Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Doc.exe

Overview

General Information

Sample Name:Doc.exe
Analysis ID:341408
MD5:c853495818db3fddf333ce3eaf5e6cc3
SHA1:51dfa28d2bf0af44de903fa80e4458110155f34b
SHA256:799087f4f62932dbe6405946e5fc9215c9df899909c15f0c1d876ec28e9436b0
Tags:exeNanoCoreRATYahoo

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM_3
Yara detected Nanocore RAT
.NET source code contains potential unpacker
Binary contains a suspicious time stamp
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
PE file has nameless sections
Protects its processes via BreakOnTermination flag
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • Doc.exe (PID: 1460 cmdline: 'C:\Users\user\Desktop\Doc.exe' MD5: C853495818DB3FDDF333CE3EAF5E6CC3)
    • schtasks.exe (PID: 5744 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmp58A2.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 6112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • Doc.exe (PID: 5784 cmdline: {path} MD5: C853495818DB3FDDF333CE3EAF5E6CC3)
    • Doc.exe (PID: 3848 cmdline: {path} MD5: C853495818DB3FDDF333CE3EAF5E6CC3)
      • schtasks.exe (PID: 5536 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpD558.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 5336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 5316 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpD876.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 5328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • Doc.exe (PID: 1112 cmdline: C:\Users\user\Desktop\Doc.exe 0 MD5: C853495818DB3FDDF333CE3EAF5E6CC3)
    • schtasks.exe (PID: 6476 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmpB420.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 6484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • Doc.exe (PID: 6524 cmdline: {path} MD5: C853495818DB3FDDF333CE3EAF5E6CC3)
  • dhcpmon.exe (PID: 3720 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0 MD5: C853495818DB3FDDF333CE3EAF5E6CC3)
  • dhcpmon.exe (PID: 6328 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' MD5: C853495818DB3FDDF333CE3EAF5E6CC3)
    • schtasks.exe (PID: 6848 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmpDD04.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 6860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • dhcpmon.exe (PID: 6928 cmdline: {path} MD5: C853495818DB3FDDF333CE3EAF5E6CC3)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"C2: ": ["172.111.249.15"], "Version: ": "NanoCore Client, Version=1.2.2.0"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0x4ea7d:$a: NanoCore
    • 0x4ead6:$a: NanoCore
    • 0x4eb13:$a: NanoCore
    • 0x4eb8c:$a: NanoCore
    • 0x54121:$a: NanoCore
    • 0x5416b:$a: NanoCore
    • 0x54355:$a: NanoCore
    • 0x67c74:$a: NanoCore
    • 0x67c89:$a: NanoCore
    • 0x67cbe:$a: NanoCore
    • 0x80c13:$a: NanoCore
    • 0x80c28:$a: NanoCore
    • 0x80c5d:$a: NanoCore
    • 0x4eadf:$b: ClientPlugin
    • 0x4eb1c:$b: ClientPlugin
    • 0x4f41a:$b: ClientPlugin
    • 0x4f427:$b: ClientPlugin
    • 0x53eba:$b: ClientPlugin
    • 0x5412a:$b: ClientPlugin
    • 0x54174:$b: ClientPlugin
    • 0x67a30:$b: ClientPlugin
    00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0x4ea7d:$a: NanoCore
      • 0x4ead6:$a: NanoCore
      • 0x4eb13:$a: NanoCore
      • 0x4eb8c:$a: NanoCore
      • 0x54121:$a: NanoCore
      • 0x5416b:$a: NanoCore
      • 0x54355:$a: NanoCore
      • 0x67c74:$a: NanoCore
      • 0x67c89:$a: NanoCore
      • 0x67cbe:$a: NanoCore
      • 0x80c13:$a: NanoCore
      • 0x80c28:$a: NanoCore
      • 0x80c5d:$a: NanoCore
      • 0x4eadf:$b: ClientPlugin
      • 0x4eb1c:$b: ClientPlugin
      • 0x4f41a:$b: ClientPlugin
      • 0x4f427:$b: ClientPlugin
      • 0x53eba:$b: ClientPlugin
      • 0x5412a:$b: ClientPlugin
      • 0x54174:$b: ClientPlugin
      • 0x67a30:$b: ClientPlugin
      0000001C.00000002.361008474.0000000000402000.00000040.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xff8d:$x1: NanoCore.ClientPluginHost
      • 0xffca:$x2: IClientNetworkHost
      • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      Click to see the 38 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      28.2.dhcpmon.exe.400000.0.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0x1018d:$x1: NanoCore.ClientPluginHost
      • 0x101ca:$x2: IClientNetworkHost
      • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      28.2.dhcpmon.exe.400000.0.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xff05:$x1: NanoCore Client.exe
      • 0x1018d:$x2: NanoCore.ClientPluginHost
      • 0x117c6:$s1: PluginCommand
      • 0x117ba:$s2: FileCommand
      • 0x1266b:$s3: PipeExists
      • 0x18422:$s4: PipeCreated
      • 0x101b7:$s5: IClientLoggingHost
      28.2.dhcpmon.exe.400000.0.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        28.2.dhcpmon.exe.400000.0.unpackNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
        • 0xfef5:$a: NanoCore
        • 0xff05:$a: NanoCore
        • 0x10139:$a: NanoCore
        • 0x1014d:$a: NanoCore
        • 0x1018d:$a: NanoCore
        • 0xff54:$b: ClientPlugin
        • 0x10156:$b: ClientPlugin
        • 0x10196:$b: ClientPlugin
        • 0x1007b:$c: ProjectData
        • 0x10a82:$d: DESCrypto
        • 0x1844e:$e: KeepAlive
        • 0x1643c:$g: LogClientMessage
        • 0x12637:$i: get_Connected
        • 0x10db8:$j: #=q
        • 0x10de8:$j: #=q
        • 0x10e04:$j: #=q
        • 0x10e34:$j: #=q
        • 0x10e50:$j: #=q
        • 0x10e6c:$j: #=q
        • 0x10e9c:$j: #=q
        • 0x10eb8:$j: #=q
        6.2.Doc.exe.400000.0.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0x1018d:$x1: NanoCore.ClientPluginHost
        • 0x101ca:$x2: IClientNetworkHost
        • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
        Click to see the 7 entries

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Doc.exe, ProcessId: 3848, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
        Sigma detected: Scheduled temp file as task from temp locationShow sources
        Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmp58A2.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmp58A2.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: 'C:\Users\user\Desktop\Doc.exe' , ParentImage: C:\Users\user\Desktop\Doc.exe, ParentProcessId: 1460, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmp58A2.tmp', ProcessId: 5744

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: Doc.exe.6524.22.memstrMalware Configuration Extractor: NanoCore {"C2: ": ["172.111.249.15"], "Version: ": "NanoCore Client, Version=1.2.2.0"}
        Multi AV Scanner detection for domain / URLShow sources
        Source: innocentbooii.hopto.orgVirustotal: Detection: 9%Perma Link
        Multi AV Scanner detection for dropped fileShow sources
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeReversingLabs: Detection: 39%
        Source: C:\Users\user\AppData\Roaming\dEkaSoUjP.exeReversingLabs: Detection: 39%
        Multi AV Scanner detection for submitted fileShow sources
        Source: Doc.exeVirustotal: Detection: 33%Perma Link
        Source: Doc.exeReversingLabs: Detection: 39%
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.361008474.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.335391118.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.278969734.00000000073FA000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.330365901.00000000047AD000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.328137753.0000000003EDD000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.339287751.0000000002D21000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.364312350.0000000003561000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.595250143.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.355278131.0000000006CBA000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 1460, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 3848, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 6524, type: MEMORY
        Source: Yara matchFile source: 28.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.Doc.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.Doc.exe.400000.0.unpack, type: UNPACKEDPE
        Machine Learning detection for dropped fileShow sources
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJoe Sandbox ML: detected
        Source: C:\Users\user\AppData\Roaming\dEkaSoUjP.exeJoe Sandbox ML: detected
        Machine Learning detection for sampleShow sources
        Source: Doc.exeJoe Sandbox ML: detected
        Source: 6.2.Doc.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 28.2.dhcpmon.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 22.2.Doc.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7

        Compliance:

        barindex
        Uses 32bit PE filesShow sources
        Source: Doc.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Uses new MSVCR DllsShow sources
        Source: C:\Users\user\Desktop\Doc.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
        Source: Doc.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Binary contains paths to debug symbolsShow sources
        Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: Doc.exe, 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmp, dhcpmon.exe, 0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmp
        Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: Doc.exe, 00000006.00000002.601742047.0000000003125000.00000004.00000040.sdmp
        Source: Binary string: mscorrc.pdb source: Doc.exe, 00000000.00000002.284135859.0000000009260000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.335976902.0000000006E20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.329884797.0000000005770000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357185868.00000000078A0000.00000002.00000001.sdmp
        Source: C:\Users\user\Desktop\Doc.exeCode function: 4x nop then mov esp, ebp6_2_030B8930

        Networking:

        barindex
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorIPs: 172.111.249.15
        Source: global trafficTCP traffic: 192.168.2.5:49714 -> 154.120.95.234:55420
        Source: Joe Sandbox ViewASN Name: AS45671-NET-AUWholesaleServicesProviderAU AS45671-NET-AUWholesaleServicesProviderAU
        Source: Joe Sandbox ViewASN Name: SpectranetNG SpectranetNG
        Source: unknownTCP traffic detected without corresponding DNS query: 172.111.249.15
        Source: unknownTCP traffic detected without corresponding DNS query: 172.111.249.15
        Source: unknownTCP traffic detected without corresponding DNS query: 172.111.249.15
        Source: unknownTCP traffic detected without corresponding DNS query: 172.111.249.15
        Source: unknownTCP traffic detected without corresponding DNS query: 172.111.249.15
        Source: unknownTCP traffic detected without corresponding DNS query: 172.111.249.15
        Source: unknownTCP traffic detected without corresponding DNS query: 172.111.249.15
        Source: unknownTCP traffic detected without corresponding DNS query: 172.111.249.15
        Source: unknownTCP traffic detected without corresponding DNS query: 172.111.249.15
        Source: unknownDNS traffic detected: queries for: innocentbooii.hopto.org
        Source: Doc.exe, 00000000.00000003.245606571.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://en.w
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
        Source: dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/CSMDataSet.xsd
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
        Source: Doc.exe, 00000000.00000003.245285187.00000000080E1000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com7
        Source: Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com_
        Source: Doc.exe, 00000000.00000003.245285187.00000000080E1000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.come
        Source: Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comei
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
        Source: Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.como.
        Source: Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coms
        Source: Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comy
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
        Source: dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
        Source: Doc.exe, 00000000.00000003.272311376.00000000080DC000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comB.TTFe
        Source: Doc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comI.TTF
        Source: Doc.exe, 00000000.00000003.272311376.00000000080DC000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.coma
        Source: Doc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comals
        Source: Doc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comd
        Source: Doc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comitud
        Source: Doc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comm
        Source: Doc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comoA
        Source: Doc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comoitul
        Source: Doc.exe, 00000000.00000003.272311376.00000000080DC000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comrz
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
        Source: Doc.exe, 00000000.00000003.244615811.00000000080E1000.00000004.00000001.sdmp, Doc.exe, 00000000.00000003.244042748.00000000080E0000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
        Source: Doc.exe, 00000000.00000003.244057616.00000000080E6000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn&
        Source: Doc.exe, 00000000.00000003.244615811.00000000080E1000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
        Source: Doc.exe, 00000000.00000003.244615811.00000000080E1000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnX
        Source: Doc.exe, 00000000.00000003.251014283.00000000080E6000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 00000000.00000003.251014283.00000000080E6000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
        Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
        Source: Doc.exe, 00000000.00000003.246980374.00000000080DB000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/$
        Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/0
        Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/6
        Source: Doc.exe, 00000000.00000003.246853689.00000000080DC000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/A
        Source: Doc.exe, 00000000.00000003.246301474.00000000080D4000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/S
        Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0ldZ
        Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/i-f
        Source: Doc.exe, 00000000.00000003.246853689.00000000080DC000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
        Source: Doc.exe, 00000000.00000003.246853689.00000000080DC000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/6
        Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/H
        Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/S
        Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/l
        Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/k-s
        Source: Doc.exe, 00000000.00000003.246461974.00000000080D7000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/l
        Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/n-u
        Source: Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/w
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
        Source: dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
        Source: Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
        Source: Doc.exe, 00000000.00000003.245099691.00000000080E0000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn_
        Source: Doc.exe, 00000000.00000003.245099691.00000000080E0000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cne
        Source: Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnk
        Source: Doc.exe, 00000000.00000002.273691048.000000000174A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
        Source: Doc.exe, 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.361008474.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.335391118.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.278969734.00000000073FA000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.330365901.00000000047AD000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.328137753.0000000003EDD000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.339287751.0000000002D21000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.364312350.0000000003561000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.595250143.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.355278131.0000000006CBA000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 1460, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 3848, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 6524, type: MEMORY
        Source: Yara matchFile source: 28.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.Doc.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.Doc.exe.400000.0.unpack, type: UNPACKEDPE

        Operating System Destruction:

        barindex
        Protects its processes via BreakOnTermination flagShow sources
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: 01 00 00 00 Jump to behavior

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001C.00000002.361008474.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001C.00000002.361008474.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000016.00000002.335391118.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000016.00000002.335391118.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000002.278969734.00000000073FA000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.278969734.00000000073FA000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000D.00000002.330365901.00000000047AD000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000D.00000002.330365901.00000000047AD000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000F.00000002.328137753.0000000003EDD000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000F.00000002.328137753.0000000003EDD000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000016.00000002.339287751.0000000002D21000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001C.00000002.364312350.0000000003561000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000006.00000002.595250143.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000006.00000002.595250143.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000013.00000002.355278131.0000000006CBA000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000013.00000002.355278131.0000000006CBA000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: Doc.exe PID: 1460, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: Doc.exe PID: 1460, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: Doc.exe PID: 3848, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: Doc.exe PID: 3848, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: Doc.exe PID: 6524, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: Doc.exe PID: 6524, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 28.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 28.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 6.2.Doc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 6.2.Doc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 22.2.Doc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 22.2.Doc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        PE file contains section with special charsShow sources
        Source: Doc.exeStatic PE information: section name: 2)-Lp$
        Source: dEkaSoUjP.exe.0.drStatic PE information: section name: 2)-Lp$
        Source: dhcpmon.exe.6.drStatic PE information: section name: 2)-Lp$
        PE file has nameless sectionsShow sources
        Source: Doc.exeStatic PE information: section name:
        Source: dEkaSoUjP.exe.0.drStatic PE information: section name:
        Source: dhcpmon.exe.6.drStatic PE information: section name:
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_016CABEE NtQuerySystemInformation,0_2_016CABEE
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_016CABB3 NtQuerySystemInformation,0_2_016CABB3
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_03111836 NtQuerySystemInformation,6_2_03111836
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_03111572 NtSetInformationProcess,6_2_03111572
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_03111541 NtSetInformationProcess,6_2_03111541
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_031117FB NtQuerySystemInformation,6_2_031117FB
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_0170ABEE NtQuerySystemInformation,13_2_0170ABEE
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_0170ABB3 NtQuerySystemInformation,13_2_0170ABB3
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_00F0ABEE NtQuerySystemInformation,15_2_00F0ABEE
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_00F0ABB3 NtQuerySystemInformation,15_2_00F0ABB3
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E25940_2_019E2594
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E1D900_2_019E1D90
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E3D800_2_019E3D80
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E11B10_2_019E11B1
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019EFD280_2_019EFD28
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E60310_2_019E6031
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E907F0_2_019E907F
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E2F180_2_019E2F18
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E010C0_2_019E010C
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E3C8F0_2_019E3C8F
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E98B00_2_019E98B0
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E1CF90_2_019E1CF9
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E5C000_2_019E5C00
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E987D0_2_019E987D
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E54700_2_019E5470
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E54600_2_019E5460
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019EF7A80_2_019EF7A8
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E5BF00_2_019E5BF0
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E93180_2_019E9318
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E93090_2_019E9309
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E4A900_2_019E4A90
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E4A800_2_019E4A80
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E2A100_2_019E2A10
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E5A100_2_019E5A10
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E5A200_2_019E5A20
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E5E780_2_019E5E78
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E6A680_2_019E6A68
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E5E690_2_019E5E69
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_069D56F40_2_069D56F4
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_069D3B980_2_069D3B98
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_069D43F80_2_069D43F8
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_069D09880_2_069D0988
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_069D43E80_2_069D43E8
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_069D18900_2_069D1890
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_069D18800_2_069D1880
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_069D3C580_2_069D3C58
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_069D15D80_2_069D15D8
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_069D01E90_2_069D01E9
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_069D15E80_2_069D15E8
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_069D097A0_2_069D097A
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_09331D090_2_09331D09
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_09333B800_2_09333B80
        Source: C:\Users\user\Desktop\Doc.exeCode function: 5_2_004A90985_2_004A9098
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_00DE90986_2_00DE9098
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_030B2FA86_2_030B2FA8
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_030B23A06_2_030B23A0
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_030B9A786_2_030B9A78
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_030B8E786_2_030B8E78
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_030BB6D86_2_030BB6D8
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_030B38506_2_030B3850
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_030BA3206_2_030BA320
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_030B9B3F6_2_030B9B3F
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_030B306F6_2_030B306F
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B2F1813_2_031B2F18
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B122913_2_031B1229
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031BFD2813_2_031BFD28
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B1D9013_2_031B1D90
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B259413_2_031B2594
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B3D8013_2_031B3D80
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B603113_2_031B6031
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031BA42013_2_031BA420
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B907F13_2_031B907F
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B931813_2_031B9318
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B930913_2_031B9309
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031BF7A813_2_031BF7A8
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B5BF013_2_031B5BF0
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B2A1013_2_031B2A10
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B5A1013_2_031B5A10
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B5A2013_2_031B5A20
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B5E7813_2_031B5E78
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B5E6913_2_031B5E69
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B6A6813_2_031B6A68
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B4A9013_2_031B4A90
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B4A8013_2_031B4A80
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B6AE313_2_031B6AE3
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B010C13_2_031B010C
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B5C0013_2_031B5C00
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B547013_2_031B5470
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B546013_2_031B5460
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B3C9E13_2_031B3C9E
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B98B013_2_031B98B0
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B3CA513_2_031B3CA5
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_031B1CF913_2_031B1CF9
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_05B0098813_2_05B00988
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_05B03B9813_2_05B03B98
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_05B043F813_2_05B043F8
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_05B056F413_2_05B056F4
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_05B015E813_2_05B015E8
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_05B001E913_2_05B001E9
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_05B015D813_2_05B015D8
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_05B0097A13_2_05B0097A
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_05B0189013_2_05B01890
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_05B0188013_2_05B01880
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_05B03C5813_2_05B03C58
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_05B0137013_2_05B01370
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_070D1D0913_2_070D1D09
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_070D3B5213_2_070D3B52
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_070D3B8013_2_070D3B80
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02982F1815_2_02982F18
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0298603115_2_02986031
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0298907F15_2_0298907F
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02981D9015_2_02981D90
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0298258915_2_02982589
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02983D8015_2_02983D80
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_029811B115_2_029811B1
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0298FD2815_2_0298FD28
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02984A9015_2_02984A90
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02984A8015_2_02984A80
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02982A1015_2_02982A10
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02985A1015_2_02985A10
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02985A2015_2_02985A20
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02985E7815_2_02985E78
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02986A6815_2_02986A68
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02985E6915_2_02985E69
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0298F7A815_2_0298F7A8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02985BF015_2_02985BF0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0298931815_2_02989318
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0298930915_2_02989309
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02983C8F15_2_02983C8F
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_029898B015_2_029898B0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02981CF915_2_02981CF9
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_02985C0015_2_02985C00
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0298987D15_2_0298987D
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0298547015_2_02985470
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0298546015_2_02985460
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0298010215_2_02980102
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0575098815_2_05750988
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_057543F815_2_057543F8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_05753B9815_2_05753B98
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_057556F415_2_057556F4
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0575097B15_2_0575097B
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_057501E915_2_057501E9
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_057515E815_2_057515E8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_057515D815_2_057515D8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_05753C5815_2_05753C58
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0575189015_2_05751890
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0575188015_2_05751880
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_057543E815_2_057543E8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_0575EAA815_2_0575EAA8
        Source: Doc.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: dEkaSoUjP.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: dhcpmon.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: Doc.exeBinary or memory string: OriginalFilename vs Doc.exe
        Source: Doc.exe, 00000000.00000002.272844069.0000000000FCE000.00000002.00020000.sdmpBinary or memory string: OriginalFilename~ vs Doc.exe
        Source: Doc.exe, 00000000.00000002.284135859.0000000009260000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Doc.exe
        Source: Doc.exe, 00000000.00000002.273691048.000000000174A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs Doc.exe
        Source: Doc.exe, 00000000.00000002.286908140.0000000009990000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAssemblyReferenceEntry.exeD vs Doc.exe
        Source: Doc.exe, 00000000.00000002.278683853.00000000069F0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTypeLibImporterFlags.dll4 vs Doc.exe
        Source: Doc.exe, 00000000.00000002.288923199.000000000A250000.00000002.00000001.sdmpBinary or memory string: originalfilename vs Doc.exe
        Source: Doc.exe, 00000000.00000002.288923199.000000000A250000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs Doc.exe
        Source: Doc.exe, 00000000.00000002.288764211.000000000A150000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs Doc.exe
        Source: Doc.exe, 00000005.00000002.270139106.000000000050E000.00000002.00020000.sdmpBinary or memory string: OriginalFilename~ vs Doc.exe
        Source: Doc.exe, 00000006.00000002.601689511.0000000003100000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs Doc.exe
        Source: Doc.exe, 00000006.00000002.599703588.0000000000E4E000.00000002.00020000.sdmpBinary or memory string: OriginalFilename~ vs Doc.exe
        Source: Doc.exeBinary or memory string: OriginalFilename vs Doc.exe
        Source: Doc.exe, 0000000D.00000002.336887567.0000000007050000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAssemblyReferenceEntry.exeD vs Doc.exe
        Source: Doc.exe, 0000000D.00000000.282841557.0000000000F2E000.00000002.00020000.sdmpBinary or memory string: OriginalFilename~ vs Doc.exe
        Source: Doc.exe, 0000000D.00000002.337880178.0000000007AF0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs Doc.exe
        Source: Doc.exe, 0000000D.00000002.337786520.0000000007870000.00000002.00000001.sdmpBinary or memory string: originalfilename vs Doc.exe
        Source: Doc.exe, 0000000D.00000002.337786520.0000000007870000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs Doc.exe
        Source: Doc.exe, 0000000D.00000002.336155358.0000000006E80000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameTypeLibImporterFlags.dll4 vs Doc.exe
        Source: Doc.exe, 0000000D.00000002.335976902.0000000006E20000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Doc.exe
        Source: Doc.exe, 00000016.00000002.339689171.0000000004F60000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs Doc.exe
        Source: Doc.exe, 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs Doc.exe
        Source: Doc.exe, 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameNanoProtectClient.dllT vs Doc.exe
        Source: Doc.exe, 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs Doc.exe
        Source: Doc.exe, 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs Doc.exe
        Source: Doc.exe, 00000016.00000000.319457326.000000000072E000.00000002.00020000.sdmpBinary or memory string: OriginalFilename~ vs Doc.exe
        Source: Doc.exeBinary or memory string: OriginalFilename~ vs Doc.exe
        Source: Doc.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: 0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001C.00000002.361008474.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001C.00000002.361008474.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000016.00000002.335391118.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000016.00000002.335391118.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000002.278969734.00000000073FA000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000000.00000002.278969734.00000000073FA000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000D.00000002.330365901.00000000047AD000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000D.00000002.330365901.00000000047AD000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000F.00000002.328137753.0000000003EDD000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000F.00000002.328137753.0000000003EDD000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000016.00000002.339287751.0000000002D21000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001C.00000002.364312350.0000000003561000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000006.00000002.595250143.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000006.00000002.595250143.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000013.00000002.355278131.0000000006CBA000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000013.00000002.355278131.0000000006CBA000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: Doc.exe PID: 1460, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: Doc.exe PID: 1460, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: Doc.exe PID: 3848, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: Doc.exe PID: 3848, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: Doc.exe PID: 6524, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: Doc.exe PID: 6524, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 28.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 28.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 28.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 6.2.Doc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 6.2.Doc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 6.2.Doc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 22.2.Doc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 22.2.Doc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 22.2.Doc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Doc.exeStatic PE information: Section: 2)-Lp$ ZLIB complexity 1.00031404414
        Source: dEkaSoUjP.exe.0.drStatic PE information: Section: 2)-Lp$ ZLIB complexity 1.00031404414
        Source: dhcpmon.exe.6.drStatic PE information: Section: 2)-Lp$ ZLIB complexity 1.00031404414
        Source: 6.2.Doc.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 6.2.Doc.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 6.2.Doc.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 22.2.Doc.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 22.2.Doc.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 22.2.Doc.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 28.2.dhcpmon.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 28.2.dhcpmon.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 28.2.dhcpmon.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 6.2.Doc.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 6.2.Doc.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 22.2.Doc.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 22.2.Doc.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 28.2.dhcpmon.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 28.2.dhcpmon.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: classification engineClassification label: mal100.troj.evad.winEXE@27/12@5/3
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_016CA592 AdjustTokenPrivileges,0_2_016CA592
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_016CA55B AdjustTokenPrivileges,0_2_016CA55B
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_031113F6 AdjustTokenPrivileges,6_2_031113F6
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_031113BF AdjustTokenPrivileges,6_2_031113BF
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_0170A592 AdjustTokenPrivileges,13_2_0170A592
        Source: C:\Users\user\Desktop\Doc.exeCode function: 13_2_0170A55B AdjustTokenPrivileges,13_2_0170A55B
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_00F0A592 AdjustTokenPrivileges,15_2_00F0A592
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_00F0A55B AdjustTokenPrivileges,15_2_00F0A55B
        Source: C:\Users\user\Desktop\Doc.exeFile created: C:\Program Files (x86)\DHCP MonitorJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeFile created: C:\Users\user\AppData\Roaming\dEkaSoUjP.exeJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5336:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6112:120:WilError_01
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMutant created: \Sessions\1\BaseNamedObjects\klWoWNDQjWHCoOgJjdNoeVBUO
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6484:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5328:120:WilError_01
        Source: C:\Users\user\Desktop\Doc.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6860:120:WilError_01
        Source: C:\Users\user\Desktop\Doc.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{f54d19ad-33bd-4372-9241-49940a512cfd}
        Source: C:\Users\user\Desktop\Doc.exeFile created: C:\Users\user\AppData\Local\Temp\tmp58A2.tmpJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\Doc.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmpBinary or memory string: INSERT INTO [dbo].[MANUF_ORDER] ([ORDER_ID], [EMPLOYEE_ID], [CAR_ID], [MANUFACTURER_ID], [ORDER_DATE], [BILL]) VALUES (@ORDER_ID, @EMPLOYEE_ID, @CAR_ID, @MANUFACTURER_ID, @ORDER_DATE, @BILL);
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmpBinary or memory string: UPDATE [dbo].[EMPLOYEE] SET [EMPLOYEE_ID] = @EMPLOYEE_ID, [EMPLOYEE_NAME] = @EMPLOYEE_NAME, [EMPLOYEE_PASSWORD] = @EMPLOYEE_PASSWORD, [EMPLOYEE_CONTACT] = @EMPLOYEE_CONTACT, [EMPLOYEE_ADDRESS] = @EMPLOYEE_ADDRESS, [EMPLOYEE_EMAIL] = @EMPLOYEE_EMAIL, [EMPLOYEE_DESIGNATION] = @EMPLOYEE_DESIGNATION WHERE (([EMPLOYEE_ID] = @Original_EMPLOYEE_ID) AND ([EMPLOYEE_NAME] = @Original_EMPLOYEE_NAME) AND ([EMPLOYEE_PASSWORD] = @Original_EMPLOYEE_PASSWORD) AND ([EMPLOYEE_CONTACT] = @Original_EMPLOYEE_CONTACT) AND ([EMPLOYEE_ADDRESS] = @Original_EMPLOYEE_ADDRESS) AND ([EMPLOYEE_EMAIL] = @Original_EMPLOYEE_EMAIL) AND ([EMPLOYEE_DESIGNATION] = @Original_EMPLOYEE_DESIGNATION));
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmpBinary or memory string: INSERT INTO [dbo].[EMPLOYEE] ([EMPLOYEE_ID], [EMPLOYEE_NAME], [EMPLOYEE_PASSWORD], [EMPLOYEE_CONTACT], [EMPLOYEE_ADDRESS], [EMPLOYEE_EMAIL], [EMPLOYEE_DESIGNATION]) VALUES (@EMPLOYEE_ID, @EMPLOYEE_NAME, @EMPLOYEE_PASSWORD, @EMPLOYEE_CONTACT, @EMPLOYEE_ADDRESS, @EMPLOYEE_EMAIL, @EMPLOYEE_DESIGNATION);
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmpBinary or memory string: UPDATE [dbo].[Car] SET [CAR_ID] = @CAR_ID, [CAR_NAME] = @CAR_NAME, [CAR_MODEL] = @CAR_MODEL, [CAR_COMPANY] = @CAR_COMPANY, [CAR_STATUS] = @CAR_STATUS, [CAR_PRICE] = @CAR_PRICE WHERE (([CAR_ID] = @Original_CAR_ID) AND ([CAR_NAME] = @Original_CAR_NAME) AND ([CAR_MODEL] = @Original_CAR_MODEL) AND ([CAR_COMPANY] = @Original_CAR_COMPANY) AND ([CAR_STATUS] = @Original_CAR_STATUS) AND ([CAR_PRICE] = @Original_CAR_PRICE));
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmpBinary or memory string: INSERT INTO [dbo].[MANUFACTURER] ([MANUFACTURER_ID], [MANUFACTURER_NAME], [MANUFACTURER_EMAIL], [MANUFACTURER_ADDRESS], [MANUFACTURER_CONTACT]) VALUES (@MANUFACTURER_ID, @MANUFACTURER_NAME, @MANUFACTURER_EMAIL, @MANUFACTURER_ADDRESS, @MANUFACTURER_CONTACT);
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmpBinary or memory string: INSERT INTO [dbo].[Car] ([CAR_ID], [CAR_NAME], [CAR_MODEL], [CAR_COMPANY], [CAR_STATUS], [CAR_PRICE]) VALUES (@CAR_ID, @CAR_NAME, @CAR_MODEL, @CAR_COMPANY, @CAR_STATUS, @CAR_PRICE);
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmpBinary or memory string: UPDATE [dbo].[CUSTOMER_ORDER] SET [ORDER_ID] = @ORDER_ID, [EMPLOYEE_ID] = @EMPLOYEE_ID, [CAR_ID] = @CAR_ID, [CUSTOMER_CNIC] = @CUSTOMER_CNIC, [ORDER_DATE] = @ORDER_DATE, [BILL] = @BILL WHERE (([ORDER_ID] = @Original_ORDER_ID) AND ((@IsNull_EMPLOYEE_ID = 1 AND [EMPLOYEE_ID] IS NULL) OR ([EMPLOYEE_ID] = @Original_EMPLOYEE_ID)) AND ((@IsNull_CAR_ID = 1 AND [CAR_ID] IS NULL) OR ([CAR_ID] = @Original_CAR_ID)) AND ((@IsNull_CUSTOMER_CNIC = 1 AND [CUSTOMER_CNIC] IS NULL) OR ([CUSTOMER_CNIC] = @Original_CUSTOMER_CNIC)) AND ([ORDER_DATE] = @Original_ORDER_DATE) AND ([BILL] = @Original_BILL));
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmpBinary or memory string: INSERT INTO [dbo].[CUSTOMER] ([CUSTOMER_CNIC], [CUSTOMER_NAME], [CUSTOMER_CONTACT], [CUSTOMER_ADDRESS]) VALUES (@CUSTOMER_CNIC, @CUSTOMER_NAME, @CUSTOMER_CONTACT, @CUSTOMER_ADDRESS);
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmpBinary or memory string: UPDATE [dbo].[CUSTOMER] SET [CUSTOMER_CNIC] = @CUSTOMER_CNIC, [CUSTOMER_NAME] = @CUSTOMER_NAME, [CUSTOMER_CONTACT] = @CUSTOMER_CONTACT, [CUSTOMER_ADDRESS] = @CUSTOMER_ADDRESS WHERE (([CUSTOMER_CNIC] = @Original_CUSTOMER_CNIC) AND ([CUSTOMER_NAME] = @Original_CUSTOMER_NAME) AND ([CUSTOMER_CONTACT] = @Original_CUSTOMER_CONTACT) AND ([CUSTOMER_ADDRESS] = @Original_CUSTOMER_ADDRESS));
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmpBinary or memory string: INSERT INTO [dbo].[CUSTOMER_ORDER] ([ORDER_ID], [EMPLOYEE_ID], [CAR_ID], [CUSTOMER_CNIC], [ORDER_DATE], [BILL]) VALUES (@ORDER_ID, @EMPLOYEE_ID, @CAR_ID, @CUSTOMER_CNIC, @ORDER_DATE, @BILL);
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmpBinary or memory string: UPDATE [dbo].[MANUF_ORDER] SET [ORDER_ID] = @ORDER_ID, [EMPLOYEE_ID] = @EMPLOYEE_ID, [CAR_ID] = @CAR_ID, [MANUFACTURER_ID] = @MANUFACTURER_ID, [ORDER_DATE] = @ORDER_DATE, [BILL] = @BILL WHERE (([ORDER_ID] = @Original_ORDER_ID) AND ((@IsNull_EMPLOYEE_ID = 1 AND [EMPLOYEE_ID] IS NULL) OR ([EMPLOYEE_ID] = @Original_EMPLOYEE_ID)) AND ((@IsNull_CAR_ID = 1 AND [CAR_ID] IS NULL) OR ([CAR_ID] = @Original_CAR_ID)) AND ((@IsNull_MANUFACTURER_ID = 1 AND [MANUFACTURER_ID] IS NULL) OR ([MANUFACTURER_ID] = @Original_MANUFACTURER_ID)) AND ([ORDER_DATE] = @Original_ORDER_DATE) AND ([BILL] = @Original_BILL));
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.326164483.0000000003611000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.323222356.0000000002D41000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmpBinary or memory string: UPDATE [dbo].[MANUFACTURER] SET [MANUFACTURER_ID] = @MANUFACTURER_ID, [MANUFACTURER_NAME] = @MANUFACTURER_NAME, [MANUFACTURER_EMAIL] = @MANUFACTURER_EMAIL, [MANUFACTURER_ADDRESS] = @MANUFACTURER_ADDRESS, [MANUFACTURER_CONTACT] = @MANUFACTURER_CONTACT WHERE (([MANUFACTURER_ID] = @Original_MANUFACTURER_ID) AND ([MANUFACTURER_NAME] = @Original_MANUFACTURER_NAME) AND ([MANUFACTURER_EMAIL] = @Original_MANUFACTURER_EMAIL) AND ([MANUFACTURER_ADDRESS] = @Original_MANUFACTURER_ADDRESS) AND ([MANUFACTURER_CONTACT] = @Original_MANUFACTURER_CONTACT));
        Source: Doc.exeVirustotal: Detection: 33%
        Source: Doc.exeReversingLabs: Detection: 39%
        Source: C:\Users\user\Desktop\Doc.exeFile read: C:\Users\user\Desktop\Doc.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Doc.exe 'C:\Users\user\Desktop\Doc.exe'
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmp58A2.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\Desktop\Doc.exe {path}
        Source: unknownProcess created: C:\Users\user\Desktop\Doc.exe {path}
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpD558.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpD876.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\Desktop\Doc.exe C:\Users\user\Desktop\Doc.exe 0
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmpB420.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\Desktop\Doc.exe {path}
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmpDD04.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Users\user\Desktop\Doc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmp58A2.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess created: C:\Users\user\Desktop\Doc.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess created: C:\Users\user\Desktop\Doc.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpD558.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpD876.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmpB420.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess created: C:\Users\user\Desktop\Doc.exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmpDD04.tmp'Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
        Source: Doc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: Doc.exeStatic file information: File size 1530880 > 1048576
        Source: C:\Users\user\Desktop\Doc.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: Doc.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: Doc.exe, 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmp, dhcpmon.exe, 0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmp
        Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: Doc.exe, 00000006.00000002.601742047.0000000003125000.00000004.00000040.sdmp
        Source: Binary string: mscorrc.pdb source: Doc.exe, 00000000.00000002.284135859.0000000009260000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.335976902.0000000006E20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.329884797.0000000005770000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357185868.00000000078A0000.00000002.00000001.sdmp

        Data Obfuscation:

        barindex
        Detected unpacking (changes PE section rights)Show sources
        Source: C:\Users\user\Desktop\Doc.exeUnpacked PE file: 0.2.Doc.exe.e70000.0.unpack 2)-Lp$:EW;.text:ER;.rsrc:R;.reloc:R;Unknown_Section4:ER; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:R;Unknown_Section4:ER;
        Source: C:\Users\user\Desktop\Doc.exeUnpacked PE file: 13.2.Doc.exe.dd0000.0.unpack 2)-Lp$:EW;.text:ER;.rsrc:R;.reloc:R;Unknown_Section4:ER; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:R;Unknown_Section4:ER;
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeUnpacked PE file: 15.2.dhcpmon.exe.4a0000.0.unpack 2)-Lp$:EW;.text:ER;.rsrc:R;.reloc:R;Unknown_Section4:ER; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:R;Unknown_Section4:ER;
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeUnpacked PE file: 19.2.dhcpmon.exe.680000.0.unpack 2)-Lp$:EW;.text:ER;.rsrc:R;.reloc:R;Unknown_Section4:ER; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:R;Unknown_Section4:ER;
        .NET source code contains potential unpackerShow sources
        Source: 6.2.Doc.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 6.2.Doc.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 22.2.Doc.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 22.2.Doc.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 28.2.dhcpmon.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 28.2.dhcpmon.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Binary contains a suspicious time stampShow sources
        Source: initial sampleStatic PE information: 0xC7A08D7A [Mon Feb 17 17:59:22 2076 UTC]
        Source: Doc.exeStatic PE information: section name: 2)-Lp$
        Source: Doc.exeStatic PE information: section name:
        Source: dEkaSoUjP.exe.0.drStatic PE information: section name: 2)-Lp$
        Source: dEkaSoUjP.exe.0.drStatic PE information: section name:
        Source: dhcpmon.exe.6.drStatic PE information: section name: 2)-Lp$
        Source: dhcpmon.exe.6.drStatic PE information: section name:
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00EE44BC push edx; ret 0_2_00EE44BD
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00EE1CB1 push ecx; retf 0_2_00EE1CDB
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00EE094D push cs; ret 0_2_00EE0969
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_00EE312B push ecx; iretd 0_2_00EE312C
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_016C2654 push ss; ret 0_2_016C2676
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_016C28C8 push cs; ret 0_2_016C28DA
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_016C2DA9 push es; ret 0_2_016C2DAA
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E64B0 push ecx; retf 0_2_019E64B1
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E33DF push edx; ret 0_2_019E33E0
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E7314 push eax; iretd 0_2_019E7315
        Source: C:\Users\user\Desktop\Doc.exeCode function: 0_2_019E1A81 push ecx; iretd 0_2_019E1A89
        Source: C:\Users\user\Desktop\Doc.exeCode function: 5_2_004A3863 push ebp; ret 5_2_004A38AF
        Source: C:\Users\user\Desktop\Doc.exeCode function: 5_2_004A1867 push es; iretd 5_2_004A1884
        Source: C:\Users\user\Desktop\Doc.exeCode function: 5_2_004A18DD push es; iretd 5_2_004A18E4
        Source: C:\Users\user\Desktop\Doc.exeCode function: 5_2_004A18EE push es; iretd 5_2_004A1934
        Source: C:\Users\user\Desktop\Doc.exeCode function: 5_2_004A18B3 push es; iretd 5_2_004A18B4
        Source: C:\Users\user\Desktop\Doc.exeCode function: 5_2_004A1946 push es; iretd 5_2_004A1954
        Source: C:\Users\user\Desktop\Doc.exeCode function: 5_2_004A1747 push es; iretd 5_2_004A1754
        Source: C:\Users\user\Desktop\Doc.exeCode function: 5_2_004A1756 push es; iretd 5_2_004A1764
        Source: C:\Users\user\Desktop\Doc.exeCode function: 5_2_004A1766 push es; iretd 5_2_004A1774
        Source: C:\Users\user\Desktop\Doc.exeCode function: 5_2_004A1705 push es; iretd 5_2_004A1744
        Source: C:\Users\user\Desktop\Doc.exeCode function: 5_2_004A1937 push es; iretd 5_2_004A1944
        Source: C:\Users\user\Desktop\Doc.exeCode function: 5_2_004A1797 push es; iretd 5_2_004A17A4
        Source: C:\Users\user\Desktop\Doc.exeCode function: 5_2_004A17A6 push es; iretd 5_2_004A17B4
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_00DE18DD push es; iretd 6_2_00DE18E4
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_00DE18EE push es; iretd 6_2_00DE1934
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_00DE18B3 push es; iretd 6_2_00DE18B4
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_00DE1867 push es; iretd 6_2_00DE1884
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_00DE3863 push ebp; ret 6_2_00DE38AF
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_00DE1797 push es; iretd 6_2_00DE17A4
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_00DE17A6 push es; iretd 6_2_00DE17B4
        Source: initial sampleStatic PE information: section name: 2)-Lp$ entropy: 7.99982367826
        Source: initial sampleStatic PE information: section name: 2)-Lp$ entropy: 7.99982367826
        Source: initial sampleStatic PE information: section name: 2)-Lp$ entropy: 7.99982367826
        Source: 6.2.Doc.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 6.2.Doc.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 22.2.Doc.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 22.2.Doc.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 28.2.dhcpmon.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 28.2.dhcpmon.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: C:\Users\user\Desktop\Doc.exeFile created: C:\Users\user\AppData\Roaming\dEkaSoUjP.exeJump to dropped file
        Source: C:\Users\user\Desktop\Doc.exeFile created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to dropped file

