000003.00000002.596528786.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000003.00000002.596528786.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 00000003.00000002.596528786.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000003.00000002.609798776.0000000005F80000.00000004.00000001.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000003.00000002.609798776.0000000005F80000.00000004.00000001.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 00000003.00000002.607959083.0000000004717000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000003.00000002.609917775.00000000060D0000.00000004.00000001.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000003.00000002.609917775.00000000060D0000.00000004.00000001.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000003.00000002.610027032.0000000006220000.00000004.00000001.sdmp, Author: Florian Roth
                                  • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000003.00000002.610027032.0000000006220000.00000004.00000001.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000003.00000002.610027032.0000000006220000.00000004.00000001.sdmp, Author: Joe Security
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: schtasks.exe PID: 4260 Parent PID: 4340

                                  General

                                  Start time:07:19:34
                                  Start date:12/01/2021
                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                  Wow64 process (32bit):true
                                  Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp8ED7.tmp'
                                  Imagebase:0x12a0000
                                  File size:185856 bytes
                                  MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: conhost.exe PID: 5412 Parent PID: 4260

                                  General

                                  Start time:07:19:35
                                  Start date:12/01/2021
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff774ee0000
                                  File size:625664 bytes
                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: schtasks.exe PID: 976 Parent PID: 4340

                                  General

                                  Start time:07:19:35
                                  Start date:12/01/2021
                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                  Wow64 process (32bit):true
                                  Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp91C6.tmp'
                                  Imagebase:0x12a0000
                                  File size:185856 bytes
                                  MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: conhost.exe PID: 4812 Parent PID: 976

                                  General

                                  Start time:07:19:35
                                  Start date:12/01/2021
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff774ee0000
                                  File size:625664 bytes
                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: Scan002.exe.exe PID: 204 Parent PID: 1104

                                  General

                                  Start time:07:19:36
                                  Start date:12/01/2021
                                  Path:C:\Users\user\Desktop\Scan002.exe.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Users\user\Desktop\Scan002.exe.exe 0
                                  Imagebase:0xa00000
                                  File size:910848 bytes
                                  MD5 hash:8E2315D05C47FEFDDDF0A686BF9E353E
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Yara matches:
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000002.278150561.0000000004427000.00000004.00000001.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000002.278150561.0000000004427000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 00000008.00000002.278150561.0000000004427000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: dhcpmon.exe PID: 5396 Parent PID: 1104

                                  General

                                  Start time:07:19:39
                                  Start date:12/01/2021
                                  Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
                                  Imagebase:0x7a0000
                                  File size:910848 bytes
                                  MD5 hash:8E2315D05C47FEFDDDF0A686BF9E353E
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Yara matches:
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000A.00000002.274234683.0000000004167000.00000004.00000001.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000A.00000002.274234683.0000000004167000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 0000000A.00000002.274234683.0000000004167000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000A.00000002.270860826.0000000002E41000.00000004.00000001.sdmp, Author: Joe Security
                                  Antivirus matches:
                                  • Detection: 100%, Joe Sandbox ML
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: schtasks.exe PID: 5876 Parent PID: 204

                                  General

                                  Start time:07:19:42
                                  Start date:12/01/2021
                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp414F.tmp'
                                  Imagebase:0x12a0000
                                  File size:185856 bytes
                                  MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: conhost.exe PID: 2160 Parent PID: 5876

                                  General

                                  Start time:07:19:43
                                  Start date:12/01/2021
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff774ee0000
                                  File size:625664 bytes
                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: Scan002.exe.exe PID: 4260 Parent PID: 204

                                  General

                                  Start time:07:19:43
                                  Start date:12/01/2021
                                  Path:C:\Users\user\Desktop\Scan002.exe.exe
                                  Wow64 process (32bit):true
                                  Commandline:{path}
                                  Imagebase:0x660000
                                  File size:910848 bytes
                                  MD5 hash:8E2315D05C47FEFDDDF0A686BF9E353E
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Yara matches:
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000D.00000002.286646772.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000D.00000002.286646772.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 0000000D.00000002.286646772.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 0000000D.00000002.287923771.0000000003D11000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000D.00000002.287850073.0000000002D11000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 0000000D.00000002.287850073.0000000002D11000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: dhcpmon.exe PID: 2160 Parent PID: 3292

                                  General

                                  Start time:07:19:47
                                  Start date:12/01/2021
                                  Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
                                  Imagebase:0xe10000
                                  File size:910848 bytes
                                  MD5 hash:8E2315D05C47FEFDDDF0A686BF9E353E
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Yara matches:
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000F.00000002.303779219.00000000047B7000.00000004.00000001.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000F.00000002.303779219.00000000047B7000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 0000000F.00000002.303779219.00000000047B7000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000F.00000002.302951058.0000000004491000.00000004.00000001.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000F.00000002.302951058.0000000004491000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 0000000F.00000002.302951058.0000000004491000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: schtasks.exe PID: 6608 Parent PID: 2160

                                  General

                                  Start time:07:19:52
                                  Start date:12/01/2021
                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UbebSiSIKndjd' /XML 'C:\Users\user\AppData\Local\Temp\tmp65AF.tmp'
                                  Imagebase:0x12a0000
                                  File size:185856 bytes
                                  MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: conhost.exe PID: 6644 Parent PID: 6608

                                  General

                                  Start time:07:19:52
                                  Start date:12/01/2021
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff774ee0000
                                  File size:625664 bytes
                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: dhcpmon.exe PID: 6712 Parent PID: 2160

                                  General

                                  Start time:07:19:53
                                  Start date:12/01/2021
                                  Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                  Wow64 process (32bit):false
                                  Commandline:{path}
                                  Imagebase:0x130000
                                  File size:910848 bytes
                                  MD5 hash:8E2315D05C47FEFDDDF0A686BF9E353E
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: dhcpmon.exe PID: 6744 Parent PID: 2160

                                  General

                                  Start time:07:19:53
                                  Start date:12/01/2021
                                  Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                  Wow64 process (32bit):false
                                  Commandline:{path}
                                  Imagebase:0x3f0000
                                  File size:910848 bytes
                                  MD5 hash:8E2315D05C47FEFDDDF0A686BF9E353E
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: dhcpmon.exe PID: 6764 Parent PID: 2160

                                  General

                                  Start time:07:19:54
                                  Start date:12/01/2021
                                  Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                  Wow64 process (32bit):true
                                  Commandline:{path}
                                  Imagebase:0xb90000
                                  File size:910848 bytes
                                  MD5 hash:8E2315D05C47FEFDDDF0A686BF9E353E
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Yara matches:
                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001B.00000002.313206635.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001B.00000002.313206635.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 0000001B.00000002.313206635.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001B.00000002.314650471.00000000043B1000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 0000001B.00000002.314650471.00000000043B1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001B.00000002.314577877.00000000033B1000.00000004.00000001.sdmp, Author: Joe Security
                                  • Rule: NanoCore, Description: unknown, Source: 0000001B.00000002.314577877.00000000033B1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>

                                  Chronological Activities

                                  Disassembly

                                  Code Analysis

                                  Reset < >

                                    Analysis Process: Scan002.exe.exe PID: 2960 Parent PID: 5600 Scan002.exe.exeCOMMON