        Boot Survival:

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmp58A2.tmp'

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
        Source: C:\Users\user\Desktop\Doc.exeFile opened: C:\Users\user\Desktop\Doc.exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\Doc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion:

        barindex
        Yara detected AntiVM_3Show sources
        Source: Yara matchFile source: 0000000D.00000002.326488687.0000000003667000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.350701608.00000000030AC000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6328, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 3720, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 1112, type: MEMORY
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.329022220.0000000003A3D000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.325786872.000000000316E000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLLX1(R
        Source: Doc.exe, 0000000D.00000002.329022220.0000000003A3D000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.325786872.000000000316E000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
        Source: Doc.exe, 0000000D.00000002.329022220.0000000003A3D000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.325786872.000000000316E000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.329022220.0000000003A3D000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.325786872.000000000316E000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAMEX1(R.:
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\Desktop\Doc.exeWindow / User API: threadDelayed 718Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeWindow / User API: foregroundWindowGot 1164Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeWindow / User API: foregroundWindowGot 393Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exe TID: 6064Thread sleep time: -31500s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Doc.exe TID: 4576Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Doc.exe TID: 3552Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Doc.exe TID: 3888Thread sleep time: -280000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Doc.exe TID: 1100Thread sleep time: -31500s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Doc.exe TID: 1496Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1036Thread sleep time: -31500s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6176Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6332Thread sleep time: -31500s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6404Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Doc.exe TID: 6576Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 7032Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_0311161A GetSystemInfo,6_2_0311161A
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: VMware
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: VMware|9(r
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIX1(r
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: vmwareX1(r
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: VMWARE
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: VMWARE|9(r
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: VMWAREX1(r48
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: (r#"SOFTWARE\VMware, Inc.\VMware ToolsX1(rQ8
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: VMware
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: VMware |9(r
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: (r&%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\X1(r
        Source: dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
        Source: Doc.exe, 00000000.00000002.275014667.0000000003754000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.329022220.0000000003A3D000.00000004.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.325786872.000000000316E000.00000004.00000001.sdmp, dhcpmon.exe, 00000013.00000002.352582939.0000000003482000.00000004.00000001.sdmpBinary or memory string: QEMUX1(r%:
        Source: C:\Users\user\Desktop\Doc.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging:

        barindex
        Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)Show sources
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 15_2_00F0A172 CheckRemoteDebuggerPresent,15_2_00F0A172
        Source: C:\Users\user\Desktop\Doc.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess queried: DebugPortJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess queried: DebugPortJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess queried: DebugPortJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess queried: DebugPortJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess token adjusted: Debug
        Source: C:\Users\user\Desktop\Doc.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Injects a PE file into a foreign processesShow sources
        Source: C:\Users\user\Desktop\Doc.exeMemory written: C:\Users\user\Desktop\Doc.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeMemory written: C:\Users\user\Desktop\Doc.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMemory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmp58A2.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess created: C:\Users\user\Desktop\Doc.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess created: C:\Users\user\Desktop\Doc.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpD558.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpD876.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmpB420.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Doc.exeProcess created: C:\Users\user\Desktop\Doc.exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmpDD04.tmp'Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}Jump to behavior
        Source: Doc.exe, 00000006.00000002.601462279.0000000001C20000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
        Source: Doc.exe, 00000006.00000002.601462279.0000000001C20000.00000002.00000001.sdmpBinary or memory string: Progman
        Source: Doc.exe, 00000006.00000002.601462279.0000000001C20000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
        Source: Doc.exe, 00000006.00000002.601462279.0000000001C20000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
        Source: Doc.exe, 00000006.00000002.601462279.0000000001C20000.00000002.00000001.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Doc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.361008474.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.335391118.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.278969734.00000000073FA000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.330365901.00000000047AD000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.328137753.0000000003EDD000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.339287751.0000000002D21000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.364312350.0000000003561000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.595250143.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.355278131.0000000006CBA000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 1460, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 3848, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 6524, type: MEMORY
        Source: Yara matchFile source: 28.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.Doc.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.Doc.exe.400000.0.unpack, type: UNPACKEDPE

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: Doc.exe, 00000000.00000002.278969734.00000000073FA000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: Doc.exe, 00000006.00000002.595250143.0000000000402000.00000040.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: Doc.exe, 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: Doc.exe, 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: Doc.exe, 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
        Source: dhcpmon.exe, 0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: dhcpmon.exe, 0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.361008474.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.335391118.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.278969734.00000000073FA000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.330365901.00000000047AD000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.328137753.0000000003EDD000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.339287751.0000000002D21000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.364312350.0000000003561000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.595250143.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.355278131.0000000006CBA000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 1460, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 3848, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Doc.exe PID: 6524, type: MEMORY
        Source: Yara matchFile source: 28.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.Doc.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.Doc.exe.400000.0.unpack, type: UNPACKEDPE
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_03112DE6 bind,6_2_03112DE6
        Source: C:\Users\user\Desktop\Doc.exeCode function: 6_2_03112DA5 bind,6_2_03112DA5

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsScheduled Task/Job1Scheduled Task/Job1Access Token Manipulation1Masquerading2Input Capture21Security Software Discovery321Remote ServicesInput Capture21Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection112Virtualization/Sandbox Evasion4LSASS MemoryVirtualization/Sandbox Evasion4Remote Desktop ProtocolArchive Collected Data11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Scheduled Task/Job1Disable or Modify Tools1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Access Token Manipulation1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection112LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsFile and Directory Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsHidden Files and Directories1DCSyncSystem Information Discovery13Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobObfuscated Files or Information3Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Software Packing23/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
        Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Timestomp1Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 341408 Sample: Doc.exe Startdate: 19/01/2021 Architecture: WINDOWS Score: 100 63 innocentbooii.hopto.org 2->63 71 Multi AV Scanner detection for domain / URL 2->71 73 Found malware configuration 2->73 75 Malicious sample detected (through community Yara rule) 2->75 77 18 other signatures 2->77 9 Doc.exe 6 2->9         started        13 dhcpmon.exe 4 2->13         started        16 Doc.exe 4 2->16         started        18 dhcpmon.exe 3 2->18         started        signatures3 process4 dnsIp5 57 C:\Users\user\AppData\Roaming\dEkaSoUjP.exe, PE32 9->57 dropped 59 C:\Users\user\AppData\Local\...\tmp58A2.tmp, XML 9->59 dropped 61 C:\Users\user\AppData\Local\...\Doc.exe.log, ASCII 9->61 dropped 83 Detected unpacking (changes PE section rights) 9->83 85 Injects a PE file into a foreign processes 9->85 20 Doc.exe 1 14 9->20         started        25 schtasks.exe 1 9->25         started        27 Doc.exe 9->27         started        69 192.168.2.1 unknown unknown 13->69 29 schtasks.exe 13->29         started        31 dhcpmon.exe 13->31         started        33 schtasks.exe 16->33         started        35 Doc.exe 16->35         started        file6 signatures7 process8 dnsIp9 65 innocentbooii.hopto.org 154.120.95.234, 55420 SpectranetNG Nigeria 20->65 67 172.111.249.15, 55420 AS45671-NET-AUWholesaleServicesProviderAU United States 20->67 51 C:\Program Files (x86)\...\dhcpmon.exe, PE32 20->51 dropped 53 C:\Users\user\AppData\Roaming\...\run.dat, data 20->53 dropped 55 C:\...\dhcpmon.exe:Zone.Identifier, ASCII 20->55 dropped 79 Protects its processes via BreakOnTermination flag 20->79 81 Hides that the sample has been downloaded from the Internet (zone.identifier) 20->81 37 schtasks.exe 1 20->37         started        39 schtasks.exe 1 20->39         started        41 conhost.exe 25->41         started        43 conhost.exe 29->43         started        45 conhost.exe 33->45         started        file10 signatures11 process12 process13 47 conhost.exe 37->47         started        49 conhost.exe 39->49         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Doc.exe33%VirustotalBrowse
        Doc.exe39%ReversingLabsByteCode-MSIL.Trojan.Tnega
        Doc.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe100%Joe Sandbox ML
        C:\Users\user\AppData\Roaming\dEkaSoUjP.exe100%Joe Sandbox ML
        C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe39%ReversingLabsByteCode-MSIL.Trojan.Tnega
        C:\Users\user\AppData\Roaming\dEkaSoUjP.exe39%ReversingLabsByteCode-MSIL.Trojan.Tnega

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        6.2.Doc.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        19.2.dhcpmon.exe.680000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
        28.2.dhcpmon.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        22.2.Doc.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        15.2.dhcpmon.exe.4a0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
        13.2.Doc.exe.dd0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
        0.2.Doc.exe.e70000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

        Domains

        SourceDetectionScannerLabelLink
        innocentbooii.hopto.org10%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://www.fontbureau.comI.TTF0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/H0%Avira URL Cloudsafe
        http://www.founder.com.cn/cnX0%Avira URL Cloudsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.carterandcone.com0%URL Reputationsafe
        http://www.carterandcone.com0%URL Reputationsafe
        http://www.carterandcone.com0%URL Reputationsafe
        http://www.carterandcone.com0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/60%Avira URL Cloudsafe
        http://www.fontbureau.comrz0%Avira URL Cloudsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.fontbureau.comoA0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://www.fontbureau.comB.TTFe0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/60%Avira URL Cloudsafe
        http://www.carterandcone.com70%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/00%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/00%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/00%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/n-u0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/jp/l0%Avira URL Cloudsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.carterandcone.comei0%Avira URL Cloudsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/S0%Avira URL Cloudsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/$0%Avira URL Cloudsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.carterandcone.como.0%URL Reputationsafe
        http://www.carterandcone.como.0%URL Reputationsafe
        http://www.carterandcone.como.0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.fontbureau.comoitul0%Avira URL Cloudsafe
        http://www.galapagosdesign.com/0%URL Reputationsafe
        http://www.galapagosdesign.com/0%URL Reputationsafe
        http://www.galapagosdesign.com/0%URL Reputationsafe
        http://www.carterandcone.com_0%Avira URL Cloudsafe
        http://www.carterandcone.come0%URL Reputationsafe
        http://www.carterandcone.come0%URL Reputationsafe
        http://www.carterandcone.come0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/S0%Avira URL Cloudsafe
        http://www.carterandcone.coms0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/A0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.fontbureau.coma0%URL Reputationsafe
        http://www.fontbureau.coma0%URL Reputationsafe
        http://www.fontbureau.coma0%URL Reputationsafe
        http://www.zhongyicts.com.cne0%Avira URL Cloudsafe
        http://www.fontbureau.comd0%URL Reputationsafe
        http://www.fontbureau.comd0%URL Reputationsafe
        http://www.fontbureau.comd0%URL Reputationsafe
        http://en.w0%URL Reputationsafe
        http://en.w0%URL Reputationsafe
        http://en.w0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.zhongyicts.com.cnk0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/0%URL Reputationsafe
        http://www.founder.com.cn/cn/0%URL Reputationsafe
        http://www.founder.com.cn/cn/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/k-s0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/w0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        innocentbooii.hopto.org
        		154.120.95.234
        		truetrueunknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.fontbureau.com/designersGDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
          		high
          http://www.fontbureau.comI.TTFDoc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.fontbureau.com/designers/?Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
            		high
            http://www.founder.com.cn/cn/bTheDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designers?Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
              		high
              http://www.jiyu-kobo.co.jp/jp/HDoc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.founder.com.cn/cnXDoc.exe, 00000000.00000003.244615811.00000000080E1000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.tiro.comdhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.com/designersdhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                		high
                http://www.goodfont.co.krDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.carterandcone.comDoc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/jp/6Doc.exe, 00000000.00000003.246853689.00000000080DC000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.fontbureau.comrzDoc.exe, 00000000.00000003.272311376.00000000080DC000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.sajatypeworks.comDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.typography.netDDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.fontbureau.comoADoc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.founder.com.cn/cn/cTheDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.galapagosdesign.com/staff/dennis.htmDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 00000000.00000003.251014283.00000000080E6000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://fontfabrik.comDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.fontbureau.comB.TTFeDoc.exe, 00000000.00000003.272311376.00000000080DC000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.jiyu-kobo.co.jp/6Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.carterandcone.com7Doc.exe, 00000000.00000003.245285187.00000000080E1000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.jiyu-kobo.co.jp/0Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/n-uDoc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.jiyu-kobo.co.jp/jp/lDoc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.galapagosdesign.com/DPleaseDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.carterandcone.comeiDoc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.fonts.comDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                  		high
                  http://www.sandoll.co.krDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/jp/SDoc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.urwpp.deDPleaseDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/$Doc.exe, 00000000.00000003.246980374.00000000080DB000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.zhongyicts.com.cnDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.carterandcone.como.Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.sakkal.comDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.comoitulDoc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.apache.org/licenses/LICENSE-2.0Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.comDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                      		high
                      http://www.galapagosdesign.com/Doc.exe, 00000000.00000003.251014283.00000000080E6000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.carterandcone.com_Doc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://www.carterandcone.comeDoc.exe, 00000000.00000003.245285187.00000000080E1000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/SDoc.exe, 00000000.00000003.246301474.00000000080D4000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.carterandcone.comsDoc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/ADoc.exe, 00000000.00000003.246853689.00000000080DC000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/jp/Doc.exe, 00000000.00000003.246853689.00000000080DC000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.comaDoc.exe, 00000000.00000003.272311376.00000000080DC000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.zhongyicts.com.cneDoc.exe, 00000000.00000003.245099691.00000000080E0000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.fontbureau.comdDoc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://en.wDoc.exe, 00000000.00000003.245606571.00000000080E5000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.carterandcone.comlDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.zhongyicts.com.cnkDoc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.founder.com.cn/cn/Doc.exe, 00000000.00000003.244615811.00000000080E1000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/k-sDoc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.fontbureau.com/designers/cabarga.htmlNDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                        		high
                        http://www.jiyu-kobo.co.jp/wDoc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.founder.com.cn/cnDoc.exe, 00000000.00000003.244615811.00000000080E1000.00000004.00000001.sdmp, Doc.exe, 00000000.00000003.244042748.00000000080E0000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.zhongyicts.com.cn_Doc.exe, 00000000.00000003.245099691.00000000080E0000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://www.fontbureau.com/designers/frere-jones.htmlDoc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                          		high
                          http://www.carterandcone.comyDoc.exe, 00000000.00000003.245346506.00000000080E1000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.fontbureau.commDoc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/Doc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/lDoc.exe, 00000000.00000003.246461974.00000000080D7000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers8Doc.exe, 00000000.00000002.282380576.0000000008250000.00000002.00000001.sdmp, Doc.exe, 0000000D.00000002.333252045.0000000005D20000.00000002.00000001.sdmp, dhcpmon.exe, 0000000F.00000002.331234081.0000000005F40000.00000002.00000001.sdmp, dhcpmon.exe, 00000013.00000002.357623628.0000000007B20000.00000002.00000001.sdmpfalse
                            		high
                            http://www.jiyu-kobo.co.jp/i-fDoc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.fontbureau.comalsDoc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cn&Doc.exe, 00000000.00000003.244057616.00000000080E6000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.fontbureau.comitudDoc.exe, 00000000.00000003.250034531.00000000080E5000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tempuri.org/CSMDataSet.xsddhcpmon.exe, 00000013.00000002.350486647.0000000003024000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/Y0ldZDoc.exe, 00000000.00000003.246604071.00000000080E5000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown

                            Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public

                            IPDomainCountryFlagASNASN NameMalicious
                            172.111.249.15
                            		unknownUnited States
                            		45671AS45671-NET-AUWholesaleServicesProviderAUtrue
                            154.120.95.234
                            		unknownNigeria
                            		37340SpectranetNGtrue

                            Private

                            IP
                            192.168.2.1

                            General Information

                            Joe Sandbox Version:31.0.0 Red Diamond
                            Analysis ID:341408
                            Start date:19.01.2021
                            Start time:10:22:14
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 14m 2s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Sample file name:Doc.exe
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                            Number of analysed new started processes analysed:40
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal100.troj.evad.winEXE@27/12@5/3
                            EGA Information:Failed
                            HDC Information:
                            • Successful, ratio: 5.1% (good quality ratio 2.8%)
                            • Quality average: 39.3%
                            • Quality standard deviation: 39.3%
                            HCA Information:
                            • Successful, ratio: 89%
                            • Number of executed functions: 686
                            • Number of non-executed functions: 33
                            Cookbook Comments:
                            • Adjust boot time
                            • Enable AMSI
                            • Found application associated with file extension: .exe
                            Warnings:
                            Show All
                            • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, HxTsr.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 104.43.139.144, 92.122.144.200, 40.88.32.150, 51.103.5.159, 51.11.168.160, 92.122.213.194, 92.122.213.247, 20.54.26.129, 52.254.96.93
                            • Excluded domains from analysis (whitelisted): displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, arc.msn.com.nsatc.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, bn2eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcolcus16.cloudapp.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wns.notify.windows.com.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, skypedataprdcoleus15.cloudapp.net, emea1.notify.windows.com.akadns.net, blobcollector.events.data.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, par02p.wns.notify.trafficmanager.net
                            • Report creation exceeded maximum time and may have missing disassembly code information.
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size exceeded maximum capacity and may have missing disassembly code.
                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            10:23:16API Interceptor1148x Sleep call for process: Doc.exe modified
                            10:23:28Task SchedulerRun new task: DHCP Monitor path: "C:\Users\user\Desktop\Doc.exe" s>$(Arg0)
                            10:23:30Task SchedulerRun new task: DHCP Monitor Task path: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" s>$(Arg0)
                            10:23:30AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                            10:23:43API Interceptor3x Sleep call for process: dhcpmon.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            172.111.249.15Scan002.exe.exeGet hashmaliciousBrowse

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              innocentbooii.hopto.orgScan002.exe.exeGet hashmaliciousBrowse
                              • 172.111.249.15
                              File.exeGet hashmaliciousBrowse
                              • 194.5.98.108
                              SWB copy.exeGet hashmaliciousBrowse
                              • 194.5.98.108
                              0LGpT3WYf1.exeGet hashmaliciousBrowse
                              • 154.120.96.115

                              ASN

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              AS45671-NET-AUWholesaleServicesProviderAUScan002.exe.exeGet hashmaliciousBrowse
                              • 172.111.249.15
                              http://s3-eu-west-1.amazonaws.com/hjdpjni/ogbim#qs=r-acacaeeikdgeadkieeefjaehbihabababaefahcaccajbiackdcagfkbkacbGet hashmaliciousBrowse
                              • 203.26.196.25
                              Check.vbsGet hashmaliciousBrowse
                              • 27.50.75.62
                              ano.exeGet hashmaliciousBrowse
                              • 27.50.80.18
                              jbs.exeGet hashmaliciousBrowse
                              • 221.121.151.3
                              https://noosahealth.com/vnotice/w9k6dnqb128gjgj9oklfih2f.php?MTYwMTU2MDcyMGYwN2NlMDllN2Q1NTNlNWU1ODcwZGM1N2RhOWQ1ZWFkNDNiZTIxZTUxNGRkYjQ0MzNmNDNlNTRlNDgzMzI1YzM5NGZhODY4ZA==&data=a2lhbWV0dGlAY29leHBhbi5jb20=Get hashmaliciousBrowse
                              • 103.13.103.135
                              https://rgmgalaxy.com/cgi/?email=cgarcia@dataxu.comGet hashmaliciousBrowse
                              • 180.92.196.41
                              https://bnet.alpha-fem.com/rt/dmZpYWxsb3NAYmFjZmxvcmlkYS5jb20=Get hashmaliciousBrowse
                              • 45.74.14.19
                              ali.exeGet hashmaliciousBrowse
                              • 27.50.80.18
                              CZP44EvQFN.docGet hashmaliciousBrowse
                              • 118.127.60.139
                              svPo783mk8.docGet hashmaliciousBrowse
                              • 118.127.60.139
                              9NLNYxPRWg.docGet hashmaliciousBrowse
                              • 118.127.60.139
                              gN7CiLPI2w.docGet hashmaliciousBrowse
                              • 118.127.60.139
                              b8X9P4f011.docGet hashmaliciousBrowse
                              • 118.127.60.139
                              lRxIRaWSZK.docGet hashmaliciousBrowse
                              • 118.127.60.139
                              T08KQuKIgs.docGet hashmaliciousBrowse
                              • 118.127.60.139
                              GhM6Zmi4U1.docGet hashmaliciousBrowse
                              • 118.127.60.139
                              mhaoMky8ES.docGet hashmaliciousBrowse
                              • 118.127.60.139
                              LApPQ8KJHO.docGet hashmaliciousBrowse
                              • 118.127.60.139
                              Sv5mt8dv9I.docGet hashmaliciousBrowse
                              • 118.127.60.139
                              SpectranetNG0712020.exeGet hashmaliciousBrowse
                              • 41.217.69.179
                              49221o3F5N.exeGet hashmaliciousBrowse
                              • 41.217.64.43
                              0LGpT3WYf1.exeGet hashmaliciousBrowse
                              • 154.120.96.115
                              PURCHASE ORDER TOUSE IMPORT& EXPORT CO. ,LTD.ZIP FILE.exeGet hashmaliciousBrowse
                              • 41.217.62.17
                              INV9938884.exeGet hashmaliciousBrowse
                              • 154.118.49.103
                              bedrapes.exeGet hashmaliciousBrowse
                              • 154.118.68.3
                              5Shipment 09252018 - Ship REPORT WEEK 37.exeGet hashmaliciousBrowse
                              • 197.242.116.57
                              7Statement of account.exeGet hashmaliciousBrowse
                              • 154.118.3.123
                              26SHIPMENT PASSED-Draft BL, Packing list.exeGet hashmaliciousBrowse
                              • 197.242.99.110
                              Property Enquiry Ref-00255487453342065334.exeGet hashmaliciousBrowse
                              • 154.120.125.40
                              59Purchase order.exeGet hashmaliciousBrowse
                              • 197.242.119.100
                              42Invoice.exeGet hashmaliciousBrowse
                              • 154.118.11.196
                              DHL correction form.exeGet hashmaliciousBrowse
                              • 41.217.118.185
                              3Doc_EZ19029587.jsGet hashmaliciousBrowse
                              • 154.120.121.109
                              3Doc_EZ19029587.jsGet hashmaliciousBrowse
                              • 154.120.121.109

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                              Process:C:\Users\user\Desktop\Doc.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):1530880
                              Entropy (8bit):7.361237861080968
                              Encrypted:false
                              SSDEEP:24576:uPoF365K8SDEXOkK3xtBi2H+N/ntbYZ0PNK1XtCIix:uAF3UK8UEekcxi24lDlK5g
                              MD5:C853495818DB3FDDF333CE3EAF5E6CC3
                              SHA1:51DFA28D2BF0AF44DE903FA80E4458110155F34B
                              SHA-256:799087F4F62932DBE6405946E5FC9215C9DF899909C15F0C1D876EC28E9436B0
                              SHA-512:1015EF73002C3221F8386F6E39CA2806F1662650001BE1DD8ACDAC02652D876AB2DA55E07ECF9612F6FDD39F8962A38EB07A034332A13BD39882BA71A9CC7B2C
                              Malicious:true
                              Antivirus:
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 39%
                              Reputation:low
                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.................0......T............... ....@.. ....................................@................................. ...K......................................................................................................H...........2)-..Lp$(.... ......................@....text............................... ..`.rsrc..............................@..@.reloc...............X..............@..B.....................Z.............. ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................
                              C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
                              Process:C:\Users\user\Desktop\Doc.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:true
                              Reputation:high, very likely benign file
                              Preview: [ZoneTransfer]....ZoneId=0
                              C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Doc.exe.log
                              Process:C:\Users\user\Desktop\Doc.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):525
                              Entropy (8bit):5.2874233355119316
                              Encrypted:false
                              SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T
                              MD5:61CCF53571C9ABA6511D696CB0D32E45
                              SHA1:A13A42A20EC14942F52DB20FB16A0A520F8183CE
                              SHA-256:3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
                              SHA-512:90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F
                              Malicious:true
                              Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..
                              C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
                              Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):525
                              Entropy (8bit):5.2874233355119316
                              Encrypted:false
                              SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T
                              MD5:61CCF53571C9ABA6511D696CB0D32E45
                              SHA1:A13A42A20EC14942F52DB20FB16A0A520F8183CE
                              SHA-256:3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
                              SHA-512:90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F
                              Malicious:false
                              Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..
                              C:\Users\user\AppData\Local\Temp\tmp58A2.tmp
                              Process:C:\Users\user\Desktop\Doc.exe
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1646
                              Entropy (8bit):5.168874231313252
                              Encrypted:false
                              SSDEEP:24:2dH4+SEqC/a7hTlNMFpH/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBW2tn:cbhC7ZlNQF/rydbz9I3YODOLNdq3QA
                              MD5:CE1BE564A3A2FC5A84B77D871C48403A
                              SHA1:72FCBAD1A719615F75EA5DB50F5E2C42C057B408
                              SHA-256:E658B7A017F5F96155CFEEFB68260E340ACA2185A4C3CB59FA5933B327C93A15
                              SHA-512:C91296EF7400A0B7597B11B1871672D3930E01B015C82E463EE47482D24D0B77272058FFA2B2ED252FAD13B087F4BC080630D8FA61628AE4E1FFBA74A73B35A7
                              Malicious:true
                              Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>t
                              C:\Users\user\AppData\Local\Temp\tmpB420.tmp
                              Process:C:\Users\user\Desktop\Doc.exe
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1646
                              Entropy (8bit):5.168874231313252
                              Encrypted:false
                              SSDEEP:24:2dH4+SEqC/a7hTlNMFpH/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBW2tn:cbhC7ZlNQF/rydbz9I3YODOLNdq3QA
                              MD5:CE1BE564A3A2FC5A84B77D871C48403A
                              SHA1:72FCBAD1A719615F75EA5DB50F5E2C42C057B408
                              SHA-256:E658B7A017F5F96155CFEEFB68260E340ACA2185A4C3CB59FA5933B327C93A15
                              SHA-512:C91296EF7400A0B7597B11B1871672D3930E01B015C82E463EE47482D24D0B77272058FFA2B2ED252FAD13B087F4BC080630D8FA61628AE4E1FFBA74A73B35A7
                              Malicious:false
                              Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>t
                              C:\Users\user\AppData\Local\Temp\tmpD558.tmp
                              Process:C:\Users\user\Desktop\Doc.exe
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1294
                              Entropy (8bit):5.089166573730756
                              Encrypted:false
                              SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0P8xtn:cbk4oL600QydbQxIYODOLedq3S8j
                              MD5:A248EE7904DBB7192DE9B87A0C445935
                              SHA1:46D3C56F28A5D6E8AE17F722D37D1F9A7E28D851
                              SHA-256:A17BEEC25E493B9B4B2534770C25F2E667F8449891066819113B6E5DB3FF68FA
                              SHA-512:5BE95F18C4089084ED90FED40D52D23F9EE8CCC73F1B273F481EDCF194F0403C5C9BFB52674EB845BFDF2724AC558C5747988872EA7926E5CD310C0EC1D6847D
                              Malicious:false
                              Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                              C:\Users\user\AppData\Local\Temp\tmpD876.tmp
                              Process:C:\Users\user\Desktop\Doc.exe
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:modified
                              Size (bytes):1310
                              Entropy (8bit):5.109425792877704
                              Encrypted:false
                              SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j
                              MD5:5C2F41CFC6F988C859DA7D727AC2B62A
                              SHA1:68999C85FC7E37BAB9216E0099836D40D4545C1C
                              SHA-256:98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
                              SHA-512:B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334
                              Malicious:false
                              Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                              C:\Users\user\AppData\Local\Temp\tmpDD04.tmp
                              Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1646
                              Entropy (8bit):5.168874231313252
                              Encrypted:false
                              SSDEEP:24:2dH4+SEqC/a7hTlNMFpH/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBW2tn:cbhC7ZlNQF/rydbz9I3YODOLNdq3QA
                              MD5:CE1BE564A3A2FC5A84B77D871C48403A
                              SHA1:72FCBAD1A719615F75EA5DB50F5E2C42C057B408
                              SHA-256:E658B7A017F5F96155CFEEFB68260E340ACA2185A4C3CB59FA5933B327C93A15
                              SHA-512:C91296EF7400A0B7597B11B1871672D3930E01B015C82E463EE47482D24D0B77272058FFA2B2ED252FAD13B087F4BC080630D8FA61628AE4E1FFBA74A73B35A7
                              Malicious:false
                              Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>t
                              C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                              Process:C:\Users\user\Desktop\Doc.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):8
                              Entropy (8bit):3.0
                              Encrypted:false
                              SSDEEP:3:JIDt:Gx
                              MD5:0F537B5F4F20482B8B769AE429A9ACAE
                              SHA1:1BD898059B9938529CFF3208C1FE31F641C84C2C
                              SHA-256:CCFF37E420E56A6BB38FE3FFCE46C9CCA7C4FA64A4FA49F65925911D0680B693
                              SHA-512:EDD9C694501661CB79C177E3D5059B46465287282B1125C2F55956748F68ECEB0F047A858BC7DF2EBA6DDC95B1E9E368C9E68AF9ACEE2FCF2ABE92CAE810BB2B
                              Malicious:true
                              Preview: Z..P...H
                              C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
                              Process:C:\Users\user\Desktop\Doc.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):31
                              Entropy (8bit):3.962103165155795
                              Encrypted:false
                              SSDEEP:3:oNUWJRWhKk:oNNJAck
                              MD5:6DDAF09443278775838A4E5FC0A80DF6
                              SHA1:9CD9265F32A1D9636E886A0D8D178C79F7D28026
                              SHA-256:550B94662EDD56B552AE175CD834E72FDCB11F2F01EC1680797E251857F679E8
                              SHA-512:27E6F50EABC36090A45B9438780CF407D8F8E8B5E6F1351118220CD732C18526CC72D46720D13FCF21C4A6E014BFAEE2A81CA8DD20585EB336B0026027FA03E2
                              Malicious:false
                              Preview: C:\Users\user\Desktop\Doc.exe
                              C:\Users\user\AppData\Roaming\dEkaSoUjP.exe
                              Process:C:\Users\user\Desktop\Doc.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):1530880
                              Entropy (8bit):7.361237861080968
                              Encrypted:false
                              SSDEEP:24576:uPoF365K8SDEXOkK3xtBi2H+N/ntbYZ0PNK1XtCIix:uAF3UK8UEekcxi24lDlK5g
                              MD5:C853495818DB3FDDF333CE3EAF5E6CC3
                              SHA1:51DFA28D2BF0AF44DE903FA80E4458110155F34B
                              SHA-256:799087F4F62932DBE6405946E5FC9215C9DF899909C15F0C1D876EC28E9436B0
                              SHA-512:1015EF73002C3221F8386F6E39CA2806F1662650001BE1DD8ACDAC02652D876AB2DA55E07ECF9612F6FDD39F8962A38EB07A034332A13BD39882BA71A9CC7B2C
                              Malicious:true
                              Antivirus:
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 39%
                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.................0......T............... ....@.. ....................................@................................. ...K......................................................................................................H...........2)-..Lp$(.... ......................@....text............................... ..`.rsrc..............................@..@.reloc...............X..............@..B.....................Z.............. ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                              Static File Info

                              General

                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Entropy (8bit):7.361237861080968
                              TrID:
                              • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                              • Win32 Executable (generic) a (10002005/4) 49.96%
                              • Win16/32 Executable Delphi generic (2074/23) 0.01%
                              • Generic Win/DOS Executable (2004/3) 0.01%
                              • DOS Executable Generic (2002/1) 0.01%
                              File name:Doc.exe
                              File size:1530880
                              MD5:c853495818db3fddf333ce3eaf5e6cc3
                              SHA1:51dfa28d2bf0af44de903fa80e4458110155f34b
                              SHA256:799087f4f62932dbe6405946e5fc9215c9df899909c15f0c1d876ec28e9436b0
                              SHA512:1015ef73002c3221f8386f6e39ca2806f1662650001be1dd8acdac02652d876ab2da55e07ecf9612f6fdd39f8962a38eb07a034332a13bd39882ba71a9cc7b2c
                              SSDEEP:24576:uPoF365K8SDEXOkK3xtBi2H+N/ntbYZ0PNK1XtCIix:uAF3UK8UEekcxi24lDlK5g
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.................0......T............... ....@.. ....................................@................................

                              File Icon

                              Icon Hash:8ae8ccccecece09a

                              Static PE Info

                              General

                              Entrypoint:0x57c00a
                              Entrypoint Section:
                              Digitally signed:false
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                              Time Stamp:0xC7A08D7A [Mon Feb 17 17:59:22 2076 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:v2.0.50727
                              OS Version Major:4
                              OS Version Minor:0
                              File Version Major:4
                              File Version Minor:0
                              Subsystem Version Major:4
                              Subsystem Version Minor:0
                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                              Entrypoint Preview

                              Instruction
                              jmp dword ptr [0057C000h]
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0xec9200x4b.text
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x15e0000x1b0c8.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x17a0000xc.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x17c0000x8
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0xec0000x48.text
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              2)-Lp$0x20000xe9e280xea000False1.00031404414data7.99982367826IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                              .text0xec0000x700180x70200False0.306355386009data4.75650322444IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                              .rsrc0x15e0000x1b0c80x1b200False0.127538162442data3.74361062755IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0x17a0000xc0x200False0.044921875data0.0980041756627IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                              0x17c0000x100x200False0.044921875data0.142635768149IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountry
                              RT_ICON0x15e2200x1913PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                              RT_ICON0x15fb340x10828dBase III DBT, version number 0, next free block index 40
                              RT_ICON0x17035c0x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 4294967295, next used block 4294967295
                              RT_ICON0x1745840x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4294967295, next used block 4294967295
                              RT_ICON0x176b2c0x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4294967295, next used block 4294967295
                              RT_ICON0x177bd40x468GLS_BINARY_LSB_FIRST
                              RT_GROUP_ICON0x17803c0x5adata
                              RT_VERSION0x1780980x33adata
                              RT_MANIFEST0x1783d40xcefXML 1.0 document, UTF-8 Unicode (with BOM) text

                              Imports

                              DLLImport
                              mscoree.dll_CorExeMain

                              Version Infos

                              DescriptionData
                              Translation0x0000 0x04b0
                              LegalCopyrightCopyright 2020 ITEL
                              Assembly Version8.0.36.2
                              InternalName.exe
                              FileVersion8.0.37.2
                              CompanyNameITEL Limited
                              LegalTrademarks
                              Comments
                              ProductNameCSM Project
                              ProductVersion8.0.37.2
                              FileDescriptionCSM Project
                              OriginalFilename.exe

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jan 19, 2021 10:23:30.951219082 CET4971455420192.168.2.5154.120.95.234
                              Jan 19, 2021 10:23:34.106537104 CET4971455420192.168.2.5154.120.95.234
                              Jan 19, 2021 10:23:40.107089996 CET4971455420192.168.2.5154.120.95.234
                              Jan 19, 2021 10:23:56.398092031 CET4972255420192.168.2.5154.120.95.234
                              Jan 19, 2021 10:23:59.406162024 CET4972255420192.168.2.5154.120.95.234
                              Jan 19, 2021 10:24:05.406017065 CET4972255420192.168.2.5154.120.95.234
                              Jan 19, 2021 10:24:17.939691067 CET4973055420192.168.2.5154.120.95.234
                              Jan 19, 2021 10:24:21.032339096 CET4973055420192.168.2.5154.120.95.234
                              Jan 19, 2021 10:24:27.032870054 CET4973055420192.168.2.5154.120.95.234
                              Jan 19, 2021 10:24:37.293370008 CET4973555420192.168.2.5172.111.249.15
                              Jan 19, 2021 10:24:40.299601078 CET4973555420192.168.2.5172.111.249.15
                              Jan 19, 2021 10:24:46.300118923 CET4973555420192.168.2.5172.111.249.15
                              Jan 19, 2021 10:24:55.309611082 CET4973855420192.168.2.5172.111.249.15
                              Jan 19, 2021 10:24:58.316715956 CET4973855420192.168.2.5172.111.249.15
                              Jan 19, 2021 10:25:04.317243099 CET4973855420192.168.2.5172.111.249.15
                              Jan 19, 2021 10:25:13.085031986 CET4973955420192.168.2.5172.111.249.15
                              Jan 19, 2021 10:25:16.099419117 CET4973955420192.168.2.5172.111.249.15
                              Jan 19, 2021 10:25:22.115677118 CET4973955420192.168.2.5172.111.249.15
                              Jan 19, 2021 10:25:31.900134087 CET4974055420192.168.2.5154.120.95.234
                              Jan 19, 2021 10:25:34.897878885 CET4974055420192.168.2.5154.120.95.234
                              Jan 19, 2021 10:25:40.898380041 CET4974055420192.168.2.5154.120.95.234
                              Jan 19, 2021 10:25:56.120098114 CET4975155420192.168.2.5154.120.95.234
                              Jan 19, 2021 10:25:59.122292042 CET4975155420192.168.2.5154.120.95.234

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jan 19, 2021 10:22:59.676734924 CET4955753192.168.2.58.8.8.8
                              Jan 19, 2021 10:22:59.724585056 CET53495578.8.8.8192.168.2.5
                              Jan 19, 2021 10:23:03.011400938 CET6173353192.168.2.58.8.8.8
                              Jan 19, 2021 10:23:03.062161922 CET53617338.8.8.8192.168.2.5
                              Jan 19, 2021 10:23:13.308800936 CET6544753192.168.2.58.8.8.8
                              Jan 19, 2021 10:23:13.366452932 CET53654478.8.8.8192.168.2.5
                              Jan 19, 2021 10:23:21.428308964 CET5244153192.168.2.58.8.8.8
                              Jan 19, 2021 10:23:21.479062080 CET53524418.8.8.8192.168.2.5
                              Jan 19, 2021 10:23:22.557158947 CET6217653192.168.2.58.8.8.8
                              Jan 19, 2021 10:23:22.615228891 CET53621768.8.8.8192.168.2.5
                              Jan 19, 2021 10:23:30.818375111 CET5959653192.168.2.58.8.8.8
                              Jan 19, 2021 10:23:30.878221989 CET53595968.8.8.8192.168.2.5
                              Jan 19, 2021 10:23:44.950850010 CET6529653192.168.2.58.8.8.8
                              Jan 19, 2021 10:23:45.002350092 CET53652968.8.8.8192.168.2.5
                              Jan 19, 2021 10:23:48.195247889 CET6318353192.168.2.58.8.8.8
                              Jan 19, 2021 10:23:48.243144035 CET53631838.8.8.8192.168.2.5
                              Jan 19, 2021 10:23:48.297032118 CET6015153192.168.2.58.8.8.8
                              Jan 19, 2021 10:23:48.344970942 CET53601518.8.8.8192.168.2.5
                              Jan 19, 2021 10:23:50.084479094 CET5696953192.168.2.58.8.8.8
                              Jan 19, 2021 10:23:50.132464886 CET53569698.8.8.8192.168.2.5
                              Jan 19, 2021 10:23:56.321463108 CET5516153192.168.2.58.8.8.8
                              Jan 19, 2021 10:23:56.384004116 CET53551618.8.8.8192.168.2.5
                              Jan 19, 2021 10:24:02.716928005 CET5475753192.168.2.58.8.8.8
                              Jan 19, 2021 10:24:02.764775038 CET53547578.8.8.8192.168.2.5
                              Jan 19, 2021 10:24:05.069717884 CET4999253192.168.2.58.8.8.8
                              Jan 19, 2021 10:24:05.120398045 CET53499928.8.8.8192.168.2.5
                              Jan 19, 2021 10:24:10.203083038 CET6007553192.168.2.58.8.8.8
                              Jan 19, 2021 10:24:10.263900995 CET53600758.8.8.8192.168.2.5
                              Jan 19, 2021 10:24:17.880350113 CET5501653192.168.2.58.8.8.8
                              Jan 19, 2021 10:24:17.938066959 CET53550168.8.8.8192.168.2.5
                              Jan 19, 2021 10:24:23.151571035 CET6434553192.168.2.58.8.8.8
                              Jan 19, 2021 10:24:23.199763060 CET53643458.8.8.8192.168.2.5
                              Jan 19, 2021 10:24:24.049966097 CET5712853192.168.2.58.8.8.8
                              Jan 19, 2021 10:24:24.097898006 CET53571288.8.8.8192.168.2.5
                              Jan 19, 2021 10:24:24.902646065 CET5479153192.168.2.58.8.8.8
                              Jan 19, 2021 10:24:24.950527906 CET53547918.8.8.8192.168.2.5
                              Jan 19, 2021 10:24:28.905478954 CET5046353192.168.2.58.8.8.8
                              Jan 19, 2021 10:24:28.981370926 CET53504638.8.8.8192.168.2.5
                              Jan 19, 2021 10:24:38.677479029 CET5039453192.168.2.58.8.8.8
                              Jan 19, 2021 10:24:38.726584911 CET53503948.8.8.8192.168.2.5
                              Jan 19, 2021 10:24:42.713869095 CET5853053192.168.2.58.8.8.8
                              Jan 19, 2021 10:24:42.788130999 CET53585308.8.8.8192.168.2.5
                              Jan 19, 2021 10:25:31.837795019 CET5381353192.168.2.58.8.8.8
                              Jan 19, 2021 10:25:31.898233891 CET53538138.8.8.8192.168.2.5
                              Jan 19, 2021 10:25:43.870352983 CET6373253192.168.2.58.8.8.8
                              Jan 19, 2021 10:25:43.918276072 CET53637328.8.8.8192.168.2.5
                              Jan 19, 2021 10:25:44.765908957 CET5734453192.168.2.58.8.8.8
                              Jan 19, 2021 10:25:44.825380087 CET53573448.8.8.8192.168.2.5
                              Jan 19, 2021 10:25:45.759581089 CET5445053192.168.2.58.8.8.8
                              Jan 19, 2021 10:25:45.807430029 CET53544508.8.8.8192.168.2.5
                              Jan 19, 2021 10:25:46.522767067 CET5926153192.168.2.58.8.8.8
                              Jan 19, 2021 10:25:46.573513031 CET53592618.8.8.8192.168.2.5
                              Jan 19, 2021 10:25:47.303802013 CET5715153192.168.2.58.8.8.8
                              Jan 19, 2021 10:25:47.362200022 CET53571518.8.8.8192.168.2.5
                              Jan 19, 2021 10:25:48.205671072 CET5941353192.168.2.58.8.8.8
                              Jan 19, 2021 10:25:48.262279034 CET53594138.8.8.8192.168.2.5
                              Jan 19, 2021 10:25:49.114852905 CET6051653192.168.2.58.8.8.8
                              Jan 19, 2021 10:25:49.171040058 CET53605168.8.8.8192.168.2.5
                              Jan 19, 2021 10:25:50.212817907 CET5164953192.168.2.58.8.8.8
                              Jan 19, 2021 10:25:50.269519091 CET53516498.8.8.8192.168.2.5
                              Jan 19, 2021 10:25:51.512135029 CET6508653192.168.2.58.8.8.8
                              Jan 19, 2021 10:25:51.568703890 CET53650868.8.8.8192.168.2.5
                              Jan 19, 2021 10:25:52.286628962 CET5643253192.168.2.58.8.8.8
                              Jan 19, 2021 10:25:52.342928886 CET53564328.8.8.8192.168.2.5
                              Jan 19, 2021 10:25:56.058824062 CET5292953192.168.2.58.8.8.8
                              Jan 19, 2021 10:25:56.118586063 CET53529298.8.8.8192.168.2.5

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                              Jan 19, 2021 10:23:30.818375111 CET192.168.2.58.8.8.80x7fa6Standard query (0)innocentbooii.hopto.orgA (IP address)IN (0x0001)
                              Jan 19, 2021 10:23:56.321463108 CET192.168.2.58.8.8.80xc577Standard query (0)innocentbooii.hopto.orgA (IP address)IN (0x0001)
                              Jan 19, 2021 10:24:17.880350113 CET192.168.2.58.8.8.80x5c38Standard query (0)innocentbooii.hopto.orgA (IP address)IN (0x0001)
                              Jan 19, 2021 10:25:31.837795019 CET192.168.2.58.8.8.80x1870Standard query (0)innocentbooii.hopto.orgA (IP address)IN (0x0001)
                              Jan 19, 2021 10:25:56.058824062 CET192.168.2.58.8.8.80x7845Standard query (0)innocentbooii.hopto.orgA (IP address)IN (0x0001)

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                              Jan 19, 2021 10:23:30.878221989 CET8.8.8.8192.168.2.50x7fa6No error (0)innocentbooii.hopto.org154.120.95.234A (IP address)IN (0x0001)
                              Jan 19, 2021 10:23:56.384004116 CET8.8.8.8192.168.2.50xc577No error (0)innocentbooii.hopto.org154.120.95.234A (IP address)IN (0x0001)
                              Jan 19, 2021 10:24:17.938066959 CET8.8.8.8192.168.2.50x5c38No error (0)innocentbooii.hopto.org154.120.95.234A (IP address)IN (0x0001)
                              Jan 19, 2021 10:25:31.898233891 CET8.8.8.8192.168.2.50x1870No error (0)innocentbooii.hopto.org154.120.95.234A (IP address)IN (0x0001)
                              Jan 19, 2021 10:25:56.118586063 CET8.8.8.8192.168.2.50x7845No error (0)innocentbooii.hopto.org154.120.95.234A (IP address)IN (0x0001)

                              Code Manipulations

                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              Analysis Process: Doc.exe PID: 1460 Parent PID: 5608

                              General

                              Start time:10:23:04
                              Start date:19/01/2021
                              Path:C:\Users\user\Desktop\Doc.exe
                              Wow64 process (32bit):true
                              Commandline:'C:\Users\user\Desktop\Doc.exe'
                              Imagebase:0xe70000
                              File size:1530880 bytes
                              MD5 hash:C853495818DB3FDDF333CE3EAF5E6CC3
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:.Net C# or VB.NET
                              Yara matches:
                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.278969734.00000000073FA000.00000004.00000001.sdmp, Author: Florian Roth
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.278969734.00000000073FA000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.278969734.00000000073FA000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              Reputation:low

                              Chronological Activities

                              Analysis Process: schtasks.exe PID: 5744 Parent PID: 1460

                              General

                              Start time:10:23:20
                              Start date:19/01/2021
                              Path:C:\Windows\SysWOW64\schtasks.exe
                              Wow64 process (32bit):true
                              Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmp58A2.tmp'
                              Imagebase:0xbf0000
                              File size:185856 bytes
                              MD5 hash:15FF7D8324231381BAD48A052F85DF04
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Analysis Process: conhost.exe PID: 6112 Parent PID: 5744

                              General

                              Start time:10:23:21
                              Start date:19/01/2021
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff7ecfc0000
                              File size:625664 bytes
                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Analysis Process: Doc.exe PID: 5784 Parent PID: 1460

                              General

                              Start time:10:23:23
                              Start date:19/01/2021
                              Path:C:\Users\user\Desktop\Doc.exe
                              Wow64 process (32bit):false
                              Commandline:{path}
                              Imagebase:0x3b0000
                              File size:1530880 bytes
                              MD5 hash:C853495818DB3FDDF333CE3EAF5E6CC3
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low

                              Chronological Activities

                              Analysis Process: Doc.exe PID: 3848 Parent PID: 1460

                              General

                              Start time:10:23:24
                              Start date:19/01/2021
                              Path:C:\Users\user\Desktop\Doc.exe
                              Wow64 process (32bit):true
                              Commandline:{path}
                              Imagebase:0xcf0000
                              File size:1530880 bytes
                              MD5 hash:C853495818DB3FDDF333CE3EAF5E6CC3
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:.Net C# or VB.NET
                              Yara matches:
                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000006.00000002.595250143.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000006.00000002.595250143.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 00000006.00000002.595250143.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              Reputation:low

                              Chronological Activities

                              Analysis Process: schtasks.exe PID: 5536 Parent PID: 3848

                              General

                              Start time:10:23:26
                              Start date:19/01/2021
                              Path:C:\Windows\SysWOW64\schtasks.exe
                              Wow64 process (32bit):true
                              Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpD558.tmp'
                              Imagebase:0x7ff797770000
                              File size:185856 bytes
                              MD5 hash:15FF7D8324231381BAD48A052F85DF04
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Analysis Process: conhost.exe PID: 5336 Parent PID: 5536

                              General

                              Start time:10:23:26
                              Start date:19/01/2021
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff7ecfc0000
                              File size:625664 bytes
                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Analysis Process: schtasks.exe PID: 5316 Parent PID: 3848

                              General

                              Start time:10:23:27
                              Start date:19/01/2021
                              Path:C:\Windows\SysWOW64\schtasks.exe
                              Wow64 process (32bit):true
                              Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpD876.tmp'
                              Imagebase:0xbf0000
                              File size:185856 bytes
                              MD5 hash:15FF7D8324231381BAD48A052F85DF04
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Analysis Process: conhost.exe PID: 5328 Parent PID: 5316

                              General

                              Start time:10:23:27
                              Start date:19/01/2021
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff7ecfc0000
                              File size:625664 bytes
                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Analysis Process: Doc.exe PID: 1112 Parent PID: 904

                              General

                              Start time:10:23:29
                              Start date:19/01/2021
                              Path:C:\Users\user\Desktop\Doc.exe
                              Wow64 process (32bit):true
                              Commandline:C:\Users\user\Desktop\Doc.exe 0
                              Imagebase:0xdd0000
                              File size:1530880 bytes
                              MD5 hash:C853495818DB3FDDF333CE3EAF5E6CC3
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:.Net C# or VB.NET
                              Yara matches:
                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000D.00000002.330365901.00000000047AD000.00000004.00000001.sdmp, Author: Florian Roth
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000D.00000002.330365901.00000000047AD000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 0000000D.00000002.330365901.00000000047AD000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000D.00000002.326488687.0000000003667000.00000004.00000001.sdmp, Author: Joe Security
                              Reputation:low

                              Chronological Activities

                              Analysis Process: dhcpmon.exe PID: 3720 Parent PID: 904

                              General

                              Start time:10:23:30
                              Start date:19/01/2021
                              Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                              Wow64 process (32bit):true
                              Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
                              Imagebase:0x4a0000
                              File size:1530880 bytes
                              MD5 hash:C853495818DB3FDDF333CE3EAF5E6CC3
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:.Net C# or VB.NET
                              Yara matches:
                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000F.00000002.328137753.0000000003EDD000.00000004.00000001.sdmp, Author: Florian Roth
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000F.00000002.328137753.0000000003EDD000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 0000000F.00000002.328137753.0000000003EDD000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              Antivirus matches:
                              • Detection: 100%, Joe Sandbox ML
                              • Detection: 39%, ReversingLabs
                              Reputation:low

                              Chronological Activities

                              Analysis Process: dhcpmon.exe PID: 6328 Parent PID: 3472

                              General

                              Start time:10:23:38
                              Start date:19/01/2021
                              Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                              Wow64 process (32bit):true
                              Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
                              Imagebase:0x680000
                              File size:1530880 bytes
                              MD5 hash:C853495818DB3FDDF333CE3EAF5E6CC3
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:.Net C# or VB.NET
                              Yara matches:
                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000013.00000002.350701608.00000000030AC000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000013.00000002.355278131.0000000006CBA000.00000004.00000001.sdmp, Author: Florian Roth
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000013.00000002.355278131.0000000006CBA000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 00000013.00000002.355278131.0000000006CBA000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              Reputation:low

                              Chronological Activities

                              Analysis Process: schtasks.exe PID: 6476 Parent PID: 1112

                              General

                              Start time:10:23:44
                              Start date:19/01/2021
                              Path:C:\Windows\SysWOW64\schtasks.exe
                              Wow64 process (32bit):true
                              Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmpB420.tmp'
                              Imagebase:0xbf0000
                              File size:185856 bytes
                              MD5 hash:15FF7D8324231381BAD48A052F85DF04
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Analysis Process: conhost.exe PID: 6484 Parent PID: 6476

                              General

                              Start time:10:23:44
                              Start date:19/01/2021
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff7ecfc0000
                              File size:625664 bytes
                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Analysis Process: Doc.exe PID: 6524 Parent PID: 1112

                              General

                              Start time:10:23:46
                              Start date:19/01/2021
                              Path:C:\Users\user\Desktop\Doc.exe
                              Wow64 process (32bit):true
                              Commandline:{path}
                              Imagebase:0x5d0000
                              File size:1530880 bytes
                              MD5 hash:C853495818DB3FDDF333CE3EAF5E6CC3
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:.Net C# or VB.NET
                              Yara matches:
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 00000016.00000002.339391381.0000000003D21000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000016.00000002.335391118.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000016.00000002.335391118.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 00000016.00000002.335391118.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000016.00000002.339287751.0000000002D21000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 00000016.00000002.339287751.0000000002D21000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              Reputation:low

                              Chronological Activities

                              Analysis Process: schtasks.exe PID: 6848 Parent PID: 6328

                              General

                              Start time:10:23:54
                              Start date:19/01/2021
                              Path:C:\Windows\SysWOW64\schtasks.exe
                              Wow64 process (32bit):true
                              Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\dEkaSoUjP' /XML 'C:\Users\user\AppData\Local\Temp\tmpDD04.tmp'
                              Imagebase:0xbf0000
                              File size:185856 bytes
                              MD5 hash:15FF7D8324231381BAD48A052F85DF04
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Analysis Process: conhost.exe PID: 6860 Parent PID: 6848

                              General

                              Start time:10:23:54
                              Start date:19/01/2021
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff7ecfc0000
                              File size:625664 bytes
                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Analysis Process: dhcpmon.exe PID: 6928 Parent PID: 6328

                              General

                              Start time:10:23:55
                              Start date:19/01/2021
                              Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                              Wow64 process (32bit):true
                              Commandline:{path}
                              Imagebase:0xd00000
                              File size:1530880 bytes
                              MD5 hash:C853495818DB3FDDF333CE3EAF5E6CC3
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:.Net C# or VB.NET
                              Yara matches:
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 0000001C.00000002.364409050.0000000004561000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001C.00000002.361008474.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001C.00000002.361008474.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 0000001C.00000002.361008474.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001C.00000002.364312350.0000000003561000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: NanoCore, Description: unknown, Source: 0000001C.00000002.364312350.0000000003561000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                              Reputation:low