                                    Executed Functions

                                    Function 04BD3B3F, Relevance: 6.5, Instructions: 6538COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e03f84fe24850fd0d7cc1da5a0465fb1a38c32ec2f1696c2c1350c12be170e7a
                                    • Instruction ID: 2c45705d14ba8b953ce06be7d30d644687d17656680c7844744191d3cbe90902
                                    • Opcode Fuzzy Hash: e03f84fe24850fd0d7cc1da5a0465fb1a38c32ec2f1696c2c1350c12be170e7a
                                    • Instruction Fuzzy Hash: 1FE3D934A01218DFDB65DB24C854BA9B7B2FF89304F5544E9E50DAB3A1CB72AE81CF44
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BD3B50, Relevance: 6.5, Instructions: 6529COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 640c9b8336f6878f85f9155534d8e6f932b3e5690088ace0aa5723dd6453e434
                                    • Instruction ID: e0ce91abee4e9a9ca8b878d672dfd27207d0a7860e6cac4a1a0f0f2aef8818b0
                                    • Opcode Fuzzy Hash: 640c9b8336f6878f85f9155534d8e6f932b3e5690088ace0aa5723dd6453e434
                                    • Instruction Fuzzy Hash: 2AE3D934A01218DFDB65DB24C854BA9B7B2FF89304F5544E9E50DAB3A1CB72AE81CF44
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06677B25, Relevance: 2.8, Strings: 2, Instructions: 311COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: p${
                                    • API String ID: 0-2643458128
                                    • Opcode ID: 94b2b53b7b9115fc80413a4c00035327fe3b34d114ba14d1e8621dbb8b314438
                                    • Instruction ID: 0cebc8e12aa2dd6f98623f2355c3cf4477f282618ad6d1338b6c5dd52c85f04f
                                    • Opcode Fuzzy Hash: 94b2b53b7b9115fc80413a4c00035327fe3b34d114ba14d1e8621dbb8b314438
                                    • Instruction Fuzzy Hash: C4C16C70D09219CFEBA4DF25D9587FDBBB5BB4A302F10A1A9C009A3290D7784AC5CF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BD0941, Relevance: 2.8, Instructions: 2805COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8c2440a7b933a468bde187ce5e016bf3a731561cfe8e27eecb66640a8b8aa933
                                    • Instruction ID: 6713526d9311329dd90eb49c63cb1d77fb7f3344c863a2a8d97abbf94c7eb3fd
                                    • Opcode Fuzzy Hash: 8c2440a7b933a468bde187ce5e016bf3a731561cfe8e27eecb66640a8b8aa933
                                    • Instruction Fuzzy Hash: 1553C534A002189FDB55DB24C9A4EDDB7B6FF89300F5141E9E609AB3A1CB31AE85CF45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BD0950, Relevance: 2.8, Instructions: 2798COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cd7eca8fc35435ec97a5003de02a1d77d0e66054d268ea2f3726e637db6d9a0b
                                    • Instruction ID: 624494d4ef952e49818d6f16965b856df826fb22a6ca968754ec0d972487cbbb
                                    • Opcode Fuzzy Hash: cd7eca8fc35435ec97a5003de02a1d77d0e66054d268ea2f3726e637db6d9a0b
                                    • Instruction Fuzzy Hash: 3A53B434A002189FDB55DB24C9A4EDDB7B6FF89300F5141E9E609AB3A1CB31AE85CF45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06677F75, Relevance: 2.8, Strings: 2, Instructions: 287COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: p${
                                    • API String ID: 0-2643458128
                                    • Opcode ID: 89ac52a766240f187c30a9502d33522c1bf50957f6efdaf7928fed574215f0db
                                    • Instruction ID: a6e4908d1b4ca688d09c2e2d2ee25ec1e2a8042b2291dfe16a5b8bcc3aa589f7
                                    • Opcode Fuzzy Hash: 89ac52a766240f187c30a9502d33522c1bf50957f6efdaf7928fed574215f0db
                                    • Instruction Fuzzy Hash: ADB14C70D09219CFEBA4DF25D9587FDBBB6BB4A302F1091A9C009A3250D7784AC5CF95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDB778, Relevance: 1.0, Instructions: 984COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9993b6647c294569d6b939d8084a43e707f770541d747455e0cc3d963525c85f
                                    • Instruction ID: 4c3ce9908b18dacebf02f98c9668c41eb6734bbbc5cb133bf72b975e62d99c24
                                    • Opcode Fuzzy Hash: 9993b6647c294569d6b939d8084a43e707f770541d747455e0cc3d963525c85f
                                    • Instruction Fuzzy Hash: E7B29375E00228DFDB65CF69C984BD9BBB2FF89304F1581E9D409AB265D731AA81CF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDF584, Relevance: .4, Instructions: 445COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b477f99c2c2a198eb5ecb6af2ae60992819e5b0b4d1df5313b6e1644997f536c
                                    • Instruction ID: bfc36bdbbb2b58c1e635d8ce6c17d7cb19bf74dc4d7306cb492e4b2f2e822f72
                                    • Opcode Fuzzy Hash: b477f99c2c2a198eb5ecb6af2ae60992819e5b0b4d1df5313b6e1644997f536c
                                    • Instruction Fuzzy Hash: 8922CF74A09229CFDB24CF64C854BEDBBB1BF49304F1080E9D50AAB261EB746E85DF45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDAF98, Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8cff57a9a6ce7bcdc87d07b6c01cf3e19ccd9a22085215b83c2e8b72d80d075e
                                    • Instruction ID: 59fa9fbfea75d75985748715bd16514dbdfced74ffcbca64754f807fb16f5ce0
                                    • Opcode Fuzzy Hash: 8cff57a9a6ce7bcdc87d07b6c01cf3e19ccd9a22085215b83c2e8b72d80d075e
                                    • Instruction Fuzzy Hash: B7519074E05218CFDB18CFAAD884BEDBBF2AF89300F249069D419AB294E7746945CF14
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDAF88, Relevance: .1, Instructions: 148COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c368aa8407cbc0d2a7221d8463df25ea7b57b2f093e9f7b3f00dd71011471675
                                    • Instruction ID: 646537e79f40e8e81fda06f75b12de4ae27c8e69781686ce5515dec5402e8d12
                                    • Opcode Fuzzy Hash: c368aa8407cbc0d2a7221d8463df25ea7b57b2f093e9f7b3f00dd71011471675
                                    • Instruction Fuzzy Hash: 1F519F74E05218CFDB18CFAAD884BDDBBF2BF89300F24906AD409AB295E7745945CF10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDDA80, Relevance: .1, Instructions: 130COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6b556194206ce02fc9a39d49d1f5991f27c46feb9dc66316485bec000f722350
                                    • Instruction ID: 4f5fc38374337b3760b177e3b99a80d4a4a8a3a2df741f0f3b64cce0197945c4
                                    • Opcode Fuzzy Hash: 6b556194206ce02fc9a39d49d1f5991f27c46feb9dc66316485bec000f722350
                                    • Instruction Fuzzy Hash: B0419231F052199BDB18DF6A98407AEBBFBFFC9300F14C0AAD548AB254EB305D068B55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDE2D0, Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b4d1f7a95a0dadfc4b6dfda3bb118636db4df0cdf962b8bb6eceb9f6016adc43
                                    • Instruction ID: 2a6b3931687fba1d0a78cfdc69d0b635c8a1fc42521c9d1c35e83e069db8cb8b
                                    • Opcode Fuzzy Hash: b4d1f7a95a0dadfc4b6dfda3bb118636db4df0cdf962b8bb6eceb9f6016adc43
                                    • Instruction Fuzzy Hash: F1111CB1E05B489FDB19CFABD84069EBFF7AFC9300F14C0AAC548AA255E73415458B51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDE2E0, Relevance: .0, Instructions: 47COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 236ceb7a5fa34f52bc66e63d2ab84a6511fd34971005b2306c950c4f2774e25e
                                    • Instruction ID: 348224fd39e8f99b140a1d94b1b97c96c67c202c84ca256f07c9a4ce0cb7adfb
                                    • Opcode Fuzzy Hash: 236ceb7a5fa34f52bc66e63d2ab84a6511fd34971005b2306c950c4f2774e25e
                                    • Instruction Fuzzy Hash: B311BAB1E05A099BDB18DFABD84469EFBF7AFC8300F14C0BAC508A6254EB3456458F51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E71657, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 04E71707
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: ff46b6bee4dd1d810e58a66b8f99edc25c15ce77adce5b78d33acecc0be3eb3b
                                    • Instruction ID: b7f5fa19087c84635effc547c50f615956711e3a70f201b9ff5d429af3000646
                                    • Opcode Fuzzy Hash: ff46b6bee4dd1d810e58a66b8f99edc25c15ce77adce5b78d33acecc0be3eb3b
                                    • Instruction Fuzzy Hash: 1B31A3715043846FE7228F65DC45FA6BFACEF46720F0484AEE985DB152D234A909CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E713EE, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLongPathNameW.KERNELBASE(?,?,?), ref: 04E71492
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: LongNamePath
                                    • String ID:
                                    • API String ID: 82841172-0
                                    • Opcode ID: 9b94e478943a4e9392169f7214fb87d9579c40c6e57a10adcac72333cd23aafe
                                    • Instruction ID: c5f58fbb8d2a8784ff45361a3c60a508f1e3322a67646cbb804ee23d9bc31c57
                                    • Opcode Fuzzy Hash: 9b94e478943a4e9392169f7214fb87d9579c40c6e57a10adcac72333cd23aafe
                                    • Instruction Fuzzy Hash: 3831487140E3C05FDB138B649C64AA2BFB4AF47324B0E84DBD9C49F1A3E2656809C762
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E70E96, Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetTokenInformation.KERNELBASE(?,00000E2C,E1AFE9C2,00000000,00000000,00000000,00000000), ref: 04E70F40
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: InformationToken
                                    • String ID:
                                    • API String ID: 4114910276-0
                                    • Opcode ID: 1f47fc1939b8e9dce4a4372bd043460ddd46e3dc52a284cd4687b5ce9e7a9f79
                                    • Instruction ID: bb676efa127aa0c590ac4746fe418c7bb7f46905f4be705071b1c8e7e0c49dcf
                                    • Opcode Fuzzy Hash: 1f47fc1939b8e9dce4a4372bd043460ddd46e3dc52a284cd4687b5ce9e7a9f79
                                    • Instruction Fuzzy Hash: 12319371509780AFEB228F65DC45FA6BFA8EF06314F08849BE984DB152D234A548C7B1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E70A24, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 04E70AC5
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: CreateFile
                                    • String ID:
                                    • API String ID: 823142352-0
                                    • Opcode ID: 9158682dcebc0edad92fcaef417b7b0ae63193d1d48da6d0484a620baada21e0
                                    • Instruction ID: 3e4776306b71ad97d669488bec8beba870e364f1055778ee4487e73693a77d37
                                    • Opcode Fuzzy Hash: 9158682dcebc0edad92fcaef417b7b0ae63193d1d48da6d0484a620baada21e0
                                    • Instruction Fuzzy Hash: F3319C71504380AFE722CF25DC44F66BFE8EF49224F0884AEE9848B252D375E808CB31
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E70846, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateMutexW.KERNELBASE(?,?), ref: 04E708ED
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: CreateMutex
                                    • String ID:
                                    • API String ID: 1964310414-0
                                    • Opcode ID: 4bb1e284f94ffb2e768c2b76a99c1f7d3ce0f7faea706039c5f966e047815b76
                                    • Instruction ID: 8bc57554b616407d637413bf409b9a6498ada82ef285351868e995d3eb104d56
                                    • Opcode Fuzzy Hash: 4bb1e284f94ffb2e768c2b76a99c1f7d3ce0f7faea706039c5f966e047815b76
                                    • Instruction Fuzzy Hash: 7A31BF71509780AFE722CF25DC84B56FFE8EF06314F08849AE984CB292D375A908CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E711C7, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                    Download Yara Rule
                                    APIs
                                    • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 04E71263
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: OpenPolicy
                                    • String ID:
                                    • API String ID: 2030686058-0
                                    • Opcode ID: 00dedd119d5dae0b4256f510cc008cb743ef5c4c476f9d5739e8a5222fc08c01
                                    • Instruction ID: ba4d8802b2d78cd24149e72e4ea1639d847fa0e44ca2afe01370d870f552fee5
                                    • Opcode Fuzzy Hash: 00dedd119d5dae0b4256f510cc008cb743ef5c4c476f9d5739e8a5222fc08c01
                                    • Instruction Fuzzy Hash: 57218272504784AFE721CF65DC85FA6FFA8EF49710F08849AED84DB252D235A508CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E7168A, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 04E71707
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: c9cefafbba7f20c9c62bc89797bbddcdd24841ecaf5a5ded99c2f679b0ad27a5
                                    • Instruction ID: 256baa06984503e1f2c83d2ac4954dab9f49e0fe4d16efab6dcb7bf5c026c3d9
                                    • Opcode Fuzzy Hash: c9cefafbba7f20c9c62bc89797bbddcdd24841ecaf5a5ded99c2f679b0ad27a5
                                    • Instruction Fuzzy Hash: E121B072500704AFEB218F65DC84FAAFBACEF08320F04886AE985DB251D271A5088B71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E71765, Relevance: 1.6, APIs: 1, Instructions: 78fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileW.KERNELBASE(?), ref: 04E717EC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: 107e8c0554effccc72f74fa41f0dcd8067b28194fbd67b64763568ea8bc3fd95
                                    • Instruction ID: abed3901fe2694bae6392ff0f599efa29974194982cd702022ca980bec841444
                                    • Opcode Fuzzy Hash: 107e8c0554effccc72f74fa41f0dcd8067b28194fbd67b64763568ea8bc3fd95
                                    • Instruction Fuzzy Hash: 922171755093C05FDB13CB35DC55AA2BFB49F47624F0984DADC858F263D225A908CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E70B1C, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetFileType.KERNELBASE(?,00000E2C,E1AFE9C2,00000000,00000000,00000000,00000000), ref: 04E70BB1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: FileType
                                    • String ID:
                                    • API String ID: 3081899298-0
                                    • Opcode ID: aad1bcaca4267c6c8c40604ee084a01b3c63bf061b3f8ea402f722c581245f02
                                    • Instruction ID: c019052749cb85cf67400de091a8b625c9ba612a3b666b8ccdab59fa36fba04e
                                    • Opcode Fuzzy Hash: aad1bcaca4267c6c8c40604ee084a01b3c63bf061b3f8ea402f722c581245f02
                                    • Instruction Fuzzy Hash: CD2107B64087806FE7128F26DC40BA3FFB8EF46734F0880DAE9849B153D224A909C771
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E70A46, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 04E70AC5
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: CreateFile
                                    • String ID:
                                    • API String ID: 823142352-0
                                    • Opcode ID: 974b064889883e2b499d8ea4ffa7aa8e89f9adc9c8bc5924cd4aa6e42bcedbc8
                                    • Instruction ID: cbb592dc9eb140206ba6f3d5724eb5ef45e2149d2afa8b9a6a27a417f2551615
                                    • Opcode Fuzzy Hash: 974b064889883e2b499d8ea4ffa7aa8e89f9adc9c8bc5924cd4aa6e42bcedbc8
                                    • Instruction Fuzzy Hash: 1B219A71600244AFEB21CF6ADC85B66FBE8EF08324F08846AE9858B241E371E404CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E711F2, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 04E71263
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: OpenPolicy
                                    • String ID:
                                    • API String ID: 2030686058-0
                                    • Opcode ID: 933e9cebec9505151a24f9be583bcf1cfedcba4f177a92bc457a427fbaf48dc2
                                    • Instruction ID: 07891c01cf13c3567d6c832855c67a98e8fc72856cb085ffae87bbff26a3c7ae
                                    • Opcode Fuzzy Hash: 933e9cebec9505151a24f9be583bcf1cfedcba4f177a92bc457a427fbaf48dc2
                                    • Instruction Fuzzy Hash: 5121C371600344AFEB20DF69DC85FAAFBACEF48720F04846AEE44DB241E274E4049B71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E7087A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateMutexW.KERNELBASE(?,?), ref: 04E708ED
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: CreateMutex
                                    • String ID:
                                    • API String ID: 1964310414-0
                                    • Opcode ID: 12f496a11fe04b90916903dff33c6eb20872b437b66f571242220df0539c1b2f
                                    • Instruction ID: 2e1c35d313df41d0de3f7f472d1faa7fd6aaa100fb95c7f08446855d296733ee
                                    • Opcode Fuzzy Hash: 12f496a11fe04b90916903dff33c6eb20872b437b66f571242220df0539c1b2f
                                    • Instruction Fuzzy Hash: 3A218071600244AFF720DF29DD85B66FBE8EF44324F14846AED85CB241D275E504CB75
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E70CCE, Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WriteFile.KERNELBASE(?,00000E2C,E1AFE9C2,00000000,00000000,00000000,00000000), ref: 04E70D4D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: FileWrite
                                    • String ID:
                                    • API String ID: 3934441357-0
                                    • Opcode ID: 109be4f69e5d30002cefe06a10662ba618e3aafab703a174395b79eda1288b49
                                    • Instruction ID: 2add62cefa35ce778c20f7b9d928ccd1506c5d3b9319a234605376742b6aee28
                                    • Opcode Fuzzy Hash: 109be4f69e5d30002cefe06a10662ba618e3aafab703a174395b79eda1288b49
                                    • Instruction Fuzzy Hash: 2A219272405380AFDB22CF55DC44F56FFB8EF49320F08849AE9849B152C234A408CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E71FCD, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 04E72046
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: LookupPrivilegeValue
                                    • String ID:
                                    • API String ID: 3899507212-0
                                    • Opcode ID: e4f9dbb03924c33ad222feba2ec0892edc42d2c3108d8c213d373a19ed4ff5d2
                                    • Instruction ID: 72f492a71aaea0a6274c8b4a2e92e62e9fa66d08cee3a289a867545b5694eefa
                                    • Opcode Fuzzy Hash: e4f9dbb03924c33ad222feba2ec0892edc42d2c3108d8c213d373a19ed4ff5d2
                                    • Instruction Fuzzy Hash: 9C2193B25093805FE7128F25DC44B52BFA8EF46324F0884EAED85CB253D275E808CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E70ED6, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetTokenInformation.KERNELBASE(?,00000E2C,E1AFE9C2,00000000,00000000,00000000,00000000), ref: 04E70F40
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: InformationToken
                                    • String ID:
                                    • API String ID: 4114910276-0
                                    • Opcode ID: 38240bee042bed20e7d8804a9912be8115ec02f68f479ca709222d79d8fdbcfa
                                    • Instruction ID: 851ab097ea2df7160ff7e11fbb8488340b11043de10efbbfec85c59a8e75d9a6
                                    • Opcode Fuzzy Hash: 38240bee042bed20e7d8804a9912be8115ec02f68f479ca709222d79d8fdbcfa
                                    • Instruction Fuzzy Hash: 59117271500604AFEB21CF6ADC85FAAFBECEF48720F04846AE945DB251D674A448CBB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E71A28, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04E71AA8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: MemoryProcessWrite
                                    • String ID:
                                    • API String ID: 3559483778-0
                                    • Opcode ID: 4dcd4ef7d79a1f215b4204895cb235d65a8bf914f0e1eef8739a9f0bbe3255fb
                                    • Instruction ID: 953c4c6462dadcc062a0c083093b84b67c04b56669fab05839d294340eabcf14
                                    • Opcode Fuzzy Hash: 4dcd4ef7d79a1f215b4204895cb235d65a8bf914f0e1eef8739a9f0bbe3255fb
                                    • Instruction Fuzzy Hash: 4521B0765097C09FD7128F25DC85AA6FFB4EF06324F0984DEE8C58B263D265A848DB21
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E71B89, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 04E71BFD
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 5662964b6a1e243c68e24a7f9fcff4273ff524e9621354c388edc08738894ff4
                                    • Instruction ID: 60ba83389c1f4b0af6740fde766ae02d86f48037ac7b9b281dd6ffdee674302c
                                    • Opcode Fuzzy Hash: 5662964b6a1e243c68e24a7f9fcff4273ff524e9621354c388edc08738894ff4
                                    • Instruction Fuzzy Hash: C2218C714093C09FDB238F25DC44A52FFB4EF07220F0984DAE9848F263D225A818DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E70CEE, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WriteFile.KERNELBASE(?,00000E2C,E1AFE9C2,00000000,00000000,00000000,00000000), ref: 04E70D4D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: FileWrite
                                    • String ID:
                                    • API String ID: 3934441357-0
                                    • Opcode ID: 572bb17cbf1a589443e5f2999c21718a9b77794e6971e7b10173ecc485181577
                                    • Instruction ID: 7d1768b582f9c5b356c83a37b101eafadd6ebd8e6e2960bf5d1dd15b5c0d1771
                                    • Opcode Fuzzy Hash: 572bb17cbf1a589443e5f2999c21718a9b77794e6971e7b10173ecc485181577
                                    • Instruction Fuzzy Hash: 07118271500700AFEB21DF56EC45BA6FBA8EF48720F14C46AEE499B251D275B4058B71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E71987, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                    Download Yara Rule
                                    APIs
                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04E719EC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: MemoryProcessRead
                                    • String ID:
                                    • API String ID: 1726664587-0
                                    • Opcode ID: 4c708f84f3b0659a81fcd220e68cfa4ac5c4795fc1efe5f656b3105ca71cfd0d
                                    • Instruction ID: 3d3bb3729f0c92321f32e2a69b951c48fec7e6a8df493458fd6a9efacf0be222
                                    • Opcode Fuzzy Hash: 4c708f84f3b0659a81fcd220e68cfa4ac5c4795fc1efe5f656b3105ca71cfd0d
                                    • Instruction Fuzzy Hash: C911E6765097809FDB228F15DC40A52FFB4EF06320F08C5DEED858B263C275A458DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E71E77, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 04E71EE1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: f803fc52f87d73755079233a01fa68b45b0b5b7d49cf148133aeb7ab1d7051ff
                                    • Instruction ID: ac5afce58ad9cf0c9ce524a72b4740d4a816ef5f67c8a353d0d595b73f5f7336
                                    • Opcode Fuzzy Hash: f803fc52f87d73755079233a01fa68b45b0b5b7d49cf148133aeb7ab1d7051ff
                                    • Instruction Fuzzy Hash: BD1190715097809FDB228F15DC85B52FFB4EF06324F08C4AEED858B263D275A418DB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E718E0, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SetThreadContext.KERNELBASE(?,?), ref: 04E7193F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: ContextThread
                                    • String ID:
                                    • API String ID: 1591575202-0
                                    • Opcode ID: 8ba7f3a228e7990b2be3fa72c478c795df84896fbda8c79850f5714d0da4dd8f
                                    • Instruction ID: 43e828775261463b9293786f0f4edf0f2eb14ad29de061a8ec5a0e004d058396
                                    • Opcode Fuzzy Hash: 8ba7f3a228e7990b2be3fa72c478c795df84896fbda8c79850f5714d0da4dd8f
                                    • Instruction Fuzzy Hash: 2F1191755057849FD711CF15DC85B62FFE8EF06220F0980AEED858B262D275E948CB72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E71FFE, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                    Download Yara Rule
                                    APIs
                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 04E72046
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: LookupPrivilegeValue
                                    • String ID:
                                    • API String ID: 3899507212-0
                                    • Opcode ID: 6f65cb49d679a0d2bf67075b9f7cbc825044f81dc4eaa9d38c8c82d7203ef308
                                    • Instruction ID: 65a657168274bb567df9ca67f78008d97c20e866dc70cde3968ff5e9b248c9f2
                                    • Opcode Fuzzy Hash: 6f65cb49d679a0d2bf67075b9f7cbc825044f81dc4eaa9d38c8c82d7203ef308
                                    • Instruction Fuzzy Hash: DE116171A002419FDB60CF29D885B66FBD8EF04724F08D4AAED49CB352E675E404CA71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E70B5E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetFileType.KERNELBASE(?,00000E2C,E1AFE9C2,00000000,00000000,00000000,00000000), ref: 04E70BB1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: FileType
                                    • String ID:
                                    • API String ID: 3081899298-0
                                    • Opcode ID: de0257e97e65438c00b100b019cae318a3a19f30404d6a3d04c1a2235b91fcce
                                    • Instruction ID: 6bea87f546a86bc25b1f5fa52fac167df1099c7f8591320cacfb7115c9b0c07f
                                    • Opcode Fuzzy Hash: de0257e97e65438c00b100b019cae318a3a19f30404d6a3d04c1a2235b91fcce
                                    • Instruction Fuzzy Hash: 8401D271504604AFE720DF1ADC85FA6FB98DF48724F14C0AAED489B241D274B5448AB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E71A62, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04E71AA8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: MemoryProcessWrite
                                    • String ID:
                                    • API String ID: 3559483778-0
                                    • Opcode ID: 78405ae950514fa85d0fb19f07775e152b92b856b34716a04a860ebf6ff0f35b
                                    • Instruction ID: 836072d2795c398bb176387ca94abafb8733aa08e155db5d73ac8e05b9a9d61a
                                    • Opcode Fuzzy Hash: 78405ae950514fa85d0fb19f07775e152b92b856b34716a04a860ebf6ff0f35b
                                    • Instruction Fuzzy Hash: 3F015B356007409FDB208F1AD884BA6FBA4EF08720F08C5AAED858B751E271E458DA61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E717B2, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileW.KERNELBASE(?), ref: 04E717EC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: 2259b8aed9a38f45109c3321174a6171fa72aab443f7207c18c55eed70b7abcb
                                    • Instruction ID: 835c486b35078a87e1e2fe56a41852b91ce676878d8b3523f2272a2cc05df28b
                                    • Opcode Fuzzy Hash: 2259b8aed9a38f45109c3321174a6171fa72aab443f7207c18c55eed70b7abcb
                                    • Instruction Fuzzy Hash: 4701B571A043408FEB10CF2AE8857A6FBE4EF05230F08D4AADC45CB741D278E404CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E71902, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SetThreadContext.KERNELBASE(?,?), ref: 04E7193F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: ContextThread
                                    • String ID:
                                    • API String ID: 1591575202-0
                                    • Opcode ID: 9f941db5911cb6b4693c7e54ca34c4eeb57c0bde0f29ad3ec3e709626c94616d
                                    • Instruction ID: 0746095ccd8d9adea54f727428111964c25336aa6acadbde015f8745bf96da84
                                    • Opcode Fuzzy Hash: 9f941db5911cb6b4693c7e54ca34c4eeb57c0bde0f29ad3ec3e709626c94616d
                                    • Instruction Fuzzy Hash: 970171356007408FDB20CF1AD884BA6FBE4EF08730F08C4AADD868B356E275E545CA61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E719AE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04E719EC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: MemoryProcessRead
                                    • String ID:
                                    • API String ID: 1726664587-0
                                    • Opcode ID: b2ae3103d9f762f44fad767fe2087ee8092f02f938f0fad3af99b3a1722ea473
                                    • Instruction ID: 3cd666352cac514b8078680f203fcf07ca0fe926ffce96a83749f413513de8f4
                                    • Opcode Fuzzy Hash: b2ae3103d9f762f44fad767fe2087ee8092f02f938f0fad3af99b3a1722ea473
                                    • Instruction Fuzzy Hash: 980192315047409FDB208F56D844B65FBA4EF08720F08C59EDD858B756D271E419DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E71EA6, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 04E71EE1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 8bc68de8382fde55d48d7c9bd11a434c3b7cb9fbbd5e05768547585718264de3
                                    • Instruction ID: 7efe5c5674e6b1e28a7f7d6f7dffae5280435650fa54ad0095299fc3f862ae7f
                                    • Opcode Fuzzy Hash: 8bc68de8382fde55d48d7c9bd11a434c3b7cb9fbbd5e05768547585718264de3
                                    • Instruction Fuzzy Hash: DF017C356047409FDB208F1AE884B66FBA4EF08330F08C4AEED858B752D375A458DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E7145A, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLongPathNameW.KERNELBASE(?,?,?), ref: 04E71492
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: LongNamePath
                                    • String ID:
                                    • API String ID: 82841172-0
                                    • Opcode ID: 231d917270b0e896cd28923b0c615ef3cb3d4e98022b3195be4c154179ae2cf1
                                    • Instruction ID: 2fbc847492a3e5e32be92885d8f55f9ff24af1a7211c9dcee635e519d9398fd1
                                    • Opcode Fuzzy Hash: 231d917270b0e896cd28923b0c615ef3cb3d4e98022b3195be4c154179ae2cf1
                                    • Instruction Fuzzy Hash: BE017C719043409FDB20CF55E884BA5FBA4EF48320F08C4AADD498B352E275A408CB72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04E71BC2, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 04E71BFD
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255933334.0000000004E70000.00000040.00000001.sdmp, Offset: 04E70000, based on PE: false
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 5171151335ba1c9361f41da9523700404cf04fd377067cad9685700ca17152d6
                                    • Instruction ID: 5c38b8cffea92a0148ce9da703578e62d2064ad14a3ee4928656ccf663ac6da2
                                    • Opcode Fuzzy Hash: 5171151335ba1c9361f41da9523700404cf04fd377067cad9685700ca17152d6
                                    • Instruction Fuzzy Hash: 2C018B35900740DFDB208F46E884B65FFA4EF48320F08C49AED894B312D376A458DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06675A25, Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: g?
                                    • API String ID: 0-3708011170
                                    • Opcode ID: 27c6026f44e2506ecdb94d475933ccd420e5f1ef4e7cffc2005325635e7512cd
                                    • Instruction ID: 502e8d33f5f900aa4b91e8e2990b9243c5dcae6f5ff0f3f9d43dc29d515c6e07
                                    • Opcode Fuzzy Hash: 27c6026f44e2506ecdb94d475933ccd420e5f1ef4e7cffc2005325635e7512cd
                                    • Instruction Fuzzy Hash: DF517E34A002469FCB14EB79C894BAEBBB2FF85310F1441A9E5169B3A5CF319C41CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06675A70, Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: g?
                                    • API String ID: 0-3708011170
                                    • Opcode ID: 21c9f7786f6c1834ea9eadf20eca6c1f3530ab97ff17c3b1df1d0d15ef0b353f
                                    • Instruction ID: ab0ee7edd6b6124c039ebd452aaa10b30495ea26e934a07b55f9d6dc48c1bf8a
                                    • Opcode Fuzzy Hash: 21c9f7786f6c1834ea9eadf20eca6c1f3530ab97ff17c3b1df1d0d15ef0b353f
                                    • Instruction Fuzzy Hash: 11514A34A0050A9FCB54DB69C894BAEB7F2BF88710F2441A9E5169B3A4CF31AC41CB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06676D8A, Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: ]
                                    • API String ID: 0-3352871620
                                    • Opcode ID: 7f29d1ac813f63d94efd0c97126a76214806732b527a4150d0728c7429249234
                                    • Instruction ID: ed81c6d3c9da44b12f24590b021d90bcd9099ea86427ab24eea036513600a0fc
                                    • Opcode Fuzzy Hash: 7f29d1ac813f63d94efd0c97126a76214806732b527a4150d0728c7429249234
                                    • Instruction Fuzzy Hash: AC118C34E1CA1CCFDB90CB68C8407ADB779AF46314F219199C41DE7342D6304A528F91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BD00B9, Relevance: .5, Instructions: 517COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9b8707d8f4d9870c7eaf0c8daacdcbbdbb6c0d99e2e62c2b5a3faec31d46e514
                                    • Instruction ID: f9e6386b3cb54f7f86c8997e2f398228d789d893c70cb703ddb97e90d8c16052
                                    • Opcode Fuzzy Hash: 9b8707d8f4d9870c7eaf0c8daacdcbbdbb6c0d99e2e62c2b5a3faec31d46e514
                                    • Instruction Fuzzy Hash: EC42A274A01218CFCBA5DF68C890BDDBBB6BF49310F1481A9E909A7361DB31AD85CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BD00C8, Relevance: .5, Instructions: 510COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ea90a2c1fda9201bccb9aac3467b67cca3f698aa347695688f985aa04919d455
                                    • Instruction ID: 244751ba7066cb25ad3f451aa7749a96caa6f1d867b55ed8acd4008ee79f93fa
                                    • Opcode Fuzzy Hash: ea90a2c1fda9201bccb9aac3467b67cca3f698aa347695688f985aa04919d455
                                    • Instruction Fuzzy Hash: 6F429374A01218CFCBA4DF68C890BDDBBB6BF49310F5481A9E909A7361DB31AD85CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06670843, Relevance: .3, Instructions: 278COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 592a75181147a4d6f26d33c88c708d94e7a7cc4de16bc033ff5dd493b7c43549
                                    • Instruction ID: 93ab3954ca5ba7963205200560df4bd369b39df4ec812efdf269fa542ef6b543
                                    • Opcode Fuzzy Hash: 592a75181147a4d6f26d33c88c708d94e7a7cc4de16bc033ff5dd493b7c43549
                                    • Instruction Fuzzy Hash: CEC16B70801204CFEB40DF58D584A9CFBB1FB06358F19C196D4159B7AAD374E886CFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06670895, Relevance: .3, Instructions: 274COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 60d23a0f630e4ed4158a24d96a6d0a37ac01f80e09cfe7482219870c81bb1911
                                    • Instruction ID: 32ac6aee61f88e893da1ddcbc282e1f947a2e6e98ff46a4f1dc4ddd05c7173d5
                                    • Opcode Fuzzy Hash: 60d23a0f630e4ed4158a24d96a6d0a37ac01f80e09cfe7482219870c81bb1911
                                    • Instruction Fuzzy Hash: E1C17870800608CFEB40DF58D584A9CFBB1FB06358F29C196D415AB7AAD374E886CFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 066708C4, Relevance: .3, Instructions: 264COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 58e48e0d523715da38305e6cf0aff6bc2eda436fa3be0967c7e64fdf661f09bd
                                    • Instruction ID: 03bc4074fbd889df7180aa159e99b7457dfe73eff03ff9f7e15316b43f3b8406
                                    • Opcode Fuzzy Hash: 58e48e0d523715da38305e6cf0aff6bc2eda436fa3be0967c7e64fdf661f09bd
                                    • Instruction Fuzzy Hash: F5C16B70801208CFEB40DF98D584A9CFBB1FB06358F59C196D415AB7AAD374E886CFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDDC41, Relevance: .2, Instructions: 215COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f65238e0a5d75b2ca41022c1f738a193576563ad22e2f26a892de07a5a38485a
                                    • Instruction ID: 9fb0b8be27266209ffd048d96723863e6bcef3d046d7156473205c702efba568
                                    • Opcode Fuzzy Hash: f65238e0a5d75b2ca41022c1f738a193576563ad22e2f26a892de07a5a38485a