                              Chronological Activities

                              Disassembly

                              Code Analysis

                              Reset < >

                                Analysis Process: Doc.exe PID: 1460 Parent PID: 5608 Doc.exeCOMMON

                                Executed Functions

                                Function 09331D09, Relevance: 1.9, Strings: 1, Instructions: 676COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.284363625.0000000009330000.00000040.00000001.sdmp, Offset: 09330000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: (
                                • API String ID: 0-3887548279
                                • Opcode ID: a939aea20aee19bf6ff7ac1d1ca29fa40c46f9dccb196272f5dc952a0d9565b5
                                • Instruction ID: f08ac028672a9d750b1388f20b2d91f6f2905e47b0220a73061181fe37d4042c
                                • Opcode Fuzzy Hash: a939aea20aee19bf6ff7ac1d1ca29fa40c46f9dccb196272f5dc952a0d9565b5
                                • Instruction Fuzzy Hash: 1F520470D89229CFDB64DF68CC84BEDB7B5BB4A310F5092E9846DA6690DB344AC5CF01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D56F4, Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: $g%r
                                • API String ID: 0-359987751
                                • Opcode ID: 080035da953a859337b26ce0a77ff4baa405f2646ebf9813ef5a03e472c1ed84
                                • Instruction ID: 38294384ac6a94acebe7979fffcc9a248beeb23faaf8b056ab3660b03611d859
                                • Opcode Fuzzy Hash: 080035da953a859337b26ce0a77ff4baa405f2646ebf9813ef5a03e472c1ed84
                                • Instruction Fuzzy Hash: DC22B074D05228CFEBA4DF64C848BEDBBB1BB49304F2180EAD40AA7661DB745E85CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CA55B, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                Download Yara Rule
                                APIs
                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 016CA5DB
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: AdjustPrivilegesToken
                                • String ID:
                                • API String ID: 2874748243-0
                                • Opcode ID: 61c83b6b54b432c6d39176f27ce5691786e722f84d7e07ab89ccbe5ab1ea6376
                                • Instruction ID: 180ea0561a8f518ad1c9dbc56a8d58a4d28efcd105cd494aab6895c3d8168238
                                • Opcode Fuzzy Hash: 61c83b6b54b432c6d39176f27ce5691786e722f84d7e07ab89ccbe5ab1ea6376
                                • Instruction Fuzzy Hash: 1821A1755097849FEB138F25DC44BA2BFB4EF16210F0885EAE9858F263E374D908CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CABB3, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 016CAC29
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: InformationQuerySystem
                                • String ID:
                                • API String ID: 3562636166-0
                                • Opcode ID: d58d332182910ff36691b4254c1568899093b8893f2d4b0528d4a94062156713
                                • Instruction ID: a075908e3d3b50d052f25a9a1983efc25bbed2a56f09e26774745434d172c438
                                • Opcode Fuzzy Hash: d58d332182910ff36691b4254c1568899093b8893f2d4b0528d4a94062156713
                                • Instruction Fuzzy Hash: FB21AE754097C49FDB238B20DC41A62FFB4EF16214F0980DFE9848B163E265A50DDB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CA592, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 016CA5DB
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: AdjustPrivilegesToken
                                • String ID:
                                • API String ID: 2874748243-0
                                • Opcode ID: 7928bbb64973289375eb17ce61708cfc6694822db8a163d104322d0c43ea0eed
                                • Instruction ID: c2cb5b2f15a36144da565fff83436cd2216c9f1109721e45075106e95541832b
                                • Opcode Fuzzy Hash: 7928bbb64973289375eb17ce61708cfc6694822db8a163d104322d0c43ea0eed
                                • Instruction Fuzzy Hash: F7115E755006049FDB218F99DC84B66FFE8EF44620F08C4AEEE558B652E375E418CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CABEE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 016CAC29
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: InformationQuerySystem
                                • String ID:
                                • API String ID: 3562636166-0
                                • Opcode ID: d37dbac67da2b59a457f407c08ffc23c18895a43e9beb2e82d7b310e00c95b5b
                                • Instruction ID: f5480ac167303174b72b707883ce03c2639009638f1a3f24477223a4d36d21c5
                                • Opcode Fuzzy Hash: d37dbac67da2b59a457f407c08ffc23c18895a43e9beb2e82d7b310e00c95b5b
                                • Instruction Fuzzy Hash: 76018B314006089FDB218F99DC84B65FFA4EF48B20F08C49EEE894B656D375A418CBA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E907F, Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: K0
                                • API String ID: 0-1463072260
                                • Opcode ID: c086f0df8cb71294e93d7009d37360971ec8deb2a22053f1c5555555dad18c55
                                • Instruction ID: 824f54aa9111de59ebfa8625cfe5e6d8b6a81c31b890064564a64993f6af950f
                                • Opcode Fuzzy Hash: c086f0df8cb71294e93d7009d37360971ec8deb2a22053f1c5555555dad18c55
                                • Instruction Fuzzy Hash: CB7135B4D06208DFCB16DFA4D948AAEBBF2FF88305F10942AD806A7354DB345A51CF52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019EFD28, Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: V,'
                                • API String ID: 0-3577607949
                                • Opcode ID: d8ad62c85628a377540304dde42be794b6f532991df563cbbbf0593331b56ced
                                • Instruction ID: e4eae6b2e6eedeb3f04f3fc155f93df34b8bfc71331d33f3c7066c768f31b480
                                • Opcode Fuzzy Hash: d8ad62c85628a377540304dde42be794b6f532991df563cbbbf0593331b56ced
                                • Instruction Fuzzy Hash: BB41E3B4D01209DFCB58DFA9D9449AEBBF2FF88301F20942AD819A7354DB306A41CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D0988, Relevance: .3, Instructions: 342COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 615b00023f391674b4697fcdcc6fa77dc834a37b68f8e586af6687662d676c87
                                • Instruction ID: 8d693eaa8df8b7f604c962812f4da0bdaeac108232f7ab4abdeecf16e0410e04
                                • Opcode Fuzzy Hash: 615b00023f391674b4697fcdcc6fa77dc834a37b68f8e586af6687662d676c87
                                • Instruction Fuzzy Hash: 5EE15470D09219CFEBA4CFE5D9856ADFBB1FB89310F10A82AC009BB644D7B09941CF55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D097A, Relevance: .3, Instructions: 337COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 000d8a34e13a52b1b201204756e2e32822eb269b26c8122ad59b8addc874ccae
                                • Instruction ID: affbc32d6ae49f4f34ebb2ea1efce0e5214379744b4bc50880b9cdedea598190
                                • Opcode Fuzzy Hash: 000d8a34e13a52b1b201204756e2e32822eb269b26c8122ad59b8addc874ccae
                                • Instruction Fuzzy Hash: DBE15270D05219CFEBA4CFE5D985A9EFFB1FB89310F10A82AC409AB648D7B09941CF55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E3C8F, Relevance: .3, Instructions: 321COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9d20efe96a80e74f062218863744912d3eb2721c8dcc5c433f7d1821ea64183f
                                • Instruction ID: 86a4b969960bd5a21cc15d20055bb2e2f52ad469cd3d6755e4c268d181254a11
                                • Opcode Fuzzy Hash: 9d20efe96a80e74f062218863744912d3eb2721c8dcc5c433f7d1821ea64183f
                                • Instruction Fuzzy Hash: E8E15A70C0520ADFCB55CFA4C9858AEFFF1FF49310B149969D446AB205C731AA81CFA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E3D80, Relevance: .3, Instructions: 254COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4315593580320755719bbe68f4321836499799207cba23f1a7a1c5894098607a
                                • Instruction ID: 37419bf006b481851d9d194f5b51352fee5c6496c1a5dd67263e08cf6de22288
                                • Opcode Fuzzy Hash: 4315593580320755719bbe68f4321836499799207cba23f1a7a1c5894098607a
                                • Instruction Fuzzy Hash: 13B10670D0520ADFCB05CFA5C9888AEFBF2FF48350B159959D406AB258C731EA81CFA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E1CF9, Relevance: .2, Instructions: 230COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4070ce71ffaa338fac4d2fa312135d919c550439cf4b1a05423845bcedc3eb8b
                                • Instruction ID: 95cb73cae164efb634816363d6f75c6ff13dd39ddf7c120e7e4ab28888e97913
                                • Opcode Fuzzy Hash: 4070ce71ffaa338fac4d2fa312135d919c550439cf4b1a05423845bcedc3eb8b
                                • Instruction Fuzzy Hash: 14A16374D01209DFCB59CFA5C894A9EBBF2FF88300F14856EE445AB264DB359A42CF94
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E1D90, Relevance: .2, Instructions: 175COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 16532515fe1b20ad36d9c1799e4970132b55219f82b1c136199c361117a6cd37
                                • Instruction ID: 835719b8e98014ece1bc03e72cea91ab218ceedf4457ecf64b34768f95610665
                                • Opcode Fuzzy Hash: 16532515fe1b20ad36d9c1799e4970132b55219f82b1c136199c361117a6cd37
                                • Instruction Fuzzy Hash: 0181E274D05219DFDB18CFA5C894AAEBBF2FF89301F10852AE405BB254DB34AA42CF54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E11B1, Relevance: .2, Instructions: 161COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ead9a264da71510462d52f5047c95ff4fc5bb559a4caf7b44cb7c5e9c2074f46
                                • Instruction ID: b546521db9ef49b0098cdd5ffeda072ceea91c98fb3e6a01329135fa95adedbc
                                • Opcode Fuzzy Hash: ead9a264da71510462d52f5047c95ff4fc5bb559a4caf7b44cb7c5e9c2074f46
                                • Instruction Fuzzy Hash: A2616930D01305CFD7A8CF65CC5568ABBF2EF85614F09C5BEC889AB216DB714942CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E2594, Relevance: .1, Instructions: 137COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a9508a86a3ea2a4845da9b945df8227c0013d349d7e6353cbc444da6cf6b73cf
                                • Instruction ID: 48d5b929c752c9b611e032455a35ee0c9d8b12e928eb43e1885f1b4620cfb2f4
                                • Opcode Fuzzy Hash: a9508a86a3ea2a4845da9b945df8227c0013d349d7e6353cbc444da6cf6b73cf
                                • Instruction Fuzzy Hash: 97512670D0520A8FDB09CFAAC5546AEFBF6FB88300F14D46AD51AB6254DB349A41CFA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D3B98, Relevance: .1, Instructions: 133COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 07bd321e122f56cc9dc33043a5fd415dbdf603ed1bff7cc5744e814bc51234e9
                                • Instruction ID: c1298c5e5816aa30f0b314d2123732c0a6194bcfb9b831a537eba3c53aed1b27
                                • Opcode Fuzzy Hash: 07bd321e122f56cc9dc33043a5fd415dbdf603ed1bff7cc5744e814bc51234e9
                                • Instruction Fuzzy Hash: CC41B170F046298BDB58DF7A8C4069EBBB7AFC9600F14C47AD508AB294DB304D05CBA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E2F18, Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 53121ddc89fca11d7b1a33aaf59ff9ab155624658973e8a5647b5d108b576676
                                • Instruction ID: f65917e3e573c1bd1c204fd655b6e837f22331b094b94fd49b7894c4ce498519
                                • Opcode Fuzzy Hash: 53121ddc89fca11d7b1a33aaf59ff9ab155624658973e8a5647b5d108b576676
                                • Instruction Fuzzy Hash: 7E3108B1D012188FDB19CFA6D84469EBBB3FF89310F14C1AAD409AB258DB355A95CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E6031, Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 313eabd486e7bd3710ed4ca4a406f94df73f48e7d66bcd81392998520a026bb2
                                • Instruction ID: 7086bec840b649a8742efd4dfa93264315ede8e7db4f607fb732fecb2e04f95b
                                • Opcode Fuzzy Hash: 313eabd486e7bd3710ed4ca4a406f94df73f48e7d66bcd81392998520a026bb2
                                • Instruction Fuzzy Hash: 4E211D71E056289FEB19CF6BDC4469EBFF3AFC9201F08C0AAC548A6265D7304A458F51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D43E8, Relevance: .1, Instructions: 54COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9122b3c77ca10266ce4a2dff9f912342ff9c0eab51f8a20b0c351024a9a84338
                                • Instruction ID: 9ce23dafe614da413ca63299b55df281f516a521434c2e4b3683fbf09be34fbd
                                • Opcode Fuzzy Hash: 9122b3c77ca10266ce4a2dff9f912342ff9c0eab51f8a20b0c351024a9a84338
                                • Instruction Fuzzy Hash: 701107B1D056489BEB48DFABD80429EBAF7AFC9200F04D07AC418A7255EB740645CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D43F8, Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 21b293ee47f9307538cf9903ca0a3f1dc14471009dc03a2b64fefccc0a0d2213
                                • Instruction ID: 20c8150cca8512b795e374a18be04b2cd409a23b8a6a3f6c86016e48d6458c8c
                                • Opcode Fuzzy Hash: 21b293ee47f9307538cf9903ca0a3f1dc14471009dc03a2b64fefccc0a0d2213
                                • Instruction Fuzzy Hash: EA11E8B1D05648CBEB48DFABD80429EFAF7AFC8300F14D07A8918A7258EB7406458F91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C162F, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 069C16DF
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: 462fa1216c0ec788489d610fa95c16b155a7bb2b2bf310d9c70cde6e065a8613
                                • Instruction ID: e479814e5197042289a1b6212003613a457a4d584a57fc17069df1587b3e01bf
                                • Opcode Fuzzy Hash: 462fa1216c0ec788489d610fa95c16b155a7bb2b2bf310d9c70cde6e065a8613
                                • Instruction Fuzzy Hash: EF31B4714043846FEB228B65DC44FA6BFBCEF06320F1484AEF985CB152D724A909DB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C0F1E, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                Download Yara Rule
                                APIs
                                • GetTokenInformation.KERNELBASE(?,00000E2C,1A711F47,00000000,00000000,00000000,00000000), ref: 069C0FC8
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: InformationToken
                                • String ID:
                                • API String ID: 4114910276-0
                                • Opcode ID: 39d28e566e8ef824976775de8a88c590a7eec835455cbd789d8d2cee8e543f86
                                • Instruction ID: 3b5f9dd9a8805603f4e2a685b55fc740bd8ec44497c7708033c491f4d9da1d90
                                • Opcode Fuzzy Hash: 39d28e566e8ef824976775de8a88c590a7eec835455cbd789d8d2cee8e543f86
                                • Instruction Fuzzy Hash: A631B571509380AFEB128B64DC45F96BFBCEF06310F18449EE9849F153D725A548D7B1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CB68E, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 016CB73D
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: 7b320b6ddd1c64f5064afae07c58dad4d48385c243bb7469bee7d75596931855
                                • Instruction ID: 09f778e358a052903a075ed55b79331f9ec92819c7171263059411fb9a860e00
                                • Opcode Fuzzy Hash: 7b320b6ddd1c64f5064afae07c58dad4d48385c243bb7469bee7d75596931855
                                • Instruction Fuzzy Hash: 2131A4725043846FE7128B65CC85FA7BFECEF06710F08859EED859B152D264A509CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C0AAC, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 069C0B4D
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: CreateFile
                                • String ID:
                                • API String ID: 823142352-0
                                • Opcode ID: 863a5625dc389ba3c36919bee4f0ca608fde63fe119e2f0b852905dc5d4c9cf3
                                • Instruction ID: afdda938168e02fcb680bd7810551975dec60ec84364216a21e26599b0656470
                                • Opcode Fuzzy Hash: 863a5625dc389ba3c36919bee4f0ca608fde63fe119e2f0b852905dc5d4c9cf3
                                • Instruction Fuzzy Hash: 8C316D71504340AFEB22CB65DC44F66BFE8EF05224F1884AEE9858B652D375E409CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CB785, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,1A711F47,00000000,00000000,00000000,00000000), ref: 016CB840
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 42cacafde85b44cb187f5031d59fed2af1581c004d6fcf6a6e0e61d0d6e32037
                                • Instruction ID: e25caaf6f8c738e2b0e98a0099fcd55d17531701eb9ed5a7ca3b595d4781d03f
                                • Opcode Fuzzy Hash: 42cacafde85b44cb187f5031d59fed2af1581c004d6fcf6a6e0e61d0d6e32037
                                • Instruction Fuzzy Hash: 7131AF715093806FEB22CB65CC85FA3BFB8EF06710F09849AE984CB252D364E548CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C08CE, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateMutexW.KERNELBASE(?,?), ref: 069C0975
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: CreateMutex
                                • String ID:
                                • API String ID: 1964310414-0
                                • Opcode ID: 499c28503f35144fb8a172a7c052cb6079d541a10b01d92be2562fe67526ba4d
                                • Instruction ID: 5e00294b8687bb584876edbe1e07b55e4fba3a9e595f303adbab57646cfe996c
                                • Opcode Fuzzy Hash: 499c28503f35144fb8a172a7c052cb6079d541a10b01d92be2562fe67526ba4d
                                • Instruction Fuzzy Hash: 80318175509780AFE712CB65DC84B56BFE8EF06210F1884AEE984CF293D365A909C762
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CAE5A, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                Download Yara Rule
                                APIs
                                • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 016CAF02
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: 69c6b7000c77b0b0b6097f22dc16469bc58c60e3cd660644c7f92cf4d353a339
                                • Instruction ID: 8c77b7eb601dc7008038e333ffc10c21d1d3a907b9529f7a11ade55e9a918560
                                • Opcode Fuzzy Hash: 69c6b7000c77b0b0b6097f22dc16469bc58c60e3cd660644c7f92cf4d353a339
                                • Instruction Fuzzy Hash: 44316F7144E3C16FD3138B258C51B61BFB8EF47614F0A41DBE984CB5A3D228A919CBB2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CA7C8, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                Download Yara Rule
                                APIs
                                • GetExitCodeProcess.KERNELBASE(?,00000E2C,1A711F47,00000000,00000000,00000000,00000000), ref: 016CA85C
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: CodeExitProcess
                                • String ID:
                                • API String ID: 3861947596-0
                                • Opcode ID: 221fd6974965adaf7f7e75943d84f3619209a4435f8699ba54761569e31c70fe
                                • Instruction ID: 55b8488de866bda4e7c8d0098d106e8e86fae8047c706a237d27d91960f121a6
                                • Opcode Fuzzy Hash: 221fd6974965adaf7f7e75943d84f3619209a4435f8699ba54761569e31c70fe
                                • Instruction Fuzzy Hash: 1021E7B15093846FE7128B64DC85FA6BFB8EF42320F0884EBE984CF193D364A905C761
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C1A00, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                Download Yara Rule
                                APIs
                                • TerminateProcess.KERNELBASE(?,00000E2C,1A711F47,00000000,00000000,00000000,00000000), ref: 069C1A90
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: ProcessTerminate
                                • String ID:
                                • API String ID: 560597551-0
                                • Opcode ID: e1a8fcc28500a61dfeead6d4a8f45cd4348dad3ba3dee1cebf7174ddae4820de
                                • Instruction ID: 74eaaa40441598c9da6577e25a9e3587d1e1dc0e523013479b25082105d8f656
                                • Opcode Fuzzy Hash: e1a8fcc28500a61dfeead6d4a8f45cd4348dad3ba3dee1cebf7174ddae4820de
                                • Instruction Fuzzy Hash: D621B5B55097806FEB128B65DC85B96BFB8EF46320F0884EFE984DF193D264A508C761
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C1662, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 069C16DF
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: 29471153ef8976f33335fd41e01dc835ae5f42fe284037e7536e14999e6f5499
                                • Instruction ID: fbd12a1adfbc0bd1ed0d76200022318fa71ddb999e849a926f96e168106ad1df
                                • Opcode Fuzzy Hash: 29471153ef8976f33335fd41e01dc835ae5f42fe284037e7536e14999e6f5499
                                • Instruction Fuzzy Hash: E021A472500604AFEB21DF65DC84F6AFBECEF04320F14886EE985DB552D770A5049BB5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C0BA4, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                Download Yara Rule
                                APIs
                                • GetFileType.KERNELBASE(?,00000E2C,1A711F47,00000000,00000000,00000000,00000000), ref: 069C0C39
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: FileType
                                • String ID:
                                • API String ID: 3081899298-0
                                • Opcode ID: 858df06d9ffd2c6b0dacdc78e4f54132f74ed1623426d8b70600da4762b81255
                                • Instruction ID: 4576e31c2519e857d78c3c165f6da7cd97589afce68b9b046424876889537fb5
                                • Opcode Fuzzy Hash: 858df06d9ffd2c6b0dacdc78e4f54132f74ed1623426d8b70600da4762b81255
                                • Instruction Fuzzy Hash: 3721F8B58097806FE7128B25DC81FA2BFBCEF46720F1884DAE9C48F153D224A909C771
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C173D, Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                Download Yara Rule
                                APIs
                                • DeleteFileW.KERNELBASE(?), ref: 069C17C4
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: DeleteFile
                                • String ID:
                                • API String ID: 4033686569-0
                                • Opcode ID: e840a6c868167dd7beb97c63900f10d9525d400487a1c34d4ea35440093c7a9c
                                • Instruction ID: f526a9d164ef3f936ed7bd7b04d96b106962f6a93dc07ba21a753af9faa1b50b
                                • Opcode Fuzzy Hash: e840a6c868167dd7beb97c63900f10d9525d400487a1c34d4ea35440093c7a9c
                                • Instruction Fuzzy Hash: 30219F765093C05FDB12CB35DC54B92BFA8AF03220F0984DEEC858F263D225A908C762
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C0ACE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 069C0B4D
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: CreateFile
                                • String ID:
                                • API String ID: 823142352-0
                                • Opcode ID: eb2213360a5d627d9c554b9ffcfab8b20fae8d36c9fa2c36c5310bf38b3e9e00
                                • Instruction ID: 8a39af55bfa1945ec5280f1fb3bdd80b1e0268d9d60c022b12ca876791dd931a
                                • Opcode Fuzzy Hash: eb2213360a5d627d9c554b9ffcfab8b20fae8d36c9fa2c36c5310bf38b3e9e00
                                • Instruction Fuzzy Hash: CC219C71900200AFEB21DF65DC85F66FBE8EF08324F14886EE9898B642D771E404CB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CB6BE, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 016CB73D
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: eadb56d8147c468043eeb8ffd8d85bf7ccda00f9a7c787daa9503f8ae70cc542
                                • Instruction ID: 9f6362700f63bd228600626c4d1bdc074a3383e1a6f3ce3122b3c005adcb0a50
                                • Opcode Fuzzy Hash: eadb56d8147c468043eeb8ffd8d85bf7ccda00f9a7c787daa9503f8ae70cc542
                                • Instruction Fuzzy Hash: AF216FB2500204AEE7219B69DC85FBAFBECEF04710F18855EEE459B251D764E5088BB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CAAEF, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                • K32EnumProcesses.KERNEL32(?,?,?,1A711F47,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 016CAB6A
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: EnumProcesses
                                • String ID:
                                • API String ID: 84517404-0
                                • Opcode ID: 186b15680da52481c629b8646d1759f44adc83ac3b77918bec5076495a342e52
                                • Instruction ID: d6ceaff893db00083317457ed20b79d833d0520adef453cc29c90b74a046b937
                                • Opcode Fuzzy Hash: 186b15680da52481c629b8646d1759f44adc83ac3b77918bec5076495a342e52
                                • Instruction Fuzzy Hash: 13219D755093845FEB128B65DC84AA2BFB8EF47210F0984EEE9848F253D3649908CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C0902, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateMutexW.KERNELBASE(?,?), ref: 069C0975
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: CreateMutex
                                • String ID:
                                • API String ID: 1964310414-0
                                • Opcode ID: 83e6755754a8c86910ec064e43debdd65c5fad461c022aab790747e6902c9e29
                                • Instruction ID: 3511d643ec5bde0b1b035083cd94ceb031bf45e778e282ef7eea773e49e52058
                                • Opcode Fuzzy Hash: 83e6755754a8c86910ec064e43debdd65c5fad461c022aab790747e6902c9e29
                                • Instruction Fuzzy Hash: B1218E71900240AFF760DF69DC85B66FBECEF04320F14846EE9899B682D771E404CA66
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CA1F4, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE ref: 016CA26C
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: c0234fc5271353e8285b0f13e42956d5b9ff8dc45c6ccc13af3395fabd01510e
                                • Instruction ID: 012572e69a539b820ccaea54c11a26919155ff567298793bc0a926b984e7f8d6
                                • Opcode Fuzzy Hash: c0234fc5271353e8285b0f13e42956d5b9ff8dc45c6ccc13af3395fabd01510e
                                • Instruction Fuzzy Hash: CD214A7540E3C49FD7138B659C54656BFB4EF03220F0D84EBD984CF2A3D2699908CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C0D56, Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                Download Yara Rule
                                APIs
                                • WriteFile.KERNELBASE(?,00000E2C,1A711F47,00000000,00000000,00000000,00000000), ref: 069C0DD5
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: FileWrite
                                • String ID:
                                • API String ID: 3934441357-0
                                • Opcode ID: dccffed219c1d2d6f3e0e69455057c1e008b1fe2f1f52a713ff2d2be2585d502
                                • Instruction ID: c79b9b6014b979cc8a0d7db56048f55a7e6790905885db5cfa845665e53e198f
                                • Opcode Fuzzy Hash: dccffed219c1d2d6f3e0e69455057c1e008b1fe2f1f52a713ff2d2be2585d502
                                • Instruction Fuzzy Hash: 1F219272409344AFDB228F55DC84F97BFB8EF45320F0884AAEA849B152D365A408CB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CB7C6, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,1A711F47,00000000,00000000,00000000,00000000), ref: 016CB840
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 4535b776d286e2eadef6648b7de4f5209941d870e564bb1ab3b7b115c3de06a2
                                • Instruction ID: 2226484d0879d76de12c5e49cb519768127f01f539056b5703c5b8926f62dbaf
                                • Opcode Fuzzy Hash: 4535b776d286e2eadef6648b7de4f5209941d870e564bb1ab3b7b115c3de06a2
                                • Instruction Fuzzy Hash: 9A2190B1601204AFEB21CF59DC85F67FBECEF04B50F08846AEA45DB251D760E408CA71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C0F5E, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                • GetTokenInformation.KERNELBASE(?,00000E2C,1A711F47,00000000,00000000,00000000,00000000), ref: 069C0FC8
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: InformationToken
                                • String ID:
                                • API String ID: 4114910276-0
                                • Opcode ID: 990aac794464376a8284c0f8848ee8bdf37f21821faef2f62110412443ead66c
                                • Instruction ID: 6a6b1bcaf09e961f05a6707c4ac78fd0a88c35e01ec360724d73c3f51c2dfbd3
                                • Opcode Fuzzy Hash: 990aac794464376a8284c0f8848ee8bdf37f21821faef2f62110412443ead66c
                                • Instruction Fuzzy Hash: 3611B4B1900204AFEB21DF65DC85FAAFBACEF04320F14846EEA45DB551D774A444DBB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CA628, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE(?), ref: 016CA694
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: 4f883b29d494d58c72ee7fe75a1ee29e7db0ab6fa1c7a36669caf1b5ae6e10a2
                                • Instruction ID: 8ab2f31c4fc10de32d599dc893df7fba3205299ae29c3486bab19e753356d948
                                • Opcode Fuzzy Hash: 4f883b29d494d58c72ee7fe75a1ee29e7db0ab6fa1c7a36669caf1b5ae6e10a2
                                • Instruction Fuzzy Hash: 8621C37250D3C45FDB138B25DC94792BFB4EF47624F0980EAEC858F663D2649908CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CA8C0, Relevance: 1.6, APIs: 1, Instructions: 68memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 016CA93D
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 2e8ccd339fdb21744fa687002f13ec6d3d46cf77b3077a89cc6a126073b3bea2
                                • Instruction ID: f59f72101d2a24376cf3873804c30c80bb9d32ced92fe7ca6a50e40d4b30b08f
                                • Opcode Fuzzy Hash: 2e8ccd339fdb21744fa687002f13ec6d3d46cf77b3077a89cc6a126073b3bea2
                                • Instruction Fuzzy Hash: 2121AF764097C49FD7238B24DC50AA2BFB4EF07210F0984DFE9858F263D224A908DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CA34F, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                Download Yara Rule
                                APIs
                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 016CA3BE
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: LookupPrivilegeValue
                                • String ID:
                                • API String ID: 3899507212-0
                                • Opcode ID: 12f5b7ff75a8479475b43069eda9f0074c21b56f6fe23af4d46713e3a9272270
                                • Instruction ID: 0d5ccbd031842ba5017fbcd32dd75470eef0402292d418a039c145d620ccc1fc
                                • Opcode Fuzzy Hash: 12f5b7ff75a8479475b43069eda9f0074c21b56f6fe23af4d46713e3a9272270
                                • Instruction Fuzzy Hash: F62163715093845FEB228F69DC54B62BFA8EF56610F0884AEED45CB252E364E808C761
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CBDFD, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 016CBE79
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: LibraryLoadShim
                                • String ID:
                                • API String ID: 1475914169-0
                                • Opcode ID: f1400efac7b76b9047c17341831464ff1abccde0917979d9cef22deb73e1d192
                                • Instruction ID: 306be554ee0a31f9defd18d65c83918b38f04f8c4478c5bcdaef636135a3a086
                                • Opcode Fuzzy Hash: f1400efac7b76b9047c17341831464ff1abccde0917979d9cef22deb73e1d192
                                • Instruction Fuzzy Hash: 382193715093845FE7228A15DC45B62BFF8EF06650F08809EEE84CB253D375A908CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C1AE9, Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 069C1B5C
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: f79c63e3e621fa3722bf0996c0ae6cb194bff52089ac5a2c491c62f3e5f83e95
                                • Instruction ID: aaa6ab9749cded42ef7b1b4ad9e9d868695e25435e6e09119d79e1b23fc8e33d
                                • Opcode Fuzzy Hash: f79c63e3e621fa3722bf0996c0ae6cb194bff52089ac5a2c491c62f3e5f83e95
                                • Instruction Fuzzy Hash: 8221C3755097849FDB128F25DC40A52FFB8EF06220F0881DEED858B663D235E548DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CB060, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016CB0D2
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: bd90013fc6106cef6b9f9e935b72f80a8732b4878eeba629611829ef765a91f8
                                • Instruction ID: 236c6f71b2c1cfefc2d782e88b0c6314336ea827fbb999e8e4fc136d6764a1ef
                                • Opcode Fuzzy Hash: bd90013fc6106cef6b9f9e935b72f80a8732b4878eeba629611829ef765a91f8
                                • Instruction Fuzzy Hash: 462193314093809FDB228F65DC45A52FFF4EF4A220F0985DEE9858F563C375A459CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C1C3D, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageW.USER32(?,?,?,?), ref: 069C1CB1
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: b117b192a213fe3afee7ffe347f4a7d509f2bdc83dc166ec23a891004830e9fe
                                • Instruction ID: 1ed6c3a150864198a60affd615cb98fdaf69579e8f8d0ba53e4fbcab092aea91
                                • Opcode Fuzzy Hash: b117b192a213fe3afee7ffe347f4a7d509f2bdc83dc166ec23a891004830e9fe
                                • Instruction Fuzzy Hash: EC218C714093C09FDB138B25DC44A52BFB4EF17220F0985DBE9848F563D265A918DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CA806, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                Download Yara Rule
                                APIs
                                • GetExitCodeProcess.KERNELBASE(?,00000E2C,1A711F47,00000000,00000000,00000000,00000000), ref: 016CA85C
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: CodeExitProcess
                                • String ID:
                                • API String ID: 3861947596-0
                                • Opcode ID: 9ac086c4a39994bdcaf2c7cf95c9fb1d016eeb47b1bbe5a5857fefbbd5501442
                                • Instruction ID: 8912aa6dfdcffd75e5a06a276eaa0221f6dd0281ff6d2be4edb95e7b0295efce
                                • Opcode Fuzzy Hash: 9ac086c4a39994bdcaf2c7cf95c9fb1d016eeb47b1bbe5a5857fefbbd5501442
                                • Instruction Fuzzy Hash: C211E771505204AFEB118F69DC85BABBB9CDF44720F14C47AED45CF281D774A4058B71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C1A3A, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                Download Yara Rule
                                APIs
                                • TerminateProcess.KERNELBASE(?,00000E2C,1A711F47,00000000,00000000,00000000,00000000), ref: 069C1A90
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: ProcessTerminate
                                • String ID:
                                • API String ID: 560597551-0
                                • Opcode ID: 75d5acf6f6bab220abe5da66b2d44c14bcec1e7c43d8725e1e9188ae04e31c57
                                • Instruction ID: fc9d9480efa491a9397ab00787c77674c067c1ce57f20d04361fb0829a87744b
                                • Opcode Fuzzy Hash: 75d5acf6f6bab220abe5da66b2d44c14bcec1e7c43d8725e1e9188ae04e31c57
                                • Instruction Fuzzy Hash: BD11E7B1904204AFFB109F55DC85BAABB9CDF44730F14846AED44DF242D674A4088BB5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C0D76, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                Download Yara Rule
                                APIs
                                • WriteFile.KERNELBASE(?,00000E2C,1A711F47,00000000,00000000,00000000,00000000), ref: 069C0DD5
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: FileWrite
                                • String ID:
                                • API String ID: 3934441357-0
                                • Opcode ID: 1912a3e981bdd621b3a92c56b5a070e01fc3c48024720adcd4b27d7b14c9f2af
                                • Instruction ID: c03121025e83dc6403382e4e0543034cd0fc9fde9e52a3a0265b49d9e26d7933
                                • Opcode Fuzzy Hash: 1912a3e981bdd621b3a92c56b5a070e01fc3c48024720adcd4b27d7b14c9f2af
                                • Instruction Fuzzy Hash: E111C471800304AFEB21CF55DC80FA6FBA8EF44720F14846EEE459B542C775A404CBB2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C195F, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 069C19C4
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 6815893aedf9d8bdb699e7c92a69625c240cb316e925c2b0934d2d336d4ed92a
                                • Instruction ID: 636c31cda461cd2996828383b7fec0e38364693e78fb07886714255522739e33
                                • Opcode Fuzzy Hash: 6815893aedf9d8bdb699e7c92a69625c240cb316e925c2b0934d2d336d4ed92a
                                • Instruction Fuzzy Hash: 3011B676409780AFDB228F25DC40A52FFB4EF06220F0881DEED858B563D275A558DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C18B8, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                Download Yara Rule
                                APIs
                                • SetThreadContext.KERNELBASE(?,?), ref: 069C1917
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: ContextThread
                                • String ID:
                                • API String ID: 1591575202-0
                                • Opcode ID: c9061d0c877c8b3a4c141b8a014430d3bc8dd80161378a9aa22550470ca4ce7a
                                • Instruction ID: 46fe229c68ef181ff2a1dfe106393ade058cc4b626793a22dd9a604eeb7bbe2c
                                • Opcode Fuzzy Hash: c9061d0c877c8b3a4c141b8a014430d3bc8dd80161378a9aa22550470ca4ce7a
                                • Instruction Fuzzy Hash: 85114F755093849FD7118B25DC85B56FFE8EF06220F0980AEED458B662D274A948CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CA376, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                Download Yara Rule
                                APIs
                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 016CA3BE
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: LookupPrivilegeValue
                                • String ID:
                                • API String ID: 3899507212-0
                                • Opcode ID: 05a2f00e7d8fcdcf9adcf2371075f5d74e28e2bdbd02dc7e0226be12dd7a5d97
                                • Instruction ID: 80a6346a9daadcc3f8326ec5b26e727d5e6c9872f3b95dd4fd5fe7554154dc66
                                • Opcode Fuzzy Hash: 05a2f00e7d8fcdcf9adcf2371075f5d74e28e2bdbd02dc7e0226be12dd7a5d97
                                • Instruction Fuzzy Hash: 90115271A042448FEB11CFA9DC85766FBD8EF54620F08C4AEDD49CB742E374E404CA61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CAD2C, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • OutputDebugStringW.KERNELBASE(?), ref: 016CAD8C
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: DebugOutputString
                                • String ID:
                                • API String ID: 1166629820-0
                                • Opcode ID: 6a09e538c0c4fc135dc9647b74c81d2eb0335610ef1a968ff5a0d513ef210fb2
                                • Instruction ID: 17efb8b750d3f1c95f2590250e71af3e62e8c961bae8a4eeaa7e8e9b4c71aaa5
                                • Opcode Fuzzy Hash: 6a09e538c0c4fc135dc9647b74c81d2eb0335610ef1a968ff5a0d513ef210fb2
                                • Instruction Fuzzy Hash: 6411A3724097849FD712CB25DC44B52BFA8DF06611F0980DEED858F253E264A908CB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C0BE6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • GetFileType.KERNELBASE(?,00000E2C,1A711F47,00000000,00000000,00000000,00000000), ref: 069C0C39
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: FileType
                                • String ID:
                                • API String ID: 3081899298-0
                                • Opcode ID: e5ad0f77572a14cba5f3351c711ee6cecff2943d4d1351dc72eca08ae33f7356
                                • Instruction ID: de2b9f64cdf8c1b518bf6a9a06dcc4003e1140cb764acde17acd3f2c9c91d45b
                                • Opcode Fuzzy Hash: e5ad0f77572a14cba5f3351c711ee6cecff2943d4d1351dc72eca08ae33f7356
                                • Instruction Fuzzy Hash: 2001D6B1904604AFFB20CB55DC85FA6FB9CDF44720F14C49AEE449F641D675A508CAB2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CB95C, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 016CB9BC
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: d658897e9fb0f3f9b5e00980427bf13534d892a96e6a5ed98d90043e465b4abd
                                • Instruction ID: 4f9b71a4a621a614a8f0fe93e48f9c8a5e937ed0c056d2d41f7b4bc89064892a
                                • Opcode Fuzzy Hash: d658897e9fb0f3f9b5e00980427bf13534d892a96e6a5ed98d90043e465b4abd
                                • Instruction Fuzzy Hash: AC11CE32009780AFDB228F15DC85E66FFF4EF06320F08849EED854B222C335A418CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CAB2A, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                Download Yara Rule
                                APIs
                                • K32EnumProcesses.KERNEL32(?,?,?,1A711F47,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 016CAB6A
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: EnumProcesses
                                • String ID:
                                • API String ID: 84517404-0
                                • Opcode ID: 3ea16dce681d35d51c481d4488396fd1162893163a114e8b3c1603f2df6ad9f0
                                • Instruction ID: ed73b3492dfaa1893c8030bd2fd55ad3ea1066ddc7672a54b64429f07c1eba2d
                                • Opcode Fuzzy Hash: 3ea16dce681d35d51c481d4488396fd1162893163a114e8b3c1603f2df6ad9f0
                                • Instruction Fuzzy Hash: 811161755002058FDB11CFA9DC84BA6FBE8EF44620F08C4AEDD49CB652E374E408CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CAF28, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                • SetErrorMode.KERNELBASE(?), ref: 016CAF7C
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: ErrorMode
                                • String ID:
                                • API String ID: 2340568224-0
                                • Opcode ID: 4631982ceec49835e9d1ed4efa01776a6ee916b7cda220605eb7ac02b9fec273
                                • Instruction ID: c3e0a12466b2f0c3d97406793d871d4c665a9e818b8de5c7b239400331a6a705
                                • Opcode Fuzzy Hash: 4631982ceec49835e9d1ed4efa01776a6ee916b7cda220605eb7ac02b9fec273
                                • Instruction Fuzzy Hash: DA014075409384AFD7128F19DC84B62FFA8EF46624F08C19AED859B252D375A908CB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C1B16, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 069C1B5C
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: f2c7f7af29c428b73eb9af31f7908b29f8146a81ff744b2203c80ea0a0265a79
                                • Instruction ID: eb0bd8caa74a2592a4e8f03923e3d4c1c62ee52ff0ef77fd7ff366264a6aa7fd
                                • Opcode Fuzzy Hash: f2c7f7af29c428b73eb9af31f7908b29f8146a81ff744b2203c80ea0a0265a79
                                • Instruction Fuzzy Hash: 99018E755006008FEB60CF15D884B66FBE8EF04220F18C4AEDD458BB56D231E408DFA6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C178A, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                Download Yara Rule
                                APIs
                                • DeleteFileW.KERNELBASE(?), ref: 069C17C4
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: DeleteFile
                                • String ID:
                                • API String ID: 4033686569-0
                                • Opcode ID: c5f83122dc0faeb47c7beeaadabde0e3d72f904a55c9c72792fdb2d17339a7cb
                                • Instruction ID: 2ddb7d571784ee2d047ef12930e8ff782a7a57547845dc58b1c66043ada5a437
                                • Opcode Fuzzy Hash: c5f83122dc0faeb47c7beeaadabde0e3d72f904a55c9c72792fdb2d17339a7cb
                                • Instruction Fuzzy Hash: AC01B171A002408FEB50CF29D8847A6FBE8EF00220F18C4AEDD09CFA42D274E444CBA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CBE2E, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 016CBE79
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: LibraryLoadShim
                                • String ID:
                                • API String ID: 1475914169-0
                                • Opcode ID: 15221e9f24fef1dd237843fc8ad81b8c4964b2f35b70e69d9df04c7008cfdc01
                                • Instruction ID: 87791dc492a38440781f50d25ce04d40b51c65c8b05040b5f135d7b08ec31c7c
                                • Opcode Fuzzy Hash: 15221e9f24fef1dd237843fc8ad81b8c4964b2f35b70e69d9df04c7008cfdc01
                                • Instruction Fuzzy Hash: D2016D715006049FEB20CE19DC86B62FFE8EB08A90F08849EDE498B352D371E408CE61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CB08E, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016CB0D2
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: a0a5c607b57ee2cf5d214b9d0cb0ef2db42658863486b1187ad27df0f5ecc7bf
                                • Instruction ID: b12a20e96b141dc08e805577cf4d222a21414e727fc8441f73d17a3665e1472d
                                • Opcode Fuzzy Hash: a0a5c607b57ee2cf5d214b9d0cb0ef2db42658863486b1187ad27df0f5ecc7bf
                                • Instruction Fuzzy Hash: 0B016D715006409FDB218F55EC85B66FFE4EF48721F08C5AEEE898B652C375A018CFA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C18DA, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                Download Yara Rule
                                APIs
                                • SetThreadContext.KERNELBASE(?,?), ref: 069C1917
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: ContextThread
                                • String ID:
                                • API String ID: 1591575202-0
                                • Opcode ID: 3b2a3a099cf74ef9112a8474dfc340901c0f98933fe306036a796fd12a40c818
                                • Instruction ID: 2c4893908343836e5b671a03a5566c2cb67d58b445414d272baacb0de97932c4
                                • Opcode Fuzzy Hash: 3b2a3a099cf74ef9112a8474dfc340901c0f98933fe306036a796fd12a40c818
                                • Instruction Fuzzy Hash: B201D4759002048FEB50CF15E884B65FBE8EF04230F18C0AEDD498BA53D274E948CBB6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CA662, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE(?), ref: 016CA694
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: f09112be83441c1b2d8dd46d7244630f247c33a26ebaba7ab6aa098a565efac2
                                • Instruction ID: a8c450ff9e52ddeaa5bef013ad6d0bcc89f0ac08de1c127247b822da05f31f26
                                • Opcode Fuzzy Hash: f09112be83441c1b2d8dd46d7244630f247c33a26ebaba7ab6aa098a565efac2
                                • Instruction Fuzzy Hash: 560184755042449FDB11DF6AEC847A6FFA4EF44621F18C0AEDD498F652D274E408CB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CA23A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE ref: 016CA26C
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: e32b57a0fa061d91a74c4f4a65b71a497aab5b65d367bb85a04f5e19e73ba11c
                                • Instruction ID: 67dc7f2becc30e593b4725967dbbca0a72d5f0f87a417c430927b23f41e76bb0
                                • Opcode Fuzzy Hash: e32b57a0fa061d91a74c4f4a65b71a497aab5b65d367bb85a04f5e19e73ba11c
                                • Instruction Fuzzy Hash: 68018F759052548FDB118F69EC847A6FBA4EF44620F08C0AEDD498F742E279A408CAA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CAEB2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 016CAF02
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: 014601de1202a8f537decdf7b0d55199717d29c1b3aee68a5e134ccbeeb62609
                                • Instruction ID: bda93b985585cc07dd36e3fcbcd0d72a0737e1cddc169903f1eb617b40321865
                                • Opcode Fuzzy Hash: 014601de1202a8f537decdf7b0d55199717d29c1b3aee68a5e134ccbeeb62609
                                • Instruction Fuzzy Hash: 7001A271500600ABD310DF1ADC86B26FBE8FB89B20F14815AED084B745E635F515CBE5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C1986, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 069C19C4
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 658a41f46b04291090ff823fcbe98956aece002ca3717166328978281380c234
                                • Instruction ID: 3b7f67c74f43cb79e26a7abce8ab8b5fc6e62cf57248ef65224c3554d9c2aa2c
                                • Opcode Fuzzy Hash: 658a41f46b04291090ff823fcbe98956aece002ca3717166328978281380c234
                                • Instruction Fuzzy Hash: 9601B5715006009FEB218F15E884B66FFE4EF04320F08C59EED854BA52C271E458CFA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CA902, Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 016CA93D
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 62b625a9799c5dec92afff1e74a68b121b0a8051a3f9da1d276a9e0f44ab60d0
                                • Instruction ID: bb36c5bbdca9f86d2e276932e7affe235fc3bcea75bbc96cc54bcbed5971b129
                                • Opcode Fuzzy Hash: 62b625a9799c5dec92afff1e74a68b121b0a8051a3f9da1d276a9e0f44ab60d0
                                • Instruction Fuzzy Hash: 9201B1365106048FDB218F59DC85BA5FFA4EF05720F08C0AEDD9A8B652D371A418CBA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CB97E, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 016CB9BC
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 6b0361a5571680e3716d43f2f706145a3c2e83de9e9849911e70042f83c38c82
                                • Instruction ID: 5a625eb815d711fccbef3c59cacbd92db7da5ea0fece4b277243e94a35933680
                                • Opcode Fuzzy Hash: 6b0361a5571680e3716d43f2f706145a3c2e83de9e9849911e70042f83c38c82
                                • Instruction Fuzzy Hash: 5C018F31404644DFDB218F55DC85BA5FFA4EF09720F08C49EDE894B652C375A418CFA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CAD52, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                Download Yara Rule
                                APIs
                                • OutputDebugStringW.KERNELBASE(?), ref: 016CAD8C
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: DebugOutputString
                                • String ID:
                                • API String ID: 1166629820-0
                                • Opcode ID: a984f54ecf904ee30617f6e6d742daf2412dbc2206da1d303fce23f946861556
                                • Instruction ID: 398444f3201e5d6636f9635b0596036821526bed0b2b12c062849f621a4b236b
                                • Opcode Fuzzy Hash: a984f54ecf904ee30617f6e6d742daf2412dbc2206da1d303fce23f946861556
                                • Instruction Fuzzy Hash: 1F01A2725102448FD710CF59DC847A1FF94DF45621F08C09AED498B346E374E404CAA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069C1C76, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageW.USER32(?,?,?,?), ref: 069C1CB1
                                Memory Dump Source
                                • Source File: 00000000.00000002.278622435.00000000069C0000.00000040.00000001.sdmp, Offset: 069C0000, based on PE: false
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: 96329c57780483f71b95647c8570ccae985fff1aff9db3b96272dd7847e83b5c
                                • Instruction ID: 22b56ba628cd60b3d097c8092d52fc114eac2e017f58198f2533c3306f9a296f
                                • Opcode Fuzzy Hash: 96329c57780483f71b95647c8570ccae985fff1aff9db3b96272dd7847e83b5c
                                • Instruction Fuzzy Hash: 2C018F758106049FEB218F15D884B65FFA4EF04320F18C4AEED494B652D275A418CBA6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016CAF4A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                Download Yara Rule
                                APIs
                                • SetErrorMode.KERNELBASE(?), ref: 016CAF7C
                                Memory Dump Source
                                • Source File: 00000000.00000002.273472582.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                                Similarity
                                • API ID: ErrorMode
                                • String ID:
                                • API String ID: 2340568224-0
                                • Opcode ID: c7f0177e18aa6431696eede5e30e1b358ce20eaec10f81a1ddd8d0ffc1ba50cf
                                • Instruction ID: 7a9c9a08d87a347dc3ada2c7cab5ca8c3dc5b8cab046770569f369e3e55dfac0
                                • Opcode Fuzzy Hash: c7f0177e18aa6431696eede5e30e1b358ce20eaec10f81a1ddd8d0ffc1ba50cf
                                • Instruction Fuzzy Hash: 4EF0AFB44042498FDB118F59DC847A9FFA4EF44720F08C0AADD594F392E375A408CAA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D1370, Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: X1(r
                                • API String ID: 0-3909273932
                                • Opcode ID: 2b5a68278f9dff938b56c62e8cebd2a5f7d6949ffc5eae93ed5432c0a9119f23
                                • Instruction ID: b0bdac9ade91624d1b835bcd6ea18a2c50dcdeae4957c361e1834447db55517d
                                • Opcode Fuzzy Hash: 2b5a68278f9dff938b56c62e8cebd2a5f7d6949ffc5eae93ed5432c0a9119f23
                                • Instruction Fuzzy Hash: 2A51D474D02208DFDB48DFA9D9886AEBBB2FF89304F20D06AD816A7744D7345945CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D1380, Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: X1(r
                                • API String ID: 0-3909273932
                                • Opcode ID: acccab83f1abe11b1b0f9241fc56e63259ffc3e6437728ec73304e9628630a47
                                • Instruction ID: 4e313a21101f00bb3e8ecaa4dad22e5af6599d2116492df5c21817bf785171ff
                                • Opcode Fuzzy Hash: acccab83f1abe11b1b0f9241fc56e63259ffc3e6437728ec73304e9628630a47
                                • Instruction Fuzzy Hash: 3151C474D02208DFDB48DFA9D9886AEBBB2FB88304F20E069D81AA7744DB345945CF54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D4ECC, Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: 5NCq^
                                • API String ID: 0-2509949027
                                • Opcode ID: fed8eda0dcbce57235bbac153f7177667dbc2a00480b505e9633314ab09305a8
                                • Instruction ID: f575272cbaad6b0d789ad803e48574a17bcdf890da055d032cc748a15e0f67cd
                                • Opcode Fuzzy Hash: fed8eda0dcbce57235bbac153f7177667dbc2a00480b505e9633314ab09305a8