                                    • Instruction Fuzzy Hash: DC9114B4E01268CFEB64DFA4C884BEDBBB6FB49300F1085E9D149AB245E7746984DF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06678BD4, Relevance: .2, Instructions: 169COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 58d4de7bccf0d7cb187196956c2b2ce5505cf9542c394c7e5c66338c327f817e
                                    • Instruction ID: a95eb9048ecdcd3ce7326c30fa306d6473cfe03bcf1f3c9f6fe3e84c09e939c0
                                    • Opcode Fuzzy Hash: 58d4de7bccf0d7cb187196956c2b2ce5505cf9542c394c7e5c66338c327f817e
                                    • Instruction Fuzzy Hash: 6E71D674D06218DFEBA0DF64C954BADBAB6BF86304F1080E9840A67391DB354E85CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06670070, Relevance: .1, Instructions: 148COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0e2b6cc1351bdfec241fd34b5ede517983b0a07390d542ef5e4f4f1816a0804e
                                    • Instruction ID: 51a5650c6f79298ab1ed6fc2636b75a66a56acb007774b98f68351fda2516093
                                    • Opcode Fuzzy Hash: 0e2b6cc1351bdfec241fd34b5ede517983b0a07390d542ef5e4f4f1816a0804e
                                    • Instruction Fuzzy Hash: 625125B0D09208EFEB94CFE9D4847EDBBF5BB49318F10905AE415A3251D7345A96CFA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDB268, Relevance: .1, Instructions: 142COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6293082a67528af73af1145153c880a092f770ded346e6448d99fd36fda92f34
                                    • Instruction ID: 9a493ebd3b7199eb140b8a9b4705502f9869d96c0a805a1a97580bef1e65ba14
                                    • Opcode Fuzzy Hash: 6293082a67528af73af1145153c880a092f770ded346e6448d99fd36fda92f34
                                    • Instruction Fuzzy Hash: BD51E6B4E05209DFDB04DFA5D9986EEBBB2FF88300F2081A9D506A7354EB346942CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDB260, Relevance: .1, Instructions: 142COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4b28192175e4e8009f0b3d43e1c6b5068475d6cfa849c0229a83ccbb5491f5e2
                                    • Instruction ID: 88ae54e66457910f2dd50895f5241500f5e8a267a4abeca12f87b6b4b2a2500b
                                    • Opcode Fuzzy Hash: 4b28192175e4e8009f0b3d43e1c6b5068475d6cfa849c0229a83ccbb5491f5e2
                                    • Instruction Fuzzy Hash: FF51E7B4E05209DFDB04DFA5D9986DEBBB2FF88300F2081A9D506A7354EB346946CF14
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BD39A0, Relevance: .1, Instructions: 133COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 080e84ac864b449fd527eb348e9fc327f399f8f2c8c6f05c52e49ddf2c702797
                                    • Instruction ID: ed57ed2cb04392baf69db9164b926fdcf5284b5f76718ea80f8d3f9bbb780a82
                                    • Opcode Fuzzy Hash: 080e84ac864b449fd527eb348e9fc327f399f8f2c8c6f05c52e49ddf2c702797
                                    • Instruction Fuzzy Hash: 3351C774E00219DFCB04DFA8C854AEDBBB2FF89311F1490A9E505AB265DB356946CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BD3990, Relevance: .1, Instructions: 126COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fdd25a45afef93972a0aa3f21edde16d97762410c1f0624d199e081c86838576
                                    • Instruction ID: fcdc38d357980a93b467a3e3e5e97f61c5670b5f574e1812e4c943804b7a8e47
                                    • Opcode Fuzzy Hash: fdd25a45afef93972a0aa3f21edde16d97762410c1f0624d199e081c86838576
                                    • Instruction Fuzzy Hash: 2041D331A01258CFDB15CF74C8A8AEDBBB2FF8A310F0451EAE4046B2A2C7356946CF45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 066700AC, Relevance: .1, Instructions: 104COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fb8381b7b1fe100ee85d0f9045feea6a195a6326094efb715df963c7c7a2c25f
                                    • Instruction ID: 6b6c1b26c6132add18a6e9b2010a22d503dea07e62a7852bc938daea09bc1158
                                    • Opcode Fuzzy Hash: fb8381b7b1fe100ee85d0f9045feea6a195a6326094efb715df963c7c7a2c25f
                                    • Instruction Fuzzy Hash: E14129B5D09248DFDB81CFE8D884BDCBBF5AF0A308F14909AE445A7252D7345A95CF60
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06672F30, Relevance: .1, Instructions: 101COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2fcd052d268eec1344ebad8b3927a036c1f862bc06dad5a001cc5ba413ff535c
                                    • Instruction ID: 703dc9e2a0e78e0c79cd805385fc1a8eed7c49b24ca5167dd1de5e25e07976a0
                                    • Opcode Fuzzy Hash: 2fcd052d268eec1344ebad8b3927a036c1f862bc06dad5a001cc5ba413ff535c
                                    • Instruction Fuzzy Hash: D341F874D01209DFDB18DFA5D9906EEBBB2FF89300F208569D405673A4DB355A42CF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06672F40, Relevance: .1, Instructions: 99COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b6ea31402905f589ce5078422ef2ccdbc2a9d127580290f12e1cd4a617fe4b9b
                                    • Instruction ID: 21e5c3f9bf3e3e2f1efc89e8fb242c0ad28b8216688a75aa1c683d9cef88a352
                                    • Opcode Fuzzy Hash: b6ea31402905f589ce5078422ef2ccdbc2a9d127580290f12e1cd4a617fe4b9b
                                    • Instruction Fuzzy Hash: 4541D674E01209DFCB18DFA9D590AAEBBB2FF88300F208529D80567364DB359E42CF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDC938, Relevance: .1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 30901373359c7f4b31908b639774dbb2fd34dd975f1ce017a9ac08bc318f1c78
                                    • Instruction ID: 56033d49d20af9ccdb79e902706e1ecb04854f9ee91b377a28fee25103e55568
                                    • Opcode Fuzzy Hash: 30901373359c7f4b31908b639774dbb2fd34dd975f1ce017a9ac08bc318f1c78
                                    • Instruction Fuzzy Hash: 53410674E05209DFCB09DFA8D5946EEBBF2FB89300F2080A9D555A7398EB346941DF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDC934, Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c87773cad262ea14db131a5b2069b071440618af063f46c4124309eefc9cfaa4
                                    • Instruction ID: c4006860ce32ffcda7137900b0f0ff3b153507c0fa8394d84c933ab5147922e0
                                    • Opcode Fuzzy Hash: c87773cad262ea14db131a5b2069b071440618af063f46c4124309eefc9cfaa4
                                    • Instruction Fuzzy Hash: BB3107B4E05209DFCB09DFA9D588AEEBBF2FB49300F2080A9D545A7398E7385941DF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDABA0, Relevance: .1, Instructions: 86COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 841e63d08d4d198a19ba54383094440726c1805ef32362309bda973075fd9ea5
                                    • Instruction ID: e5304472dad69d041ce970943edd15135da6214342d16168f4c5c9987c518d67
                                    • Opcode Fuzzy Hash: 841e63d08d4d198a19ba54383094440726c1805ef32362309bda973075fd9ea5
                                    • Instruction Fuzzy Hash: C3311835A01108AFCB05DFB8D854AEDBBB2FF8E300F1580A9E505AB2B1DB31A915CF11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDABB0, Relevance: .1, Instructions: 80COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e4b68e71704247cab80fc59fad3f6687b90af7638b15696bc6150d6b66011642
                                    • Instruction ID: 81907daa0c895675179abf77522d3e920debcf28604a52942f030e9157b55508
                                    • Opcode Fuzzy Hash: e4b68e71704247cab80fc59fad3f6687b90af7638b15696bc6150d6b66011642
                                    • Instruction Fuzzy Hash: 57310635A01108AFCB44DFA8D894EEDBBB2FF8D310F258069E505AB2A0DB31A910CF55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDAD57, Relevance: .1, Instructions: 77COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e2329d8afbae707e91c5d308a871931ef4e270e91804bf891e1b3c8a3dd3fc2c
                                    • Instruction ID: 35cfc56e07d41485020e3c61e963a86fd9a60f1092a69a9bfc9f2c53c8c12c62
                                    • Opcode Fuzzy Hash: e2329d8afbae707e91c5d308a871931ef4e270e91804bf891e1b3c8a3dd3fc2c
                                    • Instruction Fuzzy Hash: C931B274E01208DFDB08DFB9D584A9DBBF2EF88305F1480AAD805A73A5DB359A42DF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 066715FA, Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1c76af3bec815c6882b0ba2bc3795aae75449d77bbf20725e068ad51b6c0f836
                                    • Instruction ID: 9725ee41c1c7772dd48c27e940d74c87b1475cbb86eab3c91defdda481361bb5
                                    • Opcode Fuzzy Hash: 1c76af3bec815c6882b0ba2bc3795aae75449d77bbf20725e068ad51b6c0f836
                                    • Instruction Fuzzy Hash: F021CF3490628AAFCB10DBA4EC44ADEBFB5EF46304F148686F544A7202D7309A45CBF2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDAD68, Relevance: .1, Instructions: 73COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 643f90db071c5cc8c4d29257cd9a02a57725c63571b3e336fc25a1a81679d4e1
                                    • Instruction ID: 4c1010a39fc3fe9653d54d85bed68cf73c05c54d0d846e55e345e4db9042e218
                                    • Opcode Fuzzy Hash: 643f90db071c5cc8c4d29257cd9a02a57725c63571b3e336fc25a1a81679d4e1
                                    • Instruction Fuzzy Hash: 5A31A274E00208DFDB08DFA9D584A9DBBF2EF88305F1480A9D805A7365DB359A41CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDED88, Relevance: .1, Instructions: 69COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 22efd6b94f81dec0e46caf9ce70d3d1052578804a9c1aad0978cc772557220cd
                                    • Instruction ID: 2b36cf8ef254409a578079d30c36673db81f077344839df3d80ee5bfe3ce3075
                                    • Opcode Fuzzy Hash: 22efd6b94f81dec0e46caf9ce70d3d1052578804a9c1aad0978cc772557220cd
                                    • Instruction Fuzzy Hash: 0F217C74D0520A9FCB54EFA8D881AADBBF2FF88300F2081A9D505A7395EB355A06CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0272075C, Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.251392772.0000000002720000.00000040.00000040.sdmp, Offset: 02720000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c1dc5037a24f2627246410588723529eb3b89897d436680a001f67162d4fcb01
                                    • Instruction ID: d994ee888881c6b5021bda3fed6cbb9096a6ad2eaeeaf54606ba3e25bdcc1275
                                    • Opcode Fuzzy Hash: c1dc5037a24f2627246410588723529eb3b89897d436680a001f67162d4fcb01
                                    • Instruction Fuzzy Hash: 56110634204285DFDB15CB14D980B26BB95EB98B18F28C5ADE8491B753C77BD807CE61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDE35C, Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b9d4095c7f5a92002c21c3aff7505b6829281cb4f04fd553cadf784d86333949
                                    • Instruction ID: 55df5abdbeb2bb90238f03f1ec8ff39d81b7e39bdc50de5bb38c899fc5dd5492
                                    • Opcode Fuzzy Hash: b9d4095c7f5a92002c21c3aff7505b6829281cb4f04fd553cadf784d86333949
                                    • Instruction Fuzzy Hash: C611DA71E05A09DBDB18CFABD8406AEBBF7BFC8300F14C0BAD509A6215EB3456458F51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDEDB0, Relevance: .1, Instructions: 54COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 69e6a2d8b53aac6cd5e1c95d82ed7919566371b5a01a4d26625393d335a5fd31
                                    • Instruction ID: 5f9152bcc9ed633d3799ef1be4ad994fd56a841692eaf30a20b0f00663a6b53c
                                    • Opcode Fuzzy Hash: 69e6a2d8b53aac6cd5e1c95d82ed7919566371b5a01a4d26625393d335a5fd31
                                    • Instruction Fuzzy Hash: EA211774E0020ADFCB44EFA9D881AAEBBF6FF88300F108169D505A7354DB306A46CF90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BD0016, Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 57707a15cb90f16a162dab476d852437315184b19d6ceccfbe924552f63298bd
                                    • Instruction ID: ad71c8a863b702e95322e4a684bf9857010c33a04f6f4e271d32fbc25f5611ec
                                    • Opcode Fuzzy Hash: 57707a15cb90f16a162dab476d852437315184b19d6ceccfbe924552f63298bd
                                    • Instruction Fuzzy Hash: 850188A194E3C5EFD747A77058365AD7F709F03200F0A45EBC4859B1E3E6281A14C72B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 02720738, Relevance: .1, Instructions: 52COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.251392772.0000000002720000.00000040.00000040.sdmp, Offset: 02720000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dd0b591d617172d7ec03d4fe9e9b953e3865a206dd7ecc482270241ca3b5f3f4
                                    • Instruction ID: df74e334e66c23b678baa9ff68e0b8edfa0386e505bd1eb56de162503d1beff9
                                    • Opcode Fuzzy Hash: dd0b591d617172d7ec03d4fe9e9b953e3865a206dd7ecc482270241ca3b5f3f4
                                    • Instruction Fuzzy Hash: 8C217F355093C19FD707CB24C950B15BFA1EF5A708F2985DAD8885B6A3C33A981BCB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDE366, Relevance: .1, Instructions: 51COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e947814d1544845ba86579573e4bf62b35a54185eb4fca4f20cb63f32639b3ca
                                    • Instruction ID: 87abd59060946a855ddab50fe1bb17c9138482743cb387cfa178c9a10ff1893f
                                    • Opcode Fuzzy Hash: e947814d1544845ba86579573e4bf62b35a54185eb4fca4f20cb63f32639b3ca
                                    • Instruction Fuzzy Hash: 1711B9B1E05609DBDB48CFABD8406AEBBF7BFC9300F14C0AAD509AA214E73456458F10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 027205CF, Relevance: .0, Instructions: 44COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.251392772.0000000002720000.00000040.00000040.sdmp, Offset: 02720000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0555e6b70d1e5811b855994d9ddf0e282ea05bd3019bba6b4f43592e635696f7
                                    • Instruction ID: 2158a1f223ffeacc02cacad65da7d62a97e2b2d8ee1fa08c3fb8df507f1f211f
                                    • Opcode Fuzzy Hash: 0555e6b70d1e5811b855994d9ddf0e282ea05bd3019bba6b4f43592e635696f7
                                    • Instruction Fuzzy Hash: 9501AEB55097905FD7518F16EC44862FFFCDE86630749C0EFEC498B611D1256909CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDE384, Relevance: .0, Instructions: 39COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8ad3508eb708fc920846c885dd4c7d4e0fbafe7a97b81f0c7207e035755f44d2
                                    • Instruction ID: 86781c539f6c4a60a7f3247b2b3f93a1786e618c41ed54e14b44a1ba3aa5464d
                                    • Opcode Fuzzy Hash: 8ad3508eb708fc920846c885dd4c7d4e0fbafe7a97b81f0c7207e035755f44d2
                                    • Instruction Fuzzy Hash: A401E570E05A09CFDB54CFAAC4846ADBBF6AB89310F10D0A9D509AB250E73455458F51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06671650, Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 07995be20821a4063bf23ae9a2e410efc944bb164d5e2b23dbe9f77f63c0dbda
                                    • Instruction ID: 8f1d980933262b0340862020e29a69d84aab017ff4a392619ac196373dd74091
                                    • Opcode Fuzzy Hash: 07995be20821a4063bf23ae9a2e410efc944bb164d5e2b23dbe9f77f63c0dbda
                                    • Instruction Fuzzy Hash: 8301EC74D0020EDFCB14EFA8D54569DFBB1FF44304F14819A9915A7354DB305A41CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 02720818, Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.251392772.0000000002720000.00000040.00000040.sdmp, Offset: 02720000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c3f6f7c96804cda76668e35a3bbcf86681c06fe62140db942cdcb6afdd34f29c
                                    • Instruction ID: 4def39e0708dbc3b418d65bc330828b9689694f87bd3e620992762125836ef31
                                    • Opcode Fuzzy Hash: c3f6f7c96804cda76668e35a3bbcf86681c06fe62140db942cdcb6afdd34f29c
                                    • Instruction Fuzzy Hash: 16F0FB35104645DFC606CF40D940B16FBA6EB89718F24C6A9E9491B762C3379813DA91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 027205F6, Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.251392772.0000000002720000.00000040.00000040.sdmp, Offset: 02720000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d4e44985d7c17dc01012664c8d941f4263ec7d33570d4b76facda108a33c0bc6
                                    • Instruction ID: ea2ce0ac88835fd2597affdb92e20b0c45ea51b4c694c0f2236440ee7dbfc431
                                    • Opcode Fuzzy Hash: d4e44985d7c17dc01012664c8d941f4263ec7d33570d4b76facda108a33c0bc6
                                    • Instruction Fuzzy Hash: 46E092766006004BD750DF0BEC81466F7D8EB88630718C07FDC0D8B700E135B504CEA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDCAC0, Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fd82fed1248b0791a3c7ac723410a0d068fde73e85eb8c502a95fa0798de80ca
                                    • Instruction ID: ba03b67d5427ec5c8339b900b54ec80bd50e10556d0e2c81bb022793557d1935
                                    • Opcode Fuzzy Hash: fd82fed1248b0791a3c7ac723410a0d068fde73e85eb8c502a95fa0798de80ca
                                    • Instruction Fuzzy Hash: E4F08234909248AFC701CBA4D85298CFFB4EB45304F2480EED84497352CA355A12CB96
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDCBA7, Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 77cd5c1e5e4f8fa657496e9f57a9c61b903952dfba87609c7965cc6c270f2820
                                    • Instruction ID: 0d8243b295548063aef60dec27311d66d4d746fd8977b6be9a126fd14c06e762
                                    • Opcode Fuzzy Hash: 77cd5c1e5e4f8fa657496e9f57a9c61b903952dfba87609c7965cc6c270f2820
                                    • Instruction Fuzzy Hash: 81F0F234904208AFCB45DFA8D885A98BBB4EB44300F14C2EA98595B385DB32AA52CB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDE402, Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e9e79b0a2f07491dc1ffb2dab71dabca8897af123ce3f807bec2be1e7a04d147
                                    • Instruction ID: fb7f578778c13f4da5e9529134d3835e6dbb4368d9e1f805748e84eb7f300232
                                    • Opcode Fuzzy Hash: e9e79b0a2f07491dc1ffb2dab71dabca8897af123ce3f807bec2be1e7a04d147
                                    • Instruction Fuzzy Hash: 37E0E578D086888FDB02CFB8D0544EEBBF4AF1E311B14909AD416EB251E6349A05DF25
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BD0070, Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dd056892d2b3fc64357fb4695b2adf4ff5ad66c78a408743dba998c40a69b4a2
                                    • Instruction ID: b23a4b977fcb8825b20b0d2b70ef931bcf180973e2f9ac58d96d829adfe7f769
                                    • Opcode Fuzzy Hash: dd056892d2b3fc64357fb4695b2adf4ff5ad66c78a408743dba998c40a69b4a2
                                    • Instruction Fuzzy Hash: F0E0CD7098220CDBC74CF7B4D52257E7764DB43340F1018AC9405632D0DE75AE20C66D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDD568, Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b5fb5bf4a6413f7d9ec8d7eb290bebe47274d3900ee88aced4a44ab55c742968
                                    • Instruction ID: 5f09d774fc7103a7d1c95f6e1dbdd9bb4d3251c6692ea6da1c264092a2c2c41b
                                    • Opcode Fuzzy Hash: b5fb5bf4a6413f7d9ec8d7eb290bebe47274d3900ee88aced4a44ab55c742968
                                    • Instruction Fuzzy Hash: 78E09230D0A388AFC706DBB8D8555DCBF70EB0A300F1481FAC884973A2C6340941CB56
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDC8E1, Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 82c38cae465869dd67af7a6ad6940090255e5cd40fa62143ced13db534d33a59
                                    • Instruction ID: 56946bf3722bc9ecf8054f92d0d7afd028377d58e1703048b028de605a837f11
                                    • Opcode Fuzzy Hash: 82c38cae465869dd67af7a6ad6940090255e5cd40fa62143ced13db534d33a59
                                    • Instruction Fuzzy Hash: 05E06D3080A388AFD706DFB8D82959CBF70EB06300F1581EBC884973A2C6341955CB86
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06679DD8, Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 80449d4bbf78df797e3dfbe49f37e94b1be261513b3a7298914c051d128829f3
                                    • Instruction ID: bd2ffe9cf672354305b364b11bbe5b09f8a07c4d7268e12f674b4c5937b835e3
                                    • Opcode Fuzzy Hash: 80449d4bbf78df797e3dfbe49f37e94b1be261513b3a7298914c051d128829f3
                                    • Instruction Fuzzy Hash: 95E08630D11208DFC714EF64E5956ADBB75EB06301F105155C90523380D7705E51CF48
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDB1D8, Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 448a239a46fd8f7a9b64a9217aeeb2acdcf0a9c2cf733865f007c10e8e47a59b
                                    • Instruction ID: 2e0485843d31e5fae0e326848b772d71b4d44a0eb3c4a508824094176d70f261
                                    • Opcode Fuzzy Hash: 448a239a46fd8f7a9b64a9217aeeb2acdcf0a9c2cf733865f007c10e8e47a59b
                                    • Instruction Fuzzy Hash: 4FE04F35905208EFCB09DFE8D544AADBFB1FF4A301F1091EAE8446B360C7719A64DB66
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDD528, Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1989ae9d1b614050306b39131edf62018287f2c880f2380c78c2f5515aea8135
                                    • Instruction ID: f26a3274de3e8a384d69726193959736675613e93278f13a9992472624d9d6eb
                                    • Opcode Fuzzy Hash: 1989ae9d1b614050306b39131edf62018287f2c880f2380c78c2f5515aea8135
                                    • Instruction Fuzzy Hash: 56E0DF3080B295DFC705DBB8C54528CBF30DF06308F1042EFC8409A6A6C635991ACB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDC871, Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2392e7410f9bbbfddeffe407059d1f82b5752a940c7968f699086ee6d9e17b9f
                                    • Instruction ID: ef39e45391d2efdf882c3d89476a0fc70aa6d863d7ed4518bf52139180de9479
                                    • Opcode Fuzzy Hash: 2392e7410f9bbbfddeffe407059d1f82b5752a940c7968f699086ee6d9e17b9f
                                    • Instruction Fuzzy Hash: 7FE092344092449FC705DBA4D86056DBFB09B42305F2480DECC8457392CA365956C752
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDE1C7, Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e8254624100d0bcee14b740f3e460bec26118a8286670b72f7f088ca7dc1801c
                                    • Instruction ID: 0ecff5843c1c2c8f5a82a3018d6149f071b30d598204675e66af5577fd3a3c5e
                                    • Opcode Fuzzy Hash: e8254624100d0bcee14b740f3e460bec26118a8286670b72f7f088ca7dc1801c
                                    • Instruction Fuzzy Hash: EEE03970D092089FCB05DFA8D45069CBFB1EB49300F2481EAC80897391D6369A56CB45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDB1E0, Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 01dd8bad69aeba316e0dff112b54865558226d3b1f080991ccce46c46086e818
                                    • Instruction ID: 52d2f8cd905667b449c3db2c3183bd6305c38cadece0e91c4f428ca90d6f6593
                                    • Opcode Fuzzy Hash: 01dd8bad69aeba316e0dff112b54865558226d3b1f080991ccce46c46086e818
                                    • Instruction Fuzzy Hash: A2E04F34901208EFCB04DF94D504A9DBFB1EB4A301F1081A5E84417350C7716A64DB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDE293, Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 16c8add6bc73ccfe394cf0df5060a976ff461fdd3121e004a678214bb0987cfa
                                    • Instruction ID: 429c42cd9c8519c2b3c353424f160d7d11e8b68a6d4c8ebdc9f1b348ae5c7c75
                                    • Opcode Fuzzy Hash: 16c8add6bc73ccfe394cf0df5060a976ff461fdd3121e004a678214bb0987cfa
                                    • Instruction Fuzzy Hash: DCE01A70D01208EFCB05DFA8D58499DBBB1EB48301F1080EED8049B354D7359A51DF88
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDE298, Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: da74a0ddcf18f0a25300a7aca9f9e189a918c4c9b50c279b266008aeadf9f86d
                                    • Instruction ID: 7276feb18d486331ffeb89c57531fee4c4977a55b7ca9f2501b7248beac48d2f
                                    • Opcode Fuzzy Hash: da74a0ddcf18f0a25300a7aca9f9e189a918c4c9b50c279b266008aeadf9f86d
                                    • Instruction Fuzzy Hash: 71E0B674D0120CEBCB14DFA8D58499DBBB5EB48301F2081EADC146B354DB35AA91DB99
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDC8F0, Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: de945dbef7643530c9e0d47c1a6f616972dd72ed0955a9091d45a00e5a25cfcb
                                    • Instruction ID: e6c562587ed5464f179b242366713dfdd14ac7897348c837266a4181f54d672b
                                    • Opcode Fuzzy Hash: de945dbef7643530c9e0d47c1a6f616972dd72ed0955a9091d45a00e5a25cfcb
                                    • Instruction Fuzzy Hash: 8FE0E274D0120CEBDB44EFE8E949A9DBBB4EB44300F2081EADC0863354DA342A95DB99
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDCC20, Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a64e6f97eb0bb0127971004e635d7cb49b2db049d36ba851d622d13c433814e0
                                    • Instruction ID: 89154e6b21b42fd011cf48c9897b86e68de3da0c9dd4aa87aed806c85ff35297
                                    • Opcode Fuzzy Hash: a64e6f97eb0bb0127971004e635d7cb49b2db049d36ba851d622d13c433814e0
                                    • Instruction Fuzzy Hash: 12E08C30C05208DFCB04DBB8E54958DBF70EB06302F6082EEC80563294E7310941CB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDD578, Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7d108fcf69cebeca889d96dca30783bfad83496248caa3b9a5d7fb75ddd057f9
                                    • Instruction ID: 5b28cb4d2bb6075750bde66d2c0e247b12504a71dbf0d01124668cbcc82e05e5
                                    • Opcode Fuzzy Hash: 7d108fcf69cebeca889d96dca30783bfad83496248caa3b9a5d7fb75ddd057f9
                                    • Instruction Fuzzy Hash: 37E0E274D01208EBCB04EFE8E949A9DBBB8EB48304F2081EAD80463350DB342A51CB99
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDD2B9, Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2eb8404059b1461e2ab69b488b59e17ae2593c651181b159ce7bf01767bc2a2a
                                    • Instruction ID: 2a520358fc2da481ca39260b3cde87d6b71d56b3f5e40b104c6854aef6623d84
                                    • Opcode Fuzzy Hash: 2eb8404059b1461e2ab69b488b59e17ae2593c651181b159ce7bf01767bc2a2a
                                    • Instruction Fuzzy Hash: FFD05E1400E7C54FE35727A06D213657FE44B83306F1904DFD9C98A1E3ED681968C367
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDACB0, Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 94c0810910645f03651ca798f4858fbf939830a5043286c4d8ba63c89f3e3ef1
                                    • Instruction ID: 1e42f3cb1500dd6323b4fb3dafbbc5cb5a97e8e00e34a3165da442a3b6e21f9c
                                    • Opcode Fuzzy Hash: 94c0810910645f03651ca798f4858fbf939830a5043286c4d8ba63c89f3e3ef1
                                    • Instruction Fuzzy Hash: 67D0A735842500CFC305DBE4E9547A97B30D70A307F0854D9D408A32A0E2708521C715
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0667805D, Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2931dc96f204245c09c1e8fe62ba76b2928fdede528d20da59f1feaea672b79c
                                    • Instruction ID: c5ddd237be415e0258d2103485e9b0bd288c7fe9193c26ddd2530961d8f268a4
                                    • Opcode Fuzzy Hash: 2931dc96f204245c09c1e8fe62ba76b2928fdede528d20da59f1feaea672b79c
                                    • Instruction Fuzzy Hash: 93C04C35D4E409EFDB904A98A5480F8B33DEA8B221F1461A6D71E9700692225A369ED8
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDD538, Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: edbe85ac875b9ad41bfda2e5e7bf98dfe4b9853e0362c002b7dd079f9a96d5ad
                                    • Instruction ID: 71caefec7137ece0c806303e74b5d91e34ba5bdc6e3aa94e3bf60974ada23b56
                                    • Opcode Fuzzy Hash: edbe85ac875b9ad41bfda2e5e7bf98dfe4b9853e0362c002b7dd079f9a96d5ad
                                    • Instruction Fuzzy Hash: 2AD05E74802209DBC704EFF8D54569CBB74EB00309F2000E9C80427354EB35AA54CB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDCC28, Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3d705e2f7b40ecbddffd3ab4ee5b305b5eb3941b6a3b188857b12a6fa0dd00c1
                                    • Instruction ID: 1dd7c9f0ad8e378ec5c03595a0bd4191a729b3f5ca3fe994028b7a9bb8ae8503
                                    • Opcode Fuzzy Hash: 3d705e2f7b40ecbddffd3ab4ee5b305b5eb3941b6a3b188857b12a6fa0dd00c1
                                    • Instruction Fuzzy Hash: 2ED05E30C0120CEBCB44EFE8E94969DBFB4EB05301F1041E9DC0463350EB302A50CB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDACB8, Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2aa7ae35b91f60fd5ac3de09a4f5ee99bff19be1da50f1c37001605a6449a76c
                                    • Instruction ID: 5ed62fbc894a48e28eebbd9c03ac4acc47c38e65266170904a73142f783efc5d
                                    • Opcode Fuzzy Hash: 2aa7ae35b91f60fd5ac3de09a4f5ee99bff19be1da50f1c37001605a6449a76c
                                    • Instruction Fuzzy Hash: 1FC012708112089BC204EBA5A80876ABB68D746712F1055A5940852390E6B1552087A9
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDB491, Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5696b90c40d96d625bf84b25439fd8ba445658964f85ff5d97fb7a3c89ce21e9
                                    • Instruction ID: 9d5369549eb3465cb41e579fc738bb8a853de7c851f54b26da669c98f8bf0747
                                    • Opcode Fuzzy Hash: 5696b90c40d96d625bf84b25439fd8ba445658964f85ff5d97fb7a3c89ce21e9
                                    • Instruction Fuzzy Hash: C5D0A93440120E87C324EF98A9897E87718EB0030EF6200949B0C0B052DF34285ECBBD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06676BFA, Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 480aa96114562c96f6ec2fbb4f68e2306a3c5087a042908c228829068cdea043
                                    • Instruction ID: 38905cbee2ed58253e684d08014e1fb236124607ad25c922f45d23df8a259d2d
                                    • Opcode Fuzzy Hash: 480aa96114562c96f6ec2fbb4f68e2306a3c5087a042908c228829068cdea043
                                    • Instruction Fuzzy Hash: 70E0E6709086158FCBD09F38C455268B675FF05314F5041E5951CAA256DB3249428F45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDACEC, Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b45043ea14127e1466c7c0cf99046fd90313642e38c2479eb13656f68cebc43a
                                    • Instruction ID: 94e11040b720d72f8e97ad6bbff264a8835a25bf47d9ec0aa505547c326c5323
                                    • Opcode Fuzzy Hash: b45043ea14127e1466c7c0cf99046fd90313642e38c2479eb13656f68cebc43a
                                    • Instruction Fuzzy Hash: 2CC08C30501000CAC208ABD8F9083F67B64E34B307F405462E00D921E0C3F19420C7AD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDACF0, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 32e685572f0783fa4fa1fc39804bde8b24205dfe4ae4885e2a3f8d69a95e9e47
                                    • Instruction ID: 7554a28aae5bb29fe34b34d6836f20d03d10cbbf951465e820a88df9b37fd9ac
                                    • Opcode Fuzzy Hash: 32e685572f0783fa4fa1fc39804bde8b24205dfe4ae4885e2a3f8d69a95e9e47
                                    • Instruction Fuzzy Hash: 76C09B3044160886C21867D4B90C376B758D747706F505471950D125E196F5E571C6AD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDB4A0, Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1f2e8df5a5108ef9938e7dd642b840d64be0b665185fce8ad88ebade655c2660
                                    • Instruction ID: 2c0657b13cfb99736edce44b7560b004640da56738b974fc9afa5ba67bb1b4c7
                                    • Opcode Fuzzy Hash: 1f2e8df5a5108ef9938e7dd642b840d64be0b665185fce8ad88ebade655c2660
                                    • Instruction Fuzzy Hash: B0C02B3000121847C218ABD8780C374724CD30030EF100040CB0D021A0CE383458C6BD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDD2C8, Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b316e967c9e078b074fcbbf5407382f3383fb4bbb9de0b054b8122bcfa8a4b56
                                    • Instruction ID: 31f5337f6e9beabd7ddddab30e8d324908cbc51ac325e9d8617503b330bda8d4
                                    • Opcode Fuzzy Hash: b316e967c9e078b074fcbbf5407382f3383fb4bbb9de0b054b8122bcfa8a4b56
                                    • Instruction Fuzzy Hash: C0B09B1404650D42F59876D5A504774B2CC4741709F5440D59E0D565A09D7474A481AD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDD850, Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7e9513fb84ed511f986b11db38c604ea5c2f03d7aa07709ecf658315b0831d07
                                    • Instruction ID: e5c37d991140afe7a49c5c2ef897538090be5e319ce9510fedeb23d99a376127
                                    • Opcode Fuzzy Hash: 7e9513fb84ed511f986b11db38c604ea5c2f03d7aa07709ecf658315b0831d07
                                    • Instruction Fuzzy Hash: 16C01238A05108EFC700CB80D85859CF7B4EF04300F10C081DC4517315E73099069B40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 04BDB770, Relevance: .2, Instructions: 235COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e735daf8fd24f19813e68431dd9a3a7aa21a959a366f7082b4f3a9f743a20400
                                    • Instruction ID: 107aafce8fce0935eec3ed752b0de1ed50b7ef5df03d67a35f72062821a5a4c0
                                    • Opcode Fuzzy Hash: e735daf8fd24f19813e68431dd9a3a7aa21a959a366f7082b4f3a9f743a20400
                                    • Instruction Fuzzy Hash: 74B15275E01658CFDB68CF6AC954ADDBBF2AF89301F14C1E9D809AB364DB305A858F40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDB4C1, Relevance: .2, Instructions: 159COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 911628e6fb69cfbf06940b19bf192ae6063e4698e4d782a2f14d99bb174fdbed
                                    • Instruction ID: 43e6b0d4db01e7d0968abefe2a5dc10b230f595da339d8a8e86826b1b320ea6c
                                    • Opcode Fuzzy Hash: 911628e6fb69cfbf06940b19bf192ae6063e4698e4d782a2f14d99bb174fdbed
                                    • Instruction Fuzzy Hash: D3610D70E10609CFD748EFAAE99179ABBF2FBC9304F15C029D1089B268EB701847CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDB4D0, Relevance: .2, Instructions: 156COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 698b04d89d91fa75cff9daa31af4916a1d92308d3ef8d83f10a464229f539520
                                    • Instruction ID: 15885d8470c8c7c56d38c553e9ef295b6e6686cb9738e7920a7e301606abfa33
                                    • Opcode Fuzzy Hash: 698b04d89d91fa75cff9daa31af4916a1d92308d3ef8d83f10a464229f539520
                                    • Instruction Fuzzy Hash: 1861FC70E10609CFD748EFAAE99179ABBF3FBC9304F15C029D5089B268EB711946CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 066707B8, Relevance: .1, Instructions: 58COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: db1252544809c95f9b26941bb289d0708eda018c07a09a743323602202bc1730
                                    • Instruction ID: 8d063fc36b472e9f4ea652b3f39464374dda8f37cd8bda55402176fbc912d0e6
                                    • Opcode Fuzzy Hash: db1252544809c95f9b26941bb289d0708eda018c07a09a743323602202bc1730
                                    • Instruction Fuzzy Hash: D611FBB1D056489BEB48CFABE84059EFFF7AFC9200F18D06AD404A7254D63046528BA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 04BDDB40, Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.255776439.0000000004BD0000.00000040.00000001.sdmp, Offset: 04BD0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7d294b0ba601f0badc0c27a2b2c22757ab8ed4068702f61dc48cc8469ff3917f
                                    • Instruction ID: da2720431372f5a7eb20b120057abaca8390199272e8798d2690329b555cd942
                                    • Opcode Fuzzy Hash: 7d294b0ba601f0badc0c27a2b2c22757ab8ed4068702f61dc48cc8469ff3917f
                                    • Instruction Fuzzy Hash: 4911EC75E056189BEB18CFABD94079EFAF3AFC9300F18C0BAD548A6264EB3009458F11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 066707C8, Relevance: .1, Instructions: 52COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.264159381.0000000006670000.00000040.00000001.sdmp, Offset: 06670000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a42b24092a376ba8ac6bfb1ae8d40bb3c39f8851b749151e5cb16b37973bcdba
                                    • Instruction ID: 2b0588488558a3d6a21fc6b44a94dbd9985229a6a1ae6ae16b6c2741eb9b3436
                                    • Opcode Fuzzy Hash: a42b24092a376ba8ac6bfb1ae8d40bb3c39f8851b749151e5cb16b37973bcdba
                                    • Instruction Fuzzy Hash: F3118AB1E056089BEB4CCFABD9405AEFAF7AFC9300F18D03AD915B6214EB3055528E94
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Analysis Process: Scan002.exe.exe PID: 4340 Parent PID: 2960 Scan002.exe.exeCOMMON

                                    Executed Functions

                                    Function 032DB748, Relevance: 2.1, Strings: 1, Instructions: 899COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: r
                                    • API String ID: 0-1812594589
                                    • Opcode ID: 71b9579bf8ad9f36c3401aa9c22fa9c58965265fa273c36741498fb0fc1e6bf7
                                    • Instruction ID: ace91612456743a3a944d1ff8351ea000ed39968b2a6f2ff41e127e66c2b4600
                                    • Opcode Fuzzy Hash: 71b9579bf8ad9f36c3401aa9c22fa9c58965265fa273c36741498fb0fc1e6bf7
                                    • Instruction Fuzzy Hash: C5826971A1061ACFCB14CF68C484AAEFBF6FF88310F258569D41AAB655D730E981CF94
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03342AF6, Relevance: 1.6, APIs: 1, Instructions: 79networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • bind.WS2_32(?,00000E2C,616C73E6,00000000,00000000,00000000,00000000), ref: 03342B87
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: bind
                                    • String ID:
                                    • API String ID: 1187836755-0
                                    • Opcode ID: 9a52837aa1c1190beb9fd17fd0020f27221418f7efa27dd150042ce21b6f48ce
                                    • Instruction ID: 23df551194ff8467ea628b6d5a8015edbd7d65fc0c2168c8a27edfe94f1d1afe
                                    • Opcode Fuzzy Hash: 9a52837aa1c1190beb9fd17fd0020f27221418f7efa27dd150042ce21b6f48ce
                                    • Instruction Fuzzy Hash: 9D2181715093846FD712CF25DC85F96BFA8EF46210F0884EBE984DB192D264A908CB72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0334146F, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                    Download Yara Rule
                                    APIs
                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 033414EF
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: AdjustPrivilegesToken
                                    • String ID:
                                    • API String ID: 2874748243-0
                                    • Opcode ID: 085224933f2c505d36b73ba97e2df9fb8ce427bd2d1348957ab43f5bf768233a
                                    • Instruction ID: 093c7c903760f916b2a2dd5f8d9484ca612403687970bbce0c3e4aa72aa7bda8
                                    • Opcode Fuzzy Hash: 085224933f2c505d36b73ba97e2df9fb8ce427bd2d1348957ab43f5bf768233a
                                    • Instruction Fuzzy Hash: 8421B1765097849FDB12CF25DC80B52BFF8EF06210F0885DAE9858B163D235A848CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033418AB, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • NtQuerySystemInformation.NTDLL ref: 03341921
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: InformationQuerySystem
                                    • String ID:
                                    • API String ID: 3562636166-0
                                    • Opcode ID: afba5878bcf963e4ba2c6f7a20f72ee683f0bf65386c46142fb2e5c9ae63240f
                                    • Instruction ID: 64460c99195c1880c7c52168ee47bad937e75dbc9171b474269f6efe1b3fe123
                                    • Opcode Fuzzy Hash: afba5878bcf963e4ba2c6f7a20f72ee683f0bf65386c46142fb2e5c9ae63240f
                                    • Instruction Fuzzy Hash: AA21A17580D7C09FDB238B21DC81A51FFB4EF16214F0D80DBE9854B1A3D265A909DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03342B26, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • bind.WS2_32(?,00000E2C,616C73E6,00000000,00000000,00000000,00000000), ref: 03342B87
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: bind
                                    • String ID:
                                    • API String ID: 1187836755-0
                                    • Opcode ID: ea5d7be88a288827cb00e7d99013e08f7645c4f63f7940a48b75688aeea736b9
                                    • Instruction ID: b99721a0aec2996b72bb78a34f13818ede45c0655f8f208f49ecaa7ddc419896
                                    • Opcode Fuzzy Hash: ea5d7be88a288827cb00e7d99013e08f7645c4f63f7940a48b75688aeea736b9
                                    • Instruction Fuzzy Hash: 7B116071504204AFEB20CF56DC85FA7FBDCEF44721F1888AAED49DB241D674A404CAB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033415F1, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 0334165D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: InformationProcess
                                    • String ID:
                                    • API String ID: 1801817001-0
                                    • Opcode ID: 6264a835d319cbc46cda80bb3242ad830cc75fd1e04477e13895c1ae8433a05a
                                    • Instruction ID: 99c5ec98d4d7f1e5da26b4f334e5e0c5e30f63b33f1be12d6adc31e7a7265cf6
                                    • Opcode Fuzzy Hash: 6264a835d319cbc46cda80bb3242ad830cc75fd1e04477e13895c1ae8433a05a
                                    • Instruction Fuzzy Hash: AB118E724097C09FDB228F15DC85A52FFB4EF06314F0D84DAED848B163D275A908CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033414A6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 033414EF
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: AdjustPrivilegesToken
                                    • String ID:
                                    • API String ID: 2874748243-0
                                    • Opcode ID: 341c49c1ba939eda9d9e3ad9f3ea18d777be90ea449d966541453fab33670a2b
                                    • Instruction ID: 8de63c589089bc12c275fda86e9bc74b9ce1fd70ec108d481a8e7539c7f113b6
                                    • Opcode Fuzzy Hash: 341c49c1ba939eda9d9e3ad9f3ea18d777be90ea449d966541453fab33670a2b
                                    • Instruction Fuzzy Hash: 95115E359007049FDB20CF56E884B66FBE8EF04620F08C4AAED4A8B651D375E458CF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 0151AFEA
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: NameUser
                                    • String ID:
                                    • API String ID: 2645101109-0
                                    • Opcode ID: 2e863e3f70f1f3a5f73ac35be109afdc99c8373048ef395d2b21229ae4dd4fb7
                                    • Instruction ID: 821df2a9e6d16ee34ec9429e3b75a01423dec76dc2d9fea3f86472ce458f7b90
                                    • Opcode Fuzzy Hash: 2e863e3f70f1f3a5f73ac35be109afdc99c8373048ef395d2b21229ae4dd4fb7
                                    • Instruction Fuzzy Hash: 5D016275500600ABD720DF1ADC86B26FBA8FB88B20F14815AED085B741D275F915CBE6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033416CA, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetSystemInfo.KERNELBASE(?), ref: 033416FC
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: InfoSystem
                                    • String ID:
                                    • API String ID: 31276548-0
                                    • Opcode ID: 99b731f25e0fed7ac611553f8a954a03f7e008445572598c00dc4aced7edb69f
                                    • Instruction ID: f9d32cbe091663edcf48692a5111db1c4e95100aefe59c06ec00260ab5929a7d
                                    • Opcode Fuzzy Hash: 99b731f25e0fed7ac611553f8a954a03f7e008445572598c00dc4aced7edb69f
                                    • Instruction Fuzzy Hash: 1A01AD349046448FDB20CF15E985766FFE8EF04621F08C4AADD498F602D279A448CEA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03341622, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 0334165D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: InformationProcess
                                    • String ID:
                                    • API String ID: 1801817001-0
                                    • Opcode ID: 7f8380cd042513d139c36801e1e38ca65ea6b59390996f11ede7df4245b30a55
                                    • Instruction ID: 73c57856945a9442cc29b32feb0fd03723e0d1225acb1b5d7b6fbf622fc6b5c5
                                    • Opcode Fuzzy Hash: 7f8380cd042513d139c36801e1e38ca65ea6b59390996f11ede7df4245b30a55
                                    • Instruction Fuzzy Hash: F9017835904A409FDB20CF05E884B61FBE4EF08720F0CC49ADD894A616C2BAE458CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033418E6, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • NtQuerySystemInformation.NTDLL ref: 03341921
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: InformationQuerySystem
                                    • String ID:
                                    • API String ID: 3562636166-0
                                    • Opcode ID: 7f8380cd042513d139c36801e1e38ca65ea6b59390996f11ede7df4245b30a55
                                    • Instruction ID: 895a31eeb7989022ecc45a22d1d2b61d5bba012ff65334afd09cf28b50305572
                                    • Opcode Fuzzy Hash: 7f8380cd042513d139c36801e1e38ca65ea6b59390996f11ede7df4245b30a55
                                    • Instruction Fuzzy Hash: 46017835904644DFDB20CF16E884B65FBE4EF08720F08C4AADD8A4A612D375E458DBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D23A0, Relevance: .5, Instructions: 505COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 35b41949d445fe9a1915873c816110706856fd266b23974282707c13cc809887
                                    • Instruction ID: ab6c578371925e00aee987e5f1922c36ca884a31054b8a31e55aa994677e8afb
                                    • Opcode Fuzzy Hash: 35b41949d445fe9a1915873c816110706856fd266b23974282707c13cc809887
                                    • Instruction Fuzzy Hash: 8B12AD70A24316CFC728CF69C5806ADBBF2FF89304F298969D4269B355DBB49C85CB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D8E78, Relevance: .5, Instructions: 505COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5261f24636e9917a83d150138748b9ce0ebc374a41fae7c776eb8b85afcbedb9
                                    • Instruction ID: 65aa22a7b63d5f9d17cd4f6f19b6ac34c1ee9a9aaee869f5a211d21ebf91baca
                                    • Opcode Fuzzy Hash: 5261f24636e9917a83d150138748b9ce0ebc374a41fae7c776eb8b85afcbedb9
                                    • Instruction Fuzzy Hash: B2128B30E2461ADFCB14CF69D48466DBBF2FB88305F698569E416DB294DB78D881CF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D2FA8, Relevance: .2, Instructions: 239COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0e62b503cacadcbcb11ab98a94ff2c5cad0306215fb3285966249bcda170fade
                                    • Instruction ID: 3badcca74b5c4ed3d6f437980b15ec6ce6e52f6d4671a794fab6afc3a9c7db60
                                    • Opcode Fuzzy Hash: 0e62b503cacadcbcb11ab98a94ff2c5cad0306215fb3285966249bcda170fade
                                    • Instruction Fuzzy Hash: BF81CF36F111169BD714DB68D884AAEB7F3AFC8310F2A8075E405EB369DE70DC418B91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D9A78, Relevance: .2, Instructions: 239COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7cbbecb7ae1e487a95b19bfb772f6b3e8384c00311ea032d93784ed7f5742bfa
                                    • Instruction ID: 258c759501fa57bb4d0af58378284a6a1721d98430d3d5d5b2e2900360329c72
                                    • Opcode Fuzzy Hash: 7cbbecb7ae1e487a95b19bfb772f6b3e8384c00311ea032d93784ed7f5742bfa
                                    • Instruction Fuzzy Hash: 65818E32F111169BDB14DB69D884A6EB7F3AFC8310F2A8065E405EB369DF71DC818B90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D9B3F, Relevance: .2, Instructions: 179COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5732740445d6dc547808dea9756b73efd54e4e2f65e7cda3e8f0c06b6353654b
                                    • Instruction ID: ad252cfdaee9f6c3a08120dabc7716b02f7df9777ebd1bcece30890930a1cef9
                                    • Opcode Fuzzy Hash: 5732740445d6dc547808dea9756b73efd54e4e2f65e7cda3e8f0c06b6353654b
                                    • Instruction Fuzzy Hash: E1518C72F115168BD714DB69C984A5EF7F3AFC8210F2A8174E409EB369DE30DD818B80
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D86B1, Relevance: .0, Instructions: 39COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2f991ea9d0300697740f5f8f6bbb0c47452dd8f3258794a9b0b4d91c4f1ca496
                                    • Instruction ID: 9331fbb4dbcc181fbe0409bed3f299eb73bb95f08ce202aa1a67af3b867e48e1
                                    • Opcode Fuzzy Hash: 2f991ea9d0300697740f5f8f6bbb0c47452dd8f3258794a9b0b4d91c4f1ca496
                                    • Instruction Fuzzy Hash: 8B018638C12204CFC714DFA0E558B6DBF71EB4E301F20A055D61A63284DB385D44DF44
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151AF50, Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 0151AFEA
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: NameUser
                                    • String ID:
                                    • API String ID: 2645101109-0
                                    • Opcode ID: ea7c780853c2272e3fc2c2748f70240a8321d7d161338aaede25ba8b254ebc26
                                    • Instruction ID: 80a5eba0fb1bf45a6e2300ce4609fce66cfba861d1b2b29b5236be63e130a064
                                    • Opcode Fuzzy Hash: ea7c780853c2272e3fc2c2748f70240a8321d7d161338aaede25ba8b254ebc26
                                    • Instruction Fuzzy Hash: 6041A6755093809FD7138F25DC45B62BFB4EF46624F0980DBEC88CF693D225A919CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03342908, Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                    Download Yara Rule
                                    APIs
                                    • getaddrinfo.WS2_32(?,00000E2C), ref: 033429EB
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: getaddrinfo
                                    • String ID:
                                    • API String ID: 300660673-0
                                    • Opcode ID: 1d45eef4b3c8a2ebcbc37728bad8160db3508afd517b1a2c08720152d2a8f8c7
                                    • Instruction ID: cb895e5b7f8f531a921c9f356ffae2cf4a8cbc686ee539aecd6b73d6cc42b98b
                                    • Opcode Fuzzy Hash: 1d45eef4b3c8a2ebcbc37728bad8160db3508afd517b1a2c08720152d2a8f8c7
                                    • Instruction Fuzzy Hash: DF31E4B2504340AFE7228F21DC85FA6BFACEF45714F14899AF9849B182D274A949CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03341F4B, Relevance: 1.6, APIs: 1, Instructions: 102networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: Socket
                                    • String ID:
                                    • API String ID: 38366605-0
                                    • Opcode ID: a50b3ee8cd1e6b0799e558fe76182fe4e0ef3498c1730544343b412814f18808
                                    • Instruction ID: bb0a9e5fd7d38e4613b2365a9b34ed2a909ccdc976aa9f83f9270151c00d57c5
                                    • Opcode Fuzzy Hash: a50b3ee8cd1e6b0799e558fe76182fe4e0ef3498c1730544343b412814f18808
                                    • Instruction Fuzzy Hash: 15317E7150D7C0AFD7238B65DC54B56BFF4EF06210F0989DBE9848B1A3C265A849CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03341A2C, Relevance: 1.6, APIs: 1, Instructions: 101registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 03341AFE
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: 802b9604e9d399c6f185c543a2dff9e334ab2313bbb185947716e726822754eb
                                    • Instruction ID: 2a94f2f42257d77cd993b1828b4b10de3db07fbc0c69b88bc5add47ed9e4761c
                                    • Opcode Fuzzy Hash: 802b9604e9d399c6f185c543a2dff9e334ab2313bbb185947716e726822754eb
                                    • Instruction Fuzzy Hash: BA31586540E3C05FD3138B319C61B61BFB4EF47624F0A84CBE8848B5A3D169691AD7B2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03340F68, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 0334100B
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 78f3c8e6a333b860b36e67985f2f91113abe8ba08c8d8cfbb29937a254cb5764
                                    • Instruction ID: 670641e9ef299cb7e38b7d986813b1eccad1beb7ede9de7f3a2b2c0cecfdcebd
                                    • Opcode Fuzzy Hash: 78f3c8e6a333b860b36e67985f2f91113abe8ba08c8d8cfbb29937a254cb5764
                                    • Instruction Fuzzy Hash: 0931A172504784AFEB228F65DC44F67BFECEF45710F0888AEE985DB152D224A909CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03340390, Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0334045E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: 2a7345df210dde9a6fe09c2eb1f7f48fc4cf0c02ecfd1794245545a570eae3e8
                                    • Instruction ID: 0fe83f13f0e78126ac101cfa83d8647e8011f8929b4225ba7ca6a390d9fff12f
                                    • Opcode Fuzzy Hash: 2a7345df210dde9a6fe09c2eb1f7f48fc4cf0c02ecfd1794245545a570eae3e8
                                    • Instruction Fuzzy Hash: E831C472108344AFE7228F21DC41FA6FFA8EF05714F08859EF9858B192D3A5A949CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03342CBF, Relevance: 1.6, APIs: 1, Instructions: 92windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 03342D7E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: FormatMessage
                                    • String ID:
                                    • API String ID: 1306739567-0
                                    • Opcode ID: 8c4192008ff124576d386dc1c9e869b480ae3ab3587f32d7f4c775860c622b52
                                    • Instruction ID: e4e254cfeb1f39f6350a283d44859a6f4468840cde09539d9be6b954d8c22ab9
                                    • Opcode Fuzzy Hash: 8c4192008ff124576d386dc1c9e869b480ae3ab3587f32d7f4c775860c622b52
                                    • Instruction Fuzzy Hash: F8316D7150E3C45FD7139B358C65A66BFB4EF87610F1A80CBD8848F1A3E624A909C7A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033407F4, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 03340899
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: CreateFile
                                    • String ID:
                                    • API String ID: 823142352-0
                                    • Opcode ID: 346ad6a04be369e054f9fe5898b93c68e8da6d98d5a9b8ae2554cff8e8763174
                                    • Instruction ID: db3d8b829d182ade0d402f75fac9d5783dc9fa042a9ddce76160fd2eb77cfa8a
                                    • Opcode Fuzzy Hash: 346ad6a04be369e054f9fe5898b93c68e8da6d98d5a9b8ae2554cff8e8763174
                                    • Instruction Fuzzy Hash: 04316CB1504384AFE722CF25DD84F66FFE8EF45610F0884AEE9858B252D365E809CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0151AAB1
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: fd37f8cbce1ef081b185bc59b42274d070172888b05cd9522eb1fb4a272ebb74
                                    • Instruction ID: 83521cc1b55b5010ef7c42065f6acb3bca53a3e37c9bda116155a58392b10092
                                    • Opcode Fuzzy Hash: fd37f8cbce1ef081b185bc59b42274d070172888b05cd9522eb1fb4a272ebb74
                                    • Instruction Fuzzy Hash: F631D6725043846FE7228F25CC45F67BFECEF05710F08849AED858B152D264E949C771
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03341069, Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetExitCodeProcess.KERNELBASE(?,00000E2C,616C73E6,00000000,00000000,00000000,00000000), ref: 0334110C
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: CodeExitProcess
                                    • String ID:
                                    • API String ID: 3861947596-0
                                    • Opcode ID: f9aa5b8bac2b637d4a7d4805b09cbfc9dc9f845c7b1f52a8d5bfc9f66ea8b84d
                                    • Instruction ID: 2a0de264da3dffc5fb7cd8cb0fdf0301e80c213729f8160ae0ef1411d77e87d2
                                    • Opcode Fuzzy Hash: f9aa5b8bac2b637d4a7d4805b09cbfc9dc9f845c7b1f52a8d5bfc9f66ea8b84d
                                    • Instruction Fuzzy Hash: 1331D6715097805FEB12CB25DC95BA6BFA8DF06610F0984DAE984CF193D224A948C771
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033401F4, Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 03340264
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: ChangeCloseFindNotification
                                    • String ID:
                                    • API String ID: 2591292051-0
                                    • Opcode ID: f1c6ab491f4733df473df0e52ea1713708bba23e7dd6f347a54bb102ee369d3c
                                    • Instruction ID: 016d607d413b235d3c576cef9698525ffa6971a98b70e44101511635b2f64eed
                                    • Opcode Fuzzy Hash: f1c6ab491f4733df473df0e52ea1713708bba23e7dd6f347a54bb102ee369d3c
                                    • Instruction Fuzzy Hash: 5831D1769097849FD715CF15EC85BA5FFA8EF46320F0880EBDD448B292D335A908CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033400F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateMutexW.KERNELBASE(?,?), ref: 0334019D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: CreateMutex
                                    • String ID:
                                    • API String ID: 1964310414-0
                                    • Opcode ID: ceae10285ed2f11e261c9e432b1855a5a6a3745a3ad82bd030473a8072ca1c3e
                                    • Instruction ID: 7bd69fd2f4cd8b40ed60cb7a5a19f9630076d2fdc557a1fb4f05a2001be0e8b1
                                    • Opcode Fuzzy Hash: ceae10285ed2f11e261c9e432b1855a5a6a3745a3ad82bd030473a8072ca1c3e
                                    • Instruction Fuzzy Hash: CE319375509780AFE722CB25DC85B56FFE8EF06210F18849AE984CB292D375A908C761
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E2C,616C73E6,00000000,00000000,00000000,00000000), ref: 0151ABB4
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: 107d75af7ea4be5d6e5a7449dcf5b9f2d7f4fe4e33025cac71ba1a1313589ea1
                                    • Instruction ID: ca6ec7ba08d5735c70f9efdcea08f121d9e14321e2905d1c7bfd7a2168ece9e4
                                    • Opcode Fuzzy Hash: 107d75af7ea4be5d6e5a7449dcf5b9f2d7f4fe4e33025cac71ba1a1313589ea1
                                    • Instruction Fuzzy Hash: 713193755093C46FE722CB25CC45FA6BFE8EF06710F08889AE985CB153D264E548CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0334249C, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: FileView
                                    • String ID:
                                    • API String ID: 3314676101-0
                                    • Opcode ID: 2aa697c499c86e3e9cbd2e7782f117a49091b2126c64315519b612da7fa60810
                                    • Instruction ID: 1790258ea55e7ec9d15067acf61a8b662fb14481e501ea5c3d7d84ab9ef7b4dc
                                    • Opcode Fuzzy Hash: 2aa697c499c86e3e9cbd2e7782f117a49091b2126c64315519b612da7fa60810
                                    • Instruction Fuzzy Hash: 8A31B372404784AFE722CB15DC85F56FFF8EF05320F08859EE9849B152D365A909CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033421FE, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                    Download Yara Rule
                                    APIs
                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 0334229B
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: DescriptorSecurity$ConvertString
                                    • String ID:
                                    • API String ID: 3907675253-0
                                    • Opcode ID: b94484366972ba6d99bc8d138b29a5c29c5b74a855116fed1df5dc9efa31046d
                                    • Instruction ID: 827774706859e9f7df0c602ed3db5928cf7d359cabb6be43ec16de748eca61e4
                                    • Opcode Fuzzy Hash: b94484366972ba6d99bc8d138b29a5c29c5b74a855116fed1df5dc9efa31046d
                                    • Instruction Fuzzy Hash: 6D218F72504344AFEB21CF65DC85F6BBFECEF45710F0889AAED44DB192D624A908CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033404AB, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E2C,616C73E6,00000000,00000000,00000000,00000000), ref: 0334055C
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: cfb73bb0132c3dd6adb22279dba052f39d645d97bd6a50e9393a509352101428
                                    • Instruction ID: 1bb025f8ff1c6a1f6b4d82392315fd9576b2d9e43606cf168edd48f2766adf8d
                                    • Opcode Fuzzy Hash: cfb73bb0132c3dd6adb22279dba052f39d645d97bd6a50e9393a509352101428
                                    • Instruction Fuzzy Hash: 503180725097806FD722CB25DC84B92FFF8EF06610F0C85DAE9859B1A2D264A808CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03340D1E, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 03340DCA
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: FileNameTemp
                                    • String ID:
                                    • API String ID: 745986568-0
                                    • Opcode ID: 37d4e6801fcd0acf43d50679d3994cb63fd1d14179d1c736051c4e41a9415d74
                                    • Instruction ID: 042d0f2376d2926a6372d5a98104f466cbcda643e08a075bef064e88302ce908
                                    • Opcode Fuzzy Hash: 37d4e6801fcd0acf43d50679d3994cb63fd1d14179d1c736051c4e41a9415d74
                                    • Instruction Fuzzy Hash: A7318E714093C06FD7138B25DC51B62BFB4EF47620F0A80DBE8849B553D224A919D7A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03342946, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                    Download Yara Rule
                                    APIs
                                    • getaddrinfo.WS2_32(?,00000E2C), ref: 033429EB
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: getaddrinfo
                                    • String ID:
                                    • API String ID: 300660673-0
                                    • Opcode ID: 5c5cd11ed42328adbdc742dfa817c378697c89996476c26abcd4628392e49b71
                                    • Instruction ID: 8236d7157f484a4a3347d5234d5c7ac998c9dc3c0266d5b3dc60141ac5213728
                                    • Opcode Fuzzy Hash: 5c5cd11ed42328adbdc742dfa817c378697c89996476c26abcd4628392e49b71
                                    • Instruction Fuzzy Hash: 4721D171500204AFEB30DF25DC85FA6FBECEF48710F14885AFE49DA181D674A9498BB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151A120, Relevance: 1.6, APIs: 1, Instructions: 81networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 0151A1C2
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: Startup
                                    • String ID:
                                    • API String ID: 724789610-0
                                    • Opcode ID: df7c651e13d11dd692462ac55ee692f39cf88c8752a20b20d298b285cb69bdb9
                                    • Instruction ID: f95c813c06737485dbe6f3af1e1334e2a593f0527a6f786585eab014b3d19339
                                    • Opcode Fuzzy Hash: df7c651e13d11dd692462ac55ee692f39cf88c8752a20b20d298b285cb69bdb9
                                    • Instruction Fuzzy Hash: 2021917140D3C06FD7128B36CC55B66BFB4EF47610F1985DBD8848F193D229A919CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03340F8E, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 0334100B
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 3a89720d832cbbab5264129408c584e5ecf93eb6e6e5c6e6bf8583726e9890dc
                                    • Instruction ID: ed41c9bf699d7ef231528b14cd589bd247796dbb1728915e948fba4dbad33f25
                                    • Opcode Fuzzy Hash: 3a89720d832cbbab5264129408c584e5ecf93eb6e6e5c6e6bf8583726e9890dc
                                    • Instruction Fuzzy Hash: A421B072500604AFEB21CF66DC85F6AFBECEF08720F04886AED45DB551D234A9488B71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033402AB, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 03340353
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: e454579413bafb4ebc5458cf3618ee8d1a1ce6282cdb8ecec3b2f6f8ac15b196
                                    • Instruction ID: e497d90ce4ae3e352b895883495dce5c3aaabefe68f8aa47f8066a73e46cd668
                                    • Opcode Fuzzy Hash: e454579413bafb4ebc5458cf3618ee8d1a1ce6282cdb8ecec3b2f6f8ac15b196
                                    • Instruction Fuzzy Hash: 6D21BA755097806FE7228F11DC45FA6FFF8EF06710F0884DAE9848B192D2756949C771
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033423BA, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                    Download Yara Rule
                                    APIs
                                    • OpenFileMappingW.KERNELBASE(?,?), ref: 03342445
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: FileMappingOpen
                                    • String ID:
                                    • API String ID: 1680863896-0
                                    • Opcode ID: 3fd8f09fdb33c71b9e971d817e8f66bf0424bbdb577ca8f969a79bfb61b44315
                                    • Instruction ID: 9c1a653e4b23d600075f58044a1d4758402a0c95807053c67f4fee8232989e10
                                    • Opcode Fuzzy Hash: 3fd8f09fdb33c71b9e971d817e8f66bf0424bbdb577ca8f969a79bfb61b44315
                                    • Instruction Fuzzy Hash: D121A071509380AFE722CF25DC85F66FFE8EF05210F18849EED849B252D375A948CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033408F0, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetFileType.KERNELBASE(?,00000E2C,616C73E6,00000000,00000000,00000000,00000000), ref: 03340985
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: FileType
                                    • String ID:
                                    • API String ID: 3081899298-0
                                    • Opcode ID: 4378b8dea4306c7aa2e3e37d21471fa6c709eda9e9771fd1161f7b343c89d4f3
                                    • Instruction ID: 98bdbbe40549a7bfda869fab6156f94f783b2f11754602fe9bdb04ec895f7936
                                    • Opcode Fuzzy Hash: 4378b8dea4306c7aa2e3e37d21471fa6c709eda9e9771fd1161f7b343c89d4f3
                                    • Instruction Fuzzy Hash: 9B21B8755087846FE712CB25DC41BA2BFB8EF46720F1884DAE9859B163D224A905C771
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0334222A, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                    Download Yara Rule
                                    APIs
                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 0334229B
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: DescriptorSecurity$ConvertString
                                    • String ID:
                                    • API String ID: 3907675253-0
                                    • Opcode ID: cec1aee1cf41b51e011255a77b229df8cb012a8075991edc7f71f28ef65a2cb7
                                    • Instruction ID: 0cebf3ebbb736e2d2331d4bed9c87f303ec8e2c397cb6b1f4dc7e979e354c9cc
                                    • Opcode Fuzzy Hash: cec1aee1cf41b51e011255a77b229df8cb012a8075991edc7f71f28ef65a2cb7
                                    • Instruction Fuzzy Hash: B3219F72600205AFEB20DF29DC85B6BFBECEF44720F08886AFD45DB641D674E8058A71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0334081A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 03340899
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: CreateFile
                                    • String ID:
                                    • API String ID: 823142352-0
                                    • Opcode ID: 9921498760beeef8cece6a40927b49762ebc4249aa8b98b333315d8fddd18fd4
                                    • Instruction ID: fc155a34f04c6f943151d58e9bd21114e3ada5dd37712978b588fac48798fd74
                                    • Opcode Fuzzy Hash: 9921498760beeef8cece6a40927b49762ebc4249aa8b98b333315d8fddd18fd4
                                    • Instruction Fuzzy Hash: AC217A71600244AFEB21DF66DD85B66FBE8EF08710F18846EEA858B652D375E404CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03340B79, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegSetValueExW.KERNELBASE(?,00000E2C,616C73E6,00000000,00000000,00000000,00000000), ref: 03340C10
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: Value
                                    • String ID:
                                    • API String ID: 3702945584-0
                                    • Opcode ID: 0814989ddb6df3bc35e9f55b382c60ddb422ea8c6e39a52bb1baf6df49fee1cf
                                    • Instruction ID: 536377b9c1e695299efddcdb2546b0c1458882d7b21a59022f7fbe1c860e25ef
                                    • Opcode Fuzzy Hash: 0814989ddb6df3bc35e9f55b382c60ddb422ea8c6e39a52bb1baf6df49fee1cf
                                    • Instruction Fuzzy Hash: 42218CB2608740AFE721CB15DC85F67FFE8EF05610F08849AE9859B292D264E808CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033412EE, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                    Download Yara Rule
                                    APIs
                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0334136E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: LookupPrivilegeValue
                                    • String ID:
                                    • API String ID: 3899507212-0
                                    • Opcode ID: a6ef2785eeaf4ebf87c375eaecbdf2f906f53fdc4211e05f2330ca691590773b
                                    • Instruction ID: e2c5e89585442b9789d2b3793953c32b2c7d8f766f8c8cf390e72d6875f292d2
                                    • Opcode Fuzzy Hash: a6ef2785eeaf4ebf87c375eaecbdf2f906f53fdc4211e05f2330ca691590773b
                                    • Instruction Fuzzy Hash: 172190729093809FD712CB25DC85B92BFE8EF06210F0D84EFD885CB653E225E848CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033409C0, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WriteFile.KERNELBASE(?,00000E2C,616C73E6,00000000,00000000,00000000,00000000), ref: 03340A51
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: FileWrite
                                    • String ID:
                                    • API String ID: 3934441357-0
                                    • Opcode ID: f9550190335732abb3ebb107bf8a27c4672c2bda0e7c004f1378ec52472afac1
                                    • Instruction ID: 36cc5baaac135ed9b30f50f3f763ae960a816509ee7d62f5af80862b81df6832
                                    • Opcode Fuzzy Hash: f9550190335732abb3ebb107bf8a27c4672c2bda0e7c004f1378ec52472afac1
                                    • Instruction Fuzzy Hash: 81218E72509380AFDB228F25DC84F56BFB8EF46714F08849AE9849B153C225A809CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033403CA, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0334045E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: 8e1d988c193e09e2bfd3cb7bd5d9fe3f00e6fc438544d4de175e9504dc334c9f
                                    • Instruction ID: aa0b8e2bdddc6fb7ba40ed9e9376597a9403f66770b8e37841c78a38cac40e54
                                    • Opcode Fuzzy Hash: 8e1d988c193e09e2bfd3cb7bd5d9fe3f00e6fc438544d4de175e9504dc334c9f
                                    • Instruction Fuzzy Hash: 1D21B371500204AFEB31CF15DC81FA6FBACEF04710F04895AFE859A691D6B5A949CFB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0151AAB1
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: 4b04e123f82febf9c0e03278b80e9b8a183a3139dd4f438dd8b6b6614ce62853
                                    • Instruction ID: 537c9e6ff3afd55d5c16f0c7693d1397251abe0bcc79bb5769b159e8b46b0359
                                    • Opcode Fuzzy Hash: 4b04e123f82febf9c0e03278b80e9b8a183a3139dd4f438dd8b6b6614ce62853
                                    • Instruction Fuzzy Hash: 9B21D472500644AFF7228F19DD84F6BFBECEF08710F04885AED459B245D274E9488B71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0334012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateMutexW.KERNELBASE(?,?), ref: 0334019D
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: CreateMutex
                                    • String ID:
                                    • API String ID: 1964310414-0
                                    • Opcode ID: 72e29fbe8904f0ba1cb9db19e952623e024c4c350bf77328b5f3eb09e3e7376e
                                    • Instruction ID: 05c15820f18332b5cf612af8d4f16aa53646d3258852d69ebdb5591be167cd5d
                                    • Opcode Fuzzy Hash: 72e29fbe8904f0ba1cb9db19e952623e024c4c350bf77328b5f3eb09e3e7376e
                                    • Instruction Fuzzy Hash: 4821CF75604240AFE720CF25DC85B6AFBE8EF04310F1884AAEE898B241D375F904CA71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03340723, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateDirectoryW.KERNELBASE(?,?), ref: 0334079F
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: CreateDirectory
                                    • String ID:
                                    • API String ID: 4241100979-0
                                    • Opcode ID: 239da7dee498020b0a3d56641a0225c8bc3edaf3bf9590ea7eec2ae39ce644ee
                                    • Instruction ID: c44798e22b8f7bf500ed46a158ccc4bc6bcad5a001e9b7430dbe2e91cae58de6
                                    • Opcode Fuzzy Hash: 239da7dee498020b0a3d56641a0225c8bc3edaf3bf9590ea7eec2ae39ce644ee
                                    • Instruction Fuzzy Hash: AB2180766093809FD716CB25DD85B56FFE8EF06214F0984EAED45CF152E234E908CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0334116F, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileA.KERNELBASE(?,00000E2C), ref: 033411FB
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: ad90a2770935e4f5b2904a077c91e0cc3f16dac20663c9d8c29cf847bd7012e4
                                    • Instruction ID: b9999c576ce391030be5f2ebabe1fbd08da93b0dabfaef8d33b27c3b554bb03a
                                    • Opcode Fuzzy Hash: ad90a2770935e4f5b2904a077c91e0cc3f16dac20663c9d8c29cf847bd7012e4
                                    • Instruction Fuzzy Hash: 08210571508384AFE721CB25DC85FA6FFA8EF05720F18809EFD45DB182D364A948CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03340C58, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLongPathNameW.KERNELBASE(?,?,?), ref: 03340CDE
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: LongNamePath
                                    • String ID:
                                    • API String ID: 82841172-0
                                    • Opcode ID: bb15a7e755830d19d603de518ede3739fe88cfc80cdcdaf0dfd788b775019ced
                                    • Instruction ID: 793d3ee01f4e9d97971618a119c9672e096c33c27abcea262460710dc22737e6
                                    • Opcode Fuzzy Hash: bb15a7e755830d19d603de518ede3739fe88cfc80cdcdaf0dfd788b775019ced
                                    • Instruction Fuzzy Hash: 9A21697150D3C09FDB138B65DC95A92BFB4EF47210F0D84DBD9848F163D225A819CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03340A9B, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CopyFileW.KERNELBASE(?,?,?), ref: 03340B1E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: CopyFile
                                    • String ID:
                                    • API String ID: 1304948518-0
                                    • Opcode ID: 113fd1a69a23e9374f70c0ccb82862133b22b1ce07da28d2e6479a692ccf32df
                                    • Instruction ID: ec7d1e872ec29b6ccc762e2b1d38e3cfe18a91cbe5538bdf1a46bb3f28015d61
                                    • Opcode Fuzzy Hash: 113fd1a69a23e9374f70c0ccb82862133b22b1ce07da28d2e6479a692ccf32df
                                    • Instruction Fuzzy Hash: EA2171B16093845FDB22CB25DC95B52FFE8AF06618F0D84EAED44DB253D225E808C761
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E2C,616C73E6,00000000,00000000,00000000,00000000), ref: 0151ABB4
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: acc5edb95c31dfecd435a3af8cb5b53cb895140dea55d705d6533c37aa8c5066
                                    • Instruction ID: ef3427ec57fa8d7e2094da25c420ea5a56017800e6d269604be799c3d6de4662
                                    • Opcode Fuzzy Hash: acc5edb95c31dfecd435a3af8cb5b53cb895140dea55d705d6533c37aa8c5066
                                    • Instruction Fuzzy Hash: F8216F75605284AFEB22CE1ADC80F66FBECFF04711F04886AE9458B255D260E444CA71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0334153C, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 033415A8
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: ChangeCloseFindNotification
                                    • String ID:
                                    • API String ID: 2591292051-0
                                    • Opcode ID: 4a1e75a734904a51a2e01aa26904495b235deae9d6d3974a31d7d828d310d718
                                    • Instruction ID: 3bb971cc22ab3a18c0ad63b6c6d437c72aeb6b4158792e5cf3a867a7ca5145c8
                                    • Opcode Fuzzy Hash: 4a1e75a734904a51a2e01aa26904495b235deae9d6d3974a31d7d828d310d718
                                    • Instruction Fuzzy Hash: 4821A1729093C05FDB128B25DC95692BFA4AF07624F0D80DAEC858F263D265A908CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033423DA, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                    Download Yara Rule
                                    APIs
                                    • OpenFileMappingW.KERNELBASE(?,?), ref: 03342445
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: FileMappingOpen
                                    • String ID:
                                    • API String ID: 1680863896-0
                                    • Opcode ID: feb4e577675ce5fc2368b9976f15043be2971ed3f759978e8fe7252498f943d0
                                    • Instruction ID: 000e89abe8f6ae46a860824196046aa4e25eef82e13d74b4443eba6e7ec5509a
                                    • Opcode Fuzzy Hash: feb4e577675ce5fc2368b9976f15043be2971ed3f759978e8fe7252498f943d0
                                    • Instruction Fuzzy Hash: CC21A171604240AFE721DF25EC85B66FBD8EF04320F18846EED899B741D375A844CA71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03341F9A, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: Socket
                                    • String ID:
                                    • API String ID: 38366605-0
                                    • Opcode ID: a62296b8c903c7d162f9257e35c39bb11ef810344a22fe8cc1edd0b22401d572
                                    • Instruction ID: d95889abda1f77fcf99c2f72aeb115e04f6cad93e8c7e66b71487771c9f00fd6
                                    • Opcode Fuzzy Hash: a62296b8c903c7d162f9257e35c39bb11ef810344a22fe8cc1edd0b22401d572
                                    • Instruction Fuzzy Hash: 0421CF71504240AFEB21CF65DC85B66FBE8EF08310F18886EED859A651C375A804CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033424DA, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: FileView
                                    • String ID:
                                    • API String ID: 3314676101-0
                                    • Opcode ID: 88f7583258246ca3f17c1f68c67821b2cdc3fb7ea0db1aadab4a6499f28f0653
                                    • Instruction ID: 04a16b467eeb776de5fcbb291d5d07efeeecbe0d745fef0538e5cdf1de95506b
                                    • Opcode Fuzzy Hash: 88f7583258246ca3f17c1f68c67821b2cdc3fb7ea0db1aadab4a6499f28f0653