                                • Instruction Fuzzy Hash: F431B2749062599FC704EBB9DD94AEEBBB6FF46300F20819DE49697352CB309902CBD1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069DCD9B, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: p
                                • API String ID: 0-2181537457
                                • Opcode ID: 03bafa32f19b5e7f8ebe47d9225a6d239dd5a7d2b35674ebb6fdce533504d63a
                                • Instruction ID: 38eef1e8cedd103821b9fe91fc1acd4b4931bcf088e9642b0a4e4cdabc0a0d50
                                • Opcode Fuzzy Hash: 03bafa32f19b5e7f8ebe47d9225a6d239dd5a7d2b35674ebb6fdce533504d63a
                                • Instruction Fuzzy Hash: 51314A74D49218CFDB90CF68C9407BDB7BDAB4A214F1095A9E059B7741C7314E81CF91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069DCD98, Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: p
                                • API String ID: 0-2181537457
                                • Opcode ID: aee44be59140d02d80051c93964728da95a2f3c288afd3cda0209a7bfd7dd517
                                • Instruction ID: fd9e9059263dbefc1417cece533a3af5010a393fc77b38d907bb89862a113b3b
                                • Opcode Fuzzy Hash: aee44be59140d02d80051c93964728da95a2f3c288afd3cda0209a7bfd7dd517
                                • Instruction Fuzzy Hash: AA3137B4D49218CFDBA0CF68C9407BDB6BDAB4A210F10D5A9E15AA7741D7304E80DFA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069DCE1F, Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: p
                                • API String ID: 0-2181537457
                                • Opcode ID: 81ea01fbca984733d2f1685a54f9a9d01b4c24cb5b5ceb62044656960c3621d2
                                • Instruction ID: d57c31609c3003ea91e2305b95073a9b2ca039282bfb1991db60c05a7b08c0d6
                                • Opcode Fuzzy Hash: 81ea01fbca984733d2f1685a54f9a9d01b4c24cb5b5ceb62044656960c3621d2
                                • Instruction Fuzzy Hash: 07216B74E49219CFDBA0CB68C8407BDB7B9AF46210F1081E9E15DAB752CB305E81DF91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E42C1, Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: 7a<
                                • API String ID: 0-3256968585
                                • Opcode ID: 6b63cb2a2bf9c27b04b9d07a82de3bde398e0c453106f0a1871bc2f2e3b22ba7
                                • Instruction ID: a6299ac6a142479f8c8b650a36562eea0d0f310194f9038624b2f5f5447a5e39
                                • Opcode Fuzzy Hash: 6b63cb2a2bf9c27b04b9d07a82de3bde398e0c453106f0a1871bc2f2e3b22ba7
                                • Instruction Fuzzy Hash: ED213770D1520ADFCB06CFA9C6449AEFBF1FF4A200F1496AAC019EB255D7309A01CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D4F20, Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: 5NCq^
                                • API String ID: 0-2509949027
                                • Opcode ID: ddac2edae43dd7b5c9c13eae022ab14685dccfa3f4abebe1e52fa176ae8279a8
                                • Instruction ID: bab55df36eea35cd106b71614cd00fee42aedf55254a38e8b4aed319016f4c6f
                                • Opcode Fuzzy Hash: ddac2edae43dd7b5c9c13eae022ab14685dccfa3f4abebe1e52fa176ae8279a8
                                • Instruction Fuzzy Hash: 3A212CB4E00209DFCB44EFA8E8899AEBBB2FF88300F10816DD415A7354DB349A01CF91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E8A21, Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: (
                                • API String ID: 0-3887548279
                                • Opcode ID: ef35252b5a073fa327b76840585a42f9abbfd463d02cafa989db245305227299
                                • Instruction ID: cdda82af3b149cd75f20016fa4389f6790f796ccdffb7a6bfcff08ce69d2aa05
                                • Opcode Fuzzy Hash: ef35252b5a073fa327b76840585a42f9abbfd463d02cafa989db245305227299
                                • Instruction Fuzzy Hash: 2DF01770D0021A8BCB54DF54CC40BEEB7B6BF85300F1080AD850977254DB315E91CF55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E8096, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: <
                                • API String ID: 0-4251816714
                                • Opcode ID: d8a9962d2f81377e13ba3a70ad007181caa9e11f28c452d8102845e324435bc1
                                • Instruction ID: 268a6454a8d6ecf519ae7abbba5565cad3b7e419239b08ba6c3bf3554ea89f1e
                                • Opcode Fuzzy Hash: d8a9962d2f81377e13ba3a70ad007181caa9e11f28c452d8102845e324435bc1
                                • Instruction Fuzzy Hash: C7F04DB0D022688FCBB19F24CD48BEDBBB1AF5A351F5044E9840D76224DA305AC5CF01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D6933, Relevance: .3, Instructions: 278COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bbc3e6278fff8d1c908dae3ace7fed2294bfd3ed37d3acaa17dd8bc5dd0949e5
                                • Instruction ID: ab48d8c923ad1390ebf80cc0176ad0dfae8764f40ea918954da85a0930c640a4
                                • Opcode Fuzzy Hash: bbc3e6278fff8d1c908dae3ace7fed2294bfd3ed37d3acaa17dd8bc5dd0949e5
                                • Instruction Fuzzy Hash: 23C18B70900285CFEB54DFD8D188A9CBBB6FB04348F65C1A5D484AF652C778E984CFA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D6985, Relevance: .3, Instructions: 274COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2af3c28496c79e6522d67404ee8ced36bb31c5da7e770fa57c9884c92cd864e3
                                • Instruction ID: fd4efb452f94ec5f9bf0dd8850b4f6927298260a065062d7f4f7bf2bc6e37fb2
                                • Opcode Fuzzy Hash: 2af3c28496c79e6522d67404ee8ced36bb31c5da7e770fa57c9884c92cd864e3
                                • Instruction Fuzzy Hash: 14C19A70900285CFEB44DFD8D188A9CBBB6FB04358F65C1A5D484AF652C778E985CFA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D69B4, Relevance: .3, Instructions: 264COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 795d4901f32ef8862c93437c02144f245c98308986246e66b8b9bb610e316f8f
                                • Instruction ID: f32dddbe9baaec3cd6e18b1b6edae146aaef02821932d816ed6da7e0b9086d32
                                • Opcode Fuzzy Hash: 795d4901f32ef8862c93437c02144f245c98308986246e66b8b9bb610e316f8f
                                • Instruction Fuzzy Hash: 4FC18970900285CFDB44DFD8D188A9CBBB6FB04348F65C1A5D485AF652C779E984CFA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E2043, Relevance: .2, Instructions: 231COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b178ae0732f8c81f99a40eda0fa897dd2feff87fb4d4404b0add80879c43fe1f
                                • Instruction ID: e0ac5a0d2c3bb151ae143eae8cfa72cbc7bfc20e10ca5c0f6985fad09b0b6096
                                • Opcode Fuzzy Hash: b178ae0732f8c81f99a40eda0fa897dd2feff87fb4d4404b0add80879c43fe1f
                                • Instruction Fuzzy Hash: 99A1A974E0121ACFCB44DFA8C950A9DFBB2FF88704F208529D919AB758D730A942CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D3A15, Relevance: .2, Instructions: 219COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 63f2b181b983087af03f011448f021a92851e6f1219dd79c29c725b35b52491e
                                • Instruction ID: 236e14c22956a60d03c8a47efa186abf5b5bcb18258594812566c59a38dbd360
                                • Opcode Fuzzy Hash: 63f2b181b983087af03f011448f021a92851e6f1219dd79c29c725b35b52491e
                                • Instruction Fuzzy Hash: 2D9125B4D08258DFDB90DFE4C484AADFBB1FF4A305F20952AD419B7641C7349A81CB52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D3D59, Relevance: .2, Instructions: 215COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b49d3051297c28d2972882290869623b1522a35da5c854be3e36c3ee0a37f11a
                                • Instruction ID: 6a3139104e4ef55e7f1c7f1cf6a25ea9f46767a11784c2c4de5647e1e1b24fe3
                                • Opcode Fuzzy Hash: b49d3051297c28d2972882290869623b1522a35da5c854be3e36c3ee0a37f11a
                                • Instruction Fuzzy Hash: 9591F370D05268CFEBA0DFA9D8447ADBBF5FB4A301F2094AAD509A7645D7704A81CF11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 09332AA6, Relevance: .2, Instructions: 181COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.284363625.0000000009330000.00000040.00000001.sdmp, Offset: 09330000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 44e817581816596e757072748a3e0fb64600c8ffa4bfd60d36773c3430eeadf6
                                • Instruction ID: 23903fad0a93284f1a2bf97d1bdcad38de2651b8d31543f8a7677d5d52d6aa47
                                • Opcode Fuzzy Hash: 44e817581816596e757072748a3e0fb64600c8ffa4bfd60d36773c3430eeadf6
                                • Instruction Fuzzy Hash: 74714671889229CFDB64DF28C8447EEB7B5BB4A310F5092EAC069B62D1DB304AC4CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D6150, Relevance: .2, Instructions: 155COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e0686d5bea04bbe34c641145736b0d924138ce20cd410f017d9f979375579f37
                                • Instruction ID: 265d4994834cd9a1e5c64b81b27dd714eb06c55c23889ee5bd577077e7a8ec9d
                                • Opcode Fuzzy Hash: e0686d5bea04bbe34c641145736b0d924138ce20cd410f017d9f979375579f37
                                • Instruction Fuzzy Hash: CA513770D49208EFEB80CFA9D9847EDBBB5BB4A304F10D57AE515A3A41C3345A86CF81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D0006, Relevance: .1, Instructions: 136COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 319e6deadbe5e07f514448a81a49a12a9bd295a8d5889a9a944301c2b6b9e8bf
                                • Instruction ID: c899d8e76c49dfbeb0bc52ceb47bdcbecbdb3c99bf67774a6a23fd988b4dbfda
                                • Opcode Fuzzy Hash: 319e6deadbe5e07f514448a81a49a12a9bd295a8d5889a9a944301c2b6b9e8bf
                                • Instruction Fuzzy Hash: E2517D70C0A38AEFCB41CFA5D8945EEBFB1EF46240F1484EAD051E7252D3384A94CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D29F8, Relevance: .1, Instructions: 123COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c0961ce835bf26903ddd7e363073f52d571a3c2fb4fa59cb33104acd6bb6962c
                                • Instruction ID: 92fbc8ddc60609c51b53ee3e86f9c3a6e4ba2d004eacc09c94eb5d764da4e31f
                                • Opcode Fuzzy Hash: c0961ce835bf26903ddd7e363073f52d571a3c2fb4fa59cb33104acd6bb6962c
                                • Instruction Fuzzy Hash: 394158B0D05209DFCB54DFA8E8586EEBBB6EB89310F2091AAD905A7380C7355A41CF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019EA088, Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3450056e8aea599cca842e325c107104c184e3b7cd7234026028961eda06d0c3
                                • Instruction ID: 1eea2489e4e33535d26b279b5d872b0e8aebfe2e8fb31710ed7670fb2ede8fb7
                                • Opcode Fuzzy Hash: 3450056e8aea599cca842e325c107104c184e3b7cd7234026028961eda06d0c3
                                • Instruction Fuzzy Hash: 2741B0B1E012089FDB15CFE9D854ADDBBF6FF88300F24802AD51AAB255DB31A956CF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D9022, Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b546d9412ddf8de22e5363672c296f1e428323d78683bd87d3647b938c7c9acc
                                • Instruction ID: e5b943f39084e19816ce80efdd12bcb00fc12c1d4bd6f38379dd58676f7b8340
                                • Opcode Fuzzy Hash: b546d9412ddf8de22e5363672c296f1e428323d78683bd87d3647b938c7c9acc
                                • Instruction Fuzzy Hash: B141E574E04208DFCB58DFA9D940AEEBBB2FF89300F208469E80567355DB35AE41CB95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D619C, Relevance: .1, Instructions: 104COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6aa6dbea437dfae113e46b6184668dcef950699e814b2c8f660b64622bae42ea
                                • Instruction ID: ada0dab4cf9fdf8b395bae519db36d49af61caab5b2bc661e84595f89d632b6f
                                • Opcode Fuzzy Hash: 6aa6dbea437dfae113e46b6184668dcef950699e814b2c8f660b64622bae42ea
                                • Instruction Fuzzy Hash: DC412A70D49248DFDB80CFA8D984BDCBBF5BF4A318F1490AAE545E7652C7349A86CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D2A40, Relevance: .1, Instructions: 97COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3c28e9dd46a379e35a3a9ad27a9a588d9d89a0a2a2a0ef598bae0ca6643652a4
                                • Instruction ID: 3deae3678abac2689e730bb82ba46ef6026d74bf0d2f7c29b059ada68d8231da
                                • Opcode Fuzzy Hash: 3c28e9dd46a379e35a3a9ad27a9a588d9d89a0a2a2a0ef598bae0ca6643652a4
                                • Instruction Fuzzy Hash: 944127B0E05209CFCB44DFA9E8586EEBBB2FB89310F20906AD905A7380C7355A41CF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D2A50, Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b69b7089ab394742b5dedba17b3ad0bda06613bd455e5eb57d5b3431f5d1d9cb
                                • Instruction ID: 58096b43ba53a8f81360da42803d22e127eda722263d13dac0115026e577f90a
                                • Opcode Fuzzy Hash: b69b7089ab394742b5dedba17b3ad0bda06613bd455e5eb57d5b3431f5d1d9cb
                                • Instruction Fuzzy Hash: F241F7B0E05209CFDB44DFA9E8546EEBBB6EB89310F20D069D915A7380C7345A41CFA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D0070, Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2a5cfbc369f076e39cc977aaf81e4354f1a482dd24811f5400293d8bb80d5b2e
                                • Instruction ID: f6425b59f3922a8f7f64fb828ece24003e22e006ba4201725ba064db29447eb4
                                • Opcode Fuzzy Hash: 2a5cfbc369f076e39cc977aaf81e4354f1a482dd24811f5400293d8bb80d5b2e
                                • Instruction Fuzzy Hash: 7C313674C0630AEFCF44CFA5D9856AEBBB5FB48340F20D8AAC415A7254D7385A80CF91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E2790, Relevance: .1, Instructions: 83COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 20bac9684b778c736087bdf8a018c71ef229370f4a348bb99159a54c33bb5bb0
                                • Instruction ID: 84db886f9187d769d010f03b51fab300b9622eaa31f02d4f7f6ba5bc089672a5
                                • Opcode Fuzzy Hash: 20bac9684b778c736087bdf8a018c71ef229370f4a348bb99159a54c33bb5bb0
                                • Instruction Fuzzy Hash: 60313A74D0420ADFCB45CFA5C584AAEFBF2FB88300F10956AD819AB754D735AA41CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D8076, Relevance: .1, Instructions: 80COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 274275526e770867a5ba303cc6b9e046decfef1e055478d9e6b077c1a5053c3c
                                • Instruction ID: ffda96597195576e7cf9b31519a381fa26140440b29d6ec5855f93d4c551f75c
                                • Opcode Fuzzy Hash: 274275526e770867a5ba303cc6b9e046decfef1e055478d9e6b077c1a5053c3c
                                • Instruction Fuzzy Hash: 3531D278E05209CFDB84CF99D5809ADBBB9FF49310F10D965D819AB312D730A945CF90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E27A0, Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3ac88922308e9238f1632d29c74a76555bcfe887e6ebc605ce4d8168a88014fd
                                • Instruction ID: ecd5e3d001d5efd8e0305cb57b55c3fb3eb696658d336aab9c9f8a6572e32e80
                                • Opcode Fuzzy Hash: 3ac88922308e9238f1632d29c74a76555bcfe887e6ebc605ce4d8168a88014fd
                                • Instruction Fuzzy Hash: 36314BB4D04209DFCB44CFA5C584AAEFBF5FB88300F10956AD819A7714D738AA41CF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019EAD10, Relevance: .1, Instructions: 77COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a42657e126bf0fc98aea21e1f22b17cf7bf611d3080e023c01d8ebd66ec1e95e
                                • Instruction ID: f5350e271939f9d797a03af7f5c4fe550ee76a62834c30acf687da2beb2ccb40
                                • Opcode Fuzzy Hash: a42657e126bf0fc98aea21e1f22b17cf7bf611d3080e023c01d8ebd66ec1e95e
                                • Instruction Fuzzy Hash: A03107B4E412298FDF15DFA4DD446EEBBB2FB89311F0084AAD809A3314DB355A94CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E0006, Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8e19a87996b585f36431c0a2163b2f75c185049ec8d5dfe7f87649d1120780ca
                                • Instruction ID: 6852e900deef195ac1e6e18c106d708e12266dfad583a9f57cedb1677b844e28
                                • Opcode Fuzzy Hash: 8e19a87996b585f36431c0a2163b2f75c185049ec8d5dfe7f87649d1120780ca
                                • Instruction Fuzzy Hash: C9218E7090E3C5DFC3538B709C28599BFB0BF03221B0945EBD485DB1A7D6784959CB22
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E28D0, Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2917374a56c8a0c7c3e732485d8c2c4853eb579606b74023259d87629d28cf91
                                • Instruction ID: da9e7774ae531673bcc2522d5631991672c201256edc0e0512329973e337b627
                                • Opcode Fuzzy Hash: 2917374a56c8a0c7c3e732485d8c2c4853eb579606b74023259d87629d28cf91
                                • Instruction Fuzzy Hash: E3210AB4D0420ADFCB08CFA9C5859AEFBF6FF89340F15D999D518AB214D3349A408F91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D7712, Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 71fa6051d1af7081a8a083626ece21698462ba1fd18d15a84c2221bd46af3448
                                • Instruction ID: 22ab1c491a4f8b0053d53218a47b0bbe13273e8297f9cb62880c30b528d7e1b1
                                • Opcode Fuzzy Hash: 71fa6051d1af7081a8a083626ece21698462ba1fd18d15a84c2221bd46af3448
                                • Instruction Fuzzy Hash: 04118E7090524AEFCB00EFA8DA545DEBB76FF55300F1042AEE81597316DB305B05CBA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 093329A3, Relevance: .1, Instructions: 60COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.284363625.0000000009330000.00000040.00000001.sdmp, Offset: 09330000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7c17d0f200e40da0030003b0af22111c6915106ce88f665556b0f9376c43328c
                                • Instruction ID: 68de8c6c5ae2076060986c09afa6b75ea04bbbe2bd1a45f7bddf19c283f69320
                                • Opcode Fuzzy Hash: 7c17d0f200e40da0030003b0af22111c6915106ce88f665556b0f9376c43328c
                                • Instruction Fuzzy Hash: 74215B71D49229CBCB64CF28CD407EDB7B9AB86310F5092E9816DB6690D7310E91CFA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019EAC20, Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 818ceef54596b96aea0ca39c361184e7c0f0d0bc8d1497b7c66c2499115db786
                                • Instruction ID: 4b2f3b9ae08caa9e3d203405c2472ba1b1ea7ddb2ae8d43a93aaf96eab682c0a
                                • Opcode Fuzzy Hash: 818ceef54596b96aea0ca39c361184e7c0f0d0bc8d1497b7c66c2499115db786
                                • Instruction Fuzzy Hash: A21130B0D0620DEBCB09CFA5D5849ADFBF6EF85210F14D9EDD119A7264D6349B10DB08
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 033F07DC, Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274477527.00000000033F0000.00000040.00000040.sdmp, Offset: 033F0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9de8577690e556176373bf0a64d8971c0f77c1391d214c9ca6cba90d1fd5a3af
                                • Instruction ID: 28261cc682d5b6b661691ceb31d490cba0967e4274baae89a78d7f8ef30ac791
                                • Opcode Fuzzy Hash: 9de8577690e556176373bf0a64d8971c0f77c1391d214c9ca6cba90d1fd5a3af
                                • Instruction Fuzzy Hash: EF11E434204244DFD719CB18C980B26FB95EB88709F28C5ACEA491B643C37BD803CA91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E4398, Relevance: .1, Instructions: 58COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3a478d118b949dac32936824d3f87a87e98590e94ce4ab2fca06db916fda5e71
                                • Instruction ID: 7aef130e489be9f29b9afb31ef59899e720443a5780893e2bb4ed6d36c6494e7
                                • Opcode Fuzzy Hash: 3a478d118b949dac32936824d3f87a87e98590e94ce4ab2fca06db916fda5e71
                                • Instruction Fuzzy Hash: 09212C74E05109DFCB05CFA8C984A9DFBF2EF89600F19C599D919AB265D7319E10CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 033F07AF, Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274477527.00000000033F0000.00000040.00000040.sdmp, Offset: 033F0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5e89e07e298a29cbeba5713409f492922bf049ea01fe27e3aae89e690524168e
                                • Instruction ID: 95e6248764f84b396db50f0a81c00a7d03d2ea5c0e86cf0c4467240da552d0d4
                                • Opcode Fuzzy Hash: 5e89e07e298a29cbeba5713409f492922bf049ea01fe27e3aae89e690524168e
                                • Instruction Fuzzy Hash: AB218931509385CFC716CB60C890B55BFB1AF46304F29C6EED9898B6A3C33A8806CB42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D76C8, Relevance: .1, Instructions: 54COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 069f3bfdc2ffc7c6494498dcc4775976bcb001786cacf25e60c21b770e5ef256
                                • Instruction ID: 8cd69cd0f2c47576d3161ef53fac4253304501cc4238aa67479f1c37cbe7d591
                                • Opcode Fuzzy Hash: 069f3bfdc2ffc7c6494498dcc4775976bcb001786cacf25e60c21b770e5ef256
                                • Instruction Fuzzy Hash: 730184B890211AAFCB00DEA8DE85DDFF77AFF45315B208659A81657616D7305E01CBE0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E43A8, Relevance: .1, Instructions: 51COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 860e2ab6420d0c9edfb91f63528a829d90062d530190e2c629215a5e53b20595
                                • Instruction ID: 321ed0775773818a1088eaee898b3a240e7fc55150b785e83791c49b5cbfa746
                                • Opcode Fuzzy Hash: 860e2ab6420d0c9edfb91f63528a829d90062d530190e2c629215a5e53b20595
                                • Instruction Fuzzy Hash: A7114878E04108EFCB05DFA9C988A9DFBF6EF88600F15C499D519AB364DB309E10CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019EAAE8, Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6cecd99501d57114aef667a8ea1fbf0bb68526870886bfdb18b38726afbd9479
                                • Instruction ID: f8d937897b31baccaedff12ed24a5eeb3400f9a2dc2dda7edaf8d88982f1de89
                                • Opcode Fuzzy Hash: 6cecd99501d57114aef667a8ea1fbf0bb68526870886bfdb18b38726afbd9479
                                • Instruction Fuzzy Hash: 6B019E70D06208EBCF15DFA5E94856DBBF1EB4A341F14A9AAC40AB7264DB309A50CB19
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 033F05CF, Relevance: .0, Instructions: 46COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274477527.00000000033F0000.00000040.00000040.sdmp, Offset: 033F0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1e3ef26847fe2d851f8d83eadf14f5a282ed9fbcbb0b60ddd2b739db8d5c8d05
                                • Instruction ID: df28b6be77f6afb30de63cb3a3beef2073dcbf16d5eef345587c5acf4ac48fb0
                                • Opcode Fuzzy Hash: 1e3ef26847fe2d851f8d83eadf14f5a282ed9fbcbb0b60ddd2b739db8d5c8d05
                                • Instruction Fuzzy Hash: 0101A77150D7805FD7128F16DC41862FFACDF86220709C5AFEC498B612D225A809CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019EF198, Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 516a083accf7db5a6085a253727a9e869e201de4c4ad5aceab46beb90fac6568
                                • Instruction ID: 41a0c66e48da338a8340ed9320a1409ac15a51c940815e61ed1456a70053d88e
                                • Opcode Fuzzy Hash: 516a083accf7db5a6085a253727a9e869e201de4c4ad5aceab46beb90fac6568
                                • Instruction Fuzzy Hash: BD01B174E0620DDFCB44DFA8D9486ADBBFAFB89300F50C59AC80997308D7309B518B51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 093330C2, Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.284363625.0000000009330000.00000040.00000001.sdmp, Offset: 09330000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d7c374a876e9fe07ed536e63863991d3a2c523fd3feb9b96abdf648d546acfeb
                                • Instruction ID: cce0297967a79ce04e97c28f0a9315c0b54e23ee5d7b5c957290145b6451047c
                                • Opcode Fuzzy Hash: d7c374a876e9fe07ed536e63863991d3a2c523fd3feb9b96abdf648d546acfeb
                                • Instruction Fuzzy Hash: A80140B5986259CBCB50DF6888806F97779BB46360FA0D288C469A77C5CE314A40CF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D35F7, Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 309c1b65518bc6e5ec9d61035ae2ecab3657f652d5046208f2a8e6e2acc67453
                                • Instruction ID: 6fc6a5717980ed93f07c64b37001b29c904296c8436e2d2be73e09484c0894dd
                                • Opcode Fuzzy Hash: 309c1b65518bc6e5ec9d61035ae2ecab3657f652d5046208f2a8e6e2acc67453
                                • Instruction Fuzzy Hash: 3A015A74C0A208AFCB44DFB8D8456ACBFB5EF46301F2481EED84467341D7365A55CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E0F0B, Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c459954f42fdc15ad23f0f08cb5b4d8659da013b5d8df900107aeac50b9ce564
                                • Instruction ID: 16b2cfe53441bc9055aba6db71e1109c4a6b2f8ea0922efd2e4247730f1592ef
                                • Opcode Fuzzy Hash: c459954f42fdc15ad23f0f08cb5b4d8659da013b5d8df900107aeac50b9ce564
                                • Instruction Fuzzy Hash: CF11D070D0021A8FCB25DFA4C885ADEFBB1BF49304F148599D058AB244C735EA81CF84
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019EF078, Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ca2787a172e9491ae598c44ccc7747105ac9cf44b48655785251df5698d26802
                                • Instruction ID: 7a6ecfc9d9c06ec95b49194fa554ba721162db76627a2cd7ff5574049749d289
                                • Opcode Fuzzy Hash: ca2787a172e9491ae598c44ccc7747105ac9cf44b48655785251df5698d26802
                                • Instruction Fuzzy Hash: D6F04F71C15208EBDB46CFE5D54559DBFF4EB85302F50A4ABC41AA7204E3349650CF56
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E0070, Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3e6fdd023583d231995229cdf55ab267069d7fc98fd251632390f6dcfa39bdeb
                                • Instruction ID: a0120968cac73cedc10fcd4578a3beed21b229f4dd66d4ff7b852029bba939e8
                                • Opcode Fuzzy Hash: 3e6fdd023583d231995229cdf55ab267069d7fc98fd251632390f6dcfa39bdeb
                                • Instruction Fuzzy Hash: ECF0AFB0E06208DBCB11DFB4EE0C56DBFB6FB44202F1895A5E409A6308DB704A60CB12
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D42E0, Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b191450914e2791bd170372b4d17d96a4e8de698b2f17d8ee1cf600cde765f13
                                • Instruction ID: a96b0ac14bb4a451bda1b7b4157082b00a6576ea683d6a4a234e4c50105a08e1
                                • Opcode Fuzzy Hash: b191450914e2791bd170372b4d17d96a4e8de698b2f17d8ee1cf600cde765f13
                                • Instruction Fuzzy Hash: 94F09034D052489FCB94DFA8D9405ADBFB5EF86710F2481EAE848A7341C6325A01CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E09AF, Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: afeef6366fcacfea78f373a78e9f36babf90de4e59cc8e08df77b4332254c23c
                                • Instruction ID: 7637cd8ea1393446c35f13fcae98772692e06fd7f8950b4571309039659f9be9
                                • Opcode Fuzzy Hash: afeef6366fcacfea78f373a78e9f36babf90de4e59cc8e08df77b4332254c23c
                                • Instruction Fuzzy Hash: 24112AB4E0022D8FDB69CF68C986ADDBBF0BB09300F1085DA9649A7301D7709E81CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D7740, Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 89f7f392e2b0a1267345b5f64649fb7f409c6c32ab0108f8353237c02eeec9e3
                                • Instruction ID: 8450045363362ec45f348e71cbe233d702a8db3dea90c2415c3756f159caadbb
                                • Opcode Fuzzy Hash: 89f7f392e2b0a1267345b5f64649fb7f409c6c32ab0108f8353237c02eeec9e3
                                • Instruction Fuzzy Hash: 5901DAB4E0024ADBCB04EF98D95559DFB71FB44301F1086AD9815A7355DB309A41DB92
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D43A2, Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aba6277a1d1c4556469c8a029892ed652985971f5832690e6a7458912c6829ea
                                • Instruction ID: 320dd43d1990b95f88890b03a1957b6b0c367e93d914b82e00e4095aa0f5ef48
                                • Opcode Fuzzy Hash: aba6277a1d1c4556469c8a029892ed652985971f5832690e6a7458912c6829ea
                                • Instruction Fuzzy Hash: 0DF08C70D46288AFCF56DFA8DC515AEBFB5EB82310F2082AAE804A7250C2315A50DB95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 09330742, Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.284363625.0000000009330000.00000040.00000001.sdmp, Offset: 09330000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3a7d52849b686a893286872138eb1a29a5ac223fd85239f6a0aaffc9ecbf67ed
                                • Instruction ID: 7b865c2803c72540af684189dc02ae11957d4962e3bceb4bb272cddf198226e0
                                • Opcode Fuzzy Hash: 3a7d52849b686a893286872138eb1a29a5ac223fd85239f6a0aaffc9ecbf67ed
                                • Instruction Fuzzy Hash: EFF0E53484E348EFC7049F70A9496EEBF34DB02701F505286E80163383C7702A50CFA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 033F0898, Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274477527.00000000033F0000.00000040.00000040.sdmp, Offset: 033F0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                • Instruction ID: 85daca0e46105e1458e2a5c8f04243e094e0079f8a1b7b1992664f8ea5dc524e
                                • Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                • Instruction Fuzzy Hash: 51F01D35144645DFC716CF44D980B25FBA6EB89718F24C6ADE9490B752C337D813DA81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E15FA, Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1e3f5b8e9c2c9058c21cddf1dc272872501f846209f537ad8296fac3c031a20f
                                • Instruction ID: 2b26a7fe6203dec48e8b93a219bb602017550fc9a62f7955d63660a03f6a2a43
                                • Opcode Fuzzy Hash: 1e3f5b8e9c2c9058c21cddf1dc272872501f846209f537ad8296fac3c031a20f
                                • Instruction Fuzzy Hash: 1C01B6B4A01229DFDB94EF28CD94BADBBB2FF88201F5045EAD409A7255CB305E84CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D3681, Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b37e81f51636194e69c0ef5f7db26e2fe746b206ab16c3bf79b0b805ab96eef1
                                • Instruction ID: 63e2d2d80c3113e5b300ab81ca46ae0f16b2e72f7c58c043ff26b8ecd47375bd
                                • Opcode Fuzzy Hash: b37e81f51636194e69c0ef5f7db26e2fe746b206ab16c3bf79b0b805ab96eef1
                                • Instruction Fuzzy Hash: B8F06D30C06308AFCB41DBB4DC4669EBFB5EB46700F2082EAE844A3391C7301A14CB92
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D1321, Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 33135be3eb0ad94b6b959491de8cca1c62653c1f6e596545d9f50a6ea4d3ee1d
                                • Instruction ID: 72988aa7d20878782505097a5f842528199d2145e99f25c35e30b1503ef551f8
                                • Opcode Fuzzy Hash: 33135be3eb0ad94b6b959491de8cca1c62653c1f6e596545d9f50a6ea4d3ee1d
                                • Instruction Fuzzy Hash: 61F0F870C06218AFCF45DFA8CC416EEBFB6EB59300F2082AAD814A3351C3755A51CFA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E1BCE, Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 22e6cbca0f589369077009f54dbf3592970f7d14102395ba3264f6d799509c29
                                • Instruction ID: 43fdc8f92f47c0dc0340e81a42748100409cb9f274ba670870dc3fc0b16f64ab
                                • Opcode Fuzzy Hash: 22e6cbca0f589369077009f54dbf3592970f7d14102395ba3264f6d799509c29
                                • Instruction Fuzzy Hash: CEF0AF308062A99FDB51DF28CC80A9DBBB1FF42200F1055EEC488EF642D6304A84CF12
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 033F05F6, Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274477527.00000000033F0000.00000040.00000040.sdmp, Offset: 033F0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2aa8620bbece24945b8ce0781af0a487304f7d9a3ec27f0670f1e5b2670b233b
                                • Instruction ID: fac8cb5aad9c83f0030d64aaca806393372ec66a6a7f1308c740dd52b8fd5e33
                                • Opcode Fuzzy Hash: 2aa8620bbece24945b8ce0781af0a487304f7d9a3ec27f0670f1e5b2670b233b
                                • Instruction Fuzzy Hash: 02E06DB66046004B9650CF0AEC81462F7D8EB84630B18C47FDC0D8B701D235B5088EA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D2CC1, Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: abc7fd1dac01d907c388162139b4b08c2baf2b84933ae40fef2352e909b8683f
                                • Instruction ID: ecce8dc406a3208c03ee4657b3641593e38607d382f581b94de4c7b8a36b493d
                                • Opcode Fuzzy Hash: abc7fd1dac01d907c388162139b4b08c2baf2b84933ae40fef2352e909b8683f
                                • Instruction Fuzzy Hash: 85F0A074C09308AFCB01DFA8C89569DFFB5EF45300F14C0EAE88497341C635AA51DB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D435A, Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 65a73844fa8b8bf54ee6ed51c63cf1823d46cb06d99bcccbd2eaf1bd65e7a4a2
                                • Instruction ID: 3519bee9074e32411a80851340be271281c6237d7f5556f8e4cb63e223f790e2
                                • Opcode Fuzzy Hash: 65a73844fa8b8bf54ee6ed51c63cf1823d46cb06d99bcccbd2eaf1bd65e7a4a2
                                • Instruction Fuzzy Hash: 93F01C34D05208EFCB45DBA8D94469DBFB5EB45200F2481EAD84497351C6315A02DB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D2989, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ca64680a03e9c3bcddbfed1a41e98175a392695161142660cead376850f43ff5
                                • Instruction ID: 75ea3dc5a8b287ee8f4960e916949503e7aec4595b44aff85af95cf9ea6a3926
                                • Opcode Fuzzy Hash: ca64680a03e9c3bcddbfed1a41e98175a392695161142660cead376850f43ff5
                                • Instruction Fuzzy Hash: 53E09230D0A2489FCB05DBA4DC859ADBF79EF42310F2482EED8045B352C6315E56DB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D2D31, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e7b8184ad12566d188df5b4ddd4f62a32f0e9af3f07883a11dfa55f71518e57a
                                • Instruction ID: 93a1846b1cdc08518b8c0bae2a930d504149761d7bd49f3b4fbc46f931e64cbd
                                • Opcode Fuzzy Hash: e7b8184ad12566d188df5b4ddd4f62a32f0e9af3f07883a11dfa55f71518e57a
                                • Instruction Fuzzy Hash: 96E0DF30C0A348AFCB42CB74DC556EE7F74EF03240F2002EAE880A7292C7301A12CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D1258, Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b4fb237c7f7df46af3bee928f9732a5df80a2e55dc36f4eafbf7ff87cbabf888
                                • Instruction ID: f71b590f1719261b5732a7fc032d11bb3561aaaff018fcec4802ba991267f13b
                                • Opcode Fuzzy Hash: b4fb237c7f7df46af3bee928f9732a5df80a2e55dc36f4eafbf7ff87cbabf888
                                • Instruction Fuzzy Hash: 2DE09270C053889FCB96EBB888147DDBFB0DB06600F0182EFD804D3352D6355A55CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D2D08, Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e91efa540565edebca4b618aaaa5a5108ae37455fe490bdeaac25334ea38b44a
                                • Instruction ID: 1c62ae03421755ccfb30065acd49f2229994527dee4f9c105381e49358900ea9
                                • Opcode Fuzzy Hash: e91efa540565edebca4b618aaaa5a5108ae37455fe490bdeaac25334ea38b44a
                                • Instruction Fuzzy Hash: 9CE0DF3490A248DFC702CFA4EC99AEA3F76AF02300F1442D7F84893691C7791A60C790
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E29C8, Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1b502af09526eafc8cc9f2dd2dc9e27dce703e4aa5477e08e2c11e196cba4a4a
                                • Instruction ID: d0712b72b63ae4f148290aa70edfdad37c361c76f1f0eb22bc4f968a0a04c214
                                • Opcode Fuzzy Hash: 1b502af09526eafc8cc9f2dd2dc9e27dce703e4aa5477e08e2c11e196cba4a4a
                                • Instruction Fuzzy Hash: 91F0DFB4D01218AFCB55DFA8C904AAEBFB1FB09302F1085AAE858A3314D3729A50CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 09331A24, Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.284363625.0000000009330000.00000040.00000001.sdmp, Offset: 09330000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6a25fdaf4d928b6d71f751a6b4b8f61a9dc507b0df60adef92fc372f7caa7a18
                                • Instruction ID: 1891c1ff25abd9ffc7ce48867439e66b3c09acd621316bc032fbd55b1d29aaf6
                                • Opcode Fuzzy Hash: 6a25fdaf4d928b6d71f751a6b4b8f61a9dc507b0df60adef92fc372f7caa7a18
                                • Instruction Fuzzy Hash: 77F03075D58218DFDB20DF90DC48BECBBB9AB09351F1080E5A249AA2D0C7705A84CF54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E1118, Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a7c5f38c2538254bdb52fea9f5f0e448a37f7c56eed76eead01c6c3ffa731c45
                                • Instruction ID: d3fb842192e30f129bd072aa63c9506ad366aeb28fdc337f4fe39415ff6637ef
                                • Opcode Fuzzy Hash: a7c5f38c2538254bdb52fea9f5f0e448a37f7c56eed76eead01c6c3ffa731c45
                                • Instruction Fuzzy Hash: C3F0E270D4426BCACB75DF21D960BEEBBB0EB01200F1094EAC159A6600E7314A82DF85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E29D0, Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4f13fb03d8c5928f937deb789fccc2a85d9b0fe0587f4fa252089c4a30e591f0
                                • Instruction ID: 213ca0bc3e7f6809ea9dd97d8f704296a509410c3a1ee76a4aa34281c8185382
                                • Opcode Fuzzy Hash: 4f13fb03d8c5928f937deb789fccc2a85d9b0fe0587f4fa252089c4a30e591f0
                                • Instruction Fuzzy Hash: 84E06D74D01208DFCB04EFA8C904AADBBF5FB08301F1085AADC18A3304D7729A50CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E1C8C, Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 334180978013b865f4c88603c6b83fb9f58ebcfece9ca931f5d2b102319b7466
                                • Instruction ID: ba8cc8d3681ef094e54e4977da8f1bdf334f4f696ec1da7921b4c869dc4031cd
                                • Opcode Fuzzy Hash: 334180978013b865f4c88603c6b83fb9f58ebcfece9ca931f5d2b102319b7466
                                • Instruction Fuzzy Hash: A6F08C74D0922A9EDBA1DF69CC80B8DBBB1FB46200F5055EED10CEB280D6304A858F21
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E3C43, Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 663539f7179ff4a21fb3573a67d76bd8c2b6337e31a3fdc282ecfa8206f92ecc
                                • Instruction ID: 92c4ad127f288ac0ff7a1f59b2dc743fcd3924796c32a0193f4b639be6623046
                                • Opcode Fuzzy Hash: 663539f7179ff4a21fb3573a67d76bd8c2b6337e31a3fdc282ecfa8206f92ecc
                                • Instruction Fuzzy Hash: C0E09A3AA02304CFC3249FA0E8448987772FF89326B5111AAE5468B360CF32DDA0CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 09330750, Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.284363625.0000000009330000.00000040.00000001.sdmp, Offset: 09330000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 80ebe55054ae72760c794f99c1d636fe2fa934d68035fc58954a880303ebf6bb
                                • Instruction ID: ea06fb7088986dc68b282eb3c46f0d4f0187b679200b4cf7617066da4a5bb6c3
                                • Opcode Fuzzy Hash: 80ebe55054ae72760c794f99c1d636fe2fa934d68035fc58954a880303ebf6bb
                                • Instruction Fuzzy Hash: 9DE0867094920CDFC708EFA0F50E6ADBB74EB45701F509159D80523387D7712950CF55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D3641, Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a859e93fdcc9858f79083f803b01dda99d3415008bd3a66b3f05450abe7e4a61
                                • Instruction ID: f6177f7e7c215b349a11f44be60e6462319b1bbe7874f3089ac21d0d56c8f8dd
                                • Opcode Fuzzy Hash: a859e93fdcc9858f79083f803b01dda99d3415008bd3a66b3f05450abe7e4a61
                                • Instruction Fuzzy Hash: FFE0DF3080B388DFC705DF788C846DD3F329F02200F1001EAD44057291D3352A54CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069DD52D, Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9865497db95ee39d239ee4ae3c078f42eaedc8ad2fc758b52e51e12c96d81ceb
                                • Instruction ID: 70003266924dba725c90dee9f1fbdda155f41d7ca81ec88d9f289d9eb4058ab0
                                • Opcode Fuzzy Hash: 9865497db95ee39d239ee4ae3c078f42eaedc8ad2fc758b52e51e12c96d81ceb
                                • Instruction Fuzzy Hash: 5FE065708091158FCFC05F7CC844678B735EF52335F5086B4A45876799D73149444F65
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D1330, Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6d9a8416c6deab81a463f15d2434f5215a54e51385b3a1bb2e978505f4364d62
                                • Instruction ID: 96b17f95d79359f9c324bbb6ad3be239f5275a92db3da9923d5c763aee86c173
                                • Opcode Fuzzy Hash: 6d9a8416c6deab81a463f15d2434f5215a54e51385b3a1bb2e978505f4364d62
                                • Instruction Fuzzy Hash: 69E01AB0D0120CEFCF44EFA8C8456AEBBB5FB44300F1085AAD814A3340D7715A50CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019EA3D8, Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9ef3eb447ef507c60e52e820207dde63d438e9a7cdc005eea4fab0d431ef996a
                                • Instruction ID: 9d070b4cf1a738368d0f470c29a65a6d74c786b7aaf450bd2fcb6abe9660cd0b
                                • Opcode Fuzzy Hash: 9ef3eb447ef507c60e52e820207dde63d438e9a7cdc005eea4fab0d431ef996a
                                • Instruction Fuzzy Hash: 99E0C234D05208DFC755EFB8D80429DBBB4EB44300F1095BEC80863340D7759A90CB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E1BFA, Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 98dec8d5847446e931f3b5cb86b13387aa42c6031629b026686318e3867d5477
                                • Instruction ID: 68be51a6dda3cfae953c059a2af9cf9520c4f2e2e3cc5fc3aa1c5f7f3c7bc2fd
                                • Opcode Fuzzy Hash: 98dec8d5847446e931f3b5cb86b13387aa42c6031629b026686318e3867d5477
                                • Instruction Fuzzy Hash: 64E022308052E69AD761EF38C841E8DFFB0AB05210F600AEDD0ADAF5C1C3342990CF11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E1CA2, Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1803395c01964e473fe06ee0e431607323234748e0a729cfc8649a3f7b844179
                                • Instruction ID: 0c3b1000e4e592ad445df5f42e0890e44d500f33ac90e47e14b02277640adefc
                                • Opcode Fuzzy Hash: 1803395c01964e473fe06ee0e431607323234748e0a729cfc8649a3f7b844179
                                • Instruction Fuzzy Hash: 51E0D87491111AEEDB51CF99DC4098DFBB1FB45350F606BABD0197B580C2300E408F11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019EA8A0, Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9ef3eb447ef507c60e52e820207dde63d438e9a7cdc005eea4fab0d431ef996a
                                • Instruction ID: b3a06ae428dd46f5f78e33c68d8a1f1abfae649ff0ef0b11c2213f8eb839890a
                                • Opcode Fuzzy Hash: 9ef3eb447ef507c60e52e820207dde63d438e9a7cdc005eea4fab0d431ef996a
                                • Instruction Fuzzy Hash: 3BE0C234D05208DFC755EFB8D40425DBBF4EB40300F1085BEC80863340D7359A51CB89
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E1C18, Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c306ab0554b355823d210082b88eb3c1f26ffd5a890de737b1eb43ae21f715cc
                                • Instruction ID: f3075d47cf8e83c1c3e8d495aca353824aa2f110addb03982bdb613f81d4f6a0
                                • Opcode Fuzzy Hash: c306ab0554b355823d210082b88eb3c1f26ffd5a890de737b1eb43ae21f715cc
                                • Instruction Fuzzy Hash: B1E0ED74E1122A9FEBA0DF59CC90B9EB7B2FB85600F5059AED50CAB640D6305E808F14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D44C2, Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 08f34cdedf331359a5529e1dc9ef79b7b809e34ddcfd3419cdea8cab3aef02e5
                                • Instruction ID: a2922d035a7533a84441ab740a444856ed07f6464de2788ac9034cf47c744069
                                • Opcode Fuzzy Hash: 08f34cdedf331359a5529e1dc9ef79b7b809e34ddcfd3419cdea8cab3aef02e5
                                • Instruction Fuzzy Hash: E0E08C78C0E3849FDB01CBB0F4A44EC7FF59B0B200F0450ABE055EB657D93108048B52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E9F70, Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 27f4d6e7c343cdb8d2b58dd98b5ea16ff8b2563dfc31aff719c5c2c8e5288f3e
                                • Instruction ID: fd8502f47633b988d705edebc99f376737b393457ec3860c5fcf6e106973eae1
                                • Opcode Fuzzy Hash: 27f4d6e7c343cdb8d2b58dd98b5ea16ff8b2563dfc31aff719c5c2c8e5288f3e
                                • Instruction Fuzzy Hash: 45E0C278801208AFC754EFBCD95C26C7BF4EB0430AF1040A9C80693300D6706EA4CB92
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019EA2B8, Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c38b0b5d7299e8825e815ca0d97de0e47ed95cfd39c12d556740f9553d4ec6ba
                                • Instruction ID: 8b976c9da379949b63f71f1eee8ce8728e801b664298ce20507c0550c69234a9
                                • Opcode Fuzzy Hash: c38b0b5d7299e8825e815ca0d97de0e47ed95cfd39c12d556740f9553d4ec6ba
                                • Instruction Fuzzy Hash: ABE0E270D01208AFCB55EFB8D40829CBBB4EB05305F1041AE8808A3344EA7A9AA0CB96
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E06FE, Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a90ba8ba2d67ec10e072dd0a67c529c12ba17af976bfec386f7cf08efbbcceb5
                                • Instruction ID: f5fac051226f4b6db78dace9cfee1ba66e4c9b74f64411f7f9cbdb65c2470c6e
                                • Opcode Fuzzy Hash: a90ba8ba2d67ec10e072dd0a67c529c12ba17af976bfec386f7cf08efbbcceb5
                                • Instruction Fuzzy Hash: 45E09270D0422E9FDF11DFA4EC409EEBBB6FB95300F1055A99185B7168DB319946CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019EA278, Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2cd254e37dac5278fcc2355d69023b30f8197ad1bbd64bf231c81c5f0f5cde9e
                                • Instruction ID: 1e1708d7bb1f2c8daa09a792d4ca3ae26c32c44aea2b043232becc25a53e19bb
                                • Opcode Fuzzy Hash: 2cd254e37dac5278fcc2355d69023b30f8197ad1bbd64bf231c81c5f0f5cde9e
                                • Instruction Fuzzy Hash: 28E0E274D01208AFDBA5EFB8D40829CBBB4EB05605F5041A98808A7340E67A9A90CB92
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D15A8, Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 17051f0437218b4a8a98831323c69f4ddb2ae027f8cf898d9786fa34cdd7a77c
                                • Instruction ID: ba7cd0955948d5359f38e813fbacd69143a93b4debe9fc209d7ff9d8b0c8f932
                                • Opcode Fuzzy Hash: 17051f0437218b4a8a98831323c69f4ddb2ae027f8cf898d9786fa34cdd7a77c
                                • Instruction Fuzzy Hash: A2D05E7084A3809BC7661B6A9C283EA3FB99B43708F1C15AAE48686197C6791460C721
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E766D, Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 42467e3dec03b85a2505d9cd433d93df75f54dce7afcae892e6cc33d848ba913
                                • Instruction ID: c82544eb4bcb2261dbc6c5df2aeb914718b4a3230bec5c0c1e9278811aee162a
                                • Opcode Fuzzy Hash: 42467e3dec03b85a2505d9cd433d93df75f54dce7afcae892e6cc33d848ba913
                                • Instruction Fuzzy Hash: 1AE0ECB4E1420D8FDB54CFA5C840F8DBBF9EF99310F01A4A9820CAB254D730AA45CF25
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D1268, Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ce0b4fd5187a6567c94ffeb50f6e9196b6317e2f4816c59873e9b63ad9031543
                                • Instruction ID: 054ad1024fe57af13c28f5d6d05b3909a5c90818ca045b7d5246f3ec212158da
                                • Opcode Fuzzy Hash: ce0b4fd5187a6567c94ffeb50f6e9196b6317e2f4816c59873e9b63ad9031543
                                • Instruction Fuzzy Hash: 1CD01270D012089FCB94EFA8D50439CBBB4DB04300F1041BA880493340E6755A50CF91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E8350, Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e8826f0d9b4150bd0ee86b66dd6675f92d96ed8a6b752c0c2e1a1f6646f6f81a
                                • Instruction ID: 63ebe51b356aa026f7330020950054f503fc0b12958cb92e9be574cb1b222f7c
                                • Opcode Fuzzy Hash: e8826f0d9b4150bd0ee86b66dd6675f92d96ed8a6b752c0c2e1a1f6646f6f81a
                                • Instruction Fuzzy Hash: 0AD05E34C042089BCF50CEA0C940FCEB7B5EBA6200F1169EE801AE6240CA34AA86CF21
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D3650, Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cf08d9c8237df48197ae3d2940494a4125624585d7f1d8b8218a42a5fa29114a
                                • Instruction ID: cde41b3ee5ce0fcb8ea8eeeec3140f2574d337ebf59204ac61faea9ac88e8201
                                • Opcode Fuzzy Hash: cf08d9c8237df48197ae3d2940494a4125624585d7f1d8b8218a42a5fa29114a
                                • Instruction Fuzzy Hash: 78D05E70C11208DFC714EFACD84565CBF79EB01345F6040E8C80427340D7366A90CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016C23F4, Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.273461946.00000000016C2000.00000040.00000001.sdmp, Offset: 016C2000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f585a2cc7acf14d85b6ede38972f3a5a034299a591dbd975fa2b24d18f95efc6
                                • Instruction ID: 5c413581330b78fc539c817b05a1b466019f82debea89ca39ec137c4edb49486
                                • Opcode Fuzzy Hash: f585a2cc7acf14d85b6ede38972f3a5a034299a591dbd975fa2b24d18f95efc6
                                • Instruction Fuzzy Hash: 18D05E79206A814FE3268A1CC5B8BA57FA4EF51B04F4684FDEC008B763C368D5D1D200
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 016C23BC, Relevance: .0, Instructions: 14COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.273461946.00000000016C2000.00000040.00000001.sdmp, Offset: 016C2000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0b56d6ca1e78f37a998f4cc771d3340470fc7f699da10a61b4e8b6b2cf7a38a3
                                • Instruction ID: 5b63cb57436f47fd5b9012ea7e15b93e719b50c715871f4f3d86238e393bab76
                                • Opcode Fuzzy Hash: 0b56d6ca1e78f37a998f4cc771d3340470fc7f699da10a61b4e8b6b2cf7a38a3
                                • Instruction Fuzzy Hash: C2D05E343012814BD715DB1CC5A4F693BD4EB41B00F0644ECAC048B362C3A4E881C600
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E71C7, Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8936e9ec6f81a275bf1dabd8b7d6e861eec7e2ed922b4fb42ceb02f5084b2c57
                                • Instruction ID: 0f7e02b3b8f2a87105d082fd453bf49527bae5a9c95caa2f22d2a0aeafa6a50d
                                • Opcode Fuzzy Hash: 8936e9ec6f81a275bf1dabd8b7d6e861eec7e2ed922b4fb42ceb02f5084b2c57
                                • Instruction Fuzzy Hash: B1D0C9B4D046099BCB91DB54C840BDDB7B9ABA6300F10609E820DBB284CB309A85CF25
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E763A, Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e87d8242561be48075064d33e8a27aa2b0a4318452c7d29bbec112428b5beb24
                                • Instruction ID: 6d33340ac803fdfb47b88b591ffa172bfb8caee97691f6a9863c2308c0a7ea61
                                • Opcode Fuzzy Hash: e87d8242561be48075064d33e8a27aa2b0a4318452c7d29bbec112428b5beb24
                                • Instruction Fuzzy Hash: 94D05E70C042098ACB80DE90C580A8EB3F69B96200F109499800CA3540DB309A41CF24
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E6E29, Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3b59a980252f000452cdced5c1eca3f4d9cf1f3d0e2a7ff06d817c456c97c499
                                • Instruction ID: 3d63b64f3ab9380d632a2e251023b2b138a8b76e9a75dd1cbc28dab4275f189d
                                • Opcode Fuzzy Hash: 3b59a980252f000452cdced5c1eca3f4d9cf1f3d0e2a7ff06d817c456c97c499
                                • Instruction Fuzzy Hash: 47D05E34C081099ACB84CEA0C490B8EF7B5EB56240F019499900DE6150CA309A80CF11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E33EE, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6c20eff9f9d4917878d8ac0b54249df271dae7031b148fb28049df5a1e0be853
                                • Instruction ID: fe0c85e3c1e7c5b97d691b094cf4a6aee79489e9f59f727dcf0d4342a6fd76e6
                                • Opcode Fuzzy Hash: 6c20eff9f9d4917878d8ac0b54249df271dae7031b148fb28049df5a1e0be853
                                • Instruction Fuzzy Hash: F2D09234906388CFCB54CBA4E694999BBB6BF49301F201999D04A9B618CB35EA85CF10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E880F, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b4dacead62122554aa4672c47a4369be8c5fbe375c9c3a362fab62f7481cbb0f
                                • Instruction ID: c4aaea17ddfc1294efc8c1ea0f3a5eded9b1e2bcba1eaa59f2079a12ad1772ae
                                • Opcode Fuzzy Hash: b4dacead62122554aa4672c47a4369be8c5fbe375c9c3a362fab62f7481cbb0f
                                • Instruction Fuzzy Hash: E7C002B4E081199ECF50DF94C880BADB7B59B55310F506099950DB3640DE345691DF15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D15B8, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 365768bd21e8cd3a6a8dfc69735ac38a798d4e3113b175fe65cf7b6decd07490
                                • Instruction ID: 684462da0a29522049fd3ef525139382b57c45a043ce840b8361462099f1090a
                                • Opcode Fuzzy Hash: 365768bd21e8cd3a6a8dfc69735ac38a798d4e3113b175fe65cf7b6decd07490
                                • Instruction Fuzzy Hash: A4C02BB0C0260443C3743ACE6C0C37433EED34170DF9C1060A70D02588CB7C10A0C325
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D3968, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 58f55e81d7bcf8e7a19c3b9c80d53a3b83a61f9a85783020b930b9962af7620d
                                • Instruction ID: 41aa2839d4bebab570fa977e0b3386dd92af4a69e06a9754a08392f4e0109701
                                • Opcode Fuzzy Hash: 58f55e81d7bcf8e7a19c3b9c80d53a3b83a61f9a85783020b930b9962af7620d
                                • Instruction Fuzzy Hash: 1DC01278A05508EFDB00CB80D8A89ACFBB0EB09300F60C44ADC161B30ADB30DA0A9B40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0933310E, Relevance: .0, Instructions: 8COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.284363625.0000000009330000.00000040.00000001.sdmp, Offset: 09330000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 38d0cb4ade27c0026ff54f49d2f383308fd0ff974ba0900dbb28c6ad4d977c49
                                • Instruction ID: 1674388dc513e7a6c7323a2f39d70287feb0a16ea34c84d5c930bac152c7a44b
                                • Opcode Fuzzy Hash: 38d0cb4ade27c0026ff54f49d2f383308fd0ff974ba0900dbb28c6ad4d977c49
                                • Instruction Fuzzy Hash: 2CC08CB20CE140DACA005B2884480F8357CAB02320BA08280882A299EAC6310A008F00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions

                                Function 019E5A10, Relevance: 3.9, Strings: 3, Instructions: 129COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: BX!$BX!$v-
                                • API String ID: 0-1548537781
                                • Opcode ID: 841c80c8cc12d93084251c57c586733847b2ef2c968911368dc507e04cc55a15
                                • Instruction ID: 8110282b00ab61e81f37b2c23a56b8b371f913b95d72f09e0c54fa915a8143a2
                                • Opcode Fuzzy Hash: 841c80c8cc12d93084251c57c586733847b2ef2c968911368dc507e04cc55a15
                                • Instruction Fuzzy Hash: DD515474D0820A9FDB06CFA9C4859AEFBF1FB89314F1598AAD419FB210C3749A41CF94
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E5A20, Relevance: 3.8, Strings: 3, Instructions: 92COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: BX!$BX!$v-
                                • API String ID: 0-1548537781
                                • Opcode ID: 24566ed12e7dfda76e2d8c7799cca59cc8fbe71dcfdca8d00d9f4550ecce835a
                                • Instruction ID: 653f3627d7e1b54cd870ac33e38bbb8ed18b8d480324c90aff245b7b41267019
                                • Opcode Fuzzy Hash: 24566ed12e7dfda76e2d8c7799cca59cc8fbe71dcfdca8d00d9f4550ecce835a
                                • Instruction Fuzzy Hash: 12411375D0420ADFDB09CF9AC4858AEFBF1BB88304F24946AD419BB200D3749A41CFA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D01E9, Relevance: 2.7, Strings: 2, Instructions: 247COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: av]\$av]\
                                • API String ID: 0-1947167267
                                • Opcode ID: ac233e664b1a99ed5dace0358339f8f6222dc3b54647612dfe77caa60d6d349a
                                • Instruction ID: 47ddcbafd662a9ebf4f8b047aac99ea0144f6702bedf151d454c996a1d37d654
                                • Opcode Fuzzy Hash: ac233e664b1a99ed5dace0358339f8f6222dc3b54647612dfe77caa60d6d349a
                                • Instruction Fuzzy Hash: 0BB14574D04219DFDB54CFA9C580AADFBB2FB89304F20C5AAD819AB745C7349A42CF94
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E9318, Relevance: 2.7, Strings: 2, Instructions: 237COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: xLLA$xLLA
                                • API String ID: 0-716333081
                                • Opcode ID: 671644ee55172bedb321d196605b898ef3e901a0bff79f7e2cc90fac2a37d062
                                • Instruction ID: aa2b2b475899e3f4a38de343421d7c24d16034ad392cbfb951875c955210422a
                                • Opcode Fuzzy Hash: 671644ee55172bedb321d196605b898ef3e901a0bff79f7e2cc90fac2a37d062
                                • Instruction Fuzzy Hash: E6B12874D04169DBCB04CFA9C5844ADFBF2FB89309F2485AAD859AB306D7349E42CF94
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E9309, Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: xLLA$xLLA
                                • API String ID: 0-716333081
                                • Opcode ID: 848b83c28234a11fa0f87e6c416dd98bea0e5058f9ac7c0d84951c580bb9dc24
                                • Instruction ID: 2106e619336594268a71926252bcdc7a0084334e76cee6bf74b3abf1fc11b03f
                                • Opcode Fuzzy Hash: 848b83c28234a11fa0f87e6c416dd98bea0e5058f9ac7c0d84951c580bb9dc24
                                • Instruction Fuzzy Hash: E8B13874D04169DBCB05CFA9C1844ADFBF2FB89309F24C5AAD859AB206D7349E42CF94
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D1890, Relevance: 2.2, Strings: 1, Instructions: 984COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: $g%r
                                • API String ID: 0-359987751
                                • Opcode ID: bb50cfcf6a7bddca311a7f7e96af96f10fe65baba4052a7d9a1687429aacf1b5
                                • Instruction ID: e21b629d44ccbbc65af859dca0e3118cbd17aadaa7d2444376c390623b2a2f27
                                • Opcode Fuzzy Hash: bb50cfcf6a7bddca311a7f7e96af96f10fe65baba4052a7d9a1687429aacf1b5
                                • Instruction Fuzzy Hash: 55B29E75E00229CFDB65CF69C984AD9BBB2FF89304F1481E9D509AB265DB319E81CF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D1880, Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: $g%r
                                • API String ID: 0-359987751
                                • Opcode ID: 42459aa42be40f01f74bbb4711b2b02a59cd6169297e1a30161b2590cc4f39aa
                                • Instruction ID: c22d4a8ad0294500b593fd17e3269d051a6b0c81278895d1c8ce58eb2aeb44d5
                                • Opcode Fuzzy Hash: 42459aa42be40f01f74bbb4711b2b02a59cd6169297e1a30161b2590cc4f39aa
                                • Instruction Fuzzy Hash: 64B16375E01658CFDB68CF6ACD44ADDBBF2AF89301F14C1AAD809AB354DB315A858F40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E5E69, Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: |+(
                                • API String ID: 0-3502406282
                                • Opcode ID: bea34416e5c61380d589f2ed5ba2131b5cc148f46f2ca62c1d9b263468a0dbcf
                                • Instruction ID: 8e7c2f155d302d6fbf62e3919654e5954875ee8dbcf3708d26697418f346876a
                                • Opcode Fuzzy Hash: bea34416e5c61380d589f2ed5ba2131b5cc148f46f2ca62c1d9b263468a0dbcf
                                • Instruction Fuzzy Hash: 29A13478D0920ADFDF05CFA5C5858AEFBF1FB89304F11996AD419BB214D3349A418FA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E4A80, Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: E
                                • API String ID: 0-3568589458
                                • Opcode ID: 5a7c4fc6069098169e299c8b3a5e1b5054f7ce1f4b12bd7c15030b29d2362930
                                • Instruction ID: 54bd3605957d30f6568e49384057dcd42d8265d3dab5ecd6706b1f8e45052275
                                • Opcode Fuzzy Hash: 5a7c4fc6069098169e299c8b3a5e1b5054f7ce1f4b12bd7c15030b29d2362930
                                • Instruction Fuzzy Hash: F5710E74E25209EFCB41CFA9D48899DBBF1FF49310F18899AE419EB251D334AA41CF54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D15D8, Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: `5(r
                                • API String ID: 0-3683955166
                                • Opcode ID: dfaab0c5148634761590c9454fc45f9603d3d58542041034a7a7abf513f4a64a
                                • Instruction ID: 2ab014541e65f3ea003f1bea63e87a572c26de049826cc03e7f0b09afd70e301
                                • Opcode Fuzzy Hash: dfaab0c5148634761590c9454fc45f9603d3d58542041034a7a7abf513f4a64a
                                • Instruction Fuzzy Hash: 31610870E0120A8BDB58DF6AED4569EBBF3FBC8704F15D02ED5089B2A9EB745805CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E5BF0, Relevance: 1.4, Strings: 1, Instructions: 163COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: |+(
                                • API String ID: 0-3502406282
                                • Opcode ID: c1585cc4a47951291078c767ab0c7e39ef069844daf7b11e0886010f7757f170
                                • Instruction ID: a0ee9f30e74e1a7d0224318eb6d39848bf9ea604769fe77a828c1521cb04309b
                                • Opcode Fuzzy Hash: c1585cc4a47951291078c767ab0c7e39ef069844daf7b11e0886010f7757f170
                                • Instruction Fuzzy Hash: 79613578D0920ADFDF09CFA9C5848AEFBF1FB89204F109A6AD415BB214D3389A11CF54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E4A90, Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: f
                                • API String ID: 0-1993550816
                                • Opcode ID: 0b83f750f8ad60fd944ef0a5e1ef605297d9ec3dab357ae87374b13fb0d598f8
                                • Instruction ID: e6f7789fa34e07d0d0f6f612ec400548f803bdf6e2a10b1297a32ebaf7dd6cac
                                • Opcode Fuzzy Hash: 0b83f750f8ad60fd944ef0a5e1ef605297d9ec3dab357ae87374b13fb0d598f8
                                • Instruction Fuzzy Hash: 1471CC74E25219EFCB41CFA9D48899DBBF5FB88310F149999E419EB214D334AA40CF54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E5C00, Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: |+(
                                • API String ID: 0-3502406282
                                • Opcode ID: a066dbd1ef3e0f18cdd47c7083dfb511de5999f4cdb55d6bbc3fc874ea7eddbe
                                • Instruction ID: 0a2937ace0e33dd01c01e214eca82ac0d11845984af04a3245c015fce136faf9
                                • Opcode Fuzzy Hash: a066dbd1ef3e0f18cdd47c7083dfb511de5999f4cdb55d6bbc3fc874ea7eddbe
                                • Instruction Fuzzy Hash: 4561F378D1520ADFDF09CFA9C5848AEFBF1FB89204F10996AD415BB214D3389A51CF54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D15E8, Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: `5(r
                                • API String ID: 0-3683955166
                                • Opcode ID: efd303edfc2e6c26198a91c81e308039635d24513ba5bb9a5ec9fe36f9abf529
                                • Instruction ID: 2480face410333cd7bd3fc9711f4b924d0212b39791dfb48f0ea193c1070e76c
                                • Opcode Fuzzy Hash: efd303edfc2e6c26198a91c81e308039635d24513ba5bb9a5ec9fe36f9abf529
                                • Instruction Fuzzy Hash: B1610770E0120A8BDB48DF6AED5569DBBF3FBC8704F15D02ED5089B2A9EB745805CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E010C, Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: <
                                • API String ID: 0-4251816714
                                • Opcode ID: 674142a7e6ad2186349e05443221e3b8922d1c1c778289af426e95fb0dee6972
                                • Instruction ID: 60b4f34e05f4df7242175a42df54d3b99742606d80dd75bd19b93b84da765882
                                • Opcode Fuzzy Hash: 674142a7e6ad2186349e05443221e3b8922d1c1c778289af426e95fb0dee6972
                                • Instruction Fuzzy Hash: A2417075E006189FDB58CFAAC9546DDFBF2AF89301F54C0AAD50CAB264EB345A85CF10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E987D, Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: 4L6M
                                • API String ID: 0-2801559574
                                • Opcode ID: 5cdbab12a26b8a1e26db53262cbabfbf10e875fa939698f58ed807f358500e1c
                                • Instruction ID: e3c4c8d12d9e308c7b7c4bc43537c1e40db89ad8c3333bd5e3d3a6f01af99d45
                                • Opcode Fuzzy Hash: 5cdbab12a26b8a1e26db53262cbabfbf10e875fa939698f58ed807f358500e1c
                                • Instruction Fuzzy Hash: E4212570C05709DFCB5ACFAAC90259EBBF2EF85714F24C27EC014AB256D63446028F50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E98B0, Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: 4L6M
                                • API String ID: 0-2801559574
                                • Opcode ID: 4bd435e22dc9e0c6cb6663f029f0b475e3bdff790683cfc65a857b0819122fdf
                                • Instruction ID: a80dd4740f5eaf92efeec79f4de1ef6920a5b979127dbd0fc8293386bb766af1
                                • Opcode Fuzzy Hash: 4bd435e22dc9e0c6cb6663f029f0b475e3bdff790683cfc65a857b0819122fdf
                                • Instruction Fuzzy Hash: 911136B1D05608DBDB19CFABC94119EFBF2FF88204F24C67AC418BB215E63446018F41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019EF7A8, Relevance: .3, Instructions: 283COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a306f986c41cc4255b87f711cf956365109a1b5e8f7ddfdeb58f65ba11f6b8a5
                                • Instruction ID: c657daac1bfda7d1734f93ae203577514083fe5d142640ad0d12723827a8fa21
                                • Opcode Fuzzy Hash: a306f986c41cc4255b87f711cf956365109a1b5e8f7ddfdeb58f65ba11f6b8a5
                                • Instruction Fuzzy Hash: 1CD1F474D00219DFCB14DFA9C5849ACBBF2FB89305F2481AAD849AB355D735AE41CF90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E6A68, Relevance: .2, Instructions: 190COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a1b4ad664fb7d169cc3742fb51ed800b37717b35ed85c61f4c89e4c1ea88e1d5
                                • Instruction ID: ba318656a9a6c7705e544780fa2dca22b2596c170b10f2e32d166760e72d4d76
                                • Opcode Fuzzy Hash: a1b4ad664fb7d169cc3742fb51ed800b37717b35ed85c61f4c89e4c1ea88e1d5
                                • Instruction Fuzzy Hash: 8A81A571D057188FDBA8CF6BCC45699BBF3FFC9610F14C1BA8448AA265EB3509428F11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E2A10, Relevance: .2, Instructions: 150COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b135f145dd50e5d63c44caae1ba9f771c6a3058eb389256256f24dd9fea6eb85
                                • Instruction ID: a7391844742ea85cf1a1a6fd5b49ba79fb9e85a1bc6f80b639447a9c8eb46096
                                • Opcode Fuzzy Hash: b135f145dd50e5d63c44caae1ba9f771c6a3058eb389256256f24dd9fea6eb85
                                • Instruction Fuzzy Hash: 92511470D0520ACFCB15CFA9C5849AEFBF9FB4A300F24999AD419BB255C3349A41CFA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E5460, Relevance: .1, Instructions: 146COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a4e7830891b8828cc6158735685c12094639c19e7e868da8ab2781bfc97d4039
                                • Instruction ID: 30ba63ba421aea3fd1bb9faa9559fc1dbb53c396850a77ddaf1851ef83d8c80c
                                • Opcode Fuzzy Hash: a4e7830891b8828cc6158735685c12094639c19e7e868da8ab2781bfc97d4039
                                • Instruction Fuzzy Hash: 3B514778E1520ADFDB46CFA8D5848AEFBF2BF48314F158556D409A7205E330AA40CFA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E5470, Relevance: .1, Instructions: 139COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 228e9084ac4b4c03b845e4eebda31f26c680ad8a4971ce5301ae7fe6d37fb6a9
                                • Instruction ID: edbe27be149bcd235145cef91f3947aeffff8cd2115d4a83a297130ec315c3a9
                                • Opcode Fuzzy Hash: 228e9084ac4b4c03b845e4eebda31f26c680ad8a4971ce5301ae7fe6d37fb6a9
                                • Instruction Fuzzy Hash: DB511278E1520ADFDB05DFA8D5848AEFBF1FF48314F158956E419AB205E330AA40CFA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 019E5E78, Relevance: .1, Instructions: 100COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.274063101.00000000019E0000.00000040.00000001.sdmp, Offset: 019E0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0b867bbd6daecd5c4c0351dee444fac61aa3dfe23a226325c8ab4c8e1dc83364
                                • Instruction ID: 6939096c85af622fe7bf17955c2110266ec0e5b3fd16cfe09708b06d937fb785
                                • Opcode Fuzzy Hash: 0b867bbd6daecd5c4c0351dee444fac61aa3dfe23a226325c8ab4c8e1dc83364
                                • Instruction Fuzzy Hash: C5411774D0520ADBDB45CFA6C5859AEFBF2FF88300F25D86AC519BB214D730AA408B95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 09333B80, Relevance: .1, Instructions: 99COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.284363625.0000000009330000.00000040.00000001.sdmp, Offset: 09330000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4f6ee443307fdb1a447275b2428339793caeff94a383c2cdc9307b45c04da501
                                • Instruction ID: 981fa6e712954313ef4381ad5c25951b3e5bfb7af76df1b09ae1731a73c5cee1
                                • Opcode Fuzzy Hash: 4f6ee443307fdb1a447275b2428339793caeff94a383c2cdc9307b45c04da501
                                • Instruction Fuzzy Hash: 13414A71D9921ADECB14CFA2C4416BEFBF9EB86380F90D96A9011B7664D7788700CF94
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069D3C58, Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0f4b421549f35d1a754a1b7b8e56f4a1263b07c7a6b7200c14e40a26a8ab6338
                                • Instruction ID: d359da61f8276bc17278eb1725403869522bb376061f12142866bc8123437c5c
                                • Opcode Fuzzy Hash: 0f4b421549f35d1a754a1b7b8e56f4a1263b07c7a6b7200c14e40a26a8ab6338
                                • Instruction Fuzzy Hash: 8811E9B1E056189BEB18CF6BCD847CAFAF7AFC9700F14C1BAE808A6254DB3009418E51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069DBBAD, Relevance: 5.1, Strings: 4, Instructions: 141COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: $g%r$X1(r$X1(r$`5(r
                                • API String ID: 0-1473244025
                                • Opcode ID: 846e34e7fa93bd64a19f301f3a157c18866e9f804706d70ada0bf1639e124869
                                • Instruction ID: 928188f546bba2c6e2d8081187fd63cff5f31a7bd7d8668f9ce463d67468e421
                                • Opcode Fuzzy Hash: 846e34e7fa93bd64a19f301f3a157c18866e9f804706d70ada0bf1639e124869
                                • Instruction Fuzzy Hash: 22519C74B002019FCB54DB78C854BAEBBF2BF88710F2182A9E511AB7A4CB31A841CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 069DBBC0, Relevance: 5.1, Strings: 4, Instructions: 135COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.278633559.00000000069D0000.00000040.00000001.sdmp, Offset: 069D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: $g%r$X1(r$X1(r$`5(r
                                • API String ID: 0-1473244025
                                • Opcode ID: db4cff461e0ddf0fe1559db8daee83ee85ee0182d9a3ece9b1b9ecf7dda6fb33
                                • Instruction ID: 0fef5e59160f56eb67af9f40b2c945754014a3d640fd9cbe536908d835ab16b2
                                • Opcode Fuzzy Hash: db4cff461e0ddf0fe1559db8daee83ee85ee0182d9a3ece9b1b9ecf7dda6fb33
                                • Instruction Fuzzy Hash: F4516C74B002059FCB54DB78C854BAEBBF2BF88710F218269E515AB7A4CB35AC40CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Analysis Process: Doc.exe PID: 3848 Parent PID: 1460 Doc.exeCOMMON