                                    • Instruction Fuzzy Hash: BA21C371500244AFEB21DF1ADD85F66FBE8EF08320F14849EED899B651D371B508CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03340B9E, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegSetValueExW.KERNELBASE(?,00000E2C,616C73E6,00000000,00000000,00000000,00000000), ref: 03340C10
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: Value
                                    • String ID:
                                    • API String ID: 3702945584-0
                                    • Opcode ID: 8fa5dca8d192666017b7617a7ab310841b03b815dd7147dcdc88254b6d2b08eb
                                    • Instruction ID: b1310d84182318a4fb743f3f34832d68630d5d027f68d03ac0471da1a3af69c9
                                    • Opcode Fuzzy Hash: 8fa5dca8d192666017b7617a7ab310841b03b815dd7147dcdc88254b6d2b08eb
                                    • Instruction Fuzzy Hash: 05117C72600604AFEB20CF16DC81B66FBECEF04711F08846AEE459A641D664E845CA71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033404EA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E2C,616C73E6,00000000,00000000,00000000,00000000), ref: 0334055C
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: d399a1cfeaa3bf43b12078b20c8a9c6e47c4f41efb9d191cecc4cab94ebb4e91
                                    • Instruction ID: 0360606fa3b75d5abdc7a1d87c2fae1fcb24e053316ce6304c16ae586b0b8d00
                                    • Opcode Fuzzy Hash: d399a1cfeaa3bf43b12078b20c8a9c6e47c4f41efb9d191cecc4cab94ebb4e91
                                    • Instruction Fuzzy Hash: E11172B2604604AFEB20CF16EC81F66FBECEF08710F08849AEA459B251D270F444CA71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0334123F, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetKernelObjectSecurity.KERNELBASE(?,?,?), ref: 033412B2
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: KernelObjectSecurity
                                    • String ID:
                                    • API String ID: 3015937269-0
                                    • Opcode ID: 476dc4f87a75a33c2c5a8b91405572e2fac2ee858337d01bf2c394ef2c43fe5c
                                    • Instruction ID: 8807a0819376304995b8cc46e121b6729410ed5942560751f552c8b157b633b9
                                    • Opcode Fuzzy Hash: 476dc4f87a75a33c2c5a8b91405572e2fac2ee858337d01bf2c394ef2c43fe5c
                                    • Instruction Fuzzy Hash: 7B2190755097809FD7228B25DC84A62FFB4EF06214F0D80EFED85CB1A3D265A849CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033410B6, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetExitCodeProcess.KERNELBASE(?,00000E2C,616C73E6,00000000,00000000,00000000,00000000), ref: 0334110C
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: CodeExitProcess
                                    • String ID:
                                    • API String ID: 3861947596-0
                                    • Opcode ID: b6e3d7dd1bf2e1e2795b3d2bd74313bad69255657761db723420a52ecb5ad5d8
                                    • Instruction ID: 5254949d951057b4f7a9419c8e46db642dfb3db5e67835c42dd3831aff40e695
                                    • Opcode Fuzzy Hash: b6e3d7dd1bf2e1e2795b3d2bd74313bad69255657761db723420a52ecb5ad5d8
                                    • Instruction Fuzzy Hash: 7B11C671904604AFEB20CF1AEC85BAAFBDCDF44721F1884AAED49DB241D674A444CBB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0151A58A
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: a4d0acc618612d65ffe5ee29a3548b078a6bcd94d5dca0b6ca0051fed76fbe76
                                    • Instruction ID: 61cc28451c0c11e27c9b0424b05489d09d407f345fb047a710e62b47b00d886b
                                    • Opcode Fuzzy Hash: a4d0acc618612d65ffe5ee29a3548b078a6bcd94d5dca0b6ca0051fed76fbe76
                                    • Instruction Fuzzy Hash: 3C117271409380AFDB238F55DC44A62FFF4EF4A610F08849AED858B153C375A418DB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(?,?,?,?), ref: 0151B841
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: 585f9a6127d6c4961f14001e8a222f81c6e48978be9b00f8b31d80cee2107def
                                    • Instruction ID: f2c44ca65811954b8e1fa8bead6ce290140863abc2fad4bd514bbcf61d733b2e
                                    • Opcode Fuzzy Hash: 585f9a6127d6c4961f14001e8a222f81c6e48978be9b00f8b31d80cee2107def
                                    • Instruction Fuzzy Hash: 74216D754097C09FDB138B25DC50AA2BFB0EF06214F0D84DAED844F163D265A958DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03341800, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                    Download Yara Rule
                                    APIs
                                    • K32EnumProcesses.KERNEL32(?,?,?,616C73E6,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 03341862
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: EnumProcesses
                                    • String ID:
                                    • API String ID: 84517404-0
                                    • Opcode ID: 44bfa012db1811c1635ea85a79fefcce9d70d45a12a95147f2b5c42957b0f4db
                                    • Instruction ID: 92467f4858ffae52a5abc44b913a44a7651a6b6597cf813044d23ee027bc6918
                                    • Opcode Fuzzy Hash: 44bfa012db1811c1635ea85a79fefcce9d70d45a12a95147f2b5c42957b0f4db
                                    • Instruction Fuzzy Hash: 8E117F719093849FDB21CF65DC85B96FFE8EF45220F0C84AAED45CB252D335A848CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03341192, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileA.KERNELBASE(?,00000E2C), ref: 033411FB
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: 6565e26f3658e7a34f39aa845ec86396cc2357062c100d8b6cbdced8b6ef9686
                                    • Instruction ID: 1f24d8bf71bbec006777b4bdce5f270334716948a4ee285a5490d7ddcd4e257b
                                    • Opcode Fuzzy Hash: 6565e26f3658e7a34f39aa845ec86396cc2357062c100d8b6cbdced8b6ef9686
                                    • Instruction Fuzzy Hash: F011C671600604AFEB20DB25DC85BB6FBDCDF04720F1880AAED45DA681D2B4B9448A65
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033409F2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WriteFile.KERNELBASE(?,00000E2C,616C73E6,00000000,00000000,00000000,00000000), ref: 03340A51
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: FileWrite
                                    • String ID:
                                    • API String ID: 3934441357-0
                                    • Opcode ID: 2cdc16024f25a3f4dd3726bdf2100ef200501b91b14d76b88ceffecbe5f59e91
                                    • Instruction ID: 21dc94ff1084812bf876196d2396a9f2ca72c60f8daa906044c83b6010ba6f37
                                    • Opcode Fuzzy Hash: 2cdc16024f25a3f4dd3726bdf2100ef200501b91b14d76b88ceffecbe5f59e91
                                    • Instruction Fuzzy Hash: 48119472504304AFEB21CF55DC85F66FBE8EF44721F14846AEE499B251C275A408CBB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033402DE, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 03340353
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: Open
                                    • String ID:
                                    • API String ID: 71445658-0
                                    • Opcode ID: 05c8c0aaecdec198d670cb7dba4cdd326217b1cd2b495a36d76eeb408e80539d
                                    • Instruction ID: a8df32dd892bd5e1e66bf8979cf5bd7b4bd690131bfa6ff1131865cd38d38916
                                    • Opcode Fuzzy Hash: 05c8c0aaecdec198d670cb7dba4cdd326217b1cd2b495a36d76eeb408e80539d
                                    • Instruction Fuzzy Hash: 38119031500600AFEB31CF15DC81F66FFE8EF04710F18849AEE454A691D275A5488AB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: b318d16b832a8c3c0db504a5169ff59f1a805c654aefafc86ce1df5cdf158edc
                                    • Instruction ID: ea2f6f1d1f2fb2a45f6050f41e2e0c61e0fee85e005f6b9312aa1d8d2c084703
                                    • Opcode Fuzzy Hash: b318d16b832a8c3c0db504a5169ff59f1a805c654aefafc86ce1df5cdf158edc
                                    • Instruction Fuzzy Hash: 1B11D3355093C09FDB238F25DC45B52FFB4EF06220F0884EEED858B563D266A858CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DispatchMessageW.USER32(?), ref: 0151BE70
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: DispatchMessage
                                    • String ID:
                                    • API String ID: 2061451462-0
                                    • Opcode ID: c66be6d42aaa2cc961010ea61f8e55a2c8e17ef9246d827cd46f01e32baea848
                                    • Instruction ID: 9219d0ce81c08621f7e76ca78957560021b4030013cc7fa0d5efa3abe0bb9da9
                                    • Opcode Fuzzy Hash: c66be6d42aaa2cc961010ea61f8e55a2c8e17ef9246d827cd46f01e32baea848
                                    • Instruction Fuzzy Hash: 95114F754093C49FDB138B259C84B61BFB4EF47624F0984DADD858F253D2655848CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateIconFromResourceEx.USER32 ref: 0151B78A
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: CreateFromIconResource
                                    • String ID:
                                    • API String ID: 3668623891-0
                                    • Opcode ID: d41df6ab6a7b9ecea58250c39ec2f39a4b0082b852a1b304e8e5f08ce7970504
                                    • Instruction ID: 160de57b87b350e792e97a876383cd32f0f6e66f5854488c961ee5c923bd2d06
                                    • Opcode Fuzzy Hash: d41df6ab6a7b9ecea58250c39ec2f39a4b0082b852a1b304e8e5f08ce7970504
                                    • Instruction Fuzzy Hash: E1116D36408384AFDB228F55DC84A56FFF4EF49220F0989AEED858B562C375A458CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151BEB4, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileW.KERNELBASE(?), ref: 0151BF0C
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: 36b801b77da354a1779ec294a7ee9b0b3711b31a8516ae74a5c1566f4a78a453
                                    • Instruction ID: 67af7358e6242b0267cb89f30552bb904f3e232629e0451737a6f193c6ec02db
                                    • Opcode Fuzzy Hash: 36b801b77da354a1779ec294a7ee9b0b3711b31a8516ae74a5c1566f4a78a453
                                    • Instruction Fuzzy Hash: 3F11A3715053809FDB12CF2ADC85B56BFE8EF45220F0884AAED45CF256D275E848CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0334169B, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetSystemInfo.KERNELBASE(?), ref: 033416FC
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: InfoSystem
                                    • String ID:
                                    • API String ID: 31276548-0
                                    • Opcode ID: 0980eb73c9b735c31c1b29b3a4918eccf4c1527b7eb47adda0cb71584cb43540
                                    • Instruction ID: ee3fc35e659e3c834e715dd26e90142c1aacb9e0df3e13851be091c74ebdef76
                                    • Opcode Fuzzy Hash: 0980eb73c9b735c31c1b29b3a4918eccf4c1527b7eb47adda0cb71584cb43540
                                    • Instruction Fuzzy Hash: 671160758093C49FD7128B65DC85A92FFF4EF46210F0D84EADD858F153C279A849CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03341326, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                    Download Yara Rule
                                    APIs
                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0334136E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: LookupPrivilegeValue
                                    • String ID:
                                    • API String ID: 3899507212-0
                                    • Opcode ID: ae4f6f13d3a3c0157a1c30c3266d6dc6ea77efb65ef9c3090ad515448dcb0ec4
                                    • Instruction ID: cf0a26248b9d7b722288fd43902b1646babbd700ce5aea638f7921569c558761
                                    • Opcode Fuzzy Hash: ae4f6f13d3a3c0157a1c30c3266d6dc6ea77efb65ef9c3090ad515448dcb0ec4
                                    • Instruction Fuzzy Hash: E9115E71A047408FDB60CF6AEC85B56FBE8EF44620F0C84AADD49CBA46E274E444CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03340AD6, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CopyFileW.KERNELBASE(?,?,?), ref: 03340B1E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: CopyFile
                                    • String ID:
                                    • API String ID: 1304948518-0
                                    • Opcode ID: ae4f6f13d3a3c0157a1c30c3266d6dc6ea77efb65ef9c3090ad515448dcb0ec4
                                    • Instruction ID: 0b8fd4fd9566cbd379afde47f7f43d8fc74c67983e9ed75ef5ac3f5a8c950121
                                    • Opcode Fuzzy Hash: ae4f6f13d3a3c0157a1c30c3266d6dc6ea77efb65ef9c3090ad515448dcb0ec4
                                    • Instruction Fuzzy Hash: D4116171B042448FDB64CF6AED85B56FBD8EF04629F08C4AADD49CB642D274E404CB75
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03340932, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetFileType.KERNELBASE(?,00000E2C,616C73E6,00000000,00000000,00000000,00000000), ref: 03340985
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: FileType
                                    • String ID:
                                    • API String ID: 3081899298-0
                                    • Opcode ID: 09c88ad708c003687ccf1a391833011844301c465a95c2f693a0cd6b2c305071
                                    • Instruction ID: bead99abb9ab9e06fd1f56d1b13a86c417cb8fe641741c9785739b5433e3abdf
                                    • Opcode Fuzzy Hash: 09c88ad708c003687ccf1a391833011844301c465a95c2f693a0cd6b2c305071
                                    • Instruction Fuzzy Hash: 4501C471604304AFE720CB1ADC85B66FBECEF04721F18809AEE459B251C274A4448AB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0334075A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateDirectoryW.KERNELBASE(?,?), ref: 0334079F
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: CreateDirectory
                                    • String ID:
                                    • API String ID: 4241100979-0
                                    • Opcode ID: f440254dbbc46ccca5770aa58ec1f996a20917e536d48b77eb9c9ef329027b22
                                    • Instruction ID: e8a31182673689653320b8bac521f47d618ecc4d3c55a0d68053d4ffe25f2205
                                    • Opcode Fuzzy Hash: f440254dbbc46ccca5770aa58ec1f996a20917e536d48b77eb9c9ef329027b22
                                    • Instruction Fuzzy Hash: 8A115E756042448FDB64CF29DDC5B66FBD8EF04620F08C4AAED49CB642D274E404CF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151A75B, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: closesocket
                                    • String ID:
                                    • API String ID: 2781271927-0
                                    • Opcode ID: 697f78dcf05ba47a2770b2da21b6b1cbd7612d1ea4349b03507f186c82ec5705
                                    • Instruction ID: fab5b36dab6aa2606e5ede559e23e867bbd3f71c4531eb0fa6891d858a9423c7
                                    • Opcode Fuzzy Hash: 697f78dcf05ba47a2770b2da21b6b1cbd7612d1ea4349b03507f186c82ec5705
                                    • Instruction Fuzzy Hash: D411CE714093849FDB12CF15DC85B52BFB4EF02224F0884AAED498F243C279A948CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03341822, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • K32EnumProcesses.KERNEL32(?,?,?,616C73E6,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 03341862
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: EnumProcesses
                                    • String ID:
                                    • API String ID: 84517404-0
                                    • Opcode ID: dd9065a53eb3a09ac15b8dcfb0797efc031cc010ba0a5f5463b379e43ad883e2
                                    • Instruction ID: 2c3eeeb722d9df1d6d97cb5149e6bc336062f4a89d586cfa2bf255bdb22f575a
                                    • Opcode Fuzzy Hash: dd9065a53eb3a09ac15b8dcfb0797efc031cc010ba0a5f5463b379e43ad883e2
                                    • Instruction Fuzzy Hash: D611AD35A006008FDB20CF69EC84BA6FBE8EF04221F08C4AADD49CB651D378E448CF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetWindowLongW.USER32(?,?,?), ref: 0151A926
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: LongWindow
                                    • String ID:
                                    • API String ID: 1378638983-0
                                    • Opcode ID: a7ea28ec7f7d2085d9dfc379a8801b9eca997822cc00e117a65e445adc9384b5
                                    • Instruction ID: 66ebea7b15053a30a8974f3673e03d4d1af684ecebfe11b8cfbdc25a086bb591
                                    • Opcode Fuzzy Hash: a7ea28ec7f7d2085d9dfc379a8801b9eca997822cc00e117a65e445adc9384b5
                                    • Instruction Fuzzy Hash: EE118E354097849FD7228F15DC85A52FFB4EF06620F09C4EAED854F263C375A858CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03342D2E, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 03342D7E
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: FormatMessage
                                    • String ID:
                                    • API String ID: 1306739567-0
                                    • Opcode ID: 9d294929bd0bed112b079abb533396e0599915cb8139854ca660c37a31cb4e2d
                                    • Instruction ID: 07ee3059e227f91e032c355afed5a6d21961b7b3857ceed4cd2e5d1b11998672
                                    • Opcode Fuzzy Hash: 9d294929bd0bed112b079abb533396e0599915cb8139854ca660c37a31cb4e2d
                                    • Instruction Fuzzy Hash: 05017175900200ABD710DF26DC86B26FBA8EB88B20F14816AED099B641D235F915CBE5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03340D7A, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 03340DCA
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: FileNameTemp
                                    • String ID:
                                    • API String ID: 745986568-0
                                    • Opcode ID: 994766ee781de58e53d687f95d6e20bf5fa51967204e75a900e2c8817abd97b0
                                    • Instruction ID: 2c61c006b2905fdfbf289ea31616f49dc964bdcf9e917144045f4a010e3f587b
                                    • Opcode Fuzzy Hash: 994766ee781de58e53d687f95d6e20bf5fa51967204e75a900e2c8817abd97b0
                                    • Instruction Fuzzy Hash: 73017175900200ABD710DF26DC86B26FBA8FB88B20F14816AED089B641D235F915CBE5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151A172, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 0151A1C2
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: Startup
                                    • String ID:
                                    • API String ID: 724789610-0
                                    • Opcode ID: 8bb29bc8ced027c74fd4fb1ff1a6fdfe152459e033b95fb15a58beba020ccf7a
                                    • Instruction ID: 5c22499dafc915703501aaf21cc36e3714b430bef29c93e053d0488072c9553a
                                    • Opcode Fuzzy Hash: 8bb29bc8ced027c74fd4fb1ff1a6fdfe152459e033b95fb15a58beba020ccf7a
                                    • Instruction Fuzzy Hash: 8C017175900200ABD710DF26DC86B26FBA8EB88A20F14816AED089B641D235F915CBE5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151BED2, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileW.KERNELBASE(?), ref: 0151BF0C
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: 87f0f03a2e5e0d9d7189dcd5e578bebacc4ee279b52a6503ad83ecf7d08da645
                                    • Instruction ID: 91cd12ce906eadc22202f3529da5680b69e216bd8a42f3d70fc3a76571f5c074
                                    • Opcode Fuzzy Hash: 87f0f03a2e5e0d9d7189dcd5e578bebacc4ee279b52a6503ad83ecf7d08da645
                                    • Instruction Fuzzy Hash: CC0188716043409FEB21CF2AE885766FBE4EF04620F08C4AAED49CF646D675D804CF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03341272, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetKernelObjectSecurity.KERNELBASE(?,?,?), ref: 033412B2
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: KernelObjectSecurity
                                    • String ID:
                                    • API String ID: 3015937269-0
                                    • Opcode ID: 24ea8a5bbc46dc649cc3990c85b17acce4dcc4edf7db41150414ddad3cc87a32
                                    • Instruction ID: 42e852f78091db53061f9831f4ae2cccc8d775d1fb5578e06749268ed59b8499
                                    • Opcode Fuzzy Hash: 24ea8a5bbc46dc649cc3990c85b17acce4dcc4edf7db41150414ddad3cc87a32
                                    • Instruction Fuzzy Hash: 30014C75A046448FDB20CF59D885B66FBE8EF08620F08C0AAED49CB651D375E858CA62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0151A58A
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 936eb014112a8b14c9e4028df75808d301d1fdd3495ab4d41f27a15980f7ff23
                                    • Instruction ID: f2e973d18e052c105b3088481c9abbfa9fd1465037611981e479f1d7d28399f0
                                    • Opcode Fuzzy Hash: 936eb014112a8b14c9e4028df75808d301d1fdd3495ab4d41f27a15980f7ff23
                                    • Instruction Fuzzy Hash: 05015E315056409FDF228F55D844B56FFE4EF48720F08C85ADD494B616C375A414CF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateIconFromResourceEx.USER32 ref: 0151B78A
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: CreateFromIconResource
                                    • String ID:
                                    • API String ID: 3668623891-0
                                    • Opcode ID: 6dd63e6c937ef79f7e818b736e66e3ca945f3a0f02c65950d7cc964babcc7ac5
                                    • Instruction ID: ab9e411241b9017a40f279713482fce7b5c1934388fefc7a1572709c1f360976
                                    • Opcode Fuzzy Hash: 6dd63e6c937ef79f7e818b736e66e3ca945f3a0f02c65950d7cc964babcc7ac5
                                    • Instruction Fuzzy Hash: 4D015E314046409FDB228F55D884B56FBF0FF08720F08886EDD854A616D375A418DF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03340232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 03340264
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: ChangeCloseFindNotification
                                    • String ID:
                                    • API String ID: 2591292051-0
                                    • Opcode ID: d9cbe39078325c130854643ec8d11526f551f0df82b9fb1379be8d0e97ba4e58
                                    • Instruction ID: ba1765dd206804c4214371b2e2b3b06b0401d8312207913a9fcf74ad20b89108
                                    • Opcode Fuzzy Hash: d9cbe39078325c130854643ec8d11526f551f0df82b9fb1379be8d0e97ba4e58
                                    • Instruction Fuzzy Hash: C7018F75A042409FDB64CF69E8C5766FBD8EF44620F08C4AADD498B682D275A448CE62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03341576, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 033415A8
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: ChangeCloseFindNotification
                                    • String ID:
                                    • API String ID: 2591292051-0
                                    • Opcode ID: bb57306cbea81e5b6bd3db13689202dcea4a546e8b31bc2f940597b86e97e6ce
                                    • Instruction ID: f2285302bd6cb1aa8437db49a90937751dc8413f39c5cd88b2d984febe1dcfa4
                                    • Opcode Fuzzy Hash: bb57306cbea81e5b6bd3db13689202dcea4a546e8b31bc2f940597b86e97e6ce
                                    • Instruction Fuzzy Hash: 170171759047408FDB20CF5AE985796FBD8DF44620F08C0AADD4A8B745D275A448CA72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03341AAE, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 03341AFE
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: QueryValue
                                    • String ID:
                                    • API String ID: 3660427363-0
                                    • Opcode ID: 92f2fba9468feba0336b261f96e1ea7f85508ce1122686e13ef58d5541503695
                                    • Instruction ID: 6597fa2c5fb78d47fc8cd4efd931102366cf7405eaa468f08d58e49a39089b19
                                    • Opcode Fuzzy Hash: 92f2fba9468feba0336b261f96e1ea7f85508ce1122686e13ef58d5541503695
                                    • Instruction Fuzzy Hash: 1C014F75500604ABD620DF1ADC86B26FBA8EB88B20F14815AED095B641D271F915CAE6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 7e5047211e3d783bdc0cf787d0ddc4f9423bad1e1511c834b8eb936a1b90bd15
                                    • Instruction ID: a71b8b27d49f024c88c73c03eb3122dcf616d5af0baaa92ec691199b073e505d
                                    • Opcode Fuzzy Hash: 7e5047211e3d783bdc0cf787d0ddc4f9423bad1e1511c834b8eb936a1b90bd15
                                    • Instruction Fuzzy Hash: 16017135504740DFEB318F1AD885B65FBA4FF04720F08C4AEDD468BA6AD275A458CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03340CA6, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLongPathNameW.KERNELBASE(?,?,?), ref: 03340CDE
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604493809.0000000003340000.00000040.00000001.sdmp, Offset: 03340000, based on PE: false
                                    Similarity
                                    • API ID: LongNamePath
                                    • String ID:
                                    • API String ID: 82841172-0
                                    • Opcode ID: 371c51c38676b84caadf87ba5bc49571cff9915c5312cf75761ba3d0f47eb48f
                                    • Instruction ID: d28f2da12e83021bce984adfd989498643d5fb1c1258e92697f306104e19d925
                                    • Opcode Fuzzy Hash: 371c51c38676b84caadf87ba5bc49571cff9915c5312cf75761ba3d0f47eb48f
                                    • Instruction Fuzzy Hash: 4D017C71904244DFDB20CF55EC85B66FBE4EF44720F18C4AADE498F656D275A808CBB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151A78A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: closesocket
                                    • String ID:
                                    • API String ID: 2781271927-0
                                    • Opcode ID: 0d05e59497c1d4d65f7fdbfc1957264c44c60def705d860234c35e1711778f8b
                                    • Instruction ID: 68c14718999ad7edf264dfde371a343917152c9ea4a0eee6a64f5fd309114c43
                                    • Opcode Fuzzy Hash: 0d05e59497c1d4d65f7fdbfc1957264c44c60def705d860234c35e1711778f8b
                                    • Instruction Fuzzy Hash: 8001D674905280CFEB22CF19E885765FBE4EF04720F08C4AADD498F206D279A544CFB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageW.USER32(?,?,?,?), ref: 0151B841
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: 58e7c97d95b6e9d17ac7f97fc1987a5dd1c15e5ad87656fe524c9adf7b080d2e
                                    • Instruction ID: 008f45b1fa12437a0d94d7516dbda128298d5e84ef7c6536b54f8640031309d9
                                    • Opcode Fuzzy Hash: 58e7c97d95b6e9d17ac7f97fc1987a5dd1c15e5ad87656fe524c9adf7b080d2e
                                    • Instruction Fuzzy Hash: 98018F35904344DFEB218F16D884B65FBA0FF08B20F08C49ADD894B226D375A458CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetWindowLongW.USER32(?,?,?), ref: 0151A926
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: LongWindow
                                    • String ID:
                                    • API String ID: 1378638983-0
                                    • Opcode ID: 7c80e77260f93d24b9f377ce8639c8706a209bf8490973ea70b7ef09d2384385
                                    • Instruction ID: 870ec41afe335cda42b923b8f7d630857108d73c6a8d7795466c82a0cbe423b8
                                    • Opcode Fuzzy Hash: 7c80e77260f93d24b9f377ce8639c8706a209bf8490973ea70b7ef09d2384385
                                    • Instruction Fuzzy Hash: E101A235905644CFDB228F15E885B55FFA0EF04720F08C4AADD864F256C375A848CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151A372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetErrorMode.KERNELBASE(?), ref: 0151A3A4
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: ErrorMode
                                    • String ID:
                                    • API String ID: 2340568224-0
                                    • Opcode ID: a35522bf91606847c16e0b633647594ad2caf20f5d9b50ce83ee3b1e228836d2
                                    • Instruction ID: d96b42edd2c448f5e5e79fabfec2550809de248a7a67c3922726323e2060d924
                                    • Opcode Fuzzy Hash: a35522bf91606847c16e0b633647594ad2caf20f5d9b50ce83ee3b1e228836d2
                                    • Instruction Fuzzy Hash: 24F0A474905384DFEB228F19E885765FF90EF04720F18C49ADD494F65AD2B5A404CA72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0151BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DispatchMessageW.USER32(?), ref: 0151BE70
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603181556.000000000151A000.00000040.00000001.sdmp, Offset: 0151A000, based on PE: false
                                    Similarity
                                    • API ID: DispatchMessage
                                    • String ID:
                                    • API String ID: 2061451462-0
                                    • Opcode ID: a35522bf91606847c16e0b633647594ad2caf20f5d9b50ce83ee3b1e228836d2
                                    • Instruction ID: 19baf1e2e825a262d94858b84977d6d907b7118e4902c3264ffe879f49e97a3b
                                    • Opcode Fuzzy Hash: a35522bf91606847c16e0b633647594ad2caf20f5d9b50ce83ee3b1e228836d2
                                    • Instruction Fuzzy Hash: F6F0AF35904244CFEB218F0AE885765FBA0EF04720F08C5AADE494F256D3B5A408CAA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D20D0, Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: r*+
                                    • API String ID: 0-3221063712
                                    • Opcode ID: 463afc9bae293080e480dc371d2fab6926392ad0214c116f210278101acfa7de
                                    • Instruction ID: 4385555b7ccb09e13415c74862f688de00a9cc61b006ce4f4eca571db5f3ffd7
                                    • Opcode Fuzzy Hash: 463afc9bae293080e480dc371d2fab6926392ad0214c116f210278101acfa7de
                                    • Instruction Fuzzy Hash: E7715B30A2830ADFCB54DFA8D5856BEBBB1FF85300F1088AAD5129B265D7709D85CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D9D8B, Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: f46653f8e03d8a4dd9d19da6c343262308ea6cc365f22194883a0223f20280b5
                                    • Instruction ID: 8b98fb95d23bceb33af1db21ff4e1931d8750a3f5ba1e1d101cf7b10517f40d2
                                    • Opcode Fuzzy Hash: f46653f8e03d8a4dd9d19da6c343262308ea6cc365f22194883a0223f20280b5
                                    • Instruction Fuzzy Hash: 84511772F241058FCB14DF79D8446AEB7B7EBC4214B29C47BE11ADB245DB35D8828781
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D9828, Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: 6b56625a130a6d567c29bc7f8e49c86043cff10889d6722b9ab589b6b11a83fa
                                    • Instruction ID: 6dccb312fe2509366734364188cbd614b5bb3a0c49c7b40feb733b8790269ea5
                                    • Opcode Fuzzy Hash: 6b56625a130a6d567c29bc7f8e49c86043cff10889d6722b9ab589b6b11a83fa
                                    • Instruction Fuzzy Hash: 5A41F431E242058FCB10DFA9D8805AEB7B6EFC1214B29C866E416DB604D776E8C2CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D0681, Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: Zp^
                                    • API String ID: 0-2993741413
                                    • Opcode ID: 2b347c8ef4315d7c0e51828b0062ce89d3460a40ddcfe9e4e6c43add265896c2
                                    • Instruction ID: 12e9e31927a0e4732e7cec46d63e795d2706246d088a6a1e1facb7c151271e9c
                                    • Opcode Fuzzy Hash: 2b347c8ef4315d7c0e51828b0062ce89d3460a40ddcfe9e4e6c43add265896c2
                                    • Instruction Fuzzy Hash: D2415D71A10206CBD728AB74F91C66D3BA6FFC8601B168569F412CF378EF704D49AB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D8CD0, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: r*+
                                    • API String ID: 0-3221063712
                                    • Opcode ID: 18a6b2cd39c1637d9718fb7b19d02f6f71c161e5ab5bd2796f932dcc1a0fe2ee
                                    • Instruction ID: 898f76a3217eef6373ec863619af129d2217154dc3cc12ec1a829ccec13c60ce
                                    • Opcode Fuzzy Hash: 18a6b2cd39c1637d9718fb7b19d02f6f71c161e5ab5bd2796f932dcc1a0fe2ee
                                    • Instruction Fuzzy Hash: 7A413B30E2420ADFDB58DFB6D1456AEBBF1FF44300F2484AAD402AB294D7759981CF56
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DD85B, Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: u<p^
                                    • API String ID: 0-3009064046
                                    • Opcode ID: 766ee7aff0fad2fed179d615c4866a6f5b208ac4da263679f0cf9f3e8266d3d6
                                    • Instruction ID: faa0e926ba7397c791305a21077c507bab1e371d7b715db9088498c2d3d6415c
                                    • Opcode Fuzzy Hash: 766ee7aff0fad2fed179d615c4866a6f5b208ac4da263679f0cf9f3e8266d3d6
                                    • Instruction Fuzzy Hash: F231697061130ACFCB499B28E4555997BE2FB8630832589ACE40ACF355DF7ADD0BCB84
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D8B10, Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: Bp^
                                    • API String ID: 0-2654714248
                                    • Opcode ID: 01423b202f83a8014ccea9f5dc2c41039e4e0af8c8a458d6a54dd2a5837f66a4
                                    • Instruction ID: 578449d1e7511e20bc09131ee207a29e7b4a5fc80f458c9275aac0d3a4c71a3d
                                    • Opcode Fuzzy Hash: 01423b202f83a8014ccea9f5dc2c41039e4e0af8c8a458d6a54dd2a5837f66a4
                                    • Instruction Fuzzy Hash: 0F318B70A25305CFC748EBB8E85496D3BB7FBC42017628869E007CB2A8EF798C45CB45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D0568, Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: 8p
                                    • API String ID: 0-2220451280
                                    • Opcode ID: aff2c0f42ef2a861174fc94c17ad5bb5bf7491aac7c0f5bc6d51e2fad2a2e6e5
                                    • Instruction ID: 3b06fcbf8284ed7b94c892bd05dca1facaa60543fa2ca76d6629b70937aee4cd
                                    • Opcode Fuzzy Hash: aff2c0f42ef2a861174fc94c17ad5bb5bf7491aac7c0f5bc6d51e2fad2a2e6e5
                                    • Instruction Fuzzy Hash: 6521D5707142018FC749EF28D05056E77E6BFC9600F24C46EE00ACB3A5EA759D428B96
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DD88F, Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: u<p^
                                    • API String ID: 0-3009064046
                                    • Opcode ID: df4e9272e8cba9f3db08fc0000512fe1f3acbef99932b21d401d17356d5916bc
                                    • Instruction ID: 8b1bb78e4778e3100a1d0e89090c2e4a1df30110c660c31eec4f970859dfcd26
                                    • Opcode Fuzzy Hash: df4e9272e8cba9f3db08fc0000512fe1f3acbef99932b21d401d17356d5916bc
                                    • Instruction Fuzzy Hash: EB212674711306CBCB49AF28D155559BBE2FB8930832489ACA40A9F354DF7ADD4BCBC4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DCA90, Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: =p^
                                    • API String ID: 0-1682900636
                                    • Opcode ID: ff5fdf5e2a254eef9aacf262d51b87aef10e6ae89d9172ceac2f94831f693104
                                    • Instruction ID: 34cacebf472d9c8cd144c21ee37e1e02cf06dd2f62a919667f3738732eaf44fa
                                    • Opcode Fuzzy Hash: ff5fdf5e2a254eef9aacf262d51b87aef10e6ae89d9172ceac2f94831f693104
                                    • Instruction Fuzzy Hash: 9311E534B003249FC709EB78E45472D3BA7F7CA611F160468E40ADB388DE789C46C794
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D05B9, Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: 8p
                                    • API String ID: 0-2220451280
                                    • Opcode ID: 172299e24e8b34fae35cfd1b2b192daf49c33a2b7d740a9c89629a1fd753e43d
                                    • Instruction ID: 8c6772f8275d349ef4f8cc5555e483911d23f9941121bc3b0aeb41b8df8266b4
                                    • Opcode Fuzzy Hash: 172299e24e8b34fae35cfd1b2b192daf49c33a2b7d740a9c89629a1fd753e43d
                                    • Instruction Fuzzy Hash: E601D1203241254FDB9A763CA4216BF668B6BC6940F28406AF006DF3D9DDA5AD4243EA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D6810, Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: %Rp^
                                    • API String ID: 0-2725325811
                                    • Opcode ID: bf4e053a63b7ebb18d29babdea16b47d43c4cea4c7f4e440a45c2532c3d21ab5
                                    • Instruction ID: a819d88946c30324d037b58587846fe44a5c3bbb41a7c1a7bacee2a99fa0846f
                                    • Opcode Fuzzy Hash: bf4e053a63b7ebb18d29babdea16b47d43c4cea4c7f4e440a45c2532c3d21ab5
                                    • Instruction Fuzzy Hash: 85012B306682199BEB0CEA68B810AF877DDABC1314B44405BDC09DB350CAE25C499791
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D05C8, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: 8p
                                    • API String ID: 0-2220451280
                                    • Opcode ID: b6d4079e36b1ae0fed15870825d7544206492c97fdd648ebe392f5a98f09b29b
                                    • Instruction ID: 4fbb90d3e7ba5d06f47b0f911b83c42d14219b205c5d1a9174b777937879114a
                                    • Opcode Fuzzy Hash: b6d4079e36b1ae0fed15870825d7544206492c97fdd648ebe392f5a98f09b29b
                                    • Instruction Fuzzy Hash: 08F0B4317201204FDA89727D64216BF62CFABC5D40B64542EF10ADB3D8DDB59D4303EA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D6820, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: %Rp^
                                    • API String ID: 0-2725325811
                                    • Opcode ID: 0d4de2599f0909c6e831d1b12ce30b18da64ef0b6e3383a51e2cae191744f841
                                    • Instruction ID: 08630bd1c15e12a2e7d354ad4affff00ea07afdea510682c1e97ae79a41a512e
                                    • Opcode Fuzzy Hash: 0d4de2599f0909c6e831d1b12ce30b18da64ef0b6e3383a51e2cae191744f841
                                    • Instruction Fuzzy Hash: 36D0A7313041246B9908E6AC9C6087973CEFBC5514704885FE809DF341CD72DC0643E0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D12A0, Relevance: .5, Instructions: 460COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: efbda69a2182cf0583b9de65b5f3edf5c0654873d1456d01a3dd7dbc85b8bb84
                                    • Instruction ID: afbe7604a1a7559c6bda5039f13fb94d7b99841c2de3655e6bf90f3f124f8102
                                    • Opcode Fuzzy Hash: efbda69a2182cf0583b9de65b5f3edf5c0654873d1456d01a3dd7dbc85b8bb84
                                    • Instruction Fuzzy Hash: 6E220234A10606CFCB68DF64D580AAAB7F2FF89300F148599D85A9BB55DB34ED85CF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D3B6B, Relevance: .4, Instructions: 428COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4d80093c48cb3ee00d85889124c9303859177c14e09f4be20904cc060f6760ef
                                    • Instruction ID: d16585d3d19cd540135b2bd7cc21dae50b8f70750fb2aaf7a1d8865a7b46e436
                                    • Opcode Fuzzy Hash: 4d80093c48cb3ee00d85889124c9303859177c14e09f4be20904cc060f6760ef
                                    • Instruction Fuzzy Hash: 78F1A275A10209CFCB15CF68C4808A9FBF6FF883107298596E909DF266D770ED86CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D6468, Relevance: .2, Instructions: 241COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cbcbf2b7e27b5050a65487bffd899e4d5eb28df646a72f7897b3065d37452b76
                                    • Instruction ID: 9f04a7cc7d154ee7d0b3ad2089c3ec0e7a9afaf7bb40b29adb2a6d922d7fd0f3
                                    • Opcode Fuzzy Hash: cbcbf2b7e27b5050a65487bffd899e4d5eb28df646a72f7897b3065d37452b76
                                    • Instruction Fuzzy Hash: DE817F31A1061ACFDF15CF14C880ADAB7B2AF85304F558595C80AAF215DBB5EECACF90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DB1A0, Relevance: .2, Instructions: 226COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e87addf349ef40ca6bbbd322db40d3093746a94f737931b0f84f2bf5d742735c
                                    • Instruction ID: ad166a72f96efdc0f819d85c7e77f16796ed018a3f7185c8339566e150656538
                                    • Opcode Fuzzy Hash: e87addf349ef40ca6bbbd322db40d3093746a94f737931b0f84f2bf5d742735c
                                    • Instruction Fuzzy Hash: 7881A031B10606CBD714EBA8C854B6EBBA3FFC4304F62856CD50A9B698DF749D0287D6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DEEA8, Relevance: .2, Instructions: 184COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7941928463503ff54a321905d3aaae1c671d960a5e9e0772264a95c6b32e8498
                                    • Instruction ID: f194b9476b590f1dec8a4b4b4df6506548fdb5e5c59fb458e58fdb5d8a6baafb
                                    • Opcode Fuzzy Hash: 7941928463503ff54a321905d3aaae1c671d960a5e9e0772264a95c6b32e8498
                                    • Instruction Fuzzy Hash: 6F717A34A20606DFDB14DF68C584BADBBF2BF48311F198469D856AB760CB71E8C2CB54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D0980, Relevance: .2, Instructions: 172COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0c30793b58a816ae666459ba28246dc79d421009b1fef1bee1f4de176dfd4554
                                    • Instruction ID: 107addeaca576e87c54862234278d0950e3428da09b10a87462e6a0dcd852839
                                    • Opcode Fuzzy Hash: 0c30793b58a816ae666459ba28246dc79d421009b1fef1bee1f4de176dfd4554
                                    • Instruction Fuzzy Hash: 7B51E331B282569FCB14DBA9C8547AEB7F2BF84308F24855AD4469F264CBB0AC45C781
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D02E8, Relevance: .2, Instructions: 170COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fb6010eeffd301d0c44cfe72de4f29777a19e13ce1cabee640ece4876013a637
                                    • Instruction ID: f75b0c82e8316165f15909bc947d65049c618f24744c06a598112c5ae5901d8d
                                    • Opcode Fuzzy Hash: fb6010eeffd301d0c44cfe72de4f29777a19e13ce1cabee640ece4876013a637
                                    • Instruction Fuzzy Hash: 08517D30A152068FDB48DF69D494AAEBBF2FFC8310F28846DD506AB761DB719C81CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D79E8, Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a94fd69294f08485000bc62d102244de358f730c4768bd8359d66836001355fa
                                    • Instruction ID: 7a0e04929be83ddb41439b67a0e1c138f24b495952a893442383e447a1c1a06f
                                    • Opcode Fuzzy Hash: a94fd69294f08485000bc62d102244de358f730c4768bd8359d66836001355fa
                                    • Instruction Fuzzy Hash: 5D31073192465ACFDF11CF54C854ADEBBB2EF85304F518494D909BB205DBB46B8ACF80
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D7638, Relevance: .2, Instructions: 159COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b4a2f3daad0408450cb19ffde634bf27d8e12939b75695f3f5e7f05d6cd95cc0
                                    • Instruction ID: 191c952765c69f8d20590ccecc389711fbd3c4d51433ca05d37061a7baeea70e
                                    • Opcode Fuzzy Hash: b4a2f3daad0408450cb19ffde634bf27d8e12939b75695f3f5e7f05d6cd95cc0
                                    • Instruction Fuzzy Hash: 0E515E35B102158BDB18DBBDC5505AEB7F3BFC4310B248969C40AAB358DA75AD82CB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D8938, Relevance: .1, Instructions: 147COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bbad302e353cf97a5db4a131cf9faee602c7dfac5e4d72bf82598b99d89a9c80
                                    • Instruction ID: f85a7d0cedbfc788b9ace526e2dbb023c3d75c5d6a08c5f215799af037600bd4
                                    • Opcode Fuzzy Hash: bbad302e353cf97a5db4a131cf9faee602c7dfac5e4d72bf82598b99d89a9c80
                                    • Instruction Fuzzy Hash: 875112B5D10219CFCB19CFA8C984A9DBBF1FF48310F24856AD85AA7394EB716985CF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D7F28, Relevance: .1, Instructions: 139COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fb31fa1032c2c1ffe3f0a7f4c1c9fed961808b576d44a5f3f215ffb8299f61dc
                                    • Instruction ID: 525d59b9ed1a142a3592c4be7e8c1739a40afd9cd6fe6fd9eae729c668db47a8
                                    • Opcode Fuzzy Hash: fb31fa1032c2c1ffe3f0a7f4c1c9fed961808b576d44a5f3f215ffb8299f61dc
                                    • Instruction Fuzzy Hash: 16513E34A10216CFDB14DF78D594BADBBF2FF85300F2441A9D80A9B695EB749C81CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D0BC0, Relevance: .1, Instructions: 132COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9f3ad282faac4824025668083bca4468e0b539d5b3ac6a39851afa6ab265af9d
                                    • Instruction ID: 171d562a1ce22e618463965758cc80fabab508bfaf3cabbf6dea330db64102dd
                                    • Opcode Fuzzy Hash: 9f3ad282faac4824025668083bca4468e0b539d5b3ac6a39851afa6ab265af9d
                                    • Instruction Fuzzy Hash: 5D41C731B241089FC715DB28D4146AEB7EAEFC5310F15C06AE806EF7B5CEB19D468791
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D1458, Relevance: .1, Instructions: 128COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 81c67c9b6ab5c005e9772465eb15421380198569cd9eaeb2ccee3210e6535714
                                    • Instruction ID: 545aaf64f20c9cf66bc8b9d26b017c3a11d51dccdf6e59b2ebc1e1551e9cbf4c
                                    • Opcode Fuzzy Hash: 81c67c9b6ab5c005e9772465eb15421380198569cd9eaeb2ccee3210e6535714
                                    • Instruction Fuzzy Hash: 7B51EE34A01219CFDB58DBA4D894B9CBBF2FF49300F1040A9D40AAB765DB78AE85CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5920, Relevance: .1, Instructions: 126COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ca0c0eca188d6f64527284519dc75527c838a529d3684e187affd780e29f35ac
                                    • Instruction ID: 3c0c8dd2789718758b60d505b2b37b23a903a28c96512eff75916d82879a5447
                                    • Opcode Fuzzy Hash: ca0c0eca188d6f64527284519dc75527c838a529d3684e187affd780e29f35ac
                                    • Instruction Fuzzy Hash: 7C41C530B353128BDB55E771941437E32DA9FCA510B298469E413DB388EFF4DC858791
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D8548, Relevance: .1, Instructions: 126COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b203ebe13ade098d827d7179f3b19dc2037444f13c002a5820a58941385117d4
                                    • Instruction ID: a781ab05aa2557f31fd14c143ae5dbdeb5742ea000390833fd4e155484f00f66
                                    • Opcode Fuzzy Hash: b203ebe13ade098d827d7179f3b19dc2037444f13c002a5820a58941385117d4
                                    • Instruction Fuzzy Hash: 5A41CF35A1010ADFCB14CFA8D584AAEFBB1FB44324F1582A6D5159B2A1D731A886CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D71B8, Relevance: .1, Instructions: 124COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ee83f6b6bf788eede12a4f53031b1e05776d54765827d5d5f2bad49feaa7c991
                                    • Instruction ID: 536edf6c41a37bc5b4bd9d66bd77a8281a6b064f4e1604844e1b4d48b5b7ef9b
                                    • Opcode Fuzzy Hash: ee83f6b6bf788eede12a4f53031b1e05776d54765827d5d5f2bad49feaa7c991
                                    • Instruction Fuzzy Hash: 9541CF34A11344CFCB49EF75D0405AD7BF2FB8E2107554168E90AAF786EBBA9C41CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DED00, Relevance: .1, Instructions: 115COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4dd57a0e409aace03c9a199a2325ef8e9d77468b04be6c129316040614f8c033
                                    • Instruction ID: 416bc9363b7421a280f1bf28c7106517cd2231a04ff02460448cf234c5fada6d
                                    • Opcode Fuzzy Hash: 4dd57a0e409aace03c9a199a2325ef8e9d77468b04be6c129316040614f8c033
                                    • Instruction Fuzzy Hash: F6410474E10209DFCB58CFA8C480A9DBBF5FF48314F2584AAE915AB355D771A882CF90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DB540, Relevance: .1, Instructions: 115COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 310106956eb7b0d9b2b2b70af6b59df6ce9b800bc25b83addc68dd5fdacad95a
                                    • Instruction ID: 2d0032ffea7ba951fc87fcd1f47062189782e103adfdee58adbff9c3657062ff
                                    • Opcode Fuzzy Hash: 310106956eb7b0d9b2b2b70af6b59df6ce9b800bc25b83addc68dd5fdacad95a
                                    • Instruction Fuzzy Hash: 22311371F106698FCB04DBA9C8A41AEBBF6FF88310F25442AE44AD7740D634EC81CB94
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D71C8, Relevance: .1, Instructions: 115COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c6e83c179dd998134262423532140e18d43e826336a6c43ba8d355f3ec1d3e6b
                                    • Instruction ID: 7ce03467713d5937c26217cf59e77ae997872ad0be6371f13a249f751f205b37
                                    • Opcode Fuzzy Hash: c6e83c179dd998134262423532140e18d43e826336a6c43ba8d355f3ec1d3e6b
                                    • Instruction Fuzzy Hash: DC41AE34B02304CF8B09EB66D0504AE7BF2FB8D2103544168E90A9F786EFB9DC45CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D0170, Relevance: .1, Instructions: 106COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5c6dca47b5a3702f9ca0b8118444cb8a4cc43b15c73a6f14890ca1f03c24023f
                                    • Instruction ID: 40617dc81c1fbafae20e45a26aff3b3c7421f6507ffc7ecffe4588414806e558
                                    • Opcode Fuzzy Hash: 5c6dca47b5a3702f9ca0b8118444cb8a4cc43b15c73a6f14890ca1f03c24023f
                                    • Instruction Fuzzy Hash: 98318D707052059FEB108B79D894A2A3BF9FFCA744F1404AAE506CF391EA71EC018B61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D09A9, Relevance: .1, Instructions: 105COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 84639913ff4c3ea3e72c4558662432ebaaaf1c25776b07eec5adef41c1d5f54d
                                    • Instruction ID: 1c58489cd8393fc1d7882950dc343ff92cf3c9b345514987a48158027673d56b
                                    • Opcode Fuzzy Hash: 84639913ff4c3ea3e72c4558662432ebaaaf1c25776b07eec5adef41c1d5f54d
                                    • Instruction Fuzzy Hash: 8F413C35B001059FCF15DFA9D498AADB7F6FF88304F258169E5169B368CB70AC06DB80
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D02D9, Relevance: .1, Instructions: 103COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fac4c8695b7ae04fae7d39cced7377b45d4b90e28ebcb0aff5829cb966807697
                                    • Instruction ID: 6d05ff85f06925c8601037b3c89b6365eadd8b16d1bd403f5b80a7cded06d94d
                                    • Opcode Fuzzy Hash: fac4c8695b7ae04fae7d39cced7377b45d4b90e28ebcb0aff5829cb966807697
                                    • Instruction Fuzzy Hash: B0411930A112059FDB58CF69D094BAEBBF2FF89310F14846DD906AB7A1DB719C81CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D43C0, Relevance: .1, Instructions: 102COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 559e218ecc76c566b21b50df0bc57d0dbc23257475809f82d87dcf06fb87f866
                                    • Instruction ID: 84556bb95a6a9392c172d55f661f18398cac181a39ec0a5bcc737ac226d79039
                                    • Opcode Fuzzy Hash: 559e218ecc76c566b21b50df0bc57d0dbc23257475809f82d87dcf06fb87f866
                                    • Instruction Fuzzy Hash: B9410531910205CFCB15EF68E8848DD7BF2FF8A30431584A9E4029F269DB75AD5AEB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DE638, Relevance: .1, Instructions: 101COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d204783c70060fef2133ec1adfe17f13952b0954dc5a37c9eab2fa4db2f6263a
                                    • Instruction ID: 5af596aafc01cdef00b47708d7177c3a3c8df52c7496c6af05c81a5581c57594
                                    • Opcode Fuzzy Hash: d204783c70060fef2133ec1adfe17f13952b0954dc5a37c9eab2fa4db2f6263a
                                    • Instruction Fuzzy Hash: 97315C75E24205DFDB54CF68C584AAEBBF5BF88210F168169D40AAB241DB71D881CBE0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D1290, Relevance: .1, Instructions: 99COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d0a186aceb8f633839c392d91392c93ff98317b92cc6616c5a1159958c5a0dbc
                                    • Instruction ID: fbf2efc0ed7a0a4be6e56cd21bb65c7af78aa31a71c4a3a2973e0efff7f6facd
                                    • Opcode Fuzzy Hash: d0a186aceb8f633839c392d91392c93ff98317b92cc6616c5a1159958c5a0dbc
                                    • Instruction Fuzzy Hash: 8741F434E14219CFDBA4DF64D884BADBBB2BB49300F1044AAD40AABB55DB74AD84CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D7628, Relevance: .1, Instructions: 95COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1c9b1c89018b2e2941c49491f6ef4b54a55de9b9d70d42a366d59666c4cd56ed
                                    • Instruction ID: e33f4b8e71f3dac2949d2e0160ad19d80223ebb62a48a395a9daa9ef4b7bd7cd
                                    • Opcode Fuzzy Hash: 1c9b1c89018b2e2941c49491f6ef4b54a55de9b9d70d42a366d59666c4cd56ed
                                    • Instruction Fuzzy Hash: 57314E35E1020A8FCB08DFB9C4548EEB7F2EF89304B148529C805AB355EB75AD46CB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D45C8, Relevance: .1, Instructions: 95COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b26c14d61c11e7cc48bd8c81592ab05b7e25aed690bdc0c29be11057ed6d73c5
                                    • Instruction ID: 28da52cbfcd07a12d140ab9d930e51ddd2b57d9a26b610352de972423cdc91ee
                                    • Opcode Fuzzy Hash: b26c14d61c11e7cc48bd8c81592ab05b7e25aed690bdc0c29be11057ed6d73c5
                                    • Instruction Fuzzy Hash: 88218531F2011B9BDB14EAA6D981AFFB3BDFBC8200F244126D61AD7144EEB0594587A1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DEBD8, Relevance: .1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bb0d31b3e0db7bcd4911c85d217ca8818ea0c5a67d46a6475c5d28c76f07e77f
                                    • Instruction ID: 92ac0240fc3367fbc176ae395bb730a0ec84f0d4622f3373413865119de83d23
                                    • Opcode Fuzzy Hash: bb0d31b3e0db7bcd4911c85d217ca8818ea0c5a67d46a6475c5d28c76f07e77f
                                    • Instruction Fuzzy Hash: DA413B71A24B51CFD339DB2AC544766F7E2BF84305F19C86EC0978AAA0DB76A481CF00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DE8B7, Relevance: .1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c6458a9bd04205e6952160982012330f71fd8b859d60d2a971e83046bce9fad8
                                    • Instruction ID: 44f6b1f8d1f08a0eea62b43ef37bb484bb08d78286e1440c210d87915916f97c
                                    • Opcode Fuzzy Hash: c6458a9bd04205e6952160982012330f71fd8b859d60d2a971e83046bce9fad8
                                    • Instruction Fuzzy Hash: 56318130B11309CFCB54DFB5C585AEEBBF6BF88200B504429E5469B790DA75DC82CB94
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D50E0, Relevance: .1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dc923bbbd1e61b704bfc099f4bb6a2b40a661864bef9669b230fb0746470bf68
                                    • Instruction ID: 00c66c8bc5ef1132271c55d1030520b6d57e4b452d0a1ec9f99ad4d87bfbf65d
                                    • Opcode Fuzzy Hash: dc923bbbd1e61b704bfc099f4bb6a2b40a661864bef9669b230fb0746470bf68
                                    • Instruction Fuzzy Hash: EF218070E143099FDB04DFA9C4146AEFBF6AFC9300F114529C40AAF354EBB09986CB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D8CA0, Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5e37858711faa18220852eae58edd4944f544869041a7b175a4a06a49ab13213
                                    • Instruction ID: 68c72860cad23ed1a3db70be3a8807acb82ddd037d2fa92429f05b03e275ab34
                                    • Opcode Fuzzy Hash: 5e37858711faa18220852eae58edd4944f544869041a7b175a4a06a49ab13213
                                    • Instruction Fuzzy Hash: 4D31BF31929349DFCB09CBB5C4956ADBFB0FF52304F2480AAD4029B2A9D6758A85CF52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D6FA2, Relevance: .1, Instructions: 90COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 65fd44a5dbb900dab775e70f42811b21c5bd28cb9a1d1ae35b271e6e7cebfa76
                                    • Instruction ID: f83617ad6ec9c64e4a53f41e16ba04995f4a8717f691bc0655090844472b4a68
                                    • Opcode Fuzzy Hash: 65fd44a5dbb900dab775e70f42811b21c5bd28cb9a1d1ae35b271e6e7cebfa76
                                    • Instruction Fuzzy Hash: 2A315D34A20346CBC729EB38E05496D7BA2FBC63047558A2DE1078F348DF799C4ACB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DE448, Relevance: .1, Instructions: 90COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0081f98e4a32ea35d96a6c9af621e5e81181a853e2721dcab352f3b1beccddb7
                                    • Instruction ID: 2c8bae500c4f52d49225a4a59b6aadf0345308f7a559ebff8917ddc36b433022
                                    • Opcode Fuzzy Hash: 0081f98e4a32ea35d96a6c9af621e5e81181a853e2721dcab352f3b1beccddb7
                                    • Instruction Fuzzy Hash: 2A3118302007068FC769AB38D4516AA77E3BFC52157748D6DD08A8FB98DE76EC078B85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D6FD1, Relevance: .1, Instructions: 89COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eb2d9acddca7fb31cede915f198885cf9adad338690580181ed76001c0d495fa
                                    • Instruction ID: deed02d4240d2772289a4295eab2cd875612cded3840fa06e8454f8425b81a5d
                                    • Opcode Fuzzy Hash: eb2d9acddca7fb31cede915f198885cf9adad338690580181ed76001c0d495fa
                                    • Instruction Fuzzy Hash: BD317235620346CBC719EB78E05449D7BA2FBC6204355896AD1068F348EF799D47CB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5B51, Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c5f6b3d3740248bec875c78b2cd4f4434ff255695c685e7c05923a9f91e76d6d
                                    • Instruction ID: 22936776bd754417227cfde1fc9d6aab929c4f3df11c67ccb21f6ecf05e1d925
                                    • Opcode Fuzzy Hash: c5f6b3d3740248bec875c78b2cd4f4434ff255695c685e7c05923a9f91e76d6d
                                    • Instruction Fuzzy Hash: BA21F831B242098FDB18DBB9C4505BEB6E6AFC9210F24443EC407EB345DEB1CD858BA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D43D0, Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a3187ae813ca6fa585f558d434a4ac4f8b5f9766e1b5423d258ae4400375dde1
                                    • Instruction ID: 737d03415a7792cdccd86dfb6433596d8f99ab79b580d9dfc8e5672ea81b3d65
                                    • Opcode Fuzzy Hash: a3187ae813ca6fa585f558d434a4ac4f8b5f9766e1b5423d258ae4400375dde1
                                    • Instruction Fuzzy Hash: FF31D435910205CFCB15EF68E8848DD7BF2FF893047158464E4065F369DB75AD9ADB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D0006, Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cfa757480ec9b5067a8b01655afd2787a2e2b208c77b35fd5421a2379716ffe0
                                    • Instruction ID: 5f5f4d73036507237f7354cbdc119e51642730bb8dcfa76eca5295c7ff02059c
                                    • Opcode Fuzzy Hash: cfa757480ec9b5067a8b01655afd2787a2e2b208c77b35fd5421a2379716ffe0
                                    • Instruction Fuzzy Hash: A031817091D382EFC706DB70E8A45553FB1FF82200B15899ED081CF166EA788D45DB53
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D55E8, Relevance: .1, Instructions: 85COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: da8ff71550a0ef3b19f5f79b6657d3309b134186d6786eed98a808086e88351f
                                    • Instruction ID: 111de08670e94ad5e8138a037d5240f11654343790fe9355bc9ececced540e92
                                    • Opcode Fuzzy Hash: da8ff71550a0ef3b19f5f79b6657d3309b134186d6786eed98a808086e88351f
                                    • Instruction Fuzzy Hash: 2121B330B202059FDB18DB78C4557AEBAF6AB89710F28006AE506EB3D1DFF14D858BD5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D6057, Relevance: .1, Instructions: 84COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bb230f7697b3f26b31cc28f2b0c54b53c8dfbb8b9d34c3a4a801bffe850f9b09
                                    • Instruction ID: 09ec920fceedcfc0b84aa3e93b0a3e2c26a74845125929cec331b1df80f83c32
                                    • Opcode Fuzzy Hash: bb230f7697b3f26b31cc28f2b0c54b53c8dfbb8b9d34c3a4a801bffe850f9b09
                                    • Instruction Fuzzy Hash: D02102307006058FD725DB7AC450BAAB7E2BFC9714F24856ED106CF7A5CB729C098791
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D8539, Relevance: .1, Instructions: 83COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4e363b9fe3962e3969edc3be1b5a621cf4f40b6f5f2f7c9eb00a4e3bbba8ff98
                                    • Instruction ID: 72d871e256a22f6740b6dfdb99baa9452530948972e16951ef277f750facc2d7
                                    • Opcode Fuzzy Hash: 4e363b9fe3962e3969edc3be1b5a621cf4f40b6f5f2f7c9eb00a4e3bbba8ff98
                                    • Instruction Fuzzy Hash: D121A531928389DFCB02CF74D8414ABBF75AE4331071684E7D9419F152E2B2A95AC7A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DAE28, Relevance: .1, Instructions: 81COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c433ccfea6cafe96470f61f28793a12ac3c3daa25941b47af8a71fb90449de74
                                    • Instruction ID: 39a4c79e18786b7913d5eb5eec65d75c31edc225c5c243c6c316e6f73ea6a955
                                    • Opcode Fuzzy Hash: c433ccfea6cafe96470f61f28793a12ac3c3daa25941b47af8a71fb90449de74
                                    • Instruction Fuzzy Hash: 37213B70F20256DBCB25EF75D840DAEB7B5BF88640F144979D002AB254DB71A981CBE1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5730, Relevance: .1, Instructions: 79COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3c232a49904ea67975388c1d653d0b0ff770bf1e38d2c1d69e696266035c91cf
                                    • Instruction ID: 9240cc5c98f4b2d49a0dcc1577769f7ef9781230262667487bd92331de77f88b
                                    • Opcode Fuzzy Hash: 3c232a49904ea67975388c1d653d0b0ff770bf1e38d2c1d69e696266035c91cf
                                    • Instruction Fuzzy Hash: E321D130E25209CFDB48DFB4D5406EE77B1EF86344B30856AC406EB294EBB59C46CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5831, Relevance: .1, Instructions: 79COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7f7f1002417d7aaa8ab361fe1c1f37bd9f0277590492a145571da76118fc15d3
                                    • Instruction ID: 18fe2bc11ee1f5fdaadfe8a237f0925ea1c1fa84049c4feec90887b6436f2e35
                                    • Opcode Fuzzy Hash: 7f7f1002417d7aaa8ab361fe1c1f37bd9f0277590492a145571da76118fc15d3
                                    • Instruction Fuzzy Hash: 26210434B242049BC718E7B9945487EB7EAAFC6210730443AD003DF355DEF08C4487A0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DE2E9, Relevance: .1, Instructions: 77COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 16edddd7494ae733facaf6581f3a65e9ac1bc319a0a850bd8d213fc0314f7fe8
                                    • Instruction ID: 3d364dfaf48c4507bdba152380abcf9e263c82255dcf28bd19589506e7b10624
                                    • Opcode Fuzzy Hash: 16edddd7494ae733facaf6581f3a65e9ac1bc319a0a850bd8d213fc0314f7fe8
                                    • Instruction Fuzzy Hash: E521D372A24615CBCB85CA6494003BEB7E6BF88200F16557AE406EFB40DB759CC18791
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D4F10, Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e354222f28e0b03657d02d3837f86470fdfad5a6ccabf78e62fb9aada8ac0f05
                                    • Instruction ID: 9f06aaa7ef286de279a3d3188fdf2e078988d3040438122a2b046005ba111279
                                    • Opcode Fuzzy Hash: e354222f28e0b03657d02d3837f86470fdfad5a6ccabf78e62fb9aada8ac0f05
                                    • Instruction Fuzzy Hash: 83219F31A392058FC318F666F5908B937A6FBC1310310892AD447CF579EFB4AD868792
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D21E9, Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d935b50fc3bd1bc914906970c9681092e6c203d5470ec5e15e1c8d22d7e20b41
                                    • Instruction ID: d9f5d8833a6e6fa4efa6f221f9e14cff9f18d79822ca0c2e6638757840175695
                                    • Opcode Fuzzy Hash: d935b50fc3bd1bc914906970c9681092e6c203d5470ec5e15e1c8d22d7e20b41
                                    • Instruction Fuzzy Hash: 05311830D2830EDFCB94DFA4C1496BEBBF1FB45300F1049AAE402AB264D6759E85CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D46A9, Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bdfb81b47049bd5dc59ea5a060393549439174f3bb546ada7e23c3ee2a79f1fd
                                    • Instruction ID: 81659af1216b6855bcea14543f1221986e84504e53747b37f700862607615d83
                                    • Opcode Fuzzy Hash: bdfb81b47049bd5dc59ea5a060393549439174f3bb546ada7e23c3ee2a79f1fd
                                    • Instruction Fuzzy Hash: 991108327652508FCB15E7B5A0106FD37A99FC7255B2400BBE006CB291DE76DC828791
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D25DE, Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5844278fac63e9f00bea4b9d6f9886c44cbcdc4e11cf34a0ddfe34401b212aa2
                                    • Instruction ID: a5d8fe7a4ab7546618f9c21f094cb9b065ad856b6c5e6f4525c74f8775f32567
                                    • Opcode Fuzzy Hash: 5844278fac63e9f00bea4b9d6f9886c44cbcdc4e11cf34a0ddfe34401b212aa2
                                    • Instruction Fuzzy Hash: A8317870A1434ACBDB60CF66D44465ABBF2FF84304F29C569C414AF258DBB4988ACF81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D90B6, Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 05721a99bc963ee5e5366488e9f66f17924c50edaa9025d0d3fff92992ef9c5b
                                    • Instruction ID: 379b6b040d3f1773347bb9767175504e4f3beb569b75623886f9b1ded6c60a93
                                    • Opcode Fuzzy Hash: 05721a99bc963ee5e5366488e9f66f17924c50edaa9025d0d3fff92992ef9c5b
                                    • Instruction Fuzzy Hash: B4315870E2034ACBDB20CF66E44565DBFB2FF84715F1989A9E004AB294DB7898C9CF45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DB531, Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b5cc96e862eac759d74ce856ab05c7f994e4016738e506c3646093c76c5354c3
                                    • Instruction ID: 794008af4bd8e291d7466e220bf51931d375f327af5c727c5455447e74b94603
                                    • Opcode Fuzzy Hash: b5cc96e862eac759d74ce856ab05c7f994e4016738e506c3646093c76c5354c3
                                    • Instruction Fuzzy Hash: 972107B6E142658FCB04CB98D8545AEFBB2FF8C310F15852AE459E3341D3349950CB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D61D1, Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 03f83dfc6ebf7c9e05db90f9ed8d8017be257540e08df873e46ca69c417fb505
                                    • Instruction ID: 8c5898ecab4f10ea11953abb8c64490e10f695d200ef189e6d5243a10e886d5f
                                    • Opcode Fuzzy Hash: 03f83dfc6ebf7c9e05db90f9ed8d8017be257540e08df873e46ca69c417fb505
                                    • Instruction Fuzzy Hash: 4721D535B341499FCB50DAB4C0147BE77E6ABC8620FA4003AD502EB744DE7898818762
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D4511, Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: db88cfce5f96cd46bd52f157b8b2ef92bc860500da2b76d0a6c78f103983e123
                                    • Instruction ID: 6aefe5b8fe05c553c4dfd111734fcc7a3dbc0eb3a624033051a3aa6071f9eb1a
                                    • Opcode Fuzzy Hash: db88cfce5f96cd46bd52f157b8b2ef92bc860500da2b76d0a6c78f103983e123
                                    • Instruction Fuzzy Hash: 1C110132E242008BCB15EA69E4005EFB7B69FD6310F04007EED06DB250DEB29988CB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5840, Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f502b33892b36762a8434ecc41526dfa7bac971dddae468619f26404d84c0c7f
                                    • Instruction ID: 62f248080fc70f7be6eca7d091964cdfcf5871863f1f2d4f3a0838b0fcdd2d47
                                    • Opcode Fuzzy Hash: f502b33892b36762a8434ecc41526dfa7bac971dddae468619f26404d84c0c7f
                                    • Instruction Fuzzy Hash: F511D3347202159BCB18E7BA945497FB7EAAFCA210B704939D403DF354DEF08C4543A1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D21F8, Relevance: .1, Instructions: 69COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f46346b82ab4ddf72f5de68c3e19651626e87aaf2c70351b7c050d15b3ce812a
                                    • Instruction ID: 750eb504c765b9291aaaf520411dd3399c2642018b7d8fc3bb88b1cc48189269
                                    • Opcode Fuzzy Hash: f46346b82ab4ddf72f5de68c3e19651626e87aaf2c70351b7c050d15b3ce812a
                                    • Instruction Fuzzy Hash: ED211B30D2830EDFDB54DFA5C1496BEBBB1FB44300F10496AE412AB254D7759A85CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D50D0, Relevance: .1, Instructions: 69COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e20343ef0aece980adf6791ca47a57e881983474997ac956ec54c83f1b614b69
                                    • Instruction ID: c33aa8e04cba29963800bf5bf4ba15baa30f264eb7b812818cf1e72dd76d6490
                                    • Opcode Fuzzy Hash: e20343ef0aece980adf6791ca47a57e881983474997ac956ec54c83f1b614b69
                                    • Instruction Fuzzy Hash: C5115E71D15309DFDF00CFA4C4546DEBBF6AF89310F214429C509AB211E7B4A58ACF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DE760, Relevance: .1, Instructions: 68COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a8c973b3776586b88492e56defbe6b22bddd386ee34b2b3baa2cf833395f9ba0
                                    • Instruction ID: 2022a525bbd3cb1fcbc74b8ef2b007074a319c947a8a46417d1ed682dde5918b
                                    • Opcode Fuzzy Hash: a8c973b3776586b88492e56defbe6b22bddd386ee34b2b3baa2cf833395f9ba0
                                    • Instruction Fuzzy Hash: A921C330A20115DFDB94DF98C8409BEBBF5FF48610B22806AD40AEB240D770AD81CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DAE19, Relevance: .1, Instructions: 67COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b4616e029f28ab30bb15ad72cdff5de17e68411221149b5d4a182625bf3f30f4
                                    • Instruction ID: 971e8b9ededb286bdd0317d6ca4da9cb3758d371bd55603d2edf724d2364ae5b
                                    • Opcode Fuzzy Hash: b4616e029f28ab30bb15ad72cdff5de17e68411221149b5d4a182625bf3f30f4
                                    • Instruction Fuzzy Hash: F811BE70F24216DFCB24DFA4D841EAEB7B1BB88640F14497AD002AB284DBB09D40C7E0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5000, Relevance: .1, Instructions: 67COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d74c761ec3cb87af5e6b433a90997ebdbcdc2e61dcfa8c50e442c950553ee3df
                                    • Instruction ID: 6919acf4218bac3408fede7295c834a922aa3f3d8722232cc01fbab78fc4e94f
                                    • Opcode Fuzzy Hash: d74c761ec3cb87af5e6b433a90997ebdbcdc2e61dcfa8c50e442c950553ee3df
                                    • Instruction Fuzzy Hash: 4211E931F24216CFCB54EBB8A45066D77E6EB8A2017654579C406DB384EFB09C42CBD6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D48C6, Relevance: .1, Instructions: 67COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a1cef1461d329fa2c836d81c0d8aa3fc32bd1bfa577fd68137655609478fc2e9
                                    • Instruction ID: 41837899836d642586d3e51244d7aeaa25bbad97d69ccfc7ab3a56b4acea9d81
                                    • Opcode Fuzzy Hash: a1cef1461d329fa2c836d81c0d8aa3fc32bd1bfa577fd68137655609478fc2e9
                                    • Instruction Fuzzy Hash: FB11A332B2821ADBCF44EA76D8508FEB7BBAFC5210B04443AD907B7244DE751E4687A1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03380846, Relevance: .1, Instructions: 64COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604696561.0000000003380000.00000040.00000040.sdmp, Offset: 03380000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 119fcb1af4650565b038b4cc9540b9b9d89d52221c2ed6c0c3e9e59eb8e5cc8e
                                    • Instruction ID: 312b4db4f04a23d9a2a01640af855215d6a0d42e722faf0dd92c99bd33b2a5e4
                                    • Opcode Fuzzy Hash: 119fcb1af4650565b038b4cc9540b9b9d89d52221c2ed6c0c3e9e59eb8e5cc8e
                                    • Instruction Fuzzy Hash: E9216D3550D3C0AFD71BCB20C890B55BFB1AF47204F1D89DED4858F6A3C62A985ADB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D8928, Relevance: .1, Instructions: 64COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8367effed3546e4719eb30170a3eda85f6fe6a1ab337212de12a898834d0c555
                                    • Instruction ID: 1ad5972e2c1347e51b1033aba0573da902097c97a40b592a3a074306696bf0b4
                                    • Opcode Fuzzy Hash: 8367effed3546e4719eb30170a3eda85f6fe6a1ab337212de12a898834d0c555
                                    • Instruction Fuzzy Hash: 7E217B32D10209DFCB15CFA8D444AE9BBF1EF49300F1540AAE19297265D7701C46CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D54F8, Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 34ba812969dfd7b5a30ef5559c8a152ffad40e5b4c34236a683cefa7ab628fea
                                    • Instruction ID: 3b71aff67591972d73535760ba26b05e1c84b61b25683357490e7805a1956d6b
                                    • Opcode Fuzzy Hash: 34ba812969dfd7b5a30ef5559c8a152ffad40e5b4c34236a683cefa7ab628fea
                                    • Instruction Fuzzy Hash: 71119371E222058FCB18DF78E8415EE7BF6EB8A304B20542AD505C7255EBB55A42CF81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DE750, Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e3c4e39febd3f3b76efc511f08a6abb6851876d67628c1b8e86620cdc235a9bd
                                    • Instruction ID: 6f42de70be179d367ac929667890f8a080861029e08c9741d9f6c18949bf27d3
                                    • Opcode Fuzzy Hash: e3c4e39febd3f3b76efc511f08a6abb6851876d67628c1b8e86620cdc235a9bd
                                    • Instruction Fuzzy Hash: F4118475935105DFDB94CF58C9419BEBBF9EF48211B22806AD40AEB201D371A981CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DCD78, Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8047f543d111f4f052101f91e45c3d7c5c24f3afd6cba986229031fd1e670210
                                    • Instruction ID: 9ce700c17a5db14ee220affe92b15e04d9be26882e10c9d586185b55bd5de5ef
                                    • Opcode Fuzzy Hash: 8047f543d111f4f052101f91e45c3d7c5c24f3afd6cba986229031fd1e670210
                                    • Instruction Fuzzy Hash: 47119174B10115ABC748EB69C850A6EB7E7EFC87107288079E806DB354DE71EC42C7D0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5DE8, Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f7f906aea78e6b6ab2b655ba849b11d9f4dbcbfe324e73aeb3f5adf2e43a8cd3
                                    • Instruction ID: 9371dbb755e9f8a48a7f74942db0c5ce5ae5dbfc7a755c07b99c1f12c3473e4c
                                    • Opcode Fuzzy Hash: f7f906aea78e6b6ab2b655ba849b11d9f4dbcbfe324e73aeb3f5adf2e43a8cd3
                                    • Instruction Fuzzy Hash: AB112530A383058FCB65F77494504AD77AAAFC6520B644A6FD4138F585DFB8884683D6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0338087C, Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604696561.0000000003380000.00000040.00000040.sdmp, Offset: 03380000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7d8ebc68778774e6cd30ef7321c4a45e04f56dcd882bee3cec32a0d56feda1d9
                                    • Instruction ID: 03caddcfa81e3d13c0cb4a8c8b6ac0969615e42a824ef5f6ce3c5bb6575c563c
                                    • Opcode Fuzzy Hash: 7d8ebc68778774e6cd30ef7321c4a45e04f56dcd882bee3cec32a0d56feda1d9
                                    • Instruction Fuzzy Hash: F3110634204340EFD719DB24D980B26FB99EB88718F28C9ADE9494B653C37BD847CA91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DCEA8, Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7d9c77a6cbe14251e484c7c0e3716f6c3a16407c8f2afeaa90f6e2643524b735
                                    • Instruction ID: b9ab4957f3eb787b854a53b452e6070da9775dab003cb0cc53698365156fe47e
                                    • Opcode Fuzzy Hash: 7d9c77a6cbe14251e484c7c0e3716f6c3a16407c8f2afeaa90f6e2643524b735
                                    • Instruction Fuzzy Hash: 18118230328252CBC615E738804047EBBD3ABC1704794896EE04B9F684DEB6D847CB96
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D238F, Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5b6236ffb1e8bc3bfac9db49d832b614ebf74c3de0d88ed1eca1cf4ab60f09fd
                                    • Instruction ID: c2ddc2773c6d352ebf04c4b68bc05bb98fbcc34e451d3752a45d55ca7da63c23
                                    • Opcode Fuzzy Hash: 5b6236ffb1e8bc3bfac9db49d832b614ebf74c3de0d88ed1eca1cf4ab60f09fd
                                    • Instruction Fuzzy Hash: 0D113770824389CFCB28CFA4C555AAEBBB1FF45304F2049AED842A7740EBB15986CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DE159, Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2fc386df64524b7f7b893df19bb3b8a258249967531a8fd516c913e6b92a14ae
                                    • Instruction ID: 7aeeb3d653ff4f7f6818ee84f442961477233f503e553c0627865f1fc253ee1e
                                    • Opcode Fuzzy Hash: 2fc386df64524b7f7b893df19bb3b8a258249967531a8fd516c913e6b92a14ae
                                    • Instruction Fuzzy Hash: 4A014971B102119FDB1857B5A80896F779AFFCD714721053DE406DB344CD75CC0283A1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D11DF, Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 873705bdcba6a20b74b07a52ab608a86de74757101845a5ec98d727677d466f0
                                    • Instruction ID: 6d8d5c80f184f5fd94d2c66174a3a4b7a36f8e1b77de5bc32f4640648388c304
                                    • Opcode Fuzzy Hash: 873705bdcba6a20b74b07a52ab608a86de74757101845a5ec98d727677d466f0
                                    • Instruction Fuzzy Hash: 6B11A530328290CFC746DB38D0688A97FF6AF8720172541EBD046CF676CBA66C49C751
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D4FF0, Relevance: .1, Instructions: 54COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 00f1486944693589d35cc353174b984e6e3e3b8364d26539b7d71a8022da1825
                                    • Instruction ID: 398c47f84057f45c5b96dbba689b826b5a641b628bd3f54dca6859699f075130
                                    • Opcode Fuzzy Hash: 00f1486944693589d35cc353174b984e6e3e3b8364d26539b7d71a8022da1825
                                    • Instruction Fuzzy Hash: 6A01C031E3420ACFCB54EB74B8406FEB7EAEB8A211B64443AC505D7240EBF04985CBD2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0153AEC0, Relevance: .1, Instructions: 52COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603268482.0000000001532000.00000040.00000001.sdmp, Offset: 01532000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f1e47da6e7ffa4d547fc207da722c534a6e1f96a32ae19402e06ac2fbdc28af7
                                    • Instruction ID: 57b054335c8efb1e2757c6a523da2a9658483c6f4e1e068363283f1fbf20782e
                                    • Opcode Fuzzy Hash: f1e47da6e7ffa4d547fc207da722c534a6e1f96a32ae19402e06ac2fbdc28af7
                                    • Instruction Fuzzy Hash: CC11ECB5608301AFD350CF09D881A57FBE8EB88660F04C92EFD9997311D231E9088FA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D4789, Relevance: .1, Instructions: 52COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d0e7c24d239cf2181012641154a22e0e505324622c7fe6bfde7c4b8be415c49c
                                    • Instruction ID: cf721983ea269e565f1bd8256fc32647f48358678b0b9f0f70f265fd333aaf8e
                                    • Opcode Fuzzy Hash: d0e7c24d239cf2181012641154a22e0e505324622c7fe6bfde7c4b8be415c49c
                                    • Instruction Fuzzy Hash: 9B018431E002098FCB95DF78D5546EE7BF6EF89250F20447EC449E7254EE354A06DB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D8830, Relevance: .1, Instructions: 51COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3b6e44ba6c15e8cde0ff13396a3932f74fe92142207b54823ab205dca02ee821
                                    • Instruction ID: 36cbaa6ec54d3082f902635c83840bba3e76c1170ebc139176283e5729228335
                                    • Opcode Fuzzy Hash: 3b6e44ba6c15e8cde0ff13396a3932f74fe92142207b54823ab205dca02ee821
                                    • Instruction Fuzzy Hash: 0701D230A2420CDFC718DF24E850ABF7BF29B88304F19446DC006EB644CBB1AD428B81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5740, Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1798decb5e1b6be6a684f2a41e47f58fb98a239395024443c00fc53c17a74b02
                                    • Instruction ID: 8f10ae60f2bdef3949ea88e351d5ab778035f4eb44d6dc190931bd3ae3f826d2
                                    • Opcode Fuzzy Hash: 1798decb5e1b6be6a684f2a41e47f58fb98a239395024443c00fc53c17a74b02
                                    • Instruction Fuzzy Hash: 7E11A130E21209CFE718DFB0E5406AE77F5FB46244F30402AD405E7284E7B59D82CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DE168, Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 91042eac8f2fcdc1de9f6ca0704a890b0c5cee1d210e7eb7ddd1bd610fc4b8b9
                                    • Instruction ID: ae82f2f2d1c8d747bf0c4e4bf6c96c98848d89c07bd9097477f7577f32d1e560
                                    • Opcode Fuzzy Hash: 91042eac8f2fcdc1de9f6ca0704a890b0c5cee1d210e7eb7ddd1bd610fc4b8b9
                                    • Instruction Fuzzy Hash: 8601F231B102259BCB2867BAA80852F7A9AFFC96247214939E406CB348DEB5CC0183A1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DAD90, Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c3a3363211c829b9827f57a05d7392eea0f3a7a5d10a93d8ad51e7d1663ee4f6
                                    • Instruction ID: 44095fd8c3fe4b6e82cc92516f81ee1b8f060899577613a1510cb4b55b4e0ee0
                                    • Opcode Fuzzy Hash: c3a3363211c829b9827f57a05d7392eea0f3a7a5d10a93d8ad51e7d1663ee4f6
                                    • Instruction Fuzzy Hash: 7D01D431A24208CBCB18CA54C451EBFBBB19B85315F24446EC417A7648CFB1AD82CBD1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D8840, Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ec853d7141fbdac00ee00eb725b2eda9cb8e5717c119a93fdfc3b56a9eb7ed89
                                    • Instruction ID: c5fcd74da12fc272909139d463c3a2511261ac57bd325f78160b99cbcb765c9d
                                    • Opcode Fuzzy Hash: ec853d7141fbdac00ee00eb725b2eda9cb8e5717c119a93fdfc3b56a9eb7ed89
                                    • Instruction Fuzzy Hash: D101B131E2410DDBDB18DB54F850ABFBBB29BC4314F18446EC516E7640CBB1AD428BD1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DAD80, Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7f5b64bc59a61e8b30055008b92e36318e56d9f837b82e9174d678ed45a2165e
                                    • Instruction ID: 69c7c2a3e284c552eb85acb21b18d1753c2c7f308f52fba2d3a95a92bf5b9e8d
                                    • Opcode Fuzzy Hash: 7f5b64bc59a61e8b30055008b92e36318e56d9f837b82e9174d678ed45a2165e
                                    • Instruction Fuzzy Hash: F701D831A346048FCB18CA14C551F7FBBB19B85215F24442DC407B7648CBB19D8187D1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DAF50, Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0f9dd6b3d44b5b310b9f3adc90fe38cfd7d978f14c88d8b565469587f252f623
                                    • Instruction ID: 94dab1ef13ab2e87f43d46bd758f5b29ab45c0a5f29ca50e45e9e47302f2f527
                                    • Opcode Fuzzy Hash: 0f9dd6b3d44b5b310b9f3adc90fe38cfd7d978f14c88d8b565469587f252f623
                                    • Instruction Fuzzy Hash: 0101A2B2E103099FCF50EBB9E801B9EBBF5EB44210F10417AD608D7280E7315A84CBD1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D6E90, Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 529af4d6ef206cddb9c024eab1d61fcdd642d3b1d52e88e362a472a90fcfb98b
                                    • Instruction ID: d32eb6f469122b97eb6ed4e760aac9613f3250bce8a4bc56f00dce43a43d71e9
                                    • Opcode Fuzzy Hash: 529af4d6ef206cddb9c024eab1d61fcdd642d3b1d52e88e362a472a90fcfb98b
                                    • Instruction Fuzzy Hash: 94015670E10209CFCB54DBB8D950BEABBF4EB86304F64487AD505DB290E7759A85CB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033805CF, Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604696561.0000000003380000.00000040.00000040.sdmp, Offset: 03380000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f0daa4f6ed749134357593a8ff6ee1e4452be4fa883eac6c554d962848c1f9e3
                                    • Instruction ID: 11ca593b45fde43d19f024982501f442b6f26eb0c63a861fe5245a44afdbbba2
                                    • Opcode Fuzzy Hash: f0daa4f6ed749134357593a8ff6ee1e4452be4fa883eac6c554d962848c1f9e3
                                    • Instruction Fuzzy Hash: 0D01DB765097809FD7128F16DC41862FFB8EF46620709C4DFEC498B612D235B904CB72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D6EA0, Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fb2d8a6e6083734591098dc0636259e73e8912f62e870d42323b3c5e91815f1e
                                    • Instruction ID: 5e425f37e529e01b92685d2ef40393d818f618d338fc6e0ad6b5db26c3f7652a
                                    • Opcode Fuzzy Hash: fb2d8a6e6083734591098dc0636259e73e8912f62e870d42323b3c5e91815f1e
                                    • Instruction Fuzzy Hash: 15018B71F102098FDB50DBB9E8407EEBBF4EB84220F50057AC608D7280E7749A81CBD0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DA700, Relevance: .0, Instructions: 44COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fdf4a6616b9659148e633bd991654a60bdf52c0df7f23669c6a74d8e7542f035
                                    • Instruction ID: caceb6d48b21837c16e7865f778a43a15c8a72ad72c394bbeb44cf383fa1bfd6
                                    • Opcode Fuzzy Hash: fdf4a6616b9659148e633bd991654a60bdf52c0df7f23669c6a74d8e7542f035