                                Executed Functions

                                Function 030BB6D8, Relevance: 2.2, Strings: 1, Instructions: 950COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: r
                                • API String ID: 0-1812594589
                                • Opcode ID: fc9f50bd31524a46633b4d0f938b29e6a0552787a5f3dbe9e28ddc42079e9643
                                • Instruction ID: dd7a376a46aaa69543f08e1e3d824ecd59edb16b35d90c8e107f707234c65cd4
                                • Opcode Fuzzy Hash: fc9f50bd31524a46633b4d0f938b29e6a0552787a5f3dbe9e28ddc42079e9643
                                • Instruction Fuzzy Hash: F2925871A01616CFDB14CF68C880AAEFBF2FF88310F1585A9D45AAB655D734E981CF90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03112DA5, Relevance: 1.6, APIs: 1, Instructions: 87networkCOMMON
                                Download Yara Rule
                                APIs
                                • bind.WS2_32(?,00000E2C,A30EB7BA,00000000,00000000,00000000,00000000), ref: 03112E47
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: bind
                                • String ID:
                                • API String ID: 1187836755-0
                                • Opcode ID: f97844a8c3038c1dfcea469cce3f467f51f48866d9e7e5c205b94d8ee59841c7
                                • Instruction ID: a3294f6b9ba6f2740e27f9f997c0979520d4d359cffc35c85a1a3aee15f460d1
                                • Opcode Fuzzy Hash: f97844a8c3038c1dfcea469cce3f467f51f48866d9e7e5c205b94d8ee59841c7
                                • Instruction Fuzzy Hash: 7F3180B250D3C05FD712CB659C94B96BFB8AF0B210F0884EBE9848F153D264A919C762
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031113BF, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                Download Yara Rule
                                APIs
                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0311143F
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: AdjustPrivilegesToken
                                • String ID:
                                • API String ID: 2874748243-0
                                • Opcode ID: 7a6e63cf4e1236307cb878416a70fa02f9ffe6bd64cf867201244ddc000a1503
                                • Instruction ID: 26760f80de30a75045961be57bf20e1b04a65fdcfa0af3d9cb4e2b60c9997b0f
                                • Opcode Fuzzy Hash: 7a6e63cf4e1236307cb878416a70fa02f9ffe6bd64cf867201244ddc000a1503
                                • Instruction Fuzzy Hash: 8921BF75509784AFEB12CF25DC40B92BFF8EF06210F0884EAE9858B563D3709918DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031117FB, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 03111871
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: InformationQuerySystem
                                • String ID:
                                • API String ID: 3562636166-0
                                • Opcode ID: c518eab08de71329c87093014cf49f79d6762b4ecb385037433e02a7ec7980eb
                                • Instruction ID: f3bc0812229f0e90371ea28e7cd024cb5ca00727548fb21573cff809bcbe9599
                                • Opcode Fuzzy Hash: c518eab08de71329c87093014cf49f79d6762b4ecb385037433e02a7ec7980eb
                                • Instruction Fuzzy Hash: F721A1714097C0AFDB138B21DC45A52FFB4EF16214F0DC0DBE9844B163D2659519DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03112DE6, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
                                Download Yara Rule
                                APIs
                                • bind.WS2_32(?,00000E2C,A30EB7BA,00000000,00000000,00000000,00000000), ref: 03112E47
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: bind
                                • String ID:
                                • API String ID: 1187836755-0
                                • Opcode ID: 25a78a092fdb2afae50b7e4392713b2e9999d564b6431eeab6667f5132deb24e
                                • Instruction ID: d869a6a574144c1894530fc99ce0cc5cc1a8fe5546bd45254fd80af554a47b27
                                • Opcode Fuzzy Hash: 25a78a092fdb2afae50b7e4392713b2e9999d564b6431eeab6667f5132deb24e
                                • Instruction Fuzzy Hash: 1311B2B1505200AFEB20CF55DC84F96FBACEF48710F1888BAEE459B241D774A415CBB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03111541, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 031115AD
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: InformationProcess
                                • String ID:
                                • API String ID: 1801817001-0
                                • Opcode ID: 7481be2c81b5a45609d5131349c9b2481bf452defd97e5239c31f6abe5f2ed46
                                • Instruction ID: 9fdcacacbfc4e76993241b7bd4643bbd6533a813a23cc75dd6ccd7aae534bb3a
                                • Opcode Fuzzy Hash: 7481be2c81b5a45609d5131349c9b2481bf452defd97e5239c31f6abe5f2ed46
                                • Instruction Fuzzy Hash: 561181714093849FDB128B25DC45A52FFB4EF16314F0980DAE9854B263D275A918DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031113F6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0311143F
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: AdjustPrivilegesToken
                                • String ID:
                                • API String ID: 2874748243-0
                                • Opcode ID: eda06e16d82ee6a4ae064f4260755c0dda1cb1c8aaed38168e1cb12f98e5f122
                                • Instruction ID: 2f9ded78324cd2981f97f504f057eb16707b78e3832dc43d2c5f287ac062d0e7
                                • Opcode Fuzzy Hash: eda06e16d82ee6a4ae064f4260755c0dda1cb1c8aaed38168e1cb12f98e5f122
                                • Instruction Fuzzy Hash: 571170755006049FDB20CF65D884B96FBE8EF08720F08C4BAEE858BA52D375E454DF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0311161A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                Download Yara Rule
                                APIs
                                • GetSystemInfo.KERNELBASE(?), ref: 0311164C
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: InfoSystem
                                • String ID:
                                • API String ID: 31276548-0
                                • Opcode ID: d8c7e644e4b1668b73a972476ccd03c6a5efc7f4874654b33662ab85442d8ce3
                                • Instruction ID: 0e5443c56f07c25df9e61c5df59b7445808cd3634bf1621fc057a3c2bfc03f6f
                                • Opcode Fuzzy Hash: d8c7e644e4b1668b73a972476ccd03c6a5efc7f4874654b33662ab85442d8ce3
                                • Instruction Fuzzy Hash: 7C01A2B49142409FDB10CF15D884796FFA4EF48221F1CC4BADD498F256D3B5A454CFA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03111836, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 03111871
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: InformationQuerySystem
                                • String ID:
                                • API String ID: 3562636166-0
                                • Opcode ID: d36249d380b5425972b389b2efa92c18264dfc29b53adde1fc44a4ed297066b4
                                • Instruction ID: 1ce7605dd7de6105e65b77bff4d474feb3c5c69b50fe997e4a936aec9ca800dc
                                • Opcode Fuzzy Hash: d36249d380b5425972b389b2efa92c18264dfc29b53adde1fc44a4ed297066b4
                                • Instruction Fuzzy Hash: 7401A2315006049FDB20CF15D884B66FFE4EF48320F18C4AADE890B652D3B5A458CFB2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03111572, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 031115AD
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: InformationProcess
                                • String ID:
                                • API String ID: 1801817001-0
                                • Opcode ID: d36249d380b5425972b389b2efa92c18264dfc29b53adde1fc44a4ed297066b4
                                • Instruction ID: 0db940b6af74378a91c9607eac090d17c11d22e9f7434cb0c746422e50b46ae4
                                • Opcode Fuzzy Hash: d36249d380b5425972b389b2efa92c18264dfc29b53adde1fc44a4ed297066b4
                                • Instruction Fuzzy Hash: 46018F754046049FDB60CF15D884B66FFA4FF49320F18C0AADE8A0B756D375A468CF62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B3850, Relevance: .8, Instructions: 753COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0cb19427aedb153d35c455959e4ad5d9300c854ef8b8961a39d3e407ee2314e8
                                • Instruction ID: 602eadb56e93f3f1c670079cfc59d22bfdd2e350f89bc8eb3a55e990167d87cf
                                • Opcode Fuzzy Hash: 0cb19427aedb153d35c455959e4ad5d9300c854ef8b8961a39d3e407ee2314e8
                                • Instruction Fuzzy Hash: DD52BF75A01216CFCB14CF68C8809AEBBF6FF85310B2985EAD4199F256D731EC45CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B23A0, Relevance: .5, Instructions: 505COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 595d1323d8327da1be94c148de61fcd9bc360da73d66a7a694246323b7c5388a
                                • Instruction ID: c1aaadd8fec40815b026adf0be4f64df002c3b7bd988380bc1ac92c8957f9fa3
                                • Opcode Fuzzy Hash: 595d1323d8327da1be94c148de61fcd9bc360da73d66a7a694246323b7c5388a
                                • Instruction Fuzzy Hash: EF12CE30A05215CFC768DF29C4846EEBBFAFF89304F29896AD415DB754DB788846CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B8E78, Relevance: .5, Instructions: 505COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1c929e8f72835f8aadacbd538b42dbfacff267b518131d9f72bac10d922f1b43
                                • Instruction ID: 92feba1439a7fcd63ec2b4720e64f4baefb2d6d7045eeb3b0091d0fad2c1b1c3
                                • Opcode Fuzzy Hash: 1c929e8f72835f8aadacbd538b42dbfacff267b518131d9f72bac10d922f1b43
                                • Instruction Fuzzy Hash: 1312AB30E16655CFCB18CF68C484AADBBF2FF88314F688969E5169B290DB79D841CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B2FA8, Relevance: .2, Instructions: 239COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0e52fff0d0c911da66e31a590872e29690922c4096d350af64436bf283672d99
                                • Instruction ID: e261337c8d43ede47c5cba6c45621e589b78584f3297853414aa849c54893fa1
                                • Opcode Fuzzy Hash: 0e52fff0d0c911da66e31a590872e29690922c4096d350af64436bf283672d99
                                • Instruction Fuzzy Hash: 56818B76F021159FCB14DB69C894AAEBBF3AFC8310F2A84B5E405EB355DE309C018B90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B9A78, Relevance: .2, Instructions: 239COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 45e6dd8dff62781d008c78bc834b441c47e314cca7d03649118b7d43a9b0bf29
                                • Instruction ID: bb3bc3469ffaee29033ea57d14c84f6b46dbb1977bff40220741b5f30ca3cd4e
                                • Opcode Fuzzy Hash: 45e6dd8dff62781d008c78bc834b441c47e314cca7d03649118b7d43a9b0bf29
                                • Instruction Fuzzy Hash: CA815C72F011159FDB14DB6DD980AAEBBF3AFC8310F2A8475E505AB355DE349C018B90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B9B3F, Relevance: .2, Instructions: 179COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4bf1f7a236c16b31cc2d27832affa7848d0a5f46029e57fc1531acb92fdbe274
                                • Instruction ID: 053e4ad712ee6ec703dd9c5c880e89b674bce6e00bc527797778f457893f2778
                                • Opcode Fuzzy Hash: 4bf1f7a236c16b31cc2d27832affa7848d0a5f46029e57fc1531acb92fdbe274
                                • Instruction Fuzzy Hash: CF512B72F015159FD754DB6DC980A9EBBF3AFC8310F2A8165D409AB369DE34DD018B90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B8930, Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a3325996ff998697a589e96fa9f36e394e81603c20068dfbafdf5f21167c50b5
                                • Instruction ID: f576c5377a855bdfb5f1d50e580ab89874c6c6c1beca32c500db8f8881770022
                                • Opcode Fuzzy Hash: a3325996ff998697a589e96fa9f36e394e81603c20068dfbafdf5f21167c50b5
                                • Instruction Fuzzy Hash: FC016278811204DFC718EF60E458BADBBB5FB0E311F24A498D94A63250DB386D48CF44
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B09A0, Relevance: 5.2, Strings: 4, Instructions: 177COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: X1(r$X1(r$X1(r$X1(r
                                • API String ID: 0-1974604117
                                • Opcode ID: 5e50b22cea953b8ff3e69db147b060514c3274aae509f0b879ffc237d8983b56
                                • Instruction ID: 97d0dd12b5dbe00b470d2966bca43f429d421234b45550e19c35db6c2ff98055
                                • Opcode Fuzzy Hash: 5e50b22cea953b8ff3e69db147b060514c3274aae509f0b879ffc237d8983b56
                                • Instruction Fuzzy Hash: 7F51C331B00216DFCB14DB68D854AAFB7F6BF84708F2189A9E5169F354DB309C06CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B02E8, Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: 8bq$`5(r
                                • API String ID: 0-4147111389
                                • Opcode ID: 7f0b222c5210fcdd117dd3bcb66bc9fa87f98fef5c5b19f29952bfd536e42de8
                                • Instruction ID: 5fbd83c974dce1b2b424f48d45fad093b1718d662ba9d8bf8741225034ba44d9
                                • Opcode Fuzzy Hash: 7f0b222c5210fcdd117dd3bcb66bc9fa87f98fef5c5b19f29952bfd536e42de8
                                • Instruction Fuzzy Hash: BD71AF70B052018FCB08DB68D4546AEBBF6FFC9710F28846ED506EB795DB35AC018BA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B12A0, Relevance: 1.7, Strings: 1, Instructions: 460COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: $g%r
                                • API String ID: 0-359987751
                                • Opcode ID: 62c62c99e4b3bc48b3439ece416ee55e8d9b4d55f69bafb66e8f7af89202bbae
                                • Instruction ID: 63f4206a49f235335e57ca80701b8e654644cd6879a5360269daa99b5d808658
                                • Opcode Fuzzy Hash: 62c62c99e4b3bc48b3439ece416ee55e8d9b4d55f69bafb66e8f7af89202bbae
                                • Instruction Fuzzy Hash: 0222F634A00615CFC768DF28C490AAABBF2FF89300F14899AD85A9B755DB38ED45CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03112908, Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                Download Yara Rule
                                APIs
                                • getaddrinfo.WS2_32(?,00000E2C), ref: 031129EB
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: getaddrinfo
                                • String ID:
                                • API String ID: 300660673-0
                                • Opcode ID: 91e7ce6ebcf898cc8464cff167f99cd5bee5a5ff3647349cc99080e024f14e58
                                • Instruction ID: 8e50bf518e5fc4d085d40fa0f718c7d604b5a32c47b55aedf935ca0c7fd5abb2
                                • Opcode Fuzzy Hash: 91e7ce6ebcf898cc8464cff167f99cd5bee5a5ff3647349cc99080e024f14e58
                                • Instruction Fuzzy Hash: 6531E7B25043406FE721CB64DC85FA6BFBCEF05310F14899AFA849B192D374A909CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0311197C, Relevance: 1.6, APIs: 1, Instructions: 101registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 03111A4E
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 36571d8371aa1026ef678ad451ac4525bdbf1f0b8fc3e27ee3daf56c571150fe
                                • Instruction ID: f0b183fb725126395a4d6ea8a676ddcde29cf8264c4e2889fee2886fdcc743c9
                                • Opcode Fuzzy Hash: 36571d8371aa1026ef678ad451ac4525bdbf1f0b8fc3e27ee3daf56c571150fe
                                • Instruction Fuzzy Hash: 5E31586540E3C05FD3138B358C61A62BFB4EF47614B0A80CBE884CF5A3D529691AC7B2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03111E9B, Relevance: 1.6, APIs: 1, Instructions: 98networkCOMMON
                                Download Yara Rule
                                APIs
                                • WSASocketW.WS2_32(?,?,?,?,?), ref: 03111F56
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: Socket
                                • String ID:
                                • API String ID: 38366605-0
                                • Opcode ID: e6637958a0758c7e698ef3eff246020cf1fdb3bb09794ebb5e23df0e7423dec8
                                • Instruction ID: 91fbc93fd6eef0e2c5d7ac9f2a53b3323c986732acfc487dbe4ffa54cb901ffb
                                • Opcode Fuzzy Hash: e6637958a0758c7e698ef3eff246020cf1fdb3bb09794ebb5e23df0e7423dec8
                                • Instruction Fuzzy Hash: 65316D7140D7C06FE7238B659C54B96BFB8EF06210F1984DBE9C48F1A3D265A819CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03110EB8, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 03110F5B
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: 693d5a05bb23651047351740d674425c58d97338635ed25083ed2cf78afc0ae9
                                • Instruction ID: 9cf0c74e1183f1d7f31766ab819ef2127350cbcec46bda6dd2b682c71e62b6c6
                                • Opcode Fuzzy Hash: 693d5a05bb23651047351740d674425c58d97338635ed25083ed2cf78afc0ae9
                                • Instruction Fuzzy Hash: 1131C7715043446FEB228B65DC44FA7BFECEF09310F0888AAF985CB152D724A459DB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03110C58, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                Download Yara Rule
                                APIs
                                • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 03110D1A
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: FileNameTemp
                                • String ID:
                                • API String ID: 745986568-0
                                • Opcode ID: dea8c0b61b8900a55659dea2a27635741f838d1290da6d2b86aa03d739d4b9a5
                                • Instruction ID: 4ad04c47aee224993224aa240ce89f5bd842413f7a1a115b7723bdf89724ee90
                                • Opcode Fuzzy Hash: dea8c0b61b8900a55659dea2a27635741f838d1290da6d2b86aa03d739d4b9a5
                                • Instruction Fuzzy Hash: B8314B6150D3C05FD7038B258C51B62BFB4EF47610F0E85DBD9848F5A3D625A819C7A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03110390, Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0311045E
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: b25aa4a861a8001ac7e8eb9287f8a0c8668c3a741025d9e9439716ccd84d3abe
                                • Instruction ID: 97b14b262756e5d6db7096ba351c82974a1593669e448043030148a039cb9a97
                                • Opcode Fuzzy Hash: b25aa4a861a8001ac7e8eb9287f8a0c8668c3a741025d9e9439716ccd84d3abe
                                • Instruction Fuzzy Hash: B931D7B14043446FE7228F24CC81FA6FFB8EF05310F04859EF9859B192D365A949DB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03112F7F, Relevance: 1.6, APIs: 1, Instructions: 92windowCOMMON
                                Download Yara Rule
                                APIs
                                • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 0311303E
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: FormatMessage
                                • String ID:
                                • API String ID: 1306739567-0
                                • Opcode ID: d96edaa21f96e0bdbb849f0ff40b3202e581de77c39e2e60450c339ec46e9656
                                • Instruction ID: 8f9cd79eac75765848c6dcf19de8733c014fd8b0fc51a0be51169e5588636518
                                • Opcode Fuzzy Hash: d96edaa21f96e0bdbb849f0ff40b3202e581de77c39e2e60450c339ec46e9656
                                • Instruction Fuzzy Hash: FC318F7250E3C05FD7039B358C65A66BFB4EF47710F1980DBD8848F2A3E6246909C7A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031107F4, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 03110899
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: CreateFile
                                • String ID:
                                • API String ID: 823142352-0
                                • Opcode ID: 85c6ef1ab986f127f9b82b55ac675ffeffce686ca494b2ad713b5f2b4ce4b8a5
                                • Instruction ID: f64e94e301f2c129f9aff77102988d6720ff9e85041759c1375a25b33cff50ca
                                • Opcode Fuzzy Hash: 85c6ef1ab986f127f9b82b55ac675ffeffce686ca494b2ad713b5f2b4ce4b8a5
                                • Instruction Fuzzy Hash: 0F317271904380AFE722CF65DC44F66BFE8EF09210F0884AEE9858B252D375E419DB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0152AAB1
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: b80c810996bf12ad98f3297c144d4d2c15ca80eac14beb5b4de068fc1077ffd3
                                • Instruction ID: 941b76f5d6c6d66d87a85211537f8fe72c85f75733a8d7fa6ae57ac94db2cac0
                                • Opcode Fuzzy Hash: b80c810996bf12ad98f3297c144d4d2c15ca80eac14beb5b4de068fc1077ffd3
                                • Instruction Fuzzy Hash: DA31B6725043846FE7128B65CC85FA7BFFCEF06310F08849AED819B152D664A509CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03110FB9, Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                Download Yara Rule
                                APIs
                                • GetExitCodeProcess.KERNELBASE(?,00000E2C,A30EB7BA,00000000,00000000,00000000,00000000), ref: 0311105C
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: CodeExitProcess
                                • String ID:
                                • API String ID: 3861947596-0
                                • Opcode ID: 0480220c6a10a08fed5d60797695eddc6ff85ccc851e9a0bd147c004f9b52c50
                                • Instruction ID: d386b57e8c82aba19db8c13f7bad8db3137cd3074e75429b8a010bc7e54f3d25
                                • Opcode Fuzzy Hash: 0480220c6a10a08fed5d60797695eddc6ff85ccc851e9a0bd147c004f9b52c50
                                • Instruction Fuzzy Hash: A131E8715093C06FE712CB35DC95FA6BFA8EF46710F0884EAE9848F193D624A508C771
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031100F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateMutexW.KERNELBASE(?,?), ref: 0311019D
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: CreateMutex
                                • String ID:
                                • API String ID: 1964310414-0
                                • Opcode ID: 721e2f3982a91682f7dec6d03f3c3e488576dbe66058687d2ecf74a6873a2932
                                • Instruction ID: 11a4ec5b267110d6f6b4aaf0d21ab75ffef0d15193379f7a736d56c58071c85d
                                • Opcode Fuzzy Hash: 721e2f3982a91682f7dec6d03f3c3e488576dbe66058687d2ecf74a6873a2932
                                • Instruction Fuzzy Hash: 303181715097806FE712CB65DC84B96FFF8EF0A210F0884AAE9848B293D364E948C761
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,A30EB7BA,00000000,00000000,00000000,00000000), ref: 0152ABB4
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: be7f8db410e49faae27196fecbfada1d59367f92ce4b9e9bba8e57555d230391
                                • Instruction ID: 3b2842ffdf66f2b3d042b490c611ded03d7f7da174b43d2cc4d4abaf21ce0344
                                • Opcode Fuzzy Hash: be7f8db410e49faae27196fecbfada1d59367f92ce4b9e9bba8e57555d230391
                                • Instruction Fuzzy Hash: CA3191765093846FE722CB65CC84F96BFBCEF06310F18889AE985CF193D264E548CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0311249C, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: FileView
                                • String ID:
                                • API String ID: 3314676101-0
                                • Opcode ID: b48463244c3901cc2f0bf5bda83a93ce888a081912b148935e36463b026b49b1
                                • Instruction ID: a0073809dd01dd8dffb00eb21c6ca4b7960e509a870a93e9385f8c0d3b51c937
                                • Opcode Fuzzy Hash: b48463244c3901cc2f0bf5bda83a93ce888a081912b148935e36463b026b49b1
                                • Instruction Fuzzy Hash: FB31B8B1404784AFE712CB55DC85F96FFF8EF05310F08859EE9849B152D375A509CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031121FE, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                Download Yara Rule
                                APIs
                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 0311229B
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: DescriptorSecurity$ConvertString
                                • String ID:
                                • API String ID: 3907675253-0
                                • Opcode ID: 3228cc411f27d20d8379c8e7047abaef5861f86f2ad6dc38853fa068cba856e9
                                • Instruction ID: 5ac394f6e95692b06d16e8a0616662a4d29443ef04e57d917128cdce00819900
                                • Opcode Fuzzy Hash: 3228cc411f27d20d8379c8e7047abaef5861f86f2ad6dc38853fa068cba856e9
                                • Instruction Fuzzy Hash: 3621B171504344AFEB21CB65DC84FAAFFACEF45310F0884AAE984DB142D764A908CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152AF50, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                Download Yara Rule
                                APIs
                                • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0152AFEA
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: 922ceef04379eb9c6ecf08fe0449c3bd144e906756858f0efd2bba319a086e12
                                • Instruction ID: 845b5a8830220b03389278c4a1fcabbc4f24e4ba599c86bacc139decf9528d8b
                                • Opcode Fuzzy Hash: 922ceef04379eb9c6ecf08fe0449c3bd144e906756858f0efd2bba319a086e12
                                • Instruction Fuzzy Hash: D5317E7544E3C06FD3138B258C55A26BFB8EF47610F0A41DBE8C4CB5A3D228A919C7A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031104AB, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,A30EB7BA,00000000,00000000,00000000,00000000), ref: 0311055C
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: fa6e782e422ffe40e85ad1bf64359c623a60d3de34005e01203eb151f004546b
                                • Instruction ID: 1b677717cc0ac91b626f9cb0244f253137bbdba55f726320f094907867cceb84
                                • Opcode Fuzzy Hash: fa6e782e422ffe40e85ad1bf64359c623a60d3de34005e01203eb151f004546b
                                • Instruction Fuzzy Hash: AF3182715097806FD722CB65DC84B92BFF8EF0A310F0C85DAE9859B162D364A948DB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152A120, Relevance: 1.6, APIs: 1, Instructions: 85networkCOMMON
                                Download Yara Rule
                                APIs
                                • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 0152A1C2
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: Startup
                                • String ID:
                                • API String ID: 724789610-0
                                • Opcode ID: 97ea1efe351486af000a5df5c4463c420b8b486d3ce7df0929575f989c823c93
                                • Instruction ID: ec48510991bcde892adbb25d9ae77283762dd84882308aaf55dc589b54ba4c11
                                • Opcode Fuzzy Hash: 97ea1efe351486af000a5df5c4463c420b8b486d3ce7df0929575f989c823c93
                                • Instruction Fuzzy Hash: 8231A07140D3C05FD7028B358C55BA6BFB4EF47620F1981DBD9C48F293D229A819CBA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03112946, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                Download Yara Rule
                                APIs
                                • getaddrinfo.WS2_32(?,00000E2C), ref: 031129EB
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: getaddrinfo
                                • String ID:
                                • API String ID: 300660673-0
                                • Opcode ID: d061f7431ccf4dfe92cb0d0f6944b89fdd1e7cc8bfb0fbdbe2facd73312167de
                                • Instruction ID: 40d5dc16d47fae3f8d4773af5a77ee8040ebf2b89dda13e9d47ba442814db867
                                • Opcode Fuzzy Hash: d061f7431ccf4dfe92cb0d0f6944b89fdd1e7cc8bfb0fbdbe2facd73312167de
                                • Instruction Fuzzy Hash: 8621F7B1500204AFFB30DF65DC85FA6FBACEF08310F14886AFA849A181D7B4A5458BB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03110EDE, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 03110F5B
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: 93c3b08c80022e087e0d47199851699d05a815ad9499136ba11bf8543e4110b3
                                • Instruction ID: 378955e614752a8bf43db7bdbe36078802baf14f575675bd25c1ac101c67e72e
                                • Opcode Fuzzy Hash: 93c3b08c80022e087e0d47199851699d05a815ad9499136ba11bf8543e4110b3
                                • Instruction Fuzzy Hash: CD21C472500205AFEB21DF65DC85FAAFBECEF08310F14886AED85CB151D730A4548B71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031102AB, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 03110353
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: 6c3a292ab8e729c3d63c0f10426aaf7186740cff92288f6a62f8774b5d421b6c
                                • Instruction ID: 83c26117fc6ac5cfbdc9a52517fa9aa62c64d64bd22e4bad5a1c7b0861a80387
                                • Opcode Fuzzy Hash: 6c3a292ab8e729c3d63c0f10426aaf7186740cff92288f6a62f8774b5d421b6c
                                • Instruction Fuzzy Hash: B421A3754093806FE7228B20DC85FA6BFB8EF06310F1885DAE9848B192D265A959DB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031123BA, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                Download Yara Rule
                                APIs
                                • OpenFileMappingW.KERNELBASE(?,?), ref: 03112445
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: FileMappingOpen
                                • String ID:
                                • API String ID: 1680863896-0
                                • Opcode ID: 79b89c568e6fc323935eca1b906188c74aa2fb650e7699c1beb953e13aa85855
                                • Instruction ID: c92957b484f2c98473fa7462046e7865ce94b65605cf30850a841cdcf3200db5
                                • Opcode Fuzzy Hash: 79b89c568e6fc323935eca1b906188c74aa2fb650e7699c1beb953e13aa85855
                                • Instruction Fuzzy Hash: C621A3B15053806FE722CF65DC44F66FFE8EF05210F1884AAE9849B252D375A508CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031108F0, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                Download Yara Rule
                                APIs
                                • GetFileType.KERNELBASE(?,00000E2C,A30EB7BA,00000000,00000000,00000000,00000000), ref: 03110985
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: FileType
                                • String ID:
                                • API String ID: 3081899298-0
                                • Opcode ID: d5beed02834307033a5d53b05690bfb42ebce36f3b173ec3e97679548fd0c358
                                • Instruction ID: f64406155640ec1c9effc0540e0c25576913ffdc403efede6ec6684b4f36a7c5
                                • Opcode Fuzzy Hash: d5beed02834307033a5d53b05690bfb42ebce36f3b173ec3e97679548fd0c358
                                • Instruction Fuzzy Hash: 4921D8B59087846FE712CB259C50BA3BFB8EF46720F1880DAE9C48B153D224A905C771
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0311081A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 03110899
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: CreateFile
                                • String ID:
                                • API String ID: 823142352-0
                                • Opcode ID: a910afd3c76b7a4e2b2693e6da9c147e4edf6190ef0f7a1697b4bc05e7dde287
                                • Instruction ID: cec52cf966961983d43af704628f09c7e5d330e05c44cff58bdd4108092d8196
                                • Opcode Fuzzy Hash: a910afd3c76b7a4e2b2693e6da9c147e4edf6190ef0f7a1697b4bc05e7dde287
                                • Instruction Fuzzy Hash: 0B21A171904740AFEB21DF65DC84BA6FBE8EF08310F18846EE9858B252D7B1E454CBB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0311222A, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                Download Yara Rule
                                APIs
                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 0311229B
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: DescriptorSecurity$ConvertString
                                • String ID:
                                • API String ID: 3907675253-0
                                • Opcode ID: 196ad7d39c1a4d48cdfb48b9bc14f603b3ccdba74858c5297738f908a1025439
                                • Instruction ID: a45b9a0085212c7530fa30410956d98e503d61e385396ba7fc40b6b0ccdc49eb
                                • Opcode Fuzzy Hash: 196ad7d39c1a4d48cdfb48b9bc14f603b3ccdba74858c5297738f908a1025439
                                • Instruction Fuzzy Hash: AA219271600204AFEB20DB69DC85BAAFBECEF48310F18886AED45DB241D774A5158B71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0311123E, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                Download Yara Rule
                                APIs
                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 031112BE
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: LookupPrivilegeValue
                                • String ID:
                                • API String ID: 3899507212-0
                                • Opcode ID: 2a4e4448cfa6a61c9df843c63295b31ad89b93ae89fb5af689b08ba5c9c71cc9
                                • Instruction ID: a1dc1648e15121add70b6e215f0aca1df2adabb7dcd96738da83aa4d05e9d302
                                • Opcode Fuzzy Hash: 2a4e4448cfa6a61c9df843c63295b31ad89b93ae89fb5af689b08ba5c9c71cc9
                                • Instruction Fuzzy Hash: 492190725093805FDB12CB25DC85B92FFE8EF16220F1D80EBE985CB653D224D808CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03110B79, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegSetValueExW.KERNELBASE(?,00000E2C,A30EB7BA,00000000,00000000,00000000,00000000), ref: 03110C10
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: Value
                                • String ID:
                                • API String ID: 3702945584-0
                                • Opcode ID: c1a5d59c4ae2655e8a13ad4f33162755bcab53c7f8d6538928ea8d4ccc5ba7e9
                                • Instruction ID: 46b838ab1d9d15e4ff9b70011c3e0b31bf041cf184fe551d9622305f6c95f055
                                • Opcode Fuzzy Hash: c1a5d59c4ae2655e8a13ad4f33162755bcab53c7f8d6538928ea8d4ccc5ba7e9
                                • Instruction Fuzzy Hash: 00218EB6908740AFE721CB15DC85F97BFACEF09210F08849AE9859B252D364E848CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031109C0, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                Download Yara Rule
                                APIs
                                • WriteFile.KERNELBASE(?,00000E2C,A30EB7BA,00000000,00000000,00000000,00000000), ref: 03110A51
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: FileWrite
                                • String ID:
                                • API String ID: 3934441357-0
                                • Opcode ID: 838fcb6745cf88ae01dd0d1bfcfe61c59d8e40285cbac76c4b8d81bc20be2ed9
                                • Instruction ID: b7b184d04620d9a4850d271017156af45e13a9054946b51d72c25733798cbdde
                                • Opcode Fuzzy Hash: 838fcb6745cf88ae01dd0d1bfcfe61c59d8e40285cbac76c4b8d81bc20be2ed9
                                • Instruction Fuzzy Hash: 0F2192715093806FD722CF65DC84F56BFB8EF46314F0884EBE9849B153C364A409CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031103CA, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0311045E
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: d66f3da112a59f68231b437f072be8f45bd2b8b28814f5e156e877c9d7dd2f52
                                • Instruction ID: 2958bd8e518b19e19e6ef00dbf65d31e4fb647d014ba71b17330f2cd0658819c
                                • Opcode Fuzzy Hash: d66f3da112a59f68231b437f072be8f45bd2b8b28814f5e156e877c9d7dd2f52
                                • Instruction Fuzzy Hash: 0A21F571500204AFEB21DF15DC81FA6FBACEF08310F14856AFA859A681D775A448DBB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0152AAB1
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: 6b3842a6e35a2aca045cae1025bdb977f1e68390ed5ac39467d6a6ae4d845231
                                • Instruction ID: da60f7f95bd28fd4974248bf2dfd807654b66e3b7799802acbdc7dcec30d5607
                                • Opcode Fuzzy Hash: 6b3842a6e35a2aca045cae1025bdb977f1e68390ed5ac39467d6a6ae4d845231
                                • Instruction Fuzzy Hash: F621A4B2500204AFE7219B59DD85F6BFBECEF04310F14845AEE459B641D774E5088BB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0311012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateMutexW.KERNELBASE(?,?), ref: 0311019D
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: CreateMutex
                                • String ID:
                                • API String ID: 1964310414-0
                                • Opcode ID: 58bc29b2063cc4db460c059fd6c12c14c6128bc63bfc655210718772136ea9bc
                                • Instruction ID: 71d4ed331ef60073339164049d15cba2581c53890c71ee5b32836c603a5df382
                                • Opcode Fuzzy Hash: 58bc29b2063cc4db460c059fd6c12c14c6128bc63bfc655210718772136ea9bc
                                • Instruction Fuzzy Hash: 3421A171A04240AFE721DF69DC85BAAFBE8EF08310F1884AAED458B242D774E544CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03110723, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                Download Yara Rule
                                APIs
                                • CreateDirectoryW.KERNELBASE(?,?), ref: 0311079F
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: CreateDirectory
                                • String ID:
                                • API String ID: 4241100979-0
                                • Opcode ID: 487d10fb6355d2cd32ba29f8a3689cce509e484f501648b415d2eeb5ffa47721
                                • Instruction ID: 949aded0e5253058cdb1ea78b00a5344f267de36c092647a9a4873dddbd9ac48
                                • Opcode Fuzzy Hash: 487d10fb6355d2cd32ba29f8a3689cce509e484f501648b415d2eeb5ffa47721
                                • Instruction Fuzzy Hash: 982183769093809FD711CB25DC44B96BFE8EF0A210F0984EAE885CF253D364D949CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03110A9B, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                Download Yara Rule
                                APIs
                                • CopyFileW.KERNELBASE(?,?,?), ref: 03110B1E
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: CopyFile
                                • String ID:
                                • API String ID: 1304948518-0
                                • Opcode ID: 965da56d614f4064911b3ce58772c6ffbf4b7f0774c9575c670eb97aa29d850a
                                • Instruction ID: 95a5b289042796510c7fb948a480673e7891853e2c871700d3614ee8d292c071
                                • Opcode Fuzzy Hash: 965da56d614f4064911b3ce58772c6ffbf4b7f0774c9575c670eb97aa29d850a
                                • Instruction Fuzzy Hash: F32183B55093845FD712CB25DC55B93BFA8AF1A214F0C80EAED84DB253D225D448C761
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031110BF, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                Download Yara Rule
                                APIs
                                • DeleteFileA.KERNELBASE(?,00000E2C), ref: 0311114B
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: DeleteFile
                                • String ID:
                                • API String ID: 4033686569-0
                                • Opcode ID: d191c02840358ba074cdd740996948e040838667a512d390df2b49ac68a69f6b
                                • Instruction ID: 4004478c3b06eefdbeeb3ce26259facd82affcab959c05c013ccfea79195294c
                                • Opcode Fuzzy Hash: d191c02840358ba074cdd740996948e040838667a512d390df2b49ac68a69f6b
                                • Instruction Fuzzy Hash: 3121D8715043806FE721CB25DC85FA6FFACDF45310F18C0AAFE859B192D364A948CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,A30EB7BA,00000000,00000000,00000000,00000000), ref: 0152ABB4
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 3342033d56873a1d1709a199b925d8d12feeccfbc52f54d13b88fc1bfdfd73a4
                                • Instruction ID: 7e9a4828763424515a091a2bf47578492da4deeda3039831552c7a7a2d1bf1b3
                                • Opcode Fuzzy Hash: 3342033d56873a1d1709a199b925d8d12feeccfbc52f54d13b88fc1bfdfd73a4
                                • Instruction Fuzzy Hash: EF218176504204AFE721CF69DC84F66FBECFF05710F14885AEE458B692D760E404CA71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0311148C, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE(?), ref: 031114F8
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: ff2e9e1c6632330590dc7d1a01122493ba187007aa2c830429e39470bd18df4f
                                • Instruction ID: 9e167108426d6acdc27ba3704bf503aaefb0adbe51200d7a7aa8b235ec5062fb
                                • Opcode Fuzzy Hash: ff2e9e1c6632330590dc7d1a01122493ba187007aa2c830429e39470bd18df4f
                                • Instruction Fuzzy Hash: EA21817250D3C05FDB128B25DC94692BFB4AF57324F0D80EAEDC58F663D2649908CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031123DA, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                Download Yara Rule
                                APIs
                                • OpenFileMappingW.KERNELBASE(?,?), ref: 03112445
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: FileMappingOpen
                                • String ID:
                                • API String ID: 1680863896-0
                                • Opcode ID: 4d7d5ad835a85844461683f2d00e6ff6f201972c109fb58b558d01085243792a
                                • Instruction ID: 63a9583ee9fac32a8645093f4ed3cea71869ce1e46585dd6d7cacb65ec26ca85
                                • Opcode Fuzzy Hash: 4d7d5ad835a85844461683f2d00e6ff6f201972c109fb58b558d01085243792a
                                • Instruction Fuzzy Hash: 3421D5B1604240AFE721DF65DC85BA6FBE8EF08310F18846AED859B641D771E405CB75
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031124DA, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: FileView
                                • String ID:
                                • API String ID: 3314676101-0
                                • Opcode ID: fff3314cc71515bb922974f8739edac571ff6d1c2b24ce61914bbdb2b13e7584
                                • Instruction ID: 310f388099261db36d25c07fd4baed7441f0c1bb73e8d413cad11a523144e49a
                                • Opcode Fuzzy Hash: fff3314cc71515bb922974f8739edac571ff6d1c2b24ce61914bbdb2b13e7584
                                • Instruction Fuzzy Hash: 4721C071500244AFEB21DF69DC85FA6FBE8EF08320F14846EEA849B251D771B519CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031101F4, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE(?), ref: 03110264
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: 6d4a8f8154ba8cdedfa86988d955a036fd4dde3dbf0230eaac2fcd7b8bcf12df
                                • Instruction ID: 10a3af154c339b93b23fc2ea96ad9eb8d77f7c2ec930d25e54cd0016f905ec47
                                • Opcode Fuzzy Hash: 6d4a8f8154ba8cdedfa86988d955a036fd4dde3dbf0230eaac2fcd7b8bcf12df
                                • Instruction Fuzzy Hash: 2621A4B69097849FD712CB64DC85792FFA8EF0A224F0980EAEC849B553D3749854CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03111EEA, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                Download Yara Rule
                                APIs
                                • WSASocketW.WS2_32(?,?,?,?,?), ref: 03111F56
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: Socket
                                • String ID:
                                • API String ID: 38366605-0
                                • Opcode ID: 641fe0ae8fbbcc7d83fb8631505c21513de1b5ef9a131ef563477a715e624ef1
                                • Instruction ID: 58448202d47458961a15f8ce5cad4ecc956838edefb569c4124d7bcfcdaf9df6
                                • Opcode Fuzzy Hash: 641fe0ae8fbbcc7d83fb8631505c21513de1b5ef9a131ef563477a715e624ef1
                                • Instruction Fuzzy Hash: 6A21F071500600AFEB21DF65DC84BA6FFE8EF08320F14846EEE858B242D375A418CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03110B9E, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegSetValueExW.KERNELBASE(?,00000E2C,A30EB7BA,00000000,00000000,00000000,00000000), ref: 03110C10
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: Value
                                • String ID:
                                • API String ID: 3702945584-0
                                • Opcode ID: 067dc80c8a05227421ca1e1a107938fbdba4df22881b0bbc10d420135d4c7f0b
                                • Instruction ID: c78d67929230781f109b6d6e4afd2024bb51b92ba3f5b98bd0849aa50e8a10f9
                                • Opcode Fuzzy Hash: 067dc80c8a05227421ca1e1a107938fbdba4df22881b0bbc10d420135d4c7f0b
                                • Instruction Fuzzy Hash: 0A1181B5904204AFEB20DE15DC81BA7FBACEF48710F1884AAED859B241D770E454DA71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031104EA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,A30EB7BA,00000000,00000000,00000000,00000000), ref: 0311055C
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 355efd01abfe1d97a329312a172540205cd8aeb43f62b1293255a3a0a4ea749a
                                • Instruction ID: 0283f8e5a50b90b0e766e88acf933a74b0a4212b9591f47e28550cb9ef06b3cb
                                • Opcode Fuzzy Hash: 355efd01abfe1d97a329312a172540205cd8aeb43f62b1293255a3a0a4ea749a
                                • Instruction Fuzzy Hash: 9D119DB1900600AFEB20CE55DC80BA6FBECEF08710F08846AEA468B251D760E454CA71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0311118F, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                Download Yara Rule
                                APIs
                                • SetKernelObjectSecurity.KERNELBASE(?,?,?), ref: 03111202
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: KernelObjectSecurity
                                • String ID:
                                • API String ID: 3015937269-0
                                • Opcode ID: 100b5f63381b00155db209c15e055f2947e6d0fad191560172de0e0d91b4d25b
                                • Instruction ID: c5960f817ac30bc2682e292d28b5bb752fa789b4360a41bb057e0255b8c353c0
                                • Opcode Fuzzy Hash: 100b5f63381b00155db209c15e055f2947e6d0fad191560172de0e0d91b4d25b
                                • Instruction Fuzzy Hash: 9321A27510D3805FD712CB25DC44A92FFB8EF0A214F0D80EFED848B263D265A959CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03111006, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                Download Yara Rule
                                APIs
                                • GetExitCodeProcess.KERNELBASE(?,00000E2C,A30EB7BA,00000000,00000000,00000000,00000000), ref: 0311105C
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: CodeExitProcess
                                • String ID:
                                • API String ID: 3861947596-0
                                • Opcode ID: c6731bf2927332e6b692efbca944d00232109e6f9f6c76633be7b8b65513eb67
                                • Instruction ID: 928ac6243a4fb5b0cd134b18ef46b5abcccb8ef2e0e67268597423cde165c85b
                                • Opcode Fuzzy Hash: c6731bf2927332e6b692efbca944d00232109e6f9f6c76633be7b8b65513eb67
                                • Instruction Fuzzy Hash: 4B11A771904244AFEB10DF65DC85BAAFB9CDF44320F1484BAEE45DB241D774A4448B71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0152A58A
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: e9dbdb717a961a16ea44c491859fa47f50bae537d3f7824c15d6a640b16c0f83
                                • Instruction ID: 341123bbe8ab92e6ddf2c1f60fbfda8f9755bbe6174c904ee7eefc208bb76c6b
                                • Opcode Fuzzy Hash: e9dbdb717a961a16ea44c491859fa47f50bae537d3f7824c15d6a640b16c0f83
                                • Instruction Fuzzy Hash: E1117272409380AFDB228F55DC44A62FFF4EF4A210F0884DAED858B553D375A418DB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                Download Yara Rule
                                APIs
                                • SendMessageW.USER32(?,?,?,?), ref: 0152B841
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: MessageSend
                                • String ID:
                                • API String ID: 3850602802-0
                                • Opcode ID: 16fcb7b3b8bdf43daa70238ac8feaa3e9298b72eedfe803143784958395c7b8f
                                • Instruction ID: 671331ab93a0c5249663e98127e97baf6ce22cc60ce3a0b573891361ec81f5c6
                                • Opcode Fuzzy Hash: 16fcb7b3b8bdf43daa70238ac8feaa3e9298b72eedfe803143784958395c7b8f
                                • Instruction Fuzzy Hash: 092190724097C09FDB138B25DC54A92BFB4EF17210F0D84DAEDC44F163D265A958DB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03111750, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                Download Yara Rule
                                APIs
                                • K32EnumProcesses.KERNEL32(?,?,?,A30EB7BA,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 031117B2
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: EnumProcesses
                                • String ID:
                                • API String ID: 84517404-0
                                • Opcode ID: ccb367728de6fa5a59eff6802d6e043f8789d61de0c72e356b2455b8de67d060
                                • Instruction ID: 904df8796440943c97a74e424f26e0f87814439d5827254b8c8fe8338cf8e1eb
                                • Opcode Fuzzy Hash: ccb367728de6fa5a59eff6802d6e043f8789d61de0c72e356b2455b8de67d060
                                • Instruction Fuzzy Hash: B9114F765093849FD711CF65DC84B97FFE8EF45220F0884AAED858B252D374A858CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031102DE, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 03110353
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: 0c083429bbd1620b118dadafbb43c3a4e0671ba6556f1b114a6a56721e903dd1
                                • Instruction ID: 670e31d9c23ffe98da8cc5a22a9ee2673ece6cac8e8cfcf302cae086ba6035c3
                                • Opcode Fuzzy Hash: 0c083429bbd1620b118dadafbb43c3a4e0671ba6556f1b114a6a56721e903dd1
                                • Instruction Fuzzy Hash: AC110171500200AFEB21DF14DC81FA6FFA8EF08710F1484AAFE854A291C371A558CBB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031109F2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                Download Yara Rule
                                APIs
                                • WriteFile.KERNELBASE(?,00000E2C,A30EB7BA,00000000,00000000,00000000,00000000), ref: 03110A51
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: FileWrite
                                • String ID:
                                • API String ID: 3934441357-0
                                • Opcode ID: f0fe855391eaf2ac4ae97f70812f667a98b9fed857348516a9f52d6d3a835480
                                • Instruction ID: 5cb603ac86bba09eae1c7ce0b748da0e0be8f4565e7ba628793d49bd786d02eb
                                • Opcode Fuzzy Hash: f0fe855391eaf2ac4ae97f70812f667a98b9fed857348516a9f52d6d3a835480
                                • Instruction Fuzzy Hash: 2511E771900200AFEB21DF55DC84F96FBA8EF48310F18846AEE499B241C774A458CBB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031110E2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                Download Yara Rule
                                APIs
                                • DeleteFileA.KERNELBASE(?,00000E2C), ref: 0311114B
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: DeleteFile
                                • String ID:
                                • API String ID: 4033686569-0
                                • Opcode ID: 1c7b5c0b99f0d5d3c443ff2b63798890ba57ff12bc777856df31c234d38842ff
                                • Instruction ID: 03f2dac649b9a2b340e27919bafa2266445d95bd9d90bb27272b4e9e50526234
                                • Opcode Fuzzy Hash: 1c7b5c0b99f0d5d3c443ff2b63798890ba57ff12bc777856df31c234d38842ff
                                • Instruction Fuzzy Hash: E611C671600204BFF760DB29DC85BA6FB9CDF44720F14C0AAFE459A281D7A4A5548AA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageW.USER32(?,?,?,?), ref: 0152BBB9
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: fec0496166654589cc1649cb734de16a7e45f394ba3bce6afbea98ce790e0588
                                • Instruction ID: 1fae6daaa94508fc39dda5be09b60a622f9b519e6835d34f007646f0c4c3e549
                                • Opcode Fuzzy Hash: fec0496166654589cc1649cb734de16a7e45f394ba3bce6afbea98ce790e0588
                                • Instruction Fuzzy Hash: 0711E6365093C09FDB228F25CC45B52FFB4EF06220F0884DEED858F563D265A458DB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                Download Yara Rule
                                APIs
                                • DispatchMessageW.USER32(?), ref: 0152BE70
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: DispatchMessage
                                • String ID:
                                • API String ID: 2061451462-0
                                • Opcode ID: e8d396b0ba9ae5c6c4e84bbdfda55e431571737e080dd24fb086ef9a444ea2ae
                                • Instruction ID: 6b9e924e91d5728463e79c6f7aa17e2df0a34f96af812132b2b2c3ef477f44b4
                                • Opcode Fuzzy Hash: e8d396b0ba9ae5c6c4e84bbdfda55e431571737e080dd24fb086ef9a444ea2ae
                                • Instruction Fuzzy Hash: 72118E7540D3C0AFDB138B25DC84B62BFB4EF47624F0980DAED858F263D2656808CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                Download Yara Rule
                                APIs
                                • CreateIconFromResourceEx.USER32 ref: 0152B78A
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: CreateFromIconResource
                                • String ID:
                                • API String ID: 3668623891-0
                                • Opcode ID: 1a221c0ec2c4bdb7c421d54debae02030aa4cfe77dd4b3fb50e53c35f3cefb28
                                • Instruction ID: 8159c186fee0b548df0365884da6d73796957929d037c0b9d126b4660839912c
                                • Opcode Fuzzy Hash: 1a221c0ec2c4bdb7c421d54debae02030aa4cfe77dd4b3fb50e53c35f3cefb28
                                • Instruction Fuzzy Hash: 1C1190324083809FDB228F64DC84A56FFF4FF4A310F0884AEED858B562C375A418CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152BEB4, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                Download Yara Rule
                                APIs
                                • DeleteFileW.KERNELBASE(?), ref: 0152BF0C
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: DeleteFile
                                • String ID:
                                • API String ID: 4033686569-0
                                • Opcode ID: c035f32a6317c15f909c1f59093814db9e0a3816cf7836fcd4681526e501e735
                                • Instruction ID: beba9b1e87896574e8c54b1e2ba4efbef284c22492551baf1ebcca754215767f
                                • Opcode Fuzzy Hash: c035f32a6317c15f909c1f59093814db9e0a3816cf7836fcd4681526e501e735
                                • Instruction Fuzzy Hash: 7A1151765053849FD711CF29DC85B56BFE8EF46220F0884AAED85CF252D275E848CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031115EB, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                Download Yara Rule
                                APIs
                                • GetSystemInfo.KERNELBASE(?), ref: 0311164C
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: InfoSystem
                                • String ID:
                                • API String ID: 31276548-0
                                • Opcode ID: 4b2848c974bc29ec6e467b418d9c01ee357cb02fe13ee00f823513986dbef051
                                • Instruction ID: e90dffa150f56ca549354b8961e6f2638f68081c254f340eb1c286d8817a3996
                                • Opcode Fuzzy Hash: 4b2848c974bc29ec6e467b418d9c01ee357cb02fe13ee00f823513986dbef051
                                • Instruction Fuzzy Hash: B01160714093C45FD7128B65D845692FFF8EF46210F0D84EADDC58F163D275A548CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03111276, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                Download Yara Rule
                                APIs
                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 031112BE
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: LookupPrivilegeValue
                                • String ID:
                                • API String ID: 3899507212-0
                                • Opcode ID: bbc9e492c47a35259c66d87bc806ab5285e0f996660a4a337b384c30f0e4494a
                                • Instruction ID: b12cd9c6559967353a919ab1523e8169e7ca02a58fed48148a8ddc667a235792
                                • Opcode Fuzzy Hash: bbc9e492c47a35259c66d87bc806ab5285e0f996660a4a337b384c30f0e4494a
                                • Instruction Fuzzy Hash: AB11A571A002009FDB10CF29D885796FBD8EF48220F18C0BADD49CB642D374D414CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03110AD6, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                Download Yara Rule
                                APIs
                                • CopyFileW.KERNELBASE(?,?,?), ref: 03110B1E
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: CopyFile
                                • String ID:
                                • API String ID: 1304948518-0
                                • Opcode ID: bbc9e492c47a35259c66d87bc806ab5285e0f996660a4a337b384c30f0e4494a
                                • Instruction ID: 0945967a625557d54293e54865a7723237c6abf52f0514fd43990e2fa7d27f22
                                • Opcode Fuzzy Hash: bbc9e492c47a35259c66d87bc806ab5285e0f996660a4a337b384c30f0e4494a
                                • Instruction Fuzzy Hash: C9118EB5A002048FDB10DF29D885797FBE8EF48229F1880BAEC49CB242D374E454CB75
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03110932, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • GetFileType.KERNELBASE(?,00000E2C,A30EB7BA,00000000,00000000,00000000,00000000), ref: 03110985
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: FileType
                                • String ID:
                                • API String ID: 3081899298-0
                                • Opcode ID: c028cdfe446b4822506dc5cea8df0822bfdf83d372b8ed2b8c5c5820275e2c61
                                • Instruction ID: fb753c569e556a7150eb3deece2e6ed67e94d93af2789f5c729a5586c96f075d
                                • Opcode Fuzzy Hash: c028cdfe446b4822506dc5cea8df0822bfdf83d372b8ed2b8c5c5820275e2c61
                                • Instruction Fuzzy Hash: 5601D671904604AFF710DB19DC85FA6FBACDF48720F18C0A6EE899B241D774A4448AB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0311075A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • CreateDirectoryW.KERNELBASE(?,?), ref: 0311079F
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: CreateDirectory
                                • String ID:
                                • API String ID: 4241100979-0
                                • Opcode ID: 8945915e22ff4b87e7bbb306ef8168f52d1fc57394284c9686e2b49f7ce74085
                                • Instruction ID: 298b21a21edd0428a4198629d13b7e7c87b483ffdb32b5783c3d7b4682334044
                                • Opcode Fuzzy Hash: 8945915e22ff4b87e7bbb306ef8168f52d1fc57394284c9686e2b49f7ce74085
                                • Instruction Fuzzy Hash: 2F116576A002458FDB50CF29D8847AAFBD8EF48220F18C4BADD89CB642D774D554CF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152A75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: Initialize
                                • String ID:
                                • API String ID: 2538663250-0
                                • Opcode ID: 0316d8385d38ba8cf61dbd7191e161a982501c87a46debbe89c44c32063dca6b
                                • Instruction ID: b29f108fb93aeb797938782597b1502fdfefef61aec14a687ca667c1d7322885
                                • Opcode Fuzzy Hash: 0316d8385d38ba8cf61dbd7191e161a982501c87a46debbe89c44c32063dca6b
                                • Instruction Fuzzy Hash: C211A0754093849FDB12CF15DC84B56BFB4EF46220F0884EAED898F293D275A549CBA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03111772, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                Download Yara Rule