                                    • Instruction Fuzzy Hash: 5FF0817232825157D61596BD9D40F7F5A9B7BC4220B74431EA01ADF2CDDC748C014362
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D4710, Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1478698ba47e557f20be6ba228e1b1aacb2a3cd3467a2ef797a95d651a97f1b0
                                    • Instruction ID: 6812bd56091f4a4cbd765bdd2483107fbe66a47e785df5659306808e5eec54a1
                                    • Opcode Fuzzy Hash: 1478698ba47e557f20be6ba228e1b1aacb2a3cd3467a2ef797a95d651a97f1b0
                                    • Instruction Fuzzy Hash: BDF050367313508BDA25B6B654003BD32CA9BC6555F54007ED109CBB80DDB5CCC24351
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DCA81, Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dff6f4ffff86c0a776e0901eb911824a8c8745f85d823bace1f7a6cb2df0e175
                                    • Instruction ID: 26b5e155baad1715a449bc78d4c99ede90c4d137e370acce1ce40c058e50610e
                                    • Opcode Fuzzy Hash: dff6f4ffff86c0a776e0901eb911824a8c8745f85d823bace1f7a6cb2df0e175
                                    • Instruction Fuzzy Hash: 17014731B00320DFC70ADB38E05572C7BA7FB8A201F1604A4E406CB399EB389C92CB84
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D1218, Relevance: .0, Instructions: 42COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7ff2f2e628394ef333ab97c6db4bb862364339aea0b2035297fb282751084d2e
                                    • Instruction ID: 05bd3018ca5fa52991ac8ea0192cf13d13d9ec61b466074e833247a219184b76
                                    • Opcode Fuzzy Hash: 7ff2f2e628394ef333ab97c6db4bb862364339aea0b2035297fb282751084d2e
                                    • Instruction Fuzzy Hash: 15013130334120CBC748DB6DD0589697BEAFFC5711B2540AAE406CBB74CFB6AC598781
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D7870, Relevance: .0, Instructions: 42COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 64adb5a8f5ccf91575b4cec30897cec30f93862b9b5faf3b5b46507b4e0179ec
                                    • Instruction ID: 811a4c3700158fa0a0097aaebe2fe8f47f0d388a65380fca9ee9f003140ef6a1
                                    • Opcode Fuzzy Hash: 64adb5a8f5ccf91575b4cec30897cec30f93862b9b5faf3b5b46507b4e0179ec
                                    • Instruction Fuzzy Hash: 77F08B323282514BCA05AEBDBC806BD2B477FC1220774436E911ADF3CDDD544C028362
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DB0C0, Relevance: .0, Instructions: 42COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6eff7f7f5dc8e86b275e8ae8ddacf20fa48a3ffaac2b0bd749cff75cfed6ac16
                                    • Instruction ID: 1f3b9c5868be7f8da3884c98840ff8fce9ac39bb8be7245fbf50af6547498b02
                                    • Opcode Fuzzy Hash: 6eff7f7f5dc8e86b275e8ae8ddacf20fa48a3ffaac2b0bd749cff75cfed6ac16
                                    • Instruction Fuzzy Hash: 2801D676620301CFC710E774E5156587BA3EFC8215B164569D407DB354EF39DC428741
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DAF42, Relevance: .0, Instructions: 41COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cf38c6a66f6f07c1cead0f73a4f62657940da8497b69083232d53be4575012b8
                                    • Instruction ID: bb11df943868e409525c7002538d8264dfc91fed811d7fcbb8b25660f1477fad
                                    • Opcode Fuzzy Hash: cf38c6a66f6f07c1cead0f73a4f62657940da8497b69083232d53be4575012b8
                                    • Instruction Fuzzy Hash: 3801A2B1E1030A9FDB50EBB4DD01B9EBBF5EF04200F204565D514E7280E7358984CBD1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D87B0, Relevance: .0, Instructions: 40COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 64b90113f668bfd3cdc658212aa4eeebc9ae35e5f5f8d803bbeb2f187b5999f9
                                    • Instruction ID: 5b299d984c98aacf116c62a633269d939369e17e4d9db8efd4a0aab2325546cd
                                    • Opcode Fuzzy Hash: 64b90113f668bfd3cdc658212aa4eeebc9ae35e5f5f8d803bbeb2f187b5999f9
                                    • Instruction Fuzzy Hash: 1C0108B4D44209DFDB04DFADD590ADEBFF2EB48300F2081AAC808A7354E7345A41CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D7880, Relevance: .0, Instructions: 40COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 90d71dfec3a5d2a4193d1aae1eaab480377d621eb15dd12e37985abba5fe438d
                                    • Instruction ID: 70dae70367551025446d72ac4c647bc885e8e23da56b262339b79c0930ed7489
                                    • Opcode Fuzzy Hash: 90d71dfec3a5d2a4193d1aae1eaab480377d621eb15dd12e37985abba5fe438d
                                    • Instruction Fuzzy Hash: 74F02E3132811557C904AA6DBC8097E768BBBC5230774432DA11ADF3DCDD558C4183A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DB0D0, Relevance: .0, Instructions: 39COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 55da2e0144f1b099e68cd61ad57efaf8216eccb1c4d4f1632eaaa1462cb1c6d4
                                    • Instruction ID: 03026b8da77891d4bb2678cffc387ba9720e20e852f2b9bcbed0be5871d32209
                                    • Opcode Fuzzy Hash: 55da2e0144f1b099e68cd61ad57efaf8216eccb1c4d4f1632eaaa1462cb1c6d4
                                    • Instruction Fuzzy Hash: 10F0F930320305CBC700FB78E4298287BA7EBC8220B168538E00BCB318EF76DC428B81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D68E0, Relevance: .0, Instructions: 38COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 85cb3add45769b0b62f9a085adf978cd2d2947663ef894df262fcf88dc774acd
                                    • Instruction ID: 8d10897fb711d6ae21af952818061496f1b83a9b58933f4650061bcd079727d1
                                    • Opcode Fuzzy Hash: 85cb3add45769b0b62f9a085adf978cd2d2947663ef894df262fcf88dc774acd
                                    • Instruction Fuzzy Hash: 1EF0E231B38116DBCB14D23598105FFB7E587C9190F808466C90BD7244EEA55E8686D2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5CD0, Relevance: .0, Instructions: 38COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1718d7b3832aa498d3ebd4fa4e04b3d704c8fe5da07f0c3b0b2c87025410a482
                                    • Instruction ID: 4b3f375a6fb590db48491cbfeedc97fac12d289be09d8ec1232fb864834713bb
                                    • Opcode Fuzzy Hash: 1718d7b3832aa498d3ebd4fa4e04b3d704c8fe5da07f0c3b0b2c87025410a482
                                    • Instruction Fuzzy Hash: D6F06271E112098F8F94DF7C94456EFBBF5AFC5214B15012AD409E3305EB344941CB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DA691, Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bf44f16c40823c12acd1372521fe383b4dc3a0c0f20dae323585d1bcf76e9290
                                    • Instruction ID: 1765364fe31dafc7981cac8c4a439b355a2cfb1e2e0deb61e917e838bce92c4c
                                    • Opcode Fuzzy Hash: bf44f16c40823c12acd1372521fe383b4dc3a0c0f20dae323585d1bcf76e9290
                                    • Instruction Fuzzy Hash: EFF0FCB2724241CFCB169678A8155693BA2BBC531531B446EA006CF650EA398C078B95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DCD68, Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 215c635ec8a6f6c76ba644efddcc2da7311a4700778c9be9f9dfa632bcd3b892
                                    • Instruction ID: 93209f6ea1f9e0c1d10c0d22992925ff52a0f90949536cb2a2218efe0d1c0333
                                    • Opcode Fuzzy Hash: 215c635ec8a6f6c76ba644efddcc2da7311a4700778c9be9f9dfa632bcd3b892
                                    • Instruction Fuzzy Hash: 8DF0AB727192316B8269A16D582066F3BAFC7C8A30359013BF006EB748DE21EC4283E9
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D6459, Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 848e025e00d4d78b1e64ad9ab52db0a26e2b1c075ac44d804bd0193d939ee23d
                                    • Instruction ID: ff00d92b96229bd81bdaac8ab3637d8f74d80f7e15188baa997f4c08ea6720b0
                                    • Opcode Fuzzy Hash: 848e025e00d4d78b1e64ad9ab52db0a26e2b1c075ac44d804bd0193d939ee23d
                                    • Instruction Fuzzy Hash: C6F02E34F30206DFDB24CA28D9209FEB3F9DB84260F80016EC806E7244EA290D8186C2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D68DA, Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d41406bcd268988f3571a15d2a52c7c8e45304ef73d97ef0ba941fe4ad751b0d
                                    • Instruction ID: d97dd49b7d237bf0fa4d4f6f7cf7c9ec38bc35ad680485959961312105e4af88
                                    • Opcode Fuzzy Hash: d41406bcd268988f3571a15d2a52c7c8e45304ef73d97ef0ba941fe4ad751b0d
                                    • Instruction Fuzzy Hash: 78F0E231A342169FDB54C638A8409FFB7F9D7C5260F80447BC90BD3244EB745A468AE1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D55D9, Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 77bcfb94d4e8aecdb177e315701e429d1b67c2d9187f3dd17b843335d48a88e0
                                    • Instruction ID: 796862f0c2c12c3bbc96186a4a2354d991a614c8abdb6cafeb769ea929687c36
                                    • Opcode Fuzzy Hash: 77bcfb94d4e8aecdb177e315701e429d1b67c2d9187f3dd17b843335d48a88e0
                                    • Instruction Fuzzy Hash: B4F0E572B042086FCB10D978E8409EBBBFEDB85330F1400BFD905D7101FA62A61586E1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DEB69, Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1d77d6dda1aa99822e05a5a7bc527dd8855e3ae6aa149f1162fdf01cc76decda
                                    • Instruction ID: 3baa87729ba68efea8187f58a5f1c97660a0d176375037b9f1a695db0187774f
                                    • Opcode Fuzzy Hash: 1d77d6dda1aa99822e05a5a7bc527dd8855e3ae6aa149f1162fdf01cc76decda
                                    • Instruction Fuzzy Hash: 99F0ECE39396544BEB21C1585CCC7B56B89B744321F0F01B7D45BDF382D5A868C043A1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D0918, Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 50950ec728d493bce91f32170c725dd470dac683eaafb8cdb7564dcb470c6687
                                    • Instruction ID: f8dbe66757b0971fa2d963e2237c737f1c645d66e718cfbc8eb1f1fb7e32dab7
                                    • Opcode Fuzzy Hash: 50950ec728d493bce91f32170c725dd470dac683eaafb8cdb7564dcb470c6687
                                    • Instruction Fuzzy Hash: 15E02B32F3525C9BDB10D5F598041EFBBA99786A60F01C47B9E4BE3354D9F0888542D2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D45B9, Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0f48b973bd254755d5ce741be30c8226ce9049e459543f821214d934385668ee
                                    • Instruction ID: f48b503feea3c067bf55a66c4b648637e80a67621a1f59cb6ed4c333beb9f7b7
                                    • Opcode Fuzzy Hash: 0f48b973bd254755d5ce741be30c8226ce9049e459543f821214d934385668ee
                                    • Instruction Fuzzy Hash: D4F0E231E0135A9FCB60DB78AC01AEEBBF8EF86210F1441BFD508D7151E6705918C761
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D4700, Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4e9c1964d67e4e874ca87d19b3cb202853120fa0b8fa9afce2c9280e7bed4473
                                    • Instruction ID: 71fb7a12fa24826c3204c563ffa7050a40b10b7371c3e0b69e2bca881171767c
                                    • Opcode Fuzzy Hash: 4e9c1964d67e4e874ca87d19b3cb202853120fa0b8fa9afce2c9280e7bed4473
                                    • Instruction Fuzzy Hash: D4F02B32665340CFDB52E675A4007F533A9DBC7258F5404BFD045CB652ED769C834750
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D3BC4, Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f0ce2652825a3bdf36b1039af56fc74e5e300e53568f6146a34bee6b51591fae
                                    • Instruction ID: fca26dd96d11180e5fc41f7ef183dec5f777a2695debd09723c3350226df5fd6
                                    • Opcode Fuzzy Hash: f0ce2652825a3bdf36b1039af56fc74e5e300e53568f6146a34bee6b51591fae
                                    • Instruction Fuzzy Hash: 39F08235F24209CBCB00DF98E5805ECBBB2FBC4310B600556D115DB258DBB4DD818782
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5FD0, Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ac35727831224e3d7dcfe3ccd373dd23af04255b3a11d3b00a30952297fb1720
                                    • Instruction ID: dfce21d3e701692de413b152182935ad4cc61b6590d96bd27c860c41c3fa7e5a
                                    • Opcode Fuzzy Hash: ac35727831224e3d7dcfe3ccd373dd23af04255b3a11d3b00a30952297fb1720
                                    • Instruction Fuzzy Hash: 43F01D71D153499FCF61DFB8A8455EEBFF5EB89314F11407AD415E3600E33546158BA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03380938, Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604696561.0000000003380000.00000040.00000040.sdmp, Offset: 03380000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c3f6f7c96804cda76668e35a3bbcf86681c06fe62140db942cdcb6afdd34f29c
                                    • Instruction ID: 61cf44d6f92a9c742294d02f121ddab6ab07becc3146d51d7a0c63b9213f469c
                                    • Opcode Fuzzy Hash: c3f6f7c96804cda76668e35a3bbcf86681c06fe62140db942cdcb6afdd34f29c
                                    • Instruction Fuzzy Hash: 79F03135204644EFC306DF00D980B15FBA6FB89718F24C6ADE9891BB62C337D813DA81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DC2D8, Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b43d5f419224e53981d175b9fde82fc12d4d4b170366af54665dca927441d619
                                    • Instruction ID: 6ef5224b584a2175dceac2ceecce542374aa8fed5905f22b98a7f49cdfe9ef79
                                    • Opcode Fuzzy Hash: b43d5f419224e53981d175b9fde82fc12d4d4b170366af54665dca927441d619
                                    • Instruction Fuzzy Hash: 44F03A36204B509FC331CF69D544813BBF5EF8A6203158AAEE09AD3A21D270F809CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D6120, Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2c4722a38a15eb21e164cdd0f45b3089389c831b1981cb6dc6513fc091381ca5
                                    • Instruction ID: 4ffad70bd6e244da20d587c29e66a122bc361255f44a2d603f564fe74666a67f
                                    • Opcode Fuzzy Hash: 2c4722a38a15eb21e164cdd0f45b3089389c831b1981cb6dc6513fc091381ca5
                                    • Instruction Fuzzy Hash: 4FF0E5317543575FC366D2785420A6AB7BAABDA611F1504BFD105DF3AACCA54C068360
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D8758, Relevance: .0, Instructions: 30COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a639f06e42e710ed87a9e5247057757284950693219c3ca42144074d6f201953
                                    • Instruction ID: 769070b0621145ee9461fc8b756387a52bb4aec4b97801ab4ee272e1f975df83
                                    • Opcode Fuzzy Hash: a639f06e42e710ed87a9e5247057757284950693219c3ca42144074d6f201953
                                    • Instruction Fuzzy Hash: 86F03478D692089FDB04CFA8DA94A9CBFF1EB49300F1480A6D808D7255EA345A49CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DA6A8, Relevance: .0, Instructions: 30COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c105bc0aa6a640d5773bb4019bdebe9be633072757a6158acdf642235db78bbd
                                    • Instruction ID: 2d04107bacc5eeb6d3f51798630f8fb562bf9f761f2e2df95b12b3f9fbbda50c
                                    • Opcode Fuzzy Hash: c105bc0aa6a640d5773bb4019bdebe9be633072757a6158acdf642235db78bbd
                                    • Instruction Fuzzy Hash: E2F0A031310205CB8A18AA2CA4188697BA6FBC5324366842DE00ACB740DE7A9C438B99
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D0908, Relevance: .0, Instructions: 30COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c80b308e882b92a7c9cf68c71b2d27e6e43aeed3178b5df59e3091e6297e0369
                                    • Instruction ID: 2695404e48f2db40838eb3114bad0043c06ea1bcfa8e944de4ac37edcf944335
                                    • Opcode Fuzzy Hash: c80b308e882b92a7c9cf68c71b2d27e6e43aeed3178b5df59e3091e6297e0369
                                    • Instruction Fuzzy Hash: 7AF0E530E352488BDB64CFF488147FFBBA9AB86750F01C46FAC47A7255CAF48C868641
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DF3F7, Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4ee49930b53269530519f88d040a0685baa44ba873954bd6daa133a82585bc9c
                                    • Instruction ID: b3dc961145937f4fba0836f0b4da52ceb60aea4559a7eec07aadc671c73b7372
                                    • Opcode Fuzzy Hash: 4ee49930b53269530519f88d040a0685baa44ba873954bd6daa133a82585bc9c
                                    • Instruction Fuzzy Hash: 65E02B727543541FD749E76498414FE779AEBC1714B15895EE40DDF392C6228C0683D0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DEAE8, Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 97e4be93892a8ab011024739779c4aa8ed6191f920b8b5040adee849a20f2fff
                                    • Instruction ID: e2454d3891571eab73ec621b2131e667f8c62ed1daaecf90447adb5b5058d41a
                                    • Opcode Fuzzy Hash: 97e4be93892a8ab011024739779c4aa8ed6191f920b8b5040adee849a20f2fff
                                    • Instruction Fuzzy Hash: B6E02BF36215128FD711C658D9166696789FFC17207154C5EC01BCF340EA62ED064790
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DE5A8, Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6eeab11646b38ee78a41718a95266b2b974ee24f21ad488e84b81d7f9dfab153
                                    • Instruction ID: 788275a57d535399fb742d9134de3bffd5dff7795e6ca4ea8a44b96dcf5f5167
                                    • Opcode Fuzzy Hash: 6eeab11646b38ee78a41718a95266b2b974ee24f21ad488e84b81d7f9dfab153
                                    • Instruction Fuzzy Hash: CBF02B722286929FC712C778C9215AD7BA6EFC115030A8C9FC44ACF342EE71CC0A43D0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D8C38, Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e99fe149433e41e884179a0c970ed97f27ebf99d1c1c188a1be4d5966c38cee2
                                    • Instruction ID: 25fa2dad7c8d3a5ce108755165b96a07a71b018b3e706d029c33510d44881bed
                                    • Opcode Fuzzy Hash: e99fe149433e41e884179a0c970ed97f27ebf99d1c1c188a1be4d5966c38cee2
                                    • Instruction Fuzzy Hash: B5F0E539A27111CFC726DBB0E5242943BF5EF49A4631500BBE905DB350DB718C44CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D780F, Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 677bd6c896531ebc3d04adc2b5d9196b2bb2b9522405e12eb848570b258a0afa
                                    • Instruction ID: d41d9513697b7d9b5bac0a6fc9f9802a61a460c278fde395f637a76d21edbc35
                                    • Opcode Fuzzy Hash: 677bd6c896531ebc3d04adc2b5d9196b2bb2b9522405e12eb848570b258a0afa
                                    • Instruction Fuzzy Hash: 54E09B34F193544BCB58F3B9A42475D62525FC0514F454438C516CFFC4DFA04C45D792
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D63B8, Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 189e8db88214c73ab3cd9322f755823a6e864d496cdf8672547113da1d5afc83
                                    • Instruction ID: 0ba7a72005f8fdc056aee115d3d6f38a3ff3aa7869f2d6eaaed94d26d737d753
                                    • Opcode Fuzzy Hash: 189e8db88214c73ab3cd9322f755823a6e864d496cdf8672547113da1d5afc83
                                    • Instruction Fuzzy Hash: C2E0D8353402052FC75AAB3858005BE776ABEC2514355059AE401EF255DB255D0F9365
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 033805F6, Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604696561.0000000003380000.00000040.00000040.sdmp, Offset: 03380000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 277e0eeb2946cee74ce5ff65ff689a9a436faad1e2e268513710e236b296f484
                                    • Instruction ID: 8b9a1f12d9c1e297120eb6f8c8632c36c14b88a077922c017584b2f5d23856f1
                                    • Opcode Fuzzy Hash: 277e0eeb2946cee74ce5ff65ff689a9a436faad1e2e268513710e236b296f484
                                    • Instruction Fuzzy Hash: A1E09276A046048BD750CF0BEC81456F7D8EB84630718C07FDC0D8B700D235B904CEA6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DD09E, Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 02438eaf83957cde938039f98e7beafbc9e2eaa58d564b7dde9710fd75e0560e
                                    • Instruction ID: 0ed52ab6993b7b0091df4f255c9e59ec684b104562485cdbd269090e35aec041
                                    • Opcode Fuzzy Hash: 02438eaf83957cde938039f98e7beafbc9e2eaa58d564b7dde9710fd75e0560e
                                    • Instruction Fuzzy Hash: 49E0DFA3738550CBCB16927CA42257C379A6EC122332A40979107DB291EDA1CC4783A3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0153AF0F, Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603268482.0000000001532000.00000040.00000001.sdmp, Offset: 01532000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ee465ba5754675363c5992b3625371e66726d7d476c6715c3e3205a58388f8f5
                                    • Instruction ID: 71308de6c94261559b1bd42c9c7c0a5fd6ecef8675ec7c708b2eb066a6eff437
                                    • Opcode Fuzzy Hash: ee465ba5754675363c5992b3625371e66726d7d476c6715c3e3205a58388f8f5
                                    • Instruction Fuzzy Hash: F9E0D872A002046BD2209E07AC86F12FB58EB44A30F08C567ED0D1B301D175B5048AF5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DEAF8, Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bf05b3063f3d6340c023a4e94d3bdf9433bc25d5242556fa9e1f9b4967288e7a
                                    • Instruction ID: fc33615a153adbf8d4cfab888da016ef46aa1c35ef1dff2e37ffb2edc5badfc5
                                    • Opcode Fuzzy Hash: bf05b3063f3d6340c023a4e94d3bdf9433bc25d5242556fa9e1f9b4967288e7a
                                    • Instruction Fuzzy Hash: 06E026313216128F8625D65CC41186A77DAFBC16203518C2ED40F8F300EEB2FC0687D0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D6130, Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ad8674b36811d0976647fc6702582517fcc13f4d35dd89cceaac672fd6a1b736
                                    • Instruction ID: 228ea95579543fdaffe5b7fc061e17683fc5ea2d578f726730188f531e88efdf
                                    • Opcode Fuzzy Hash: ad8674b36811d0976647fc6702582517fcc13f4d35dd89cceaac672fd6a1b736
                                    • Instruction Fuzzy Hash: 80E0CD3135421767C715A1695410B2FF3DFABDDA62F61043EE6099F399CCE19C4243E4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DE5B8, Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5ee7348b856b2939748315f5cdc4cefbb8d596c0bc8cabe46b619eac16dc4360
                                    • Instruction ID: b9558c4af64280e09406c75f3560312c210d7284039489158f104a8ea94cce04
                                    • Opcode Fuzzy Hash: 5ee7348b856b2939748315f5cdc4cefbb8d596c0bc8cabe46b619eac16dc4360
                                    • Instruction Fuzzy Hash: C8E026313242228B8620D65CC4208AE77DAEBC1660355886EC40F8F340FFB2DC0647D0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D8C48, Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1882c16d39124ccf8310a834166881c666f03597e7be32eaa53d1a3148bc00d3
                                    • Instruction ID: d6f8d1a0cd3476c20f6bbb91d7bbf45a3fbddd280ce78ba6e7a2e3082a9f079d
                                    • Opcode Fuzzy Hash: 1882c16d39124ccf8310a834166881c666f03597e7be32eaa53d1a3148bc00d3
                                    • Instruction Fuzzy Hash: 1AE0D839F23126C7C738ABB8B4242597BFAE78CA917250476EA0AD7344DFB18C4087D1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D6880, Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: df008bac5b7e19b3c180abbe2c9c5aa8f0e7d2044db0e646d5c97fda2ad1faf7
                                    • Instruction ID: 97bc8498c76f2276f89347381a668a2d75b6c6f7ac388554e830f309f7afb2ef
                                    • Opcode Fuzzy Hash: df008bac5b7e19b3c180abbe2c9c5aa8f0e7d2044db0e646d5c97fda2ad1faf7
                                    • Instruction Fuzzy Hash: FFE0D83052C28A8BDB08DAA8B4246943BD89B85254B89005BED05CB291D7DB6888A7A6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DE5F8, Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b04d3af0f6d92cba6d17ccbcc076100cf1631dfa63f5fd67a1a9ecd6d9f26af2
                                    • Instruction ID: 6283849feba18907b0e552a7e2740face75d437699ba22db6265867fb08e7841
                                    • Opcode Fuzzy Hash: b04d3af0f6d92cba6d17ccbcc076100cf1631dfa63f5fd67a1a9ecd6d9f26af2
                                    • Instruction Fuzzy Hash: E5E07D72438210CBC766CD2098152B37390A70C202F17483FE09BCE050CA6594D1C3D1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DD0B0, Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b7ebfcc854fd41855a487b8cb9d0ae5290b9f160810651ef5786dd8e3f0f8138
                                    • Instruction ID: 3c110884c7403a39a58b876460488a1a1d7cba76bba445cb3ede237b8841b549
                                    • Opcode Fuzzy Hash: b7ebfcc854fd41855a487b8cb9d0ae5290b9f160810651ef5786dd8e3f0f8138
                                    • Instruction Fuzzy Hash: 00E01221334415DB4A14A27DA02187E729EAEC5663725406BA1078B250DDD2DC43D3D6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D8768, Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4305732aa47d35a27d3052ac64b7b5e06decf1be3400c645b4f998c2b8fbfb2f
                                    • Instruction ID: 2ba823f09d32ae5c7b43ea7aa651d81170fb89c4c5311ba39b5e784364068541
                                    • Opcode Fuzzy Hash: 4305732aa47d35a27d3052ac64b7b5e06decf1be3400c645b4f998c2b8fbfb2f
                                    • Instruction Fuzzy Hash: 33E01A78D1920DEFDB04DFE9EA9599DBBF5EF88300F1090A6D80893345EB341A45DB85
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DB680, Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8a2be784487deb9836c6d4940190cc990ee252055820d4b48daa61c3f344f0bd
                                    • Instruction ID: 6abff962e4048d0334934c2f47c91bc9cd9e7ade4a7c4d25314e15e3cdd83250
                                    • Opcode Fuzzy Hash: 8a2be784487deb9836c6d4940190cc990ee252055820d4b48daa61c3f344f0bd
                                    • Instruction Fuzzy Hash: 65E0D876A00F108BC334DF2AD401112F7E6FFD4310B19CA3F815986A04D774940A4790
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DB002, Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8d9410371fbe52e566b43ac116092afbb14fe4366eab3a96bad387a29ac1ea88
                                    • Instruction ID: c244c07ab6aba82d1067c5658a86dfd23cfc657b83104609a6d401abba310011
                                    • Opcode Fuzzy Hash: 8d9410371fbe52e566b43ac116092afbb14fe4366eab3a96bad387a29ac1ea88
                                    • Instruction Fuzzy Hash: E4E0207972C5148FC784D37895292257DC39B5C707B11056DD116D7380ED758C410752
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D88D8, Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d9ba852964920ef3db8b625c01fde5fd42be4092af977b2b897e21072e2c1621
                                    • Instruction ID: 13ec468458f72eaf9a1ffdf4c2cb4b82dcf836d57fd8d0cb29208b3c67d17962
                                    • Opcode Fuzzy Hash: d9ba852964920ef3db8b625c01fde5fd42be4092af977b2b897e21072e2c1621
                                    • Instruction Fuzzy Hash: C0E0E53053930ECBC704EB58F880CA83B66FB44304B119516E442DB218EBF4AE869B82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D02A0, Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f51cae4495f4f54a1ad90cb3c10239b8e631ac22549b5b2be524c7571727bebd
                                    • Instruction ID: f27cd7227a2ab3582858a3f50bbe849f6c1bbb6519207cec39710db92c4f47ba
                                    • Opcode Fuzzy Hash: f51cae4495f4f54a1ad90cb3c10239b8e631ac22549b5b2be524c7571727bebd
                                    • Instruction Fuzzy Hash: 3BE0463001A704CFC361CB24E9998817BF4FB822003018D8FD4828F5A4C760AE488B11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D63C8, Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d0ae62eca67ff8e79731d14ad4b705496a1f8fd8de3d2896b6bd882332ed0fef
                                    • Instruction ID: 7571379f09575e22534c4f374eda493b8c8b6cfa695c6faaa2a6113e986af5c3
                                    • Opcode Fuzzy Hash: d0ae62eca67ff8e79731d14ad4b705496a1f8fd8de3d2896b6bd882332ed0fef
                                    • Instruction Fuzzy Hash: 31D0A721300216279919B67A580063F738EBBC08507494528F406EF348DE10DD0A43E9
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D6890, Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e602a99b0092c988d332b54b3969353eef06d253afd909caaf428a8f24fa5f3b
                                    • Instruction ID: bfa216e22e41aa0d89964ef8c608c3b9aaf75bebedb9849142a575b1edd3a621
                                    • Opcode Fuzzy Hash: e602a99b0092c988d332b54b3969353eef06d253afd909caaf428a8f24fa5f3b
                                    • Instruction Fuzzy Hash: F4D05B71A3C057C7E71465AD741476536899784651B890026ED06C7380DBC65CC453DA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D57F6, Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bed4baf98bc6ccb1562e9f4a0437320cdeacf8f6f23e524a6c9bd4399b42be7e
                                    • Instruction ID: 27afd1d774c413e9b5b9e604f46d7c7a7a105ea62be724d5a4bf6ade85a49b8e
                                    • Opcode Fuzzy Hash: bed4baf98bc6ccb1562e9f4a0437320cdeacf8f6f23e524a6c9bd4399b42be7e
                                    • Instruction Fuzzy Hash: FED01235E28108CBCB44E7E8B5155ECBB719B84126721917AC117DB140DFA10CC697D2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DE608, Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4d7eb50d6898a87834b3a37a1c46ca250fbd7b3d198dbb9867c81b0d50b0c82e
                                    • Instruction ID: 06659646f887f7dd4502d8ba6dcdfba3a3c2728a2c71b3bf2fb9671ce07bfdce
                                    • Opcode Fuzzy Hash: 4d7eb50d6898a87834b3a37a1c46ca250fbd7b3d198dbb9867c81b0d50b0c82e
                                    • Instruction Fuzzy Hash: 18D05E31538224DBCA66DE6490105B2B29CA709512B02882AE44B8E140CAE2A8C183E1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D064F, Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b9160727f3233918cb5fa21f7ed5818e9abb878eab830b47871fe12ec482f2da
                                    • Instruction ID: a5372d3afa1bca5aabba7a42dcb21a8b65c24150f21decb98adebc2544622dcf
                                    • Opcode Fuzzy Hash: b9160727f3233918cb5fa21f7ed5818e9abb878eab830b47871fe12ec482f2da
                                    • Instruction Fuzzy Hash: 3CD02B728D8340CFC3404EB058160E87BE4DA93234B0084F6D80042420D17A2A439B92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D79A8, Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ad8001cb35ee5dcc1015c49b522c3bbcdc9fb085027fe2f10082aa0caeb0d2b0
                                    • Instruction ID: c093268dfb6caa5bb454367b8fea5468f6106c4de1f5fdcdaae6c8ff1356038d
                                    • Opcode Fuzzy Hash: ad8001cb35ee5dcc1015c49b522c3bbcdc9fb085027fe2f10082aa0caeb0d2b0
                                    • Instruction Fuzzy Hash: 0FD0C233038310CAC735CE7DA400AE2B69A5B05214F04085E818706544C5E9A0C4C3A3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DF408, Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 42fc5231703e9c5fb1f876617a4a87d40e775dba9afbde21171e70caadc3a1c2
                                    • Instruction ID: 9d61f68912b03b07616dcd4dd62c85140bbc98359abaa2bc8d26235b7341b894
                                    • Opcode Fuzzy Hash: 42fc5231703e9c5fb1f876617a4a87d40e775dba9afbde21171e70caadc3a1c2
                                    • Instruction Fuzzy Hash: 88D0A7213441246FA908E6ACDC518B973CEFBC5524704895EE809DF341CD729C0643E0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DEB38, Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f32cdcc9e9604f6988c18bf62c436a52f9934bec6a933812fb5ad59062ed7bce
                                    • Instruction ID: 8f3ee54996794497db1e97fa6494911996cfa8cee61719cbee79a2cd042e1d2c
                                    • Opcode Fuzzy Hash: f32cdcc9e9604f6988c18bf62c436a52f9934bec6a933812fb5ad59062ed7bce
                                    • Instruction Fuzzy Hash: DFD02EF393B680CBE314CAA0D9922623B22BB00B03B070C6EC06B4F190CBA5F8C08700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DEBC9, Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2f1ff8d29b150d6092d8211605d858a5bc94a79250649ed8042032c21381d0c5
                                    • Instruction ID: 3e853e041ad51681df1d0247ed165d292365e24bae0e503b146c0a9b001acc51
                                    • Opcode Fuzzy Hash: 2f1ff8d29b150d6092d8211605d858a5bc94a79250649ed8042032c21381d0c5
                                    • Instruction Fuzzy Hash: 17D0A7B7E2551086EB25E1B0AE023A93614AF45212F0A04FAC565AB140E665D5614392
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DEB48, Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: da64f6aea527406c44befb123a2681646a20bdb0676477e4be81ce9b5ddd9bb8
                                    • Instruction ID: 6cd2a5c984633aaf6429a0e06e552b709482591571103d2324e94f2570993c1e
                                    • Opcode Fuzzy Hash: da64f6aea527406c44befb123a2681646a20bdb0676477e4be81ce9b5ddd9bb8
                                    • Instruction Fuzzy Hash: 3BD0C97113B218DB8324DA55D4944A27769BA45A22702496EE04B4F640DBE2B8C08794
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D7458, Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                    • Instruction ID: 4505b31895c67f4ef869d06eb66fa6aea2ac1c4e648db22604cb4763a522682c
                                    • Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                    • Instruction Fuzzy Hash: 81D0423AA000048FC705CB88D5849D9F7F1EB88225F28C1A6D955A7251C732EE56CA90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 015123F4, Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603167893.0000000001512000.00000040.00000001.sdmp, Offset: 01512000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: beefea57480c5ce453da79dabc96b4355f78a5ecafe96555db2d0ea4ee82f83c
                                    • Instruction ID: afac6c23d9ec79c10ca851630c9b353e5722c899295b19888b1c0eb858d91fc5
                                    • Opcode Fuzzy Hash: beefea57480c5ce453da79dabc96b4355f78a5ecafe96555db2d0ea4ee82f83c
                                    • Instruction Fuzzy Hash: B6D05E79245A814FE3278A1CD1A8B993FE4BB51B04F5644FDE8008F667C3A8E581D600
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5F50, Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7319f51553c6aa9e46cdeb42621b308ccf823ac45959a0e00544297d3c36d18f
                                    • Instruction ID: ebdbeef32ec7d017dd7331e28b11e7efe320e018d9850120e32e0afe979f5493
                                    • Opcode Fuzzy Hash: 7319f51553c6aa9e46cdeb42621b308ccf823ac45959a0e00544297d3c36d18f
                                    • Instruction Fuzzy Hash: 32D0C93059D3C55FCB52DEB464441A93F788843264B2A80EFE846CE516E65A846A9722
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 015123BC, Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.603167893.0000000001512000.00000040.00000001.sdmp, Offset: 01512000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 934e447d6ba5969737d26cc99c0779d5dcec8efe6021687836d3f85e1e17d29d
                                    • Instruction ID: 08c780076fb34005750c27071d0c9b4af96eb14ec34ea12cd3bf865ed3cd7f3c
                                    • Opcode Fuzzy Hash: 934e447d6ba5969737d26cc99c0779d5dcec8efe6021687836d3f85e1e17d29d
                                    • Instruction Fuzzy Hash: FED05E342002814FE726DB0CC1D4F5D3BD4BB81B00F1644FDAC008F266C7A4D8C1D600
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D7E9E, Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 346f9c05a763b0dd35f4e18477a5cdcce667a12244f43de5e3199e50b2702cfc
                                    • Instruction ID: b9556b0ca234b0a779ecbdf0cfec99793e34d6e65f271ba11582488dc747f186
                                    • Opcode Fuzzy Hash: 346f9c05a763b0dd35f4e18477a5cdcce667a12244f43de5e3199e50b2702cfc
                                    • Instruction Fuzzy Hash: C0D052B4E20208CF8B56CF76E9504DD77F0EB0A2213200B2AE812AB380F3B85D448B10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5478, Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1bd77ef5293d25fc1ad23ff06ac7d718e4b3055b079625255bcb9f18928d604a
                                    • Instruction ID: fde919e32866638075643c718c1840a58cca006ff271352ccc9b402b33e6b93f
                                    • Opcode Fuzzy Hash: 1bd77ef5293d25fc1ad23ff06ac7d718e4b3055b079625255bcb9f18928d604a
                                    • Instruction Fuzzy Hash: 7AD0C9604242458BD6749FAA740D32E7E58B706206B1A4189E42686615DBE45198EB13
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DF441, Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2a2b0f2380332d152ae0f29832373b4b4b8b8e01d2006ff51d1a8951821897ce
                                    • Instruction ID: d774b000cff49368c2f06ff79b4b0f6449469cc0260786ade41ca6d3636968e4
                                    • Opcode Fuzzy Hash: 2a2b0f2380332d152ae0f29832373b4b4b8b8e01d2006ff51d1a8951821897ce
                                    • Instruction Fuzzy Hash: 03C080F7D50B4847FF9416B0E40E2ED77D54B54711F054027A8158A941F966A4814502
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DCE78, Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 35de06d5696c779ee7dccb32dd8404e2527f6a34bbba97325f5f49b7f62a3529
                                    • Instruction ID: 712783b0f77116ac409d6dd591134a78a7f337dab94971087a21abecb93a68af
                                    • Opcode Fuzzy Hash: 35de06d5696c779ee7dccb32dd8404e2527f6a34bbba97325f5f49b7f62a3529
                                    • Instruction Fuzzy Hash: 0CC02B03405C1C0EC50918708CA704807124AD4014FF53CB2C082D79C1D02488430008
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5D5F, Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d58c8cb341e8d32631c8391c3f8fd12a25512ecc0949fd05e0e82e0de70dd4f8
                                    • Instruction ID: 8481f970bf81eaff123bf98cf5c41f82fc60816344f33d32f8d21ee62b695aa6
                                    • Opcode Fuzzy Hash: d58c8cb341e8d32631c8391c3f8fd12a25512ecc0949fd05e0e82e0de70dd4f8
                                    • Instruction Fuzzy Hash: 7FC0123001C985CFDB25DB60D4987B53BD85F03544F1401A6A81A8E025D7E15488C796
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D0180, Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7488588d91301423751a833ee010f1344e7628ed916326bc74f1f92301150131
                                    • Instruction ID: d9b224eaa9debef3b96a70d9499db1a16a69433c854c558429116e8a9260dec4
                                    • Opcode Fuzzy Hash: 7488588d91301423751a833ee010f1344e7628ed916326bc74f1f92301150131
                                    • Instruction Fuzzy Hash: 9CD01275201304CFCB182B74E01941C3365AB45205351087CE8168B784EF76E840DB04
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5D70, Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 78c72ff8cd442c56ceb88fd1ce7cb1d6957de846161a096879d1cd2a66a3880f
                                    • Instruction ID: a03a194825368263d7e2c1f5b67ae99e2a1caff0d889b0fb783851ddaf3805e8
                                    • Opcode Fuzzy Hash: 78c72ff8cd442c56ceb88fd1ce7cb1d6957de846161a096879d1cd2a66a3880f
                                    • Instruction Fuzzy Hash: 77C02B30220E05CFCE6467F0681E22D3B5C4F418003800155F80BCF24CEFE49044D3A5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D0660, Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 27bcdd308fac5a3fec6dec00b4c51c558edf225d1032ec2933abed4082a7f48c
                                    • Instruction ID: db786def44e17ddf4240c883636c8dec8080f2dad9e1da818cdf1ce201e4a59e
                                    • Opcode Fuzzy Hash: 27bcdd308fac5a3fec6dec00b4c51c558edf225d1032ec2933abed4082a7f48c
                                    • Instruction Fuzzy Hash: 40C02B71065284CEC2549AB01805439B24996C0311F80C431E4010013089B274E19AD5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D5F60, Relevance: .0, Instructions: 9COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 76e578032e9d97d535e0690a66b1dd97b6c49db7fd48e3b7d144618bd1ed4273
                                    • Instruction ID: 8bd07877dc8c893015f297def42de6fa98327065dfa5c03328c18dca701f3e51
                                    • Opcode Fuzzy Hash: 76e578032e9d97d535e0690a66b1dd97b6c49db7fd48e3b7d144618bd1ed4273
                                    • Instruction Fuzzy Hash: B7B02230220A0ACF82202BB0200C220338C88022083080000F02FCE208EBE080000222
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D9989, Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 898b11d76b8d6bac5ae8288a6d100478e9157726eafb9eaa17c633d85d179917
                                    • Instruction ID: 38fa34a0f9b68f9c37cbab8f53cfb42375d67d8cb0af715f7c0934d23c048fdb
                                    • Opcode Fuzzy Hash: 898b11d76b8d6bac5ae8288a6d100478e9157726eafb9eaa17c633d85d179917
                                    • Instruction Fuzzy Hash: F8B0122763C04600DF21D5F02F02171755C8DC026F75D05D1F808D0201F212C250420C
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D9990, Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 146fd5c7ab718f835f07e3a7f0a81fbeb65247fd962cb54742d31b178055c245
                                    • Instruction ID: 5fff376cfcd9f9c129deea4892f35ad73684bb210f8d8161af727c8c27a2b786
                                    • Opcode Fuzzy Hash: 146fd5c7ab718f835f07e3a7f0a81fbeb65247fd962cb54742d31b178055c245
                                    • Instruction Fuzzy Hash: 58B0123122C30D0A5A50D6B52809A12778C85C09193450060B40DC0000FA45D0801589
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D747C, Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                    • Instruction ID: 37eae9458412ce848667df9ec0d30092fa03278173f94ea8df1e7b754713485b
                                    • Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                    • Instruction Fuzzy Hash: 3AB092B7A14008C9DB00CA88B4413EDFB30E790225F104023C35052000C27601A486D1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032DF450, Relevance: .0, Instructions: 8COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d01cf0c1de431d67ffa189f06c923f159f38471bf92f57a1d0dd47f5f36fbeb1
                                    • Instruction ID: 0703a431593078d551ca4c1bdcc1c58e79e590ac8e2a0cfb63f12355630ced08
                                    • Opcode Fuzzy Hash: d01cf0c1de431d67ffa189f06c923f159f38471bf92f57a1d0dd47f5f36fbeb1
                                    • Instruction Fuzzy Hash: 46B0127464074C47DD8437F4B00801DB7CC09809017810016781D4F381FDA5B8444551
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 032D6861, Relevance: .0, Instructions: 5COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000002.604279583.00000000032D0000.00000040.00000001.sdmp, Offset: 032D0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: da6aee679b2b60e85de04a32b76219d3795ec45ed028d7fdce4bc040d9874a02
                                    • Instruction ID: 4e2b23e735bc92fe8d345fd11accf106301da60d5501806cce2dd989228a2018
                                    • Opcode Fuzzy Hash: da6aee679b2b60e85de04a32b76219d3795ec45ed028d7fdce4bc040d9874a02
                                    • Instruction Fuzzy Hash: 8DB092308483089ACF2CEE40C26EA987BA8BB44318F416409C8120A154C3B22108EA11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Analysis Process: Scan002.exe.exe PID: 204 Parent PID: 1104 Scan002.exe.exeCOMMON