                                APIs
                                • K32EnumProcesses.KERNEL32(?,?,?,A30EB7BA,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 031117B2
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: EnumProcesses
                                • String ID:
                                • API String ID: 84517404-0
                                • Opcode ID: 8e37e947274b06979c7bf312cacec65f307a35be825e0f4e559480a7f006e46c
                                • Instruction ID: 7756156ed78d415f622ba39946b776462ffa2ae1621b3139aa4593610836c357
                                • Opcode Fuzzy Hash: 8e37e947274b06979c7bf312cacec65f307a35be825e0f4e559480a7f006e46c
                                • Instruction Fuzzy Hash: 1E1161766002059FDB10CF69D884796FBE8EF48220F18C4BADE598B752D774E454CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                Download Yara Rule
                                APIs
                                • SetWindowLongW.USER32(?,?,?), ref: 0152A926
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: LongWindow
                                • String ID:
                                • API String ID: 1378638983-0
                                • Opcode ID: 91650d3b42ca165d4346ec7f5d87ce6f7c7da32c4d93bc2da3ebd1651002560f
                                • Instruction ID: 038455a0688a380fe953a25ac98a9807852570b4669380687db9b6c1a24d39e8
                                • Opcode Fuzzy Hash: 91650d3b42ca165d4346ec7f5d87ce6f7c7da32c4d93bc2da3ebd1651002560f
                                • Instruction Fuzzy Hash: C711CE364097849FD7228F25DC85A52FFB4EF06220F09C4DAED854F263C375A808CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03110CCA, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 03110D1A
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: FileNameTemp
                                • String ID:
                                • API String ID: 745986568-0
                                • Opcode ID: 9750e6f46eaece197e1e8c771c915f5708afb3eb1331b50c93ebaf8f21802c44
                                • Instruction ID: 14392bee6edbf385f91e226bc0643bde9c60f1791d50496dff42f894e7244496
                                • Opcode Fuzzy Hash: 9750e6f46eaece197e1e8c771c915f5708afb3eb1331b50c93ebaf8f21802c44
                                • Instruction Fuzzy Hash: FE019E72900200ABD210DF2ADC85B26FBE8EB88A20F14812AED488B645E631B515CBE1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03112FEE, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                Download Yara Rule
                                APIs
                                • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 0311303E
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: FormatMessage
                                • String ID:
                                • API String ID: 1306739567-0
                                • Opcode ID: 0ca91d0756c16e3f130861afbeb70068d2fdc17c1edcb92f0b4ca3b0d9716f18
                                • Instruction ID: 4b6780eb893726dd213ff374d898e28d8e53104aadd58bd523e4cff15857d90f
                                • Opcode Fuzzy Hash: 0ca91d0756c16e3f130861afbeb70068d2fdc17c1edcb92f0b4ca3b0d9716f18
                                • Instruction Fuzzy Hash: DE01B172900200AFD310DF2ADC85B26FBE8EF88B20F14812AED088B745E631F515CBE1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152A172, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON
                                Download Yara Rule
                                APIs
                                • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 0152A1C2
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: Startup
                                • String ID:
                                • API String ID: 724789610-0
                                • Opcode ID: 64ff92cb91af9cc62cba94c3f7e14a7679d747c31f29b7a35f7db6711798a8ee
                                • Instruction ID: 16e5de4b8853e7e47504f42b5bdf7f819255db4cac7c88acce5481453547060f
                                • Opcode Fuzzy Hash: 64ff92cb91af9cc62cba94c3f7e14a7679d747c31f29b7a35f7db6711798a8ee
                                • Instruction Fuzzy Hash: 1501B171900200AFD710DF2ADC85B26FBE8EF88A20F14816AED088B745E635F515CBE1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152BED2, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                Download Yara Rule
                                APIs
                                • DeleteFileW.KERNELBASE(?), ref: 0152BF0C
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: DeleteFile
                                • String ID:
                                • API String ID: 4033686569-0
                                • Opcode ID: d08cdf72b696193d376063ec7aeca349fcc2acb32267eb05f309ce0cf4aff232
                                • Instruction ID: 3358d24c51216eae4ea097c5219aabd52c91a9aedc1e3a55a0bc986ee4a775cc
                                • Opcode Fuzzy Hash: d08cdf72b696193d376063ec7aeca349fcc2acb32267eb05f309ce0cf4aff232
                                • Instruction Fuzzy Hash: ED01B5726002008FDB10DF29D88476AFBE8EF45220F08C4AADD59CF786D675E404CF62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031111C2, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                Download Yara Rule
                                APIs
                                • SetKernelObjectSecurity.KERNELBASE(?,?,?), ref: 03111202
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: KernelObjectSecurity
                                • String ID:
                                • API String ID: 3015937269-0
                                • Opcode ID: dfbaf0bb29ca640c5fa87ddae18cf5e1d62fdd3c9048276fe646fbfaba19d4e8
                                • Instruction ID: 6baec5dee25372fd69bfe08c1d300b03d1a168a7a24d313a72e0d7cfd5200874
                                • Opcode Fuzzy Hash: dfbaf0bb29ca640c5fa87ddae18cf5e1d62fdd3c9048276fe646fbfaba19d4e8
                                • Instruction Fuzzy Hash: C00180755142009FDB10CF65D884BA6FBA8EF08220F18C0BADE458B651D374E458CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0152A58A
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: 0f4f1783491d79aa94a3388abc520041bc58cc96a340f9849f6b4a0b924668be
                                • Instruction ID: 5c5c2c7fd0cd8c5a1fc1f6d92ffd0c9a6219cdf9cd8504587b8b475a1bedce1f
                                • Opcode Fuzzy Hash: 0f4f1783491d79aa94a3388abc520041bc58cc96a340f9849f6b4a0b924668be
                                • Instruction Fuzzy Hash: 94016D725006009FDF218F55D884B56FFE5FF49321F08C8AAED894BA56C375A014DF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                Download Yara Rule
                                APIs
                                • CreateIconFromResourceEx.USER32 ref: 0152B78A
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: CreateFromIconResource
                                • String ID:
                                • API String ID: 3668623891-0
                                • Opcode ID: 41834ab41e70ab811df2ccc1fd6aa3bd335bc24e213f6a0ea10ca211999ea889
                                • Instruction ID: d667abc5a04a84ef0bbfb975cb730c799682698f1eb3fbab40fff125816432ba
                                • Opcode Fuzzy Hash: 41834ab41e70ab811df2ccc1fd6aa3bd335bc24e213f6a0ea10ca211999ea889
                                • Instruction Fuzzy Hash: 44016D724006009FDB218F55D884B56FFE4FF48320F0CC8AAEE894E652D375A018DFA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03110232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE(?), ref: 03110264
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: 88a4a824ccd8d15e533411f8965f5dc1226351df521adb45439b8d5ceafbdb5a
                                • Instruction ID: b4d92de4408b572f7c8f9de677f5e3b7ff0e1d5b07f52f7753be10b1818d10b4
                                • Opcode Fuzzy Hash: 88a4a824ccd8d15e533411f8965f5dc1226351df521adb45439b8d5ceafbdb5a
                                • Instruction Fuzzy Hash: 9F01DF759002008FDB10CF29D8847A6FBA8EF4C320F08C0BBEC498B642D775A494CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031114C6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE(?), ref: 031114F8
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: f46f35c82c82ea969f48434d5a124d0cbf518d872b14b9928bd9da5f81746431
                                • Instruction ID: fe701f4d6da5eada3ab7ab9a3820edb4bb0634b06470cf4e2195dc9ed7f57b08
                                • Opcode Fuzzy Hash: f46f35c82c82ea969f48434d5a124d0cbf518d872b14b9928bd9da5f81746431
                                • Instruction Fuzzy Hash: A701BC719042009FDB50CF29E884796FFA8EF48220F08C0BADD4A8B746C374E458CBB2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031119FE, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 03111A4E
                                Memory Dump Source
                                • Source File: 00000006.00000002.601707655.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 374afbb90451568b5263a87cf166d7bc7e4d75bc03734299becb2ab79f85dbb9
                                • Instruction ID: 37e7492cab4db4c25aa0d29f2dd10d965b90c4c88f3f6369f5db17e8ff45ae30
                                • Opcode Fuzzy Hash: 374afbb90451568b5263a87cf166d7bc7e4d75bc03734299becb2ab79f85dbb9
                                • Instruction Fuzzy Hash: 9101A272500200ABD210DF1ADC86B26FBE8FF88B20F14811AED484B745E671F515CBE5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0152AFEA
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: 92325cc02312e916e3c976f8a9f7f6d4395cd4957f8774df0055cefc6e90b96c
                                • Instruction ID: 795248b4f5c97f11b1b4ad37d76539a9daf5398e01eeaf109e4e3bfe893608a2
                                • Opcode Fuzzy Hash: 92325cc02312e916e3c976f8a9f7f6d4395cd4957f8774df0055cefc6e90b96c
                                • Instruction Fuzzy Hash: 8301A271500200ABD210DF1ADC86B26FBE8FF88B20F14815AED484B745E635F515CBE5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageW.USER32(?,?,?,?), ref: 0152BBB9
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: 57d05b17b06d887f291a0dc084d5995c698529b7be95e283ade5dfa637b35ed1
                                • Instruction ID: 4079d0fd1a81808870c3c089c921f7c63183d9b8cb891ae82dc3e1e3ba9c2ac1
                                • Opcode Fuzzy Hash: 57d05b17b06d887f291a0dc084d5995c698529b7be95e283ade5dfa637b35ed1
                                • Instruction Fuzzy Hash: 8401D4365042008FDB218F19D884B66FFE4FF05320F08C49EDD864B6A6C271E418CF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152A78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: Initialize
                                • String ID:
                                • API String ID: 2538663250-0
                                • Opcode ID: 95c8560a8e2ae375708cfdca7085aef703c876f90fdd5aef9046093578870231
                                • Instruction ID: a9c402e59d6dcf7810192a56e9c0198feea57f5960772f113bfe108a8033524a
                                • Opcode Fuzzy Hash: 95c8560a8e2ae375708cfdca7085aef703c876f90fdd5aef9046093578870231
                                • Instruction Fuzzy Hash: 9E01D1759042408FDB10DF19D884766FFE4EF45321F18C4AADD4A8FA83D278A404CFA6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                Download Yara Rule
                                APIs
                                • SendMessageW.USER32(?,?,?,?), ref: 0152B841
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: MessageSend
                                • String ID:
                                • API String ID: 3850602802-0
                                • Opcode ID: c037365a05e64c7631a14d80c8266561142056741ecca70eb33fc6b582b1a14c
                                • Instruction ID: b975845a5c2361b75a7aec4bbdad54c730d263c9ce00e6bb0d4c059e94ebbf66
                                • Opcode Fuzzy Hash: c037365a05e64c7631a14d80c8266561142056741ecca70eb33fc6b582b1a14c
                                • Instruction Fuzzy Hash: B701A272400244DFDB218F16D884B66FFE0FF49320F08C49ADD890F662D2B5A418CFA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                Download Yara Rule
                                APIs
                                • SetWindowLongW.USER32(?,?,?), ref: 0152A926
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: LongWindow
                                • String ID:
                                • API String ID: 1378638983-0
                                • Opcode ID: 3a861a341536547c99980a381f55a2b9535f636d3b04145f5ff5ebd74d1dd351
                                • Instruction ID: 7fd91424c6e7104fddca11061fac3a183e0889a77918d83cc6e14d980524e5ab
                                • Opcode Fuzzy Hash: 3a861a341536547c99980a381f55a2b9535f636d3b04145f5ff5ebd74d1dd351
                                • Instruction Fuzzy Hash: ED01A2365006048FDB208F16D885756FFE4EF45720F08C49ADD860F692C375A408CF62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152A372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                Download Yara Rule
                                APIs
                                • SetErrorMode.KERNELBASE(?), ref: 0152A3A4
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: ErrorMode
                                • String ID:
                                • API String ID: 2340568224-0
                                • Opcode ID: 790a8b3cbef606feace5ad558695eed1c787def17b1aae6a434d0dce6eae5ba3
                                • Instruction ID: 00db55a128d190ce3035b4cc18e85c652a831cd46c238ace313ac6cb076bd62e
                                • Opcode Fuzzy Hash: 790a8b3cbef606feace5ad558695eed1c787def17b1aae6a434d0dce6eae5ba3
                                • Instruction Fuzzy Hash: C0F0A476504244DFDB108F19D884769FFE4EF55321F18C49ADD894FB92D2B5A404CFA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0152BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                Download Yara Rule
                                APIs
                                • DispatchMessageW.USER32(?), ref: 0152BE70
                                Memory Dump Source
                                • Source File: 00000006.00000002.601020777.000000000152A000.00000040.00000001.sdmp, Offset: 0152A000, based on PE: false
                                Similarity
                                • API ID: DispatchMessage
                                • String ID:
                                • API String ID: 2061451462-0
                                • Opcode ID: 790a8b3cbef606feace5ad558695eed1c787def17b1aae6a434d0dce6eae5ba3
                                • Instruction ID: c610c8b83054bd0b31e633741421161a41e9196f33150608ab1344cde38f9ad2
                                • Opcode Fuzzy Hash: 790a8b3cbef606feace5ad558695eed1c787def17b1aae6a434d0dce6eae5ba3
                                • Instruction Fuzzy Hash: 54F0AF769046448FDB208F19D884766FFE4EF45321F18C4AADE994F392D275A448CEA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B9DA0, Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: 128baca8ff22e00c233ce6fe2eb8b92f9ff13ac73bc5cc8cb29a6d4e5cdf2183
                                • Instruction ID: 04caf2cdcfeaeb627957ec7910619f5f2d28ef6784b725f9e276b324c274de48
                                • Opcode Fuzzy Hash: 128baca8ff22e00c233ce6fe2eb8b92f9ff13ac73bc5cc8cb29a6d4e5cdf2183
                                • Instruction Fuzzy Hash: 1451F631F051058FCB44DF79C840AEEBBF2EBC9215B29887AD61ADB355DB319C428B91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B0682, Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: Z]q^
                                • API String ID: 0-3439883670
                                • Opcode ID: c8ad74e3f0ef351cdfa446062c8fff959c8354dbe4b0b4fac1cdf845e80b303d
                                • Instruction ID: c90715a6864277abf0d993370e5ef73f87a408407b9c362f420043e28165d268
                                • Opcode Fuzzy Hash: c8ad74e3f0ef351cdfa446062c8fff959c8354dbe4b0b4fac1cdf845e80b303d
                                • Instruction Fuzzy Hash: 41418F71A002158FC328AB78E81C56E3BA6FFC9701B164869F412CF3A8DF748C45AB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B1458, Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: $g%r
                                • API String ID: 0-359987751
                                • Opcode ID: f077b1032d775080cf2e209669f44974cdd23d95ae9b91907891f1c43e0d5d57
                                • Instruction ID: 8b698dfee9f2e0cf5b22f46fe3961ce2a81f60eeb2975283b6cd6e46ff76774d
                                • Opcode Fuzzy Hash: f077b1032d775080cf2e209669f44974cdd23d95ae9b91907891f1c43e0d5d57
                                • Instruction Fuzzy Hash: 1851C034A01219CFDB58DB68C894B9DBBF2BF4A300F5044AAD40AAB365DB399D85CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B9828, Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: 4472aafc0741f21c2ab4bdd8ca30e9d000769421ab553260ad1b5ce5eeee01ff
                                • Instruction ID: 9034675315fbac29ab33ff26bcf4884138391d86d65ee5b06e5769ba639eae97
                                • Opcode Fuzzy Hash: 4472aafc0741f21c2ab4bdd8ca30e9d000769421ab553260ad1b5ce5eeee01ff
                                • Instruction Fuzzy Hash: EA41D271E052058FCB50DFA9C8805FEBBB2EBC5214B29C866C616DB615CB35EC02CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B1290, Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: $g%r
                                • API String ID: 0-359987751
                                • Opcode ID: f874163e58ed7b4f197c1a6724dab6920648a10fc57e4153924f12adf5795d48
                                • Instruction ID: b8035debdcd7ead05c9a5ca03e2f0de76fdf4afe7e1bcbd333dc25afc97d62fd
                                • Opcode Fuzzy Hash: f874163e58ed7b4f197c1a6724dab6920648a10fc57e4153924f12adf5795d48
                                • Instruction Fuzzy Hash: 4341F674A05219DFCB68DF68D894BDDBBB1BB4A340F0044AAD40AAB355DB349D84CF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B21F8, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: r*+
                                • API String ID: 0-3221063712
                                • Opcode ID: 2d8b2bef3c784c887392dee957a044ca8199fadf70f3af75cded2400c6ef1d87
                                • Instruction ID: ddc70cf252c302467ed70b40e8ed7bbeba31890bd7272cc70bb0798eaad6de01
                                • Opcode Fuzzy Hash: 2d8b2bef3c784c887392dee957a044ca8199fadf70f3af75cded2400c6ef1d87
                                • Instruction Fuzzy Hash: B2413930E09209EFCB88DBA5C1456EEBBF5FF44300F10886AD452EB2A4D7349A05CF52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B8CD0, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: r*+
                                • API String ID: 0-3221063712
                                • Opcode ID: 2b121f46a9cf0d05171d4daecda284b95f913869d6f2c51ea15a78dd120e8dc9
                                • Instruction ID: 0b44f0f2c9ea6e5a27a184efd77e90f6f239b44d7a25503768c8542896565dde
                                • Opcode Fuzzy Hash: 2b121f46a9cf0d05171d4daecda284b95f913869d6f2c51ea15a78dd120e8dc9
                                • Instruction Fuzzy Hash: BA412931E05249DFDB58DBA4C5456EEBBF5FF54340F2488AAD802EB260DB349A05CF52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B8B10, Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: B]q^
                                • API String ID: 0-3873460314
                                • Opcode ID: 5ad5ee0a071240e33d2752f3849ee4c77623a50acbb0a8c818154f439484dd95
                                • Instruction ID: 6023741166ffd2ed550b405bbb8f975ad685daeee94570f3cfe7f63377966d52
                                • Opcode Fuzzy Hash: 5ad5ee0a071240e33d2752f3849ee4c77623a50acbb0a8c818154f439484dd95
                                • Instruction Fuzzy Hash: 1F316F71B15241CFC748EF78E4589AD7BF6FBC8221B118869E406DB2A1EF389C81CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BD818, Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: m<]q^
                                • API String ID: 0-1249356292
                                • Opcode ID: 4a951cd49e82d8b4113c4662749d70dba917cde7e72d8aec79d86e4c3db18b10
                                • Instruction ID: 23d49da5ea6bcca1656896d3a59dafab41e742bbc496c12d953302649f94ffbd
                                • Opcode Fuzzy Hash: 4a951cd49e82d8b4113c4662749d70dba917cde7e72d8aec79d86e4c3db18b10
                                • Instruction Fuzzy Hash: E4219171605315CFC7499F2494550A87FB1FB8B20971488AEE406DF392DB3A9C07CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B8B20, Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: B]q^
                                • API String ID: 0-3873460314
                                • Opcode ID: 7e7638dd58c691a81996584ea9e4a6b0abbfd5ff74b7c03200bd329232ca7ffd
                                • Instruction ID: 9e84b615436b068e455bb7aaffbf12d0c75ad79ff1b51fdd379093cc3050fcd2
                                • Opcode Fuzzy Hash: 7e7638dd58c691a81996584ea9e4a6b0abbfd5ff74b7c03200bd329232ca7ffd
                                • Instruction Fuzzy Hash: 3E218B71B15241CFC748EB78E45896E3BB6FBC8211B508869E406CB2A0EF38AC41CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BCA81, Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: =]q^
                                • API String ID: 0-3585925264
                                • Opcode ID: 5200f90dbb41045c2d5ddd7259743d55a20df2e155330271ce64971b25acd07d
                                • Instruction ID: 1e1c26ae560c68f4045ee5346893e988da99c547c0e7875c73fdc006890fa9bb
                                • Opcode Fuzzy Hash: 5200f90dbb41045c2d5ddd7259743d55a20df2e155330271ce64971b25acd07d
                                • Instruction Fuzzy Hash: 022138357092509FD306CB38D49476D3FA7FB8A325F594499E946CB386EB386C46C780
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BE2F8, Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: l&r
                                • API String ID: 0-2436013623
                                • Opcode ID: 6a11b042b58e32d6534f84bb221c9fd3e9d8da11f8bc9311f6126470c1262b72
                                • Instruction ID: 1fbe7f0801c07444428a7e10c37ce793aba62750bdee8a56b2905c63f19fed85
                                • Opcode Fuzzy Hash: 6a11b042b58e32d6534f84bb221c9fd3e9d8da11f8bc9311f6126470c1262b72
                                • Instruction Fuzzy Hash: 8F218E31A05214CBCB05CB69E4187FEBBF6BB88B11F18586AE546DB340DB319C45C7A5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B61D1, Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: X1(r
                                • API String ID: 0-3909273932
                                • Opcode ID: e43d49feeb9a2cc0d061b89278b9b54ac7beebb08e98f73160e5d59b84ee2d8e
                                • Instruction ID: b7603d0319f8f6244a6653e3c9197f270d50031831f980fc09cdf1f5c9748d27
                                • Opcode Fuzzy Hash: e43d49feeb9a2cc0d061b89278b9b54ac7beebb08e98f73160e5d59b84ee2d8e
                                • Instruction Fuzzy Hash: 3621D631B055199FEB54E7B884103FE77F6ABC8720F14047AD586EB384DE3A8C4197A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B6E90, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: g
                                • API String ID: 0-30677878
                                • Opcode ID: 4f013e130bb2b186e760e90ee658f7a3e29291f0c058cbb5b2ca2ec3a7e8d3ec
                                • Instruction ID: b39699b6b8aac7fe0df147ba59e1821fba7c7752c67074e6e15632b56c14451f
                                • Opcode Fuzzy Hash: 4f013e130bb2b186e760e90ee658f7a3e29291f0c058cbb5b2ca2ec3a7e8d3ec
                                • Instruction Fuzzy Hash: 9C21DC71E0131ACFDB90EBB894417EEBBF4EB81610F60047BD405DB280EB3A5852CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BD88F, Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: m<]q^
                                • API String ID: 0-1249356292
                                • Opcode ID: 1d2b8b6dfb9d45496fee074def185f311022c482d02f2951ebd7b0ff8ced5f06
                                • Instruction ID: 75112f71c5aa6f97ae8527affb9ea9e5aadc208792d2e88a02e0d0d88145f22a
                                • Opcode Fuzzy Hash: 1d2b8b6dfb9d45496fee074def185f311022c482d02f2951ebd7b0ff8ced5f06
                                • Instruction Fuzzy Hash: 98211C74600216CFCB499B28D0554587BE2FB8A30936088ACE50ADF391DF369C4BCF90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BCA90, Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: =]q^
                                • API String ID: 0-3585925264
                                • Opcode ID: ad4efc8014a0b8235556cbb16c72a9e6f506dda78241bf720dc86ee4d7ef377e
                                • Instruction ID: d2bb996e818a61286a65ec20a2949c12996107e4b3af11619d99e2dfcedc4b0c
                                • Opcode Fuzzy Hash: ad4efc8014a0b8235556cbb16c72a9e6f506dda78241bf720dc86ee4d7ef377e
                                • Instruction Fuzzy Hash: FF11C2343042249FD309EB38D454B6D3BABF7C9621F554864F906DB385EE389C86C794
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B05B9, Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: 8bq
                                • API String ID: 0-187764589
                                • Opcode ID: 13a31b28a319e8a23af27450f7a9a7e1066b8453738bae3d13338b0627a66812
                                • Instruction ID: 2828742a39be45b13b01076f7dbf97350345745e65abb43b34c4d76b6c825db6
                                • Opcode Fuzzy Hash: 13a31b28a319e8a23af27450f7a9a7e1066b8453738bae3d13338b0627a66812
                                • Instruction Fuzzy Hash: 8101D1317451200FC74A663D64115FF17DBEBC6620B28486FE04AEB395CD799C4743A6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BA700, Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: Hu&r
                                • API String ID: 0-1342936641
                                • Opcode ID: 7ed9bb7cb3773db1b62cc416fc1a38d82a25c2e823ffbcb329e428021b812ea4
                                • Instruction ID: 1b9bc3972ea15a1fc0865d091f3e8f34f77203b4dca4221a3d588b19bed2ad70
                                • Opcode Fuzzy Hash: 7ed9bb7cb3773db1b62cc416fc1a38d82a25c2e823ffbcb329e428021b812ea4
                                • Instruction Fuzzy Hash: D1F02B7674D2205BC744A6BC6CD06BE2BB7FBC63307644B6AE416CF2D4DD248D0583A6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B05C8, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: 8bq
                                • API String ID: 0-187764589
                                • Opcode ID: 57386c305156fb03f0d2310b4973364106c42758db228c08b5dce97c3431f516
                                • Instruction ID: 843a53e57830d08969260298a0d21fecbc1a4de630b1a0b4650a0dc370828588
                                • Opcode Fuzzy Hash: 57386c305156fb03f0d2310b4973364106c42758db228c08b5dce97c3431f516
                                • Instruction Fuzzy Hash: 6DF090217015250BC509767D64115BF52CBABC9A51B68482AF10AEB384DD79AC4203EA
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B4710, Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: X1(r
                                • API String ID: 0-3909273932
                                • Opcode ID: ccc05fc79d1f2f1e411dc302a07e1e5c70f74d3d7be1a3403703835a690bf518
                                • Instruction ID: e7b64db7797bfb66d8ad30c0c36d22ad936ff4e1af7269e69904c3f0858f5a77
                                • Opcode Fuzzy Hash: ccc05fc79d1f2f1e411dc302a07e1e5c70f74d3d7be1a3403703835a690bf518
                                • Instruction Fuzzy Hash: 81F024363823608BCA24A6BE54103FF32EA9BC6A60F54047ED10ACB781DD26CC4293A4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B7870, Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: Hu&r
                                • API String ID: 0-1342936641
                                • Opcode ID: 18c3866c27c1f4502bb1bc48b370b9c79212b70f5b20e76a84a84deac1888935
                                • Instruction ID: 1da1295adc93ef1ffd5b1a0a224eb595fed3da3314060a18b4ff2be87f3c8f4c
                                • Opcode Fuzzy Hash: 18c3866c27c1f4502bb1bc48b370b9c79212b70f5b20e76a84a84deac1888935
                                • Instruction Fuzzy Hash: 3FF046767491508BC714AABC6C805BC2BA2FFC5620760067ED006AF2C8DE208C008362
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BA710, Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: Hu&r
                                • API String ID: 0-1342936641
                                • Opcode ID: fdea8cb210e98ab01dfc3f85eb1d7c8c8bb916e649e5c17c0282ad51261978a1
                                • Instruction ID: dbff85baed9a8b55d4a72064f2f059f305cb086d9285e67b455991dff2b302e8
                                • Opcode Fuzzy Hash: fdea8cb210e98ab01dfc3f85eb1d7c8c8bb916e649e5c17c0282ad51261978a1
                                • Instruction Fuzzy Hash: 85F0E97174912057C654A56D6C90A7E6ABBFBC5630BA04729A41A9F3C8DD10DC0143A6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B7880, Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: Hu&r
                                • API String ID: 0-1342936641
                                • Opcode ID: abe07cd298148e4c955ee19606172670ae466d183725ab5fa48aea8c1c3e43ae
                                • Instruction ID: 48ff227474e73d4b7d785523445b2dfd822565c6e36301067e41cabc14002b35
                                • Opcode Fuzzy Hash: abe07cd298148e4c955ee19606172670ae466d183725ab5fa48aea8c1c3e43ae
                                • Instruction Fuzzy Hash: A0F0E97274911057C554A67D6C8057D6A9BFFC5670760473DA01A9F3C8DE108C0183A6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B63B8, Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: l&r
                                • API String ID: 0-2436013623
                                • Opcode ID: 85a9fc80397e650ee3cfba233aa3f08ae01a30e23c8175338ffdf1a812bf025f
                                • Instruction ID: a8568c58da1797037b0f526c70368bab7d0072951017ad704b9b4160a54818d2
                                • Opcode Fuzzy Hash: 85a9fc80397e650ee3cfba233aa3f08ae01a30e23c8175338ffdf1a812bf025f
                                • Instruction Fuzzy Hash: 8BE0D8367813512FC7665B7858005BE7BD9EFC16303454455E801CE242CA1D8C8783A4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B6459, Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: %R]q^
                                • API String ID: 0-4178393532
                                • Opcode ID: 25d1847e4931cb98033645a075d259362253896de8db07043c47840d1c92183a
                                • Instruction ID: 6cb67faed2bf78b6bf3047d3ac4a4c1cfeddf22b090ab691bfc7f9ca267c0d08
                                • Opcode Fuzzy Hash: 25d1847e4931cb98033645a075d259362253896de8db07043c47840d1c92183a
                                • Instruction Fuzzy Hash: 88E0DF317443605FD708DA688450AB9BBDABFC1218B04C89FD80A9B342CA62DC0287D0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B63C8, Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: l&r
                                • API String ID: 0-2436013623
                                • Opcode ID: f2dfefe837719e9e6b1fe02e1abc62b458448367c81af3598f3faabd16cfe7d7
                                • Instruction ID: 541fcbee775dcaec209994edece7088d0a9881bcc2a9bf5c7f631cd57f8c64b8
                                • Opcode Fuzzy Hash: f2dfefe837719e9e6b1fe02e1abc62b458448367c81af3598f3faabd16cfe7d7
                                • Instruction Fuzzy Hash: CBD0A756741234278925BA7D580067F778EBBC1D513894828F406DF345DD15DC4643ED
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B6468, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: %R]q^
                                • API String ID: 0-4178393532
                                • Opcode ID: 22acacc3c00ed3b772d9b57a19d018ba61f8caa41bcc63f9299a3605169395e4
                                • Instruction ID: 3a127364689381451b5e7fa41be6ebf23a428909f9fababa5e44726ec5f82173
                                • Opcode Fuzzy Hash: 22acacc3c00ed3b772d9b57a19d018ba61f8caa41bcc63f9299a3605169395e4
                                • Instruction Fuzzy Hash: 4AD05E753441342B9908E5AD9860879778EFBC6A14344885AA80ADB341CD62EC0243D0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B7B90, Relevance: .3, Instructions: 283COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: edd7bf5dec923456cf71324f11dfae4fd21001628cc3106b5ba17d7b834b1934
                                • Instruction ID: 8d44c69bd5609075e6aec5f372d1d99fe9afc7dabfb70f586dc6a2903448f18f
                                • Opcode Fuzzy Hash: edd7bf5dec923456cf71324f11dfae4fd21001628cc3106b5ba17d7b834b1934
                                • Instruction Fuzzy Hash: EA919071A04256CFCB05DF68C880A9EBBF2FFC9700F558869D909AF256CB70AD45CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BB1B0, Relevance: .3, Instructions: 266COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a93bf7303d8a2b8e19d42ab7a7ceb9bdc97118b5199f001f1e6ecbe9e74ca6f5
                                • Instruction ID: 2cbe2abac9d55fa4e73cd218a79fd294abfb7e2d0bc1b1450b465d175d204652
                                • Opcode Fuzzy Hash: a93bf7303d8a2b8e19d42ab7a7ceb9bdc97118b5199f001f1e6ecbe9e74ca6f5
                                • Instruction Fuzzy Hash: E391B475A006278BD704EB68C990AAE7BB2FFC6300F60856DD2069F698DF749D0687D1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BE760, Relevance: .3, Instructions: 259COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4583fb4a41e6874441e380be8336eda5b2aff5d024f5295b1a3b7e011e197b92
                                • Instruction ID: e37d77ea26df5a01d3da5da9687ff9cf03468ae978248d83a0eddc44323e91ff
                                • Opcode Fuzzy Hash: 4583fb4a41e6874441e380be8336eda5b2aff5d024f5295b1a3b7e011e197b92
                                • Instruction Fuzzy Hash: 79A1A034A06115DFCB54CF68E480AEEBBF6FF84310F1985AAE8469B281D734ED41CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B64B0, Relevance: .2, Instructions: 241COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2686061051e06473d3158921500083900cc90a47d5d7ca30713399fea6066985
                                • Instruction ID: 98e23d73e179ade44427c49923761d77fb5987b624577a3ac4c86400c85df7ad
                                • Opcode Fuzzy Hash: 2686061051e06473d3158921500083900cc90a47d5d7ca30713399fea6066985
                                • Instruction Fuzzy Hash: B0813D31A01619CFCF15CF54C890ADEB7B2AF85304F1585E5D90AAF215DB72AA8ACF90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BA960, Relevance: .2, Instructions: 198COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 180c68dcad1a525aa6dcb0fc9100cb243a44e0c186bc7e49de394505c3147876
                                • Instruction ID: f9d7885d789e633f8694dbdfcc1da9663b387e1571875e1fcefbe917b677f4ca
                                • Opcode Fuzzy Hash: 180c68dcad1a525aa6dcb0fc9100cb243a44e0c186bc7e49de394505c3147876
                                • Instruction Fuzzy Hash: 4F619170B01202CFC714DB68C590AADBBF2FB89300F548969D5579F285EB34EC45CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BF470, Relevance: .2, Instructions: 184COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 345a202f47acc2ce334cc974e33106bdb9d0a2a23c4af445b3f6ad9347c98ca8
                                • Instruction ID: ebe01968e7a5ee03b4cca99529e33b3f00185ddc321d33e74f8cf46e20b5f87f
                                • Opcode Fuzzy Hash: 345a202f47acc2ce334cc974e33106bdb9d0a2a23c4af445b3f6ad9347c98ca8
                                • Instruction Fuzzy Hash: BE712734A02206DFDB14DF69D884BEEBBF1BF48314F188569D916A7761CB31E881CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B79E8, Relevance: .2, Instructions: 161COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2f52c36ba84af5883165faca488bb293b1d641d68d09149a2b992a5454108c61
                                • Instruction ID: 608c8ead835328b52529a646f59e5961a1d7167ab8f96a0eb1857adc682dd848
                                • Opcode Fuzzy Hash: 2f52c36ba84af5883165faca488bb293b1d641d68d09149a2b992a5454108c61
                                • Instruction Fuzzy Hash: 8A31173190122ACFCF11CF64C854ADEBBB2EF85704F518894D909BB205DB706B8ACF80
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B75E0, Relevance: .2, Instructions: 159COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 27c0a84a2373570eef903e932d790fd517c1ce2353b0150bf86c6f00bd1c785a
                                • Instruction ID: 8886e0a832a3802b3d5ac3640ecae1d6bfc0946524b6224abe6be706ced7552e
                                • Opcode Fuzzy Hash: 27c0a84a2373570eef903e932d790fd517c1ce2353b0150bf86c6f00bd1c785a
                                • Instruction Fuzzy Hash: D0513A75B012158BCB58DBBDC4506EEB7F7AFC9700B258569C40AAF385DA34AD42CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B8548, Relevance: .2, Instructions: 157COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fc3afb87ca657e6ce2ec0de9f72da376e6ea17270e605455042e854590eaf1f0
                                • Instruction ID: 7ebaed9700b77dcfb5a40fa00742bf2ea549f7355c37d55507ef3970b3cec6a9
                                • Opcode Fuzzy Hash: fc3afb87ca657e6ce2ec0de9f72da376e6ea17270e605455042e854590eaf1f0
                                • Instruction Fuzzy Hash: C451BD72A0114ACFCB04CB68D584AEEF7F5FB84324F24C56AD516AB260CB31AC42CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B86F8, Relevance: .1, Instructions: 147COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4593c69bb1e9ff25437c0ccf4a1d8dbe239d33d3455dea68f2e16f596dffe83f
                                • Instruction ID: ed3986e64e3a35d3cca81f6b09182621b86ab2f73e4be921a24aa007d4e5ea77
                                • Opcode Fuzzy Hash: 4593c69bb1e9ff25437c0ccf4a1d8dbe239d33d3455dea68f2e16f596dffe83f
                                • Instruction Fuzzy Hash: 0E51D0B5D01258CFCB19DFA8C9846DDBBF1FF48310B24896AD45AA72A4E731A945CF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B7F21, Relevance: .1, Instructions: 140COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 24cd612821c6f639d22328816035ea7eee815e20d15abdf95cb6a33fd25fc69f
                                • Instruction ID: ee10c829772e867c6a2fee04fd4357ec8f5372d5d848516eb736c94eb1fb0434
                                • Opcode Fuzzy Hash: 24cd612821c6f639d22328816035ea7eee815e20d15abdf95cb6a33fd25fc69f
                                • Instruction Fuzzy Hash: 9B513C34A01216CFCB54DB74C588AEDBBF2FF89300F6485B9D84A9B695EB309C45CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B0BC0, Relevance: .1, Instructions: 132COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0567ecd34b29ed6138b30040d30effdc09d69cda6375724758fc3bb73eda0460
                                • Instruction ID: 3266cb22492da22643d7ce1448ad65fd041df77134c0768f7789de332f2f07a5
                                • Opcode Fuzzy Hash: 0567ecd34b29ed6138b30040d30effdc09d69cda6375724758fc3bb73eda0460
                                • Instruction Fuzzy Hash: 2C41B331B051148FCB55DB28C414AEF7BFAAFC5310F1584AAE906AF3A5CFB69C068791
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5920, Relevance: .1, Instructions: 126COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ab86999e358a8e0179967d7cf207e7eafa4a673275ac7351d7b350ccc016d989
                                • Instruction ID: c9419b577d5fe0296ac377f2dc0920330390cab16e8e34eb8b4d9a6b3969ebb0
                                • Opcode Fuzzy Hash: ab86999e358a8e0179967d7cf207e7eafa4a673275ac7351d7b350ccc016d989
                                • Instruction Fuzzy Hash: F5419330B07300CBDB59E7759C553BE36FA6FCA610B5988A9E512DB388EE74DC028791
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B7160, Relevance: .1, Instructions: 120COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3b22308fe4cff6edaf7157c636e8dc1c94d7139fb9429a8fbd63e29419958392
                                • Instruction ID: e47929bce0681fe1f32c01f65e03f76fd7c9929e50611e0b95ce2e8eb0cd6208
                                • Opcode Fuzzy Hash: 3b22308fe4cff6edaf7157c636e8dc1c94d7139fb9429a8fbd63e29419958392
                                • Instruction Fuzzy Hash: 0D419F34601210CFC719EB6AD0544ED7BF6FBCE6103644069E8069B391DB3AAC45CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BB1A0, Relevance: .1, Instructions: 119COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 343e9455e5b5e53b63c95d57613d33f86c33761173037c09e04a14ec67885e2d
                                • Instruction ID: 43a3d92a6a5687ee96ca023bea14d97bbadc1bdf80cf221b2431e1b446f539ed
                                • Opcode Fuzzy Hash: 343e9455e5b5e53b63c95d57613d33f86c33761173037c09e04a14ec67885e2d
                                • Instruction Fuzzy Hash: B5415D71B002158FDB049BB9C859BAEBBF6FFC9300F154079E506EB2A1DE749C068B51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BB540, Relevance: .1, Instructions: 116COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f44311d8b52a4bb2b35f26b7ea8b6a462c6aad9050ae69d7fa6a062c09a91dab
                                • Instruction ID: 74fae2e16bee913cb709df57b1aff5f5e1b7a98c315a83c7321fa3030e05a9b5
                                • Opcode Fuzzy Hash: f44311d8b52a4bb2b35f26b7ea8b6a462c6aad9050ae69d7fa6a062c09a91dab
                                • Instruction Fuzzy Hash: 1F310271F006658BCB14CBACC8806EEBBF2FF88300B64442AE44AD7790DB34ED418795
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BEF68, Relevance: .1, Instructions: 115COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1a67b731dac13d4206ba3b48d25dd7d27d6835ed1abb435daa322293f459be4f
                                • Instruction ID: ae17f21973f53ecd261b5c69021c44d0b4fd10060a61c95ca5a29b3bbd277096
                                • Opcode Fuzzy Hash: 1a67b731dac13d4206ba3b48d25dd7d27d6835ed1abb435daa322293f459be4f
                                • Instruction Fuzzy Hash: C841D574E1121ADFCB54CFA9C484ADDBBF1FB48314F24846AE415AB351D732A882CF90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B7170, Relevance: .1, Instructions: 115COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8b5fdb66123bfa019fdf3453d78e66a3a30e38c2a0e603f998eed42631997e74
                                • Instruction ID: ad4316da7769fe08917275eeba02e8c79bca9f870052b9bd77a9ac0cf4029f89
                                • Opcode Fuzzy Hash: 8b5fdb66123bfa019fdf3453d78e66a3a30e38c2a0e603f998eed42631997e74
                                • Instruction Fuzzy Hash: E841AE38701210CFC719EF6AD0544AE7BF6FBCE6103644069E90A9B385EF39AC45CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B02DA, Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 961b94f077aa9f0ad1158c226f592ba1f31f23bd1e1f0a6f8e7574e5bb76e6df
                                • Instruction ID: e9c4612b405b49b07a973d792f753721e893186eff83b2a42c739c8da2a7fe14
                                • Opcode Fuzzy Hash: 961b94f077aa9f0ad1158c226f592ba1f31f23bd1e1f0a6f8e7574e5bb76e6df
                                • Instruction Fuzzy Hash: 4F415E70B022058FDB18CB68C5987AEBBF6FF88710F144869D506AB7A1DB75AC41CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B43C0, Relevance: .1, Instructions: 102COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c7c3778c777b184c9f943f9539b2ed6a7808a7f3d3d34c72acd61e815ea7a9ef
                                • Instruction ID: 64fc6a0e2263fcb32939dbe4204102858442dd02dd825e54e632a8aeaab3b957
                                • Opcode Fuzzy Hash: c7c3778c777b184c9f943f9539b2ed6a7808a7f3d3d34c72acd61e815ea7a9ef
                                • Instruction Fuzzy Hash: 5B310631900205CFCB05EF68E8448DD7BF2FF8631071585AAE5069F32AD739AD59EB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BB530, Relevance: .1, Instructions: 99COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 32e52146cef7644132afe702c0868e49d0766df9eda34262f39c4d8a6ba33bd1
                                • Instruction ID: 268cc1d1a983ea49fc566db22e39e1b1cd412843ef4b83c84f54a315d92daff4
                                • Opcode Fuzzy Hash: 32e52146cef7644132afe702c0868e49d0766df9eda34262f39c4d8a6ba33bd1
                                • Instruction Fuzzy Hash: 8F31C0B6E006268BCB04DF99D8905AEFBF2FFC9310F10852AE45AE7650D731AD05CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B0006, Relevance: .1, Instructions: 99COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fafcef7fa6e4b6aafc4a394b535ee159556ce420d8e35e1e045c1a2cdf1414f2
                                • Instruction ID: 939fa6ef3caf4df2155628ea362c1debfd8be5fd59ed864df3e02cfc9a2250c3
                                • Opcode Fuzzy Hash: fafcef7fa6e4b6aafc4a394b535ee159556ce420d8e35e1e045c1a2cdf1414f2
                                • Instruction Fuzzy Hash: 8B31197011A382DFCB46DB74D8944997FF1FF83210B19989AD081CF266EB789D49DB22
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B20D0, Relevance: .1, Instructions: 98COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b9a4eaea20aec9d57b691a2c0beb1518a5d8b6ace94fb63a6eef5f0338d2cd1c
                                • Instruction ID: bc6e7665e65566b595ec977e9e8fead667e5de0de0c9986fc6871a183ddd70a9
                                • Opcode Fuzzy Hash: b9a4eaea20aec9d57b691a2c0beb1518a5d8b6ace94fb63a6eef5f0338d2cd1c
                                • Instruction Fuzzy Hash: F5318230A16206DFCB05DF6CC8905BE7BF9EF95300B118CA6D6569B245EB34DC41CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BE648, Relevance: .1, Instructions: 97COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b0ddd4d7708b0d7fbaf870b544a50aaa9932d71cdfdaad09c28eebe81bac356
                                • Instruction ID: 14ae731c7947f0fec71162963d11566b3d9274dad7486c6f0278a01ea68cd6c4
                                • Opcode Fuzzy Hash: 4b0ddd4d7708b0d7fbaf870b544a50aaa9932d71cdfdaad09c28eebe81bac356
                                • Instruction Fuzzy Hash: 9F315B71A02204DFCB94DF68D544AEEFBF5BB88255F248579D40AA7241DB31ED41CBA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B45C8, Relevance: .1, Instructions: 95COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3d5b9d8288139e6dec960bb4af9601c5665f7fa0ab7413c9b32067fbd67d7dfb
                                • Instruction ID: c21037a3bc99236e9c80c859e14c9c1156f53a40d81eaa8b9d6f69456e291a78
                                • Opcode Fuzzy Hash: 3d5b9d8288139e6dec960bb4af9601c5665f7fa0ab7413c9b32067fbd67d7dfb
                                • Instruction Fuzzy Hash: 9B21A571B0111A9BDB44DAAAD881AFFB3FDFBC8204F104526D619E7241EB709A058762
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BEE40, Relevance: .1, Instructions: 94COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ff98468014d100110a723bbc24c43aa3f9b680f472c0393f4caf07b0ccc1442d
                                • Instruction ID: f974238befea3032f1294530db74dfb0d6d95696a1189619166e3e1c2243bbdf
                                • Opcode Fuzzy Hash: ff98468014d100110a723bbc24c43aa3f9b680f472c0393f4caf07b0ccc1442d
                                • Instruction Fuzzy Hash: 8741E730506B51CED379CB2AD5443E6FBF2AF94205F18886EC1AB86AA0DB76A445CB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B75D0, Relevance: .1, Instructions: 94COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aa1a764e911b27755742ab74db26bea814c5f239f9289cbc5aceb14976fe3875
                                • Instruction ID: 50e5f7926e717aded0610d7730a0c5055eabc57c987b218a83b94ab81f7998aa
                                • Opcode Fuzzy Hash: aa1a764e911b27755742ab74db26bea814c5f239f9289cbc5aceb14976fe3875
                                • Instruction Fuzzy Hash: B0312A35E012098FCB08DFB9C4545EEBBF2EFC9710B14856AC81AAB355DB35AD46CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B6F40, Relevance: .1, Instructions: 93COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 31c969f6ad74265a3dd0ab67ce3cebc5b21ff91b80128522603c9a46e2b76e4b
                                • Instruction ID: 08e5c7d99a81cd32b309ddd4cd190476da8c27d4cda16cda31dda74fb2b92c31
                                • Opcode Fuzzy Hash: 31c969f6ad74265a3dd0ab67ce3cebc5b21ff91b80128522603c9a46e2b76e4b
                                • Instruction Fuzzy Hash: 5E318F75610256CBC715DB78D05859D7BE2FBCA304784892EE506CF384EF3A9C4ACB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B50E0, Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 85ccc9e8fdf5592e99c13c9d82696b78eccd76a141114e09e46cee5a2e9d1ff4
                                • Instruction ID: 8c87c0b26ac32850f10bda6b6b072deb808d4ca16a02e5768fc4b67724fd93bc
                                • Opcode Fuzzy Hash: 85ccc9e8fdf5592e99c13c9d82696b78eccd76a141114e09e46cee5a2e9d1ff4
                                • Instruction Fuzzy Hash: F1215971A013099BDB04DFA9C8146EEBBF6AFCA300F114869C40AAF355EB70A945CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BEB1F, Relevance: .1, Instructions: 90COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: affed291957e6190b7db9f5de279c618f7d7effa491687020cf302b7b9bd8bae
                                • Instruction ID: 26bf370732ccdedf486cde666cfcfa6f16c49264cb0fb830748726cabd87941a
                                • Opcode Fuzzy Hash: affed291957e6190b7db9f5de279c618f7d7effa491687020cf302b7b9bd8bae
                                • Instruction Fuzzy Hash: 45317C71B01215CFCB54DFA9D980AEEBBF6BF88200F504439D506AB790DA35ED42CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5B51, Relevance: .1, Instructions: 90COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f72a21478e464218199ad285675208ad6a7b6013760585ce570576ead3d41e2a
                                • Instruction ID: 76f62a8f5503e965f716a316cbb12488bcdbf70fbf5e74d18bfe930632bd60fa
                                • Opcode Fuzzy Hash: f72a21478e464218199ad285675208ad6a7b6013760585ce570576ead3d41e2a
                                • Instruction Fuzzy Hash: 8821A476B012054FCB58DAB989506FEB6F7ABCA620B24487AC407EB381DD348D4687B1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BE448, Relevance: .1, Instructions: 90COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0094bb3e21d8ec3d3c4e36b568b764962e1bf9173a7d636d798abcf5f669a8a0
                                • Instruction ID: d8f5c9ee4411b9450d9ccd4b255b78e0d997f39216973ffa3a8b5036394b7677
                                • Opcode Fuzzy Hash: 0094bb3e21d8ec3d3c4e36b568b764962e1bf9173a7d636d798abcf5f669a8a0
                                • Instruction Fuzzy Hash: 6A3138317007168FC755AB78C49116DB7E3BFC5204BA8896CD0869F794DA7AE806CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BEB30, Relevance: .1, Instructions: 87COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a4811cf40caa03f4cebdf7f8ef335978ffd1f5db68df0d788f5824faee49bf30
                                • Instruction ID: 119551e54801a6e7e48da1c2c899882719d53dc1be5d3f0d8bd10f50804ecbb5
                                • Opcode Fuzzy Hash: a4811cf40caa03f4cebdf7f8ef335978ffd1f5db68df0d788f5824faee49bf30
                                • Instruction Fuzzy Hash: C2310A71B01615CFCB54DF69D485AAEBBF6BF88200F504439D506A7790DA35EC42CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B43D0, Relevance: .1, Instructions: 87COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d63bdde83b83297b978c2df56dd31585b7f277ce112d5bafc8a661e31dd5b9a4
                                • Instruction ID: ddc7121aa9d5d1dca4bf4c7e5b161c9d550ed9ad5c080aaf7e59c7607e059869
                                • Opcode Fuzzy Hash: d63bdde83b83297b978c2df56dd31585b7f277ce112d5bafc8a661e31dd5b9a4
                                • Instruction Fuzzy Hash: C631DF35500115CFCB05EF68E8448DD7BF2FF8930471585AAE406AF369DB39AD19EB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B8CA0, Relevance: .1, Instructions: 87COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2b2f4c97b0ed2d426559bfb1a69d2aada337b148ee68e68d647b679cff64bcd3
                                • Instruction ID: 9fd9b6a7ac856779dec3da26882f40395122dc1229d4954f244a18ded6af7361
                                • Opcode Fuzzy Hash: 2b2f4c97b0ed2d426559bfb1a69d2aada337b148ee68e68d647b679cff64bcd3
                                • Instruction Fuzzy Hash: E8318D31A0A28ADFCB44DFA4C5516EDBBF5FF55350F2488ABC402DB261DB388A45CB52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B55E8, Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1ef1ea101a97bb25b3991e3fe7834bd45f4e17c36670d6b44e161f435b5c58cb
                                • Instruction ID: 7e52087ab9b6837a47f79753378dc65fc24d9ad84a14f64d026fe044a1b8fbf7
                                • Opcode Fuzzy Hash: 1ef1ea101a97bb25b3991e3fe7834bd45f4e17c36670d6b44e161f435b5c58cb
                                • Instruction Fuzzy Hash: 0721D030B412049FDB18DB78D8557EEBAF6AB89710F1804BAE502EB3D1DEB18D058B95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03220846, Relevance: .1, Instructions: 81COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.602039750.0000000003220000.00000040.00000040.sdmp, Offset: 03220000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b006aae26d2f084739a517cac25ae66a118711e466a0bbcae5d9a5b7e0f505ac
                                • Instruction ID: c3d380a374d0e21a64c7cbc17696534ad1da96a8341dda47a5031823379b523b
                                • Opcode Fuzzy Hash: b006aae26d2f084739a517cac25ae66a118711e466a0bbcae5d9a5b7e0f505ac
                                • Instruction Fuzzy Hash: B631AC3550D3859FD703CB24EC50A65BFB1EF86214F19C1EFD8898B263C23A9916CB52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B55D9, Relevance: .1, Instructions: 80COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7b337e481e782552e272b9eaa7aa2ed06a01497984b8c4cea397b6bfc9d86b8d
                                • Instruction ID: 0fc97ab854d0f17fe19a1c0e143564f0ce913afdf024ea28c5c11254f1906f70
                                • Opcode Fuzzy Hash: 7b337e481e782552e272b9eaa7aa2ed06a01497984b8c4cea397b6bfc9d86b8d
                                • Instruction Fuzzy Hash: DF21B031B512059FDB549F68D8547EEBBF2FB89320F2804AAE502EB391DAB548458B90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B6F9A, Relevance: .1, Instructions: 79COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f9647c2ee6ce9391611f0d8e6244ca681b48af7664c18529ec27b34f3042eb2b
                                • Instruction ID: 6e0752108101e885a54833ee1873937f70fd1ea11382180a6ff89a4fed7d299a
                                • Opcode Fuzzy Hash: f9647c2ee6ce9391611f0d8e6244ca681b48af7664c18529ec27b34f3042eb2b
                                • Instruction Fuzzy Hash: 7D318B75610212CBC718EB78D05849C7BE2FBCA304794896EE506CF384EF3A9C4ACB81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BEE31, Relevance: .1, Instructions: 79COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8456cc426a76242fc06b26824154a520b0de3fe5e2ea732ba210a7b09c1f0c56
                                • Instruction ID: 879aa87b853f3663daadf9e736c8a99ebea67b114a2ee2249eb32c3faa08b1f0
                                • Opcode Fuzzy Hash: 8456cc426a76242fc06b26824154a520b0de3fe5e2ea732ba210a7b09c1f0c56
                                • Instruction Fuzzy Hash: CC31F830506B50CFD379CF2AD544396FBF2BF84309F58886EC19A46AA0D776A445CB01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5831, Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e2574396b9c8ce050a2c7b47350c95a56cf898c2dc2a94320a8fe9bf0662e77e
                                • Instruction ID: 217c0cbcbada4e026a02221480c80a00fe0efbaff98e7bcb27fbaa3f9ad38cc9
                                • Opcode Fuzzy Hash: e2574396b9c8ce050a2c7b47350c95a56cf898c2dc2a94320a8fe9bf0662e77e
                                • Instruction Fuzzy Hash: 4B21C375B022159BCB08E7B998505FEB7FAAFCB620B6449BEC006DF391DD748C0183A1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B21E9, Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c094220f439d14909a5cc5e358d861ca701bbaa874bf995cafabd7aa9cb10093
                                • Instruction ID: 6ec251cc33d8213d33f5bb3df0615e41d2281adb5e2f26f614c8188008bca934
                                • Opcode Fuzzy Hash: c094220f439d14909a5cc5e358d861ca701bbaa874bf995cafabd7aa9cb10093
                                • Instruction Fuzzy Hash: 7F311870D0A20AEFCB98DBA4C5446FEBBF5FF45300F10486AD442EB264D6359E45CB52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B4F10, Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2d92bb916bd17f0026197a36cce26943f09b07218c40b4ecd5bbe4c1077fbad9
                                • Instruction ID: eb089957549c22e5f1bcde9dc65a9167e019132c33785802f89798e3cfcd54d6
                                • Opcode Fuzzy Hash: 2d92bb916bd17f0026197a36cce26943f09b07218c40b4ecd5bbe4c1077fbad9
                                • Instruction Fuzzy Hash: B721C33121A206CFC308DB76E5909FD37B6FBC13617108D2BD0428B25AEB7C6E068752
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B25DE, Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cd2ce9dd6dc1a3d0a365eff1278b67fa3ecc0ba934c154455dafb8b2a30529bf
                                • Instruction ID: 0f8030738f46948023aeb2e29532a84ea34db55618bd97c2ecea8ff36939bbad
                                • Opcode Fuzzy Hash: cd2ce9dd6dc1a3d0a365eff1278b67fa3ecc0ba934c154455dafb8b2a30529bf
                                • Instruction Fuzzy Hash: 41318870A01246CFDBA0DF6AC44469ABBF6BF85314F29C969C014AF358DB789889DF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B90B6, Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 790a6625cfd9a2525fb0bacfd52c89dbcd7f211b473043eb338f4869ec257070
                                • Instruction ID: 504ba964ec151607aba3a40641702f8319111ebbb1b6710eb3812f8111377e0d
                                • Opcode Fuzzy Hash: 790a6625cfd9a2525fb0bacfd52c89dbcd7f211b473043eb338f4869ec257070
                                • Instruction Fuzzy Hash: 0E317A70E1124ACFDBA0CF69C484A9DBBF2FF89314F18C969D5049B254DB78A489DF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B48B9, Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3d840c5fc0969e44a2964785df0d610a3e7738b96f12d95431a735e34fdc1692
                                • Instruction ID: 5f14daf9af7b5eb1ab61eceddad3ee787c168caf34e7f1b1964db0a754a80872
                                • Opcode Fuzzy Hash: 3d840c5fc0969e44a2964785df0d610a3e7738b96f12d95431a735e34fdc1692
                                • Instruction Fuzzy Hash: F411D332F09215AFCB44DEA9D8508FEBBB6AFC5320B14486AD406B7242DE241E4687A1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BAB00, Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7d9398ac9669705188038f2a6e17d8dce6f15f1ad1e3e1e102267fa9269a0cfa
                                • Instruction ID: cbad75ab28342e03559991a558fd4f0ad5d5d282b6023ddb7947c321edef0afe
                                • Opcode Fuzzy Hash: 7d9398ac9669705188038f2a6e17d8dce6f15f1ad1e3e1e102267fa9269a0cfa
                                • Instruction Fuzzy Hash: 2321B170B253159BDB24DB74D841EEFB7F7FB88700F108D69D512AB286EB70A80087A0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B50D0, Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c08a4ec1f87fa00e234888e9e39252d1ba45174f7bad5f3eac66a97b8662c720
                                • Instruction ID: 56d66f7629a2fd89c79b50fb1a8f45fc0de92f8be770f21ea6c9722635a2a9b8
                                • Opcode Fuzzy Hash: c08a4ec1f87fa00e234888e9e39252d1ba45174f7bad5f3eac66a97b8662c720
                                • Instruction Fuzzy Hash: F9114C71D013099FDF00CFA8D8146EEBBF6AF8A310F214965C509AB251E775598ACB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5840, Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 666470b18f0be7f63d321fd3bee784cb359322b9e7215be8155cd915243e0bb3
                                • Instruction ID: e45221ed7d6e027bf2af89672985bc373e3a405bba867447244472a757460965
                                • Opcode Fuzzy Hash: 666470b18f0be7f63d321fd3bee784cb359322b9e7215be8155cd915243e0bb3
                                • Instruction Fuzzy Hash: 5B119035B122159BCB08E7BA8850AFFB6FBAFCB610B54497AD016DF395DD719C0083A1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B4511, Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 72f6855513e063c33653db8cfad0d5207a488021e447b120e5d99c4996f12dc3
                                • Instruction ID: bd59856e640d1d79b8554be1173bfae87850d8965e91c0fa998fc9ece6112159
                                • Opcode Fuzzy Hash: 72f6855513e063c33653db8cfad0d5207a488021e447b120e5d99c4996f12dc3
                                • Instruction Fuzzy Hash: ED11E332E056118BCB04CA59D4101FFB7B69FC6321F05447EAD06DB342DE759D49CBA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5000, Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e38d1851d7cc1703838be64a02b2dd878d2a4fa6b69ed3add9c654a9c2f86244
                                • Instruction ID: 64a7cc51bbe327336f39cebd87f1d6b86452f78373376e70c861c147a3d05147
                                • Opcode Fuzzy Hash: e38d1851d7cc1703838be64a02b2dd878d2a4fa6b69ed3add9c654a9c2f86244
                                • Instruction Fuzzy Hash: 89118431B152168FCB45EBB898502ED7BF5EBCA604B5545B5C406DB384EF349C028BE5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BAB10, Relevance: .1, Instructions: 65COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c6a34d3f71000e5c11b2744199e3b8f487395169d0a89cfc653da052fa9352a9
                                • Instruction ID: 13db374124c54a8e64ff7c86cacbdd9919436873297152b12bd8eeba3e46ef2a
                                • Opcode Fuzzy Hash: c6a34d3f71000e5c11b2744199e3b8f487395169d0a89cfc653da052fa9352a9
                                • Instruction Fuzzy Hash: 7F118230B252159