                                    Executed Functions

                                    Function 052A3B3F, Relevance: 6.5, Instructions: 6539COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9e415898293eeda5ebadf1f4f8586d47417a578ccc54706d302413697d0ca9db
                                    • Instruction ID: 1c5dbdf97b78e09ec3c69c93f2e4b84cf74c3c0ca2989ba524e662450bd4d49e
                                    • Opcode Fuzzy Hash: 9e415898293eeda5ebadf1f4f8586d47417a578ccc54706d302413697d0ca9db
                                    • Instruction Fuzzy Hash: 4BE3D934A01258CFDB65DB24C854BA9B7B2FF89304F5144E9E50DAB3A1DB72AE81CF44
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A7B25, Relevance: 2.8, Strings: 2, Instructions: 311COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: p${
                                    • API String ID: 0-2643458128
                                    • Opcode ID: 563d2cf3fb6a0a99bd7b383386a5cf515242ccabd19ce15e028f018765548dfb
                                    • Instruction ID: 83add04ab1b493c6bc612513a12af0d9f6303c3ddc4e616b2913dc32ccf36d7c
                                    • Opcode Fuzzy Hash: 563d2cf3fb6a0a99bd7b383386a5cf515242ccabd19ce15e028f018765548dfb
                                    • Instruction Fuzzy Hash: 95C15974C0A319CFFBA4DF25C8447FDB6B5BB4A309F0061A9C909A2290D7744AC4DF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A7F75, Relevance: 2.8, Strings: 2, Instructions: 287COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: p${
                                    • API String ID: 0-2643458128
                                    • Opcode ID: d4cc499e1b548426b8f54aaa276607d8ff6a77d1686d2b73a3c2ad3d09fa1b81
                                    • Instruction ID: 77d9aac7fbff6cac78de05a45eb98c0263f8170389bc887e7aec4bb8bc00994d
                                    • Opcode Fuzzy Hash: d4cc499e1b548426b8f54aaa276607d8ff6a77d1686d2b73a3c2ad3d09fa1b81
                                    • Instruction Fuzzy Hash: 7AB15874C0A319CFFBA4DF25D8457FCBAB6BB4A309F1060A9C909A2294D7744AC4DF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1B97, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                    Download Yara Rule
                                    APIs
                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 06CF1C17
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: AdjustPrivilegesToken
                                    • String ID:
                                    • API String ID: 2874748243-0
                                    • Opcode ID: bfd66fabd52c5f7a5649fdb94adfe57c7aead9d505012840ff159a1b18e4cd62
                                    • Instruction ID: 13961c1265732f1e4b7f98e7806e77692ff3d04d59c427ce85918c72dcb56f6e
                                    • Opcode Fuzzy Hash: bfd66fabd52c5f7a5649fdb94adfe57c7aead9d505012840ff159a1b18e4cd62
                                    • Instruction Fuzzy Hash: E421BF755093809FDB128F25DC44B92BFF4EF06210F0984EAE9848B563D235A908CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1C64, Relevance: 1.6, APIs: 1, Instructions: 62nativeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • NtQuerySystemInformation.NTDLL ref: 06CF1CD9
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: InformationQuerySystem
                                    • String ID:
                                    • API String ID: 3562636166-0
                                    • Opcode ID: efe60c5c9934073d647db39d81423986c52773fed31dcef1890adeddfd1d27d6
                                    • Instruction ID: 3459fa6572d05833610b88a774b67aeefca773404a5def966e28049b34e7cc6f
                                    • Opcode Fuzzy Hash: efe60c5c9934073d647db39d81423986c52773fed31dcef1890adeddfd1d27d6
                                    • Instruction Fuzzy Hash: 2921C0724093C09FDB128B21DC44A92BFB0AF07314F0D84DAED844F163D275A908DB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1BCE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 06CF1C17
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: AdjustPrivilegesToken
                                    • String ID:
                                    • API String ID: 2874748243-0
                                    • Opcode ID: e062fa76bfd062c5f177d6fd3841d687a5b923fa8e8baa011294fbea244659af
                                    • Instruction ID: e81eaeb03d2f3518c5c62815e61e6aef7dafe8e28ed6fb035ca1998ff281c99a
                                    • Opcode Fuzzy Hash: e062fa76bfd062c5f177d6fd3841d687a5b923fa8e8baa011294fbea244659af
                                    • Instruction Fuzzy Hash: FB115E31910644DFDB609F65E884B66FBE4EF04620F0884BEDE498BA52D375E518CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1C9E, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • NtQuerySystemInformation.NTDLL ref: 06CF1CD9
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: InformationQuerySystem
                                    • String ID:
                                    • API String ID: 3562636166-0
                                    • Opcode ID: 576bacf0224cff90178f348023636098db7e712926da5f84f7bc2ff2ad219413
                                    • Instruction ID: 7f5e0cbc0263f84a54523c4c1178a39bd865ab6c04f2f4f8693e67258f4911c9
                                    • Opcode Fuzzy Hash: 576bacf0224cff90178f348023636098db7e712926da5f84f7bc2ff2ad219413
                                    • Instruction Fuzzy Hash: BC018F31910644DFEB609F56E884B61FFA0EF04720F08C4AADE854B615D275A518CFB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052AB778, Relevance: 1.0, Instructions: 984COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d39636fec08c92aa4cdf006e9a6c0ca200a1b0befc87a7b504fe579a79851ee3
                                    • Instruction ID: 7e3993cd9546bb8611b97ebd49fdb8f9de3accc02ef136a522935c733526c407
                                    • Opcode Fuzzy Hash: d39636fec08c92aa4cdf006e9a6c0ca200a1b0befc87a7b504fe579a79851ee3
                                    • Instruction Fuzzy Hash: 3CB2A175E10229DFDB65CF69C984BD9BBB2BF89304F1481E9D409AB225DB319E81CF40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A8134, Relevance: .2, Instructions: 155COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eeaa2863f450ae7b93dfd8ca4f16adb66d3eb1ae8853fb698735d08c32b1b0c5
                                    • Instruction ID: 54487095a88881bf832b37a29ad2f922724d596a9d936129ab7dae408c2f2da9
                                    • Opcode Fuzzy Hash: eeaa2863f450ae7b93dfd8ca4f16adb66d3eb1ae8853fb698735d08c32b1b0c5
                                    • Instruction Fuzzy Hash: C1414FB0D47308AFFBA4CF669845AEEBEBAAB89204F14D069ED59E6101D6301541CBB4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1146, Relevance: 1.6, APIs: 1, Instructions: 114fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 06CF1221
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: CreateFile
                                    • String ID:
                                    • API String ID: 823142352-0
                                    • Opcode ID: 28eb5ff3eaa69b28629b698c9aed1756d23adb6b42b4631e677e303cba2e4f4f
                                    • Instruction ID: bd58a5e25ea1eabd4f36382bfb24216ea1f0f2ca8eb057dd36d8f8cc4a94725b
                                    • Opcode Fuzzy Hash: 28eb5ff3eaa69b28629b698c9aed1756d23adb6b42b4631e677e303cba2e4f4f
                                    • Instruction Fuzzy Hash: 16418D715093C0AFE7238B65DC54BA2BFB8EF07214F0984DAE984DB163D225A909C771
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1587, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 06CF1637
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 41ba51b5daef6b5c2a281d1856271980b783f17d0760498a112c8cffd05b2281
                                    • Instruction ID: a0148a39269d028defe0b780714d41bb8bcd3ac7e892197730a3d09d62ada67d
                                    • Opcode Fuzzy Hash: 41ba51b5daef6b5c2a281d1856271980b783f17d0760498a112c8cffd05b2281
                                    • Instruction Fuzzy Hash: C131A5715043846FE7228F65DC45FA6BFACEF46720F08849EE985DB152D234A909CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1062, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLongPathNameW.KERNELBASE(?,?,?), ref: 06CF1106
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: LongNamePath
                                    • String ID:
                                    • API String ID: 82841172-0
                                    • Opcode ID: 050db59e14abb97106745fae292b8cd32f779040b1ebb9767044a57673aa2774
                                    • Instruction ID: a7f391e9f0a4d759011afc0beeba6942059a805535192045b439ed3758f93e84
                                    • Opcode Fuzzy Hash: 050db59e14abb97106745fae292b8cd32f779040b1ebb9767044a57673aa2774
                                    • Instruction Fuzzy Hash: AF317A7140E3C09FDB138B648C64AA2BFB0AF47324F0E84DBD9C49F1A3D2655919C762
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF06B8, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 06CF0728
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: ChangeCloseFindNotification
                                    • String ID:
                                    • API String ID: 2591292051-0
                                    • Opcode ID: 4e2540b1362b9e9b7cbf545e0c64264d793589f73042c1d6844b10b25014d763
                                    • Instruction ID: 9f8c42c14e68b0ca3e9a52bef505dcd56cfe1b9f076d3e2e19fa5df9fae58952
                                    • Opcode Fuzzy Hash: 4e2540b1362b9e9b7cbf545e0c64264d793589f73042c1d6844b10b25014d763
                                    • Instruction Fuzzy Hash: 8831F3B290A3809FD752CB25DC957A1BFA4EF42324F0880EFED448F253D2755948CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF0B0A, Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetTokenInformation.KERNELBASE(?,00000E2C,BF4447B5,00000000,00000000,00000000,00000000), ref: 06CF0BB4
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: InformationToken
                                    • String ID:
                                    • API String ID: 4114910276-0
                                    • Opcode ID: a9b698f9ade1178e198410f5d2e019b156564813fdf2758544c7ce35c860e62f
                                    • Instruction ID: b6c06c2d40b3574e4ff59a64afa168012af66e29889878227b4f07561b89cd1b
                                    • Opcode Fuzzy Hash: a9b698f9ade1178e198410f5d2e019b156564813fdf2758544c7ce35c860e62f
                                    • Instruction Fuzzy Hash: F731B371509380AFEB128B65DC55FA6BFA8EF06710F08849FE984DB152D234A548C771
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF15BA, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 06CF1637
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 8899f5cee570f5ea6a156c836828942ff84be76f00f7a71a48fd93c34150ae8d
                                    • Instruction ID: 85f7bca40317e0c4c8dcc90aa50e8d4302dd5bd78108e1dbd9d2fbaa730f4a9b
                                    • Opcode Fuzzy Hash: 8899f5cee570f5ea6a156c836828942ff84be76f00f7a71a48fd93c34150ae8d
                                    • Instruction Fuzzy Hash: 78219072500604AFEB218F65DC45FAAFBECEF08720F08886EFD85DB551D675A5088BB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1278, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetFileType.KERNELBASE(?,00000E2C,BF4447B5,00000000,00000000,00000000,00000000), ref: 06CF130D
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: FileType
                                    • String ID:
                                    • API String ID: 3081899298-0
                                    • Opcode ID: bed35bec3f2aaec2ffe23886a95acd2be7b24372388fd05f63703dc5f185118f
                                    • Instruction ID: ef1362e2f33492f6114fb9fabe5d6e475a62b38673b902218aaf4fbf26b2c604
                                    • Opcode Fuzzy Hash: bed35bec3f2aaec2ffe23886a95acd2be7b24372388fd05f63703dc5f185118f
                                    • Instruction Fuzzy Hash: 3A210AB64087C06FE7128B26DC40BA3BFB8EF46720F1884DAED849B153D224A909C771
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1695, Relevance: 1.6, APIs: 1, Instructions: 78fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileW.KERNELBASE(?), ref: 06CF171C
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: 9444a159c4da206c41b2d0f09a35c59e15d66744083c947949b7ca38bb6f049c
                                    • Instruction ID: 616143085b460cb7c5abea1b7f6572682fa8075514ed0cf65df15c7a63f93430
                                    • Opcode Fuzzy Hash: 9444a159c4da206c41b2d0f09a35c59e15d66744083c947949b7ca38bb6f049c
                                    • Instruction Fuzzy Hash: A821AD765093C09FDB528B25DC54A92BFA49F03210F0D84DADD848F263D225A908CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF0E54, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                    Download Yara Rule
                                    APIs
                                    • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 06CF0ED7
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: OpenPolicy
                                    • String ID:
                                    • API String ID: 2030686058-0
                                    • Opcode ID: 729214cf37938ed66acb63c7f6f081db916c435f9f25e3a28bc3841abbb24b63
                                    • Instruction ID: 1b05387219ce8c3337a2b7af131b5fbe054fd963d252a40c683946e76816cc32
                                    • Opcode Fuzzy Hash: 729214cf37938ed66acb63c7f6f081db916c435f9f25e3a28bc3841abbb24b63
                                    • Instruction Fuzzy Hash: 6E217F72600204AFEB61CF25DC45FABFBACEB48710F04882EFD449B241D234A9088B75
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF0868, Relevance: 1.6, APIs: 1, Instructions: 77synchronizationCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateMutexW.KERNELBASE(?,?), ref: 06CF08ED
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: CreateMutex
                                    • String ID:
                                    • API String ID: 1964310414-0
                                    • Opcode ID: 150f5ec77aa97506d989d2b459f961556229226e86704ea2684c9efcb3656292
                                    • Instruction ID: 97b35e236bef134bb2eb7f110305e11e5c2ea368791ea08032adcf30689506e9
                                    • Opcode Fuzzy Hash: 150f5ec77aa97506d989d2b459f961556229226e86704ea2684c9efcb3656292
                                    • Instruction Fuzzy Hash: 63218CB1601244AFE720CF25DC85F66FBECEB44710F18846EEE489B242D375E904CB65
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF11A2, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 06CF1221
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: CreateFile
                                    • String ID:
                                    • API String ID: 823142352-0
                                    • Opcode ID: 162f7c420162dae83fd2a712e370eb911aafcf8c9836309936b132c672822bb4
                                    • Instruction ID: 5fb3f33ddc13802b9e3c8e9217d534729ba87b25c10ceb806e19dcb0eaf4db09
                                    • Opcode Fuzzy Hash: 162f7c420162dae83fd2a712e370eb911aafcf8c9836309936b132c672822bb4
                                    • Instruction Fuzzy Hash: C1219C71500240AFEB61CF66DC85B66FBE8EF09720F08846EEA85DB652D372E504CB65
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1348, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WriteFile.KERNELBASE(?,00000E2C,BF4447B5,00000000,00000000,00000000,00000000), ref: 06CF13D9
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: FileWrite
                                    • String ID:
                                    • API String ID: 3934441357-0
                                    • Opcode ID: a9936c0460ab5447b384642ed061646d0d379c43ff07d698a2622221add0bf96
                                    • Instruction ID: 53ef3d11e99681015be41d899ec7d8a76cbc2c9a50be23f731ffbbb7db2b7637
                                    • Opcode Fuzzy Hash: a9936c0460ab5447b384642ed061646d0d379c43ff07d698a2622221add0bf96
                                    • Instruction Fuzzy Hash: 0D219072409380AFE7228F25DC45F96BFB8EF46314F0984AFE9849B153C235A509CB72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1A14, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                    Download Yara Rule
                                    APIs
                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 06CF1A96
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: LookupPrivilegeValue
                                    • String ID:
                                    • API String ID: 3899507212-0
                                    • Opcode ID: c29fe2390a704582b997fec83d9295cc9e29b21aeac368be8681856797bf7d5b
                                    • Instruction ID: c5ed3ecafeb3a80b1ec605cb033b753df085a9143bad47b10c3628bbc3941bc7
                                    • Opcode Fuzzy Hash: c29fe2390a704582b997fec83d9295cc9e29b21aeac368be8681856797bf7d5b
                                    • Instruction Fuzzy Hash: 282160725093809FD7528B25DC85B92BFE8EF06224F0D84EEED84CB653D225D949CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF0E66, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 06CF0ED7
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: OpenPolicy
                                    • String ID:
                                    • API String ID: 2030686058-0
                                    • Opcode ID: be97292edfa6fb13b867ebc816016ac3fdd1e66ffed5491bf24a14acf9389b90
                                    • Instruction ID: bd634827ea4f4d6a958ec082b1f7a26472d077a2be537d32dc6a9fa75e7f2365
                                    • Opcode Fuzzy Hash: be97292edfa6fb13b867ebc816016ac3fdd1e66ffed5491bf24a14acf9389b90
                                    • Instruction Fuzzy Hash: 37219372600204AFEB60DF65DC45F6AFBE8EF44B10F14846AED85DB242D274A509CBB5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF087A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateMutexW.KERNELBASE(?,?), ref: 06CF08ED
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: CreateMutex
                                    • String ID:
                                    • API String ID: 1964310414-0
                                    • Opcode ID: 8429bc176a57261d52c73aa125934bf2d1f18bf0c36e6bf627706f242d12166d
                                    • Instruction ID: 6f60e0e6a05f64b149c6f542a450030be3c85f7373188300a500f7658fd15ec0
                                    • Opcode Fuzzy Hash: 8429bc176a57261d52c73aa125934bf2d1f18bf0c36e6bf627706f242d12166d
                                    • Instruction Fuzzy Hash: 5C21BE71601244AFF760CF66DD85B66FBE8EF04710F18846EEE888B242E671E504CA71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF0B4A, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetTokenInformation.KERNELBASE(?,00000E2C,BF4447B5,00000000,00000000,00000000,00000000), ref: 06CF0BB4
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: InformationToken
                                    • String ID:
                                    • API String ID: 4114910276-0
                                    • Opcode ID: 29e9359fab48a184adda9106e1351781cb1ada0fdb4950e5f87f22da33650b84
                                    • Instruction ID: 9bc84001c6c69b4821b1abdd104dd0478c8ea390a03e422a1a0d974ed65237fc
                                    • Opcode Fuzzy Hash: 29e9359fab48a184adda9106e1351781cb1ada0fdb4950e5f87f22da33650b84
                                    • Instruction Fuzzy Hash: 3911C071500200AFEB618F6ADC85FAAFBECEF04720F04886AEE45DB241D674A504CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1958, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06CF19D8
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: MemoryProcessWrite
                                    • String ID:
                                    • API String ID: 3559483778-0
                                    • Opcode ID: 95858fac57c881386b64681098d764ad82f5658f95372059f1d41eb454646850
                                    • Instruction ID: 6115caf1335e4bb448b2b081527672251374b65d66f777ee360f02efd6bc8bdb
                                    • Opcode Fuzzy Hash: 95858fac57c881386b64681098d764ad82f5658f95372059f1d41eb454646850
                                    • Instruction Fuzzy Hash: 7021D0765093C09FD7128B25DC84A96FFF4EF07210F0D84DEDD858B563D225A948CB21
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF0181, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 06CF01EC
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: ChangeCloseFindNotification
                                    • String ID:
                                    • API String ID: 2591292051-0
                                    • Opcode ID: 99cd61d6aaf57f2cb680831bea248de35405b4b1626b6ed75da0a12268d09109
                                    • Instruction ID: 7fbfcafa0bc54d7ddda9d1b32f1b7d7faa3c70bf9d2d61dad61f755e5f57df0a
                                    • Opcode Fuzzy Hash: 99cd61d6aaf57f2cb680831bea248de35405b4b1626b6ed75da0a12268d09109
                                    • Instruction Fuzzy Hash: 232190715093809FD7528F65ED85B92BFA8EF02214F0984EAED848F653D275A908CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1DB1, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 06CF1E25
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 65096fd09bfe310639423a2d74ac8ae0e3ad68f5d14da4e7cd27ba4fc2a94a32
                                    • Instruction ID: 9ec225e474bcb19f903baf3cae3a0d6a29093c8c1e33e8b3b0edb7e20a874672
                                    • Opcode Fuzzy Hash: 65096fd09bfe310639423a2d74ac8ae0e3ad68f5d14da4e7cd27ba4fc2a94a32
                                    • Instruction Fuzzy Hash: 70216A714093C09FDB128B25DC54A92BFB4EF07220F0984DAE9848B563D225A918DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF137A, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WriteFile.KERNELBASE(?,00000E2C,BF4447B5,00000000,00000000,00000000,00000000), ref: 06CF13D9
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: FileWrite
                                    • String ID:
                                    • API String ID: 3934441357-0
                                    • Opcode ID: 437d5f87d3eb97cc2c09824d97cf2dc0a98cbea792b132f495b21195b1167616
                                    • Instruction ID: db015cc47178f19d81e5ac229bb369e2333d2156511f837c3853727f91e81702
                                    • Opcode Fuzzy Hash: 437d5f87d3eb97cc2c09824d97cf2dc0a98cbea792b132f495b21195b1167616
                                    • Instruction Fuzzy Hash: 8B11C471400200EFEB61CF56DC44FA6FFE8EF44720F18846AEE459B651D274A509CBB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF18B7, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                    Download Yara Rule
                                    APIs
                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06CF191C
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: MemoryProcessRead
                                    • String ID:
                                    • API String ID: 1726664587-0
                                    • Opcode ID: 3b0adba8bca14309d77615625eea684002afc8c3e5621993fed7ce03168fd92b
                                    • Instruction ID: e1335d4ba11ed18fc88719eeab7311f36b6ce74cea3dd022cf9657311d8cdb29
                                    • Opcode Fuzzy Hash: 3b0adba8bca14309d77615625eea684002afc8c3e5621993fed7ce03168fd92b
                                    • Instruction Fuzzy Hash: 1911E2764097809FDB228F21DC44A52FFB4EF06220F0CC4DEED858B563D275A558DB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF209F, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 06CF2109
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: bc4076c00304cedae5cc9cd4c6387a8816aa85edb14d4d479934ff4b9fa2e111
                                    • Instruction ID: 9efec0e46aa73f21a1d43432fbd9c59e2390d9a95cf32ca750cc23268a203760
                                    • Opcode Fuzzy Hash: bc4076c00304cedae5cc9cd4c6387a8816aa85edb14d4d479934ff4b9fa2e111
                                    • Instruction Fuzzy Hash: BB11D3714093809FD7128F15DC45B52FFB4EF06214F18C49EED454B563D276A919CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1810, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SetThreadContext.KERNELBASE(?,?), ref: 06CF186F
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: ContextThread
                                    • String ID:
                                    • API String ID: 1591575202-0
                                    • Opcode ID: d1752ccfeaf43baf54a7616852906e982ef197c70c919931acf2f5f4c1abe6dd
                                    • Instruction ID: 72529bc9bfbd8228349fe6e28229b381974645f81ea00e4cdb9509e4c8a9b533
                                    • Opcode Fuzzy Hash: d1752ccfeaf43baf54a7616852906e982ef197c70c919931acf2f5f4c1abe6dd
                                    • Instruction Fuzzy Hash: 0A11C1759053849FD711CF15DC84FA2FFE8EF06220F0980AEED458B262D234E908CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1A4E, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                    Download Yara Rule
                                    APIs
                                    • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 06CF1A96
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: LookupPrivilegeValue
                                    • String ID:
                                    • API String ID: 3899507212-0
                                    • Opcode ID: e2437466f40bcb91ce711557ec9abaec71828641f41b6c0396c7b52e085cca9c
                                    • Instruction ID: e6fd488059e9eca41f93cecfa982a869956cf16fda93472b2dd1c2163f72483f
                                    • Opcode Fuzzy Hash: e2437466f40bcb91ce711557ec9abaec71828641f41b6c0396c7b52e085cca9c
                                    • Instruction Fuzzy Hash: E4116171A10240DFEBA0CF2AD885766FBD8EF04620F0C84AEDD49DB641E675E548CB71
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF12BA, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetFileType.KERNELBASE(?,00000E2C,BF4447B5,00000000,00000000,00000000,00000000), ref: 06CF130D
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: FileType
                                    • String ID:
                                    • API String ID: 3081899298-0
                                    • Opcode ID: b35259c9084ec88cdface70b31e97e17bfa8aa67356c9c10f29907b6ddfb0830
                                    • Instruction ID: 0cb5e88014d09a0dcabd91170b37b3a8b0d99cc1fd94dd169e34fffffa109ae0
                                    • Opcode Fuzzy Hash: b35259c9084ec88cdface70b31e97e17bfa8aa67356c9c10f29907b6ddfb0830
                                    • Instruction Fuzzy Hash: 4201F571900740EFEB60CB1ADC85BA6FBD8DF04721F18C4AAEE459B641D274A509CAB5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF16E2, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileW.KERNELBASE(?), ref: 06CF171C
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: 46513ad167f94c2849cf059a3463fe0d097cb628d7fc2a9aecb3168f8af8a7f4
                                    • Instruction ID: 2ef2eaadf3f15f65a1a7c781700d0b44eea7867864303c01327fb1626481deac
                                    • Opcode Fuzzy Hash: 46513ad167f94c2849cf059a3463fe0d097cb628d7fc2a9aecb3168f8af8a7f4
                                    • Instruction Fuzzy Hash: C7015E75A14240CFEBA0CF2AE8857A6FBD8DF04620F0C84ABDD49CB646D675E544CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1992, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06CF19D8
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: MemoryProcessWrite
                                    • String ID:
                                    • API String ID: 3559483778-0
                                    • Opcode ID: 789d7332cc371b398bdf61677ecc73629feaad3fc50452a476ecd2c1018f2f2d
                                    • Instruction ID: b57a4bc23d718fbd3bb15a29d164089d66271fab9ea6fd84ed605de620401991
                                    • Opcode Fuzzy Hash: 789d7332cc371b398bdf61677ecc73629feaad3fc50452a476ecd2c1018f2f2d
                                    • Instruction Fuzzy Hash: E2016D35510640DFEB608F16D884BA6FBE4EF04620F0C84AEDE858BA61D671E558CBB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1832, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SetThreadContext.KERNELBASE(?,?), ref: 06CF186F
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: ContextThread
                                    • String ID:
                                    • API String ID: 1591575202-0
                                    • Opcode ID: 15fa070af71121baca1a244f1ac05c4c237207683aec9fb2e795c778a5435b13
                                    • Instruction ID: 736a3da27a34d8f5487d2592339a06cb52d4eee94089b225d71879676a5c5975
                                    • Opcode Fuzzy Hash: 15fa070af71121baca1a244f1ac05c4c237207683aec9fb2e795c778a5435b13
                                    • Instruction Fuzzy Hash: EE017135A10244DFEBA0CF16D984BA6FBE4EF04620F0CC4AFDE458B651D675E944CA61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF18DE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06CF191C
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: MemoryProcessRead
                                    • String ID:
                                    • API String ID: 1726664587-0
                                    • Opcode ID: 1f42c9b0f28ae88f720c9a54500237448f614be84d4cfcb20f7068bce8a97bba
                                    • Instruction ID: f5a487e32a83295ce768ce9b367928e04079e483c2855acfa9e12b38872266a9
                                    • Opcode Fuzzy Hash: 1f42c9b0f28ae88f720c9a54500237448f614be84d4cfcb20f7068bce8a97bba
                                    • Instruction Fuzzy Hash: AE019231500640DFDB608F16D844B65FBE0EF04320F08C4AEDE464BA55D671E558DBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF06F6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 06CF0728
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: ChangeCloseFindNotification
                                    • String ID:
                                    • API String ID: 2591292051-0
                                    • Opcode ID: c4ad8f6686489f0dec194d39b5409de252ee30b42126682933aaa3a624e216f9
                                    • Instruction ID: 3a15fe9a1ea1c6c224f5de7f9cf6553a97483164737dad5ffdeb106eb25f77b1
                                    • Opcode Fuzzy Hash: c4ad8f6686489f0dec194d39b5409de252ee30b42126682933aaa3a624e216f9
                                    • Instruction Fuzzy Hash: A901D435A102408FEB908F26E8847A5FBA4DF00B20F08C4ABDD498B242D274A504CE61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF01BA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 06CF01EC
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: ChangeCloseFindNotification
                                    • String ID:
                                    • API String ID: 2591292051-0
                                    • Opcode ID: 8f87699a10698f44ffc506e699f0d3c905711dd3e193640cdb7eb4a1e73dff3b
                                    • Instruction ID: 8c32d3c422ff9e4465cfaaed563abe9100cb207e6adfc05a5fa8fd350224b888
                                    • Opcode Fuzzy Hash: 8f87699a10698f44ffc506e699f0d3c905711dd3e193640cdb7eb4a1e73dff3b
                                    • Instruction Fuzzy Hash: B501D431A143408FEB90CF6AE888796FBA4DF00624F08C0AADD498B642D275E508CB72
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF20CE, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 06CF2109
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 1ad94b0f885472e19c9ec052e4fe6a0c0a08137d9ff0b63e57811a988fa7d0bc
                                    • Instruction ID: c32ee972034b39805df889d92f2fd401ff50fb5590e9af828c8c20e87b57ef8b
                                    • Opcode Fuzzy Hash: 1ad94b0f885472e19c9ec052e4fe6a0c0a08137d9ff0b63e57811a988fa7d0bc
                                    • Instruction Fuzzy Hash: 9101D435910340CFEB608F56D884B66FFA4EF04320F08C4AEDE454B651D276E919CFA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF10CE, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLongPathNameW.KERNELBASE(?,?,?), ref: 06CF1106
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: LongNamePath
                                    • String ID:
                                    • API String ID: 82841172-0
                                    • Opcode ID: 5be4fb9b055e3bf38eb32c0fffc99fcadc2a19e3f1c3aaa2b3090f634b5d85bd
                                    • Instruction ID: 110466a119d1540692458ba2cb260e360484a53f23a8831c0e9dbac80f29ca1c
                                    • Opcode Fuzzy Hash: 5be4fb9b055e3bf38eb32c0fffc99fcadc2a19e3f1c3aaa2b3090f634b5d85bd
                                    • Instruction Fuzzy Hash: 02017C71814280DFEB60CF56E885B65FBA4EF14321F18C4AADE498B616D275E508CBB2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 06CF1DEA, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 06CF1E25
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.282125082.0000000006CF0000.00000040.00000001.sdmp, Offset: 06CF0000, based on PE: false
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 47b3aa0ca37627cb73c2dbfcc17be63c6b363e74e6995103e224585e6f35d585
                                    • Instruction ID: cf7b1fb6047d41d01185324f6e370698d36b8fc2919027d41bf84494fc053d0d
                                    • Opcode Fuzzy Hash: 47b3aa0ca37627cb73c2dbfcc17be63c6b363e74e6995103e224585e6f35d585
                                    • Instruction Fuzzy Hash: BF018F35910340DFDB608F16D888B65FFA0EF04720F08C49EDE454BA22D375A518CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A6D8A, Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID: ]
                                    • API String ID: 0-3352871620
                                    • Opcode ID: 4b14fad4b592a95f4cc72e0e9539c73a62ddef5826c384662766188fa0e2e859
                                    • Instruction ID: a40c7792ee6a88301c61ee11859ed1e6e9b983bd4398c2ca6891137586065ff7
                                    • Opcode Fuzzy Hash: 4b14fad4b592a95f4cc72e0e9539c73a62ddef5826c384662766188fa0e2e859
                                    • Instruction Fuzzy Hash: FF112C34E0831CCFEB90CB68C8417ADB779EF46318F299199C92DA734AE63059918F91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A0843, Relevance: .3, Instructions: 278COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4d4ff9b10b2c751c3715b4fc2235141bf9d131ba1e7acc7f276c6ac71f007575
                                    • Instruction ID: e4f59747cbade54fd1d678860aacfc9b065d51db8c2f1fc21074c585351b09cd
                                    • Opcode Fuzzy Hash: 4d4ff9b10b2c751c3715b4fc2235141bf9d131ba1e7acc7f276c6ac71f007575
                                    • Instruction Fuzzy Hash: 39C16A70901208CFFB50CF99D148AACBBB1FB08358F158095D895EB696D7B8E884CFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A0895, Relevance: .3, Instructions: 275COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1e7ed317cf8b9e0aa79f3220d50935ea429bf487a3b0b5b82108b458f71a132b
                                    • Instruction ID: eed6ac379a7483b0188ff88886e6644b4712a10a9e2395e0e2d0a0c7a065ab42
                                    • Opcode Fuzzy Hash: 1e7ed317cf8b9e0aa79f3220d50935ea429bf487a3b0b5b82108b458f71a132b
                                    • Instruction Fuzzy Hash: 91C17A70801208CFF740CF59D188A9DBBB2FB09358F258195D895EB696D7B8E8C4CFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A08C4, Relevance: .3, Instructions: 264COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a82781b1316f252807850aa0ef130aca4a00edce1be46e7dd412281d7a9d461e
                                    • Instruction ID: d1513b38d94ba24863ec5d0a9a70f2152751273e3bd16cce862b9cc0012dd369
                                    • Opcode Fuzzy Hash: a82781b1316f252807850aa0ef130aca4a00edce1be46e7dd412281d7a9d461e
                                    • Instruction Fuzzy Hash: 53C16B70901208CFFB40CF99D188A9DBBF1FB08358F258095D855EB696D7B8E884CFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A8BD4, Relevance: .2, Instructions: 169COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7d29f9e250b4d8326fa9c3b873d0eca5e853aad18476052051310cac561880ea
                                    • Instruction ID: 22e5541d5e71cd534c3808bfd1e90f1367930e79f3e4cf65ecc19e23407e06bc
                                    • Opcode Fuzzy Hash: 7d29f9e250b4d8326fa9c3b873d0eca5e853aad18476052051310cac561880ea
                                    • Instruction Fuzzy Hash: E271C574D0A218DFEBA0DF64C854BADBAB6BF89304F1080D9C849A7391DB354E85CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052AB217, Relevance: .2, Instructions: 155COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 29d4703139b5282d94820c34ccde76dcd3be21cd1533a1660dfa0e1bb5b26e61
                                    • Instruction ID: 9cbb5779568e55e66fb7d4edf14a3df4193ff44d4a492165c3a2a07c0f8c8264
                                    • Opcode Fuzzy Hash: 29d4703139b5282d94820c34ccde76dcd3be21cd1533a1660dfa0e1bb5b26e61
                                    • Instruction Fuzzy Hash: CE6106B4E15209DFDB04DFA5D8886AEBBB6FF89300F20806AD406A7354EB755A45DF00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A0070, Relevance: .1, Instructions: 148COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2f844c3e65fc70369b61b2808444bee973b9db08b52e62d0f50236a415a636ea
                                    • Instruction ID: c561dbad7de16373eccae6b7812255672a5589a9d9527f78b618683dd4c56125
                                    • Opcode Fuzzy Hash: 2f844c3e65fc70369b61b2808444bee973b9db08b52e62d0f50236a415a636ea
                                    • Instruction Fuzzy Hash: F851EFB0D0930CEFFB84CFA9D485BEDBBB5AB4930CF10906AE815E6241D3344A84CB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052AB268, Relevance: .1, Instructions: 142COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a8ff58f610d979fcb10e14fad081342b25b382259873d30a924a9b8ae642b306
                                    • Instruction ID: 6d80c2b76b65b25eac728f1071671066e25972cec2cfa0bf321daa5f53024d77
                                    • Opcode Fuzzy Hash: a8ff58f610d979fcb10e14fad081342b25b382259873d30a924a9b8ae642b306
                                    • Instruction Fuzzy Hash: 4A51D2B4E15209DFEB04DFA9D8886AEBBB6FF89300F20802AD506A7354EB745945DF10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A00AC, Relevance: .1, Instructions: 104COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0e47fb41822d924d8b7ffc3df722e66c055cf4759092005e9362be98ad6f163a
                                    • Instruction ID: 09034d544b7a526f789a480fdc52c305540c790e2111d8cd9567f4f4ef86f5f6
                                    • Opcode Fuzzy Hash: 0e47fb41822d924d8b7ffc3df722e66c055cf4759092005e9362be98ad6f163a
                                    • Instruction Fuzzy Hash: 8E41F674D09348DFEB81CFA8D884BECBBF5AF4930CF14509AE845A7252D7345A85CB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A2F30, Relevance: .1, Instructions: 102COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c1e31914a17adb63a58e0e3ec6edc0866b5cd0b7492d17302a625892b156a1f8
                                    • Instruction ID: d4d14569bef7299af2be489626a3b1e1d4d46e835e910c67e995c9583e971437
                                    • Opcode Fuzzy Hash: c1e31914a17adb63a58e0e3ec6edc0866b5cd0b7492d17302a625892b156a1f8
                                    • Instruction Fuzzy Hash: C6413970D00209DFDB54DFA9D5909AEBBB2FF88304F208569E801A73A4D7755E82CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A2F40, Relevance: .1, Instructions: 99COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 52b1004ec9b71b3ffbd0f30f2f8d788bcd08061ddc4b9a136b6e4af21982d937
                                    • Instruction ID: e343f0e52fc9fb9144a69686569ea47fdf65a9ecbb3e3b6a4612fbf486272f69
                                    • Opcode Fuzzy Hash: 52b1004ec9b71b3ffbd0f30f2f8d788bcd08061ddc4b9a136b6e4af21982d937
                                    • Instruction Fuzzy Hash: 39411874D00209DFDB58DFA9D5909AEBBB2FF88304F208169E805A7364DB755E82CF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052AC92A, Relevance: .1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bd43085963fb6e306a100fa48fee7e59dc8130b3e668544666e87e0c617ce7d3
                                    • Instruction ID: e6d0414070a9119f26f94cb3c3e61d98f6a254283e312beaa0ae7c212af4cd60
                                    • Opcode Fuzzy Hash: bd43085963fb6e306a100fa48fee7e59dc8130b3e668544666e87e0c617ce7d3
                                    • Instruction Fuzzy Hash: 73413171E1920ADFCB04DFA9D884AAEBBB6FF49300F108069E506B7291DB744D81DF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052AC938, Relevance: .1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cfaa59d3b7a0423570b76361834e2c175e85fe23dcdfb59cad783e71c3255728
                                    • Instruction ID: 70209f4cc9cdb7bb8529b9a437d04e13f2922bea8638e7a131fc5f15e2365c1f
                                    • Opcode Fuzzy Hash: cfaa59d3b7a0423570b76361834e2c175e85fe23dcdfb59cad783e71c3255728
                                    • Instruction Fuzzy Hash: F441ED75E1920ADFCB04DFA9D484AAEBBB6FF89300F108029E916B7291DB745D41DF60
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A15F3, Relevance: .1, Instructions: 77COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8c944286b53fdf28f3c975c40ac6886ef135376240ea0b4f2d6934ffbca9d3bd
                                    • Instruction ID: 3c7e23ce41ee0e7594d428814e1a339895f785e3989198c1c728113c6065dda9
                                    • Opcode Fuzzy Hash: 8c944286b53fdf28f3c975c40ac6886ef135376240ea0b4f2d6934ffbca9d3bd
                                    • Instruction Fuzzy Hash: 5121D1388052C99FCB11AF74D4545D9FFF5EF06304B2459DAD5D59B342D6304902DFA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052AAD68, Relevance: .1, Instructions: 73COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: aba264077763511a59bbaf3622b9c252c652b735c98b7745e772415d648ed195
                                    • Instruction ID: 331839638875e1a3194d6f59ae37e0b956ee80c327a111a1a7b6c267a6f59eb6
                                    • Opcode Fuzzy Hash: aba264077763511a59bbaf3622b9c252c652b735c98b7745e772415d648ed195
                                    • Instruction Fuzzy Hash: E931AF74E00209DFDB08DFAAD544AADBBF2FF88305F1480A9D804A7364DB359A85DF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052A0006, Relevance: .1, Instructions: 66COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d06a0d3b5dc18187b1de66516ca9ee2954043008476b658b8da069a919d34dc0
                                    • Instruction ID: cc1c1c4f36ecdbd0b4c5ebe16e8425c6ff8ba826ce6cb61616419878507fcd0d
                                    • Opcode Fuzzy Hash: d06a0d3b5dc18187b1de66516ca9ee2954043008476b658b8da069a919d34dc0
                                    • Instruction Fuzzy Hash: B011456148E3C99FC74397749C362A93F709F43210B0A08DBD4C5CB0E3E6A8495AD72A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 02DB075C, Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.274684448.0000000002DB0000.00000040.00000040.sdmp, Offset: 02DB0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 187f7d86ac1b612162b969195e7f33028243ac6f2507a20c2c49372167af8201
                                    • Instruction ID: 04a2e8d4f050e96cc5f629ef453977987051f1a14f0099624dbc75d47a0c4f20
                                    • Opcode Fuzzy Hash: 187f7d86ac1b612162b969195e7f33028243ac6f2507a20c2c49372167af8201
                                    • Instruction Fuzzy Hash: D511E734204244DFD716CB14D990B66FB95EF48B09F24C59DE94A4BB52C777D803CE51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 02DB0726, Relevance: .1, Instructions: 57COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.274684448.0000000002DB0000.00000040.00000040.sdmp, Offset: 02DB0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 99c160ae6ca2851a45dbe29d226cf5be5ca583faa5acb0baf50190bbccd6f597
                                    • Instruction ID: 87b1af470fb29fae1e98f1f75ed56a6315692350f44ec85716a2d787debcc8fb
                                    • Opcode Fuzzy Hash: 99c160ae6ca2851a45dbe29d226cf5be5ca583faa5acb0baf50190bbccd6f597
                                    • Instruction Fuzzy Hash: 79215E341493C09FC7138B24C860B56BFB5EF47718F2985DED8858B6A3C33A9816DB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052AE366, Relevance: .1, Instructions: 51COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ac71deb591427b378aefbf9df9cd8819eaa3c6a4e6047965e0ae9f4f8b4d03c6
                                    • Instruction ID: cf07d7a18d1747ae68de4f2f48f4e83c06b7c9580c75dbc5d89bcbc7aa325446
                                    • Opcode Fuzzy Hash: ac71deb591427b378aefbf9df9cd8819eaa3c6a4e6047965e0ae9f4f8b4d03c6
                                    • Instruction Fuzzy Hash: 5411E6B1E16608DBDB08CFABC8406AEBAF7BFC9300F14C06AD509A6214EB7406468F41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 02DB05CF, Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.274684448.0000000002DB0000.00000040.00000040.sdmp, Offset: 02DB0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 155045dcc4586d05c52a259614b7e7ddd72e3187b37dee82e74be89fb6504e25
                                    • Instruction ID: bc74cf0f5789af8f47228764a41f76d736349bcf3573f78ec37ab80138d85fc1
                                    • Opcode Fuzzy Hash: 155045dcc4586d05c52a259614b7e7ddd72e3187b37dee82e74be89fb6504e25
                                    • Instruction Fuzzy Hash: 7D01D6711497806FD7128F16EC44893FFF8DF8623070984ABEC898B212D239B909CB75
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A1650, Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 61e2d454af2e98de27dabc4b4e07c00fd8bbbe974a943f2c6bd341a65808c252
                                    • Instruction ID: b76f9258331d781e7e6e096380fd88fba8a26ec9f53b55dab4a4d55638291a21
                                    • Opcode Fuzzy Hash: 61e2d454af2e98de27dabc4b4e07c00fd8bbbe974a943f2c6bd341a65808c252
                                    • Instruction Fuzzy Hash: EE01E874E01209DFCB44EFA9E5459ADFBB6FF44304F1086AADA15A7354EB305A01CF91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 02DB0818, Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.274684448.0000000002DB0000.00000040.00000040.sdmp, Offset: 02DB0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c3f6f7c96804cda76668e35a3bbcf86681c06fe62140db942cdcb6afdd34f29c
                                    • Instruction ID: f5da766fc85161624300e518c54ea4f9749716b5df14bfc9e08b70da52a6a66f
                                    • Opcode Fuzzy Hash: c3f6f7c96804cda76668e35a3bbcf86681c06fe62140db942cdcb6afdd34f29c
                                    • Instruction Fuzzy Hash: 39F0FB39104644DFC606CF40D940B66FBA6EF89718F24C6ADE9491BB52C737D813DA81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A9DC8, Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ac237124127dac1dea9c46dfc49b87701a6c523bcc76423b3b86fe0d8a716e94
                                    • Instruction ID: a5f73ac6373cebc6acdf0f6c6c65edc906a8e8beb37ef1a4f30fde5c294d6d9a
                                    • Opcode Fuzzy Hash: ac237124127dac1dea9c46dfc49b87701a6c523bcc76423b3b86fe0d8a716e94
                                    • Instruction Fuzzy Hash: C7F06D3086A354DFDB04EFB4E4456ACBF72EB47301F24119ADA45A3391D6710E95CB11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 02DB05F6, Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.274684448.0000000002DB0000.00000040.00000040.sdmp, Offset: 02DB0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 29c9f8b52139e5e2b8711dc86f03342f1c8b09d273ec759c9e1f8b5e0084a1a3
                                    • Instruction ID: f00ab0eb9dd10b78f8efe64a1999105d53827f5b2513917b9c6ac7894aae6cfc
                                    • Opcode Fuzzy Hash: 29c9f8b52139e5e2b8711dc86f03342f1c8b09d273ec759c9e1f8b5e0084a1a3
                                    • Instruction Fuzzy Hash: 24E092766006008BD750CF0AEC85456FBD8EB84630718C47FDC0D8B710E535B505CEA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052AE402, Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7f125e8e86728dbbb231e3f7b2f3d1c73015505c085a8468008a1002cf3a0671
                                    • Instruction ID: 498b98c8e791960fd0853796b16b88852e85b7be7ffed88819359cd0f186501d
                                    • Opcode Fuzzy Hash: 7f125e8e86728dbbb231e3f7b2f3d1c73015505c085a8468008a1002cf3a0671
                                    • Instruction Fuzzy Hash: 8DE0E579C192888FEB05DFB890948EEBBF9AF1E340B119056D512EB351D6348A06CF25
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052AD568, Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 45395e14e5658cc7b483419030727641e772842a41fb64fc118395025c6ff957
                                    • Instruction ID: b3a2b9175bd2845c2bcc0da47c70a154b214a79fa573667e4fc2db686bae67e4
                                    • Opcode Fuzzy Hash: 45395e14e5658cc7b483419030727641e772842a41fb64fc118395025c6ff957
                                    • Instruction Fuzzy Hash: 05F06D34C0934D9FC745DFA8D8495ACBBB4FF46300F2081FAC84593261C6741E45DB55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052ACC19, Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 93affcad3e1d16372f29aea7b850f5d63200bcbcb3447a2f008697293c55921b
                                    • Instruction ID: a67ef441b43b71a204fb047efcf02ff7ad6646ddc22aefc9f08f71adea4037cc
                                    • Opcode Fuzzy Hash: 93affcad3e1d16372f29aea7b850f5d63200bcbcb3447a2f008697293c55921b
                                    • Instruction Fuzzy Hash: E2E01A3085934CEFCB05DFA4E8496ACBFB8EF06201F5080EAD84AE7292D6315A15CB65
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A9DD8, Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5ac7b180c5f6681b4627b0341cfcb98a5f5b2dc47cb61d4f0ab2ad184fba11a4
                                    • Instruction ID: e55ff5036cf0ec6b4531dc1a88e401400b678f54dac1fba60846e0615358e9f6
                                    • Opcode Fuzzy Hash: 5ac7b180c5f6681b4627b0341cfcb98a5f5b2dc47cb61d4f0ab2ad184fba11a4
                                    • Instruction Fuzzy Hash: 0AE04F30916308DFDB04FF68E44567DBB35E706301F101195DE0563380D7B05E90CA45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052AD528, Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3875afb4902ad5ee8ea507aa40b4f4092e2ac686f5321e072c19cd8b800c8829
                                    • Instruction ID: c5a39b47614842241c602c7824bdcc2d6da762f731a5c31cc9da61d23ef5a30e
                                    • Opcode Fuzzy Hash: 3875afb4902ad5ee8ea507aa40b4f4092e2ac686f5321e072c19cd8b800c8829
                                    • Instruction Fuzzy Hash: 53E0DF7086531ACFCB88DFB4C8082EC3FB1EF42314F1002FAC811AA254DB322A56DB55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052AD578, Relevance: .0, Instructions: 17COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e3d567d92e5fa3f685f619f8fb003518e5bb2b7b4c82f46ff3bca3ea526d5b66
                                    • Instruction ID: 5a5fd36b85f523e80df4bab66b4812ce1ca7f61ff35caf754872bb19401b1a1b
                                    • Opcode Fuzzy Hash: e3d567d92e5fa3f685f619f8fb003518e5bb2b7b4c82f46ff3bca3ea526d5b66
                                    • Instruction Fuzzy Hash: 9BE0EC74D0520CEBCB04DFA8E545AADBBB8FF48300F1081A9D80563350DA701A50DF59
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A805D, Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3671fd538002516c6c8cc6109f18cf35954840c619ba85a9bc9a4eaef37ca1f0
                                    • Instruction ID: 7544e23d233a07678f55cdc8f3de0c1db23b0baf9815e1584576a4335841c15a
                                    • Opcode Fuzzy Hash: 3671fd538002516c6c8cc6109f18cf35954840c619ba85a9bc9a4eaef37ca1f0
                                    • Instruction Fuzzy Hash: D3C08C71C4F50CEFEB804A94A0050FCB37CF68B225B2121C2DB0ED3001923241248AE8
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052ACC28, Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e76621a3ffe21031ea9031018d9e0c220579698503b38e100790117b87607ae7
                                    • Instruction ID: c9a454a98d46afa3e14087b02621da0d17452edc14849fd8b3dcb272060e3e32
                                    • Opcode Fuzzy Hash: e76621a3ffe21031ea9031018d9e0c220579698503b38e100790117b87607ae7
                                    • Instruction Fuzzy Hash: 3DD05E3080520CDBCB04EFA8E9496ACBB78AF06301F1000EADC0863350DA701A50DB69
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 052AD538, Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.278523048.00000000052A0000.00000040.00000001.sdmp, Offset: 052A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 94c1abdb208d81f19b5fe7b8d55d515c8bd490d08d6f4a848d854556f1658c9d
                                    • Instruction ID: 3478b252a72a59fff16b44edf530741c42a90977483b2e6a0a986fa6592be960
                                    • Opcode Fuzzy Hash: 94c1abdb208d81f19b5fe7b8d55d515c8bd490d08d6f4a848d854556f1658c9d
                                    • Instruction Fuzzy Hash: 92D05E7081220DDBC704EFF8D50569CBB75AF00305F2000A9C80427354DB31AA50DB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A6BFA, Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 04010d19eef7e11012b98a544d9b514c890fc37c3a901e522627eb258d0b3310
                                    • Instruction ID: b1656aa59afe6500782ddc299362f9e6b6d045e7607ec2d02d6fea8f16f0a0dc
                                    • Opcode Fuzzy Hash: 04010d19eef7e11012b98a544d9b514c890fc37c3a901e522627eb258d0b3310
                                    • Instruction Fuzzy Hash: 66E0E6708046198FDBD09F39C45526CB675FF15314F5041E5991CAA256DB324A41DF45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 068A8C6D, Relevance: .0, Instructions: 10COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.281892924.00000000068A0000.00000040.00000001.sdmp, Offset: 068A0000, based on PE: false
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c3aef486cd70dda6a60e0ae088969803b8e741109f52a07cc282b11d74c6d38a
                                    • Instruction ID: bb619b35ec9056eb1b37d42b35c2a981b7dd556de30a720b2d537a7cfc36fb31
                                    • Opcode Fuzzy Hash: c3aef486cd70dda6a60e0ae088969803b8e741109f52a07cc282b11d74c6d38a
                                    • Instruction Fuzzy Hash: BFD0C9B484A6188EFBD0CF108C4079DBBB86B06308F0551C4C44DE7241C7340A848F54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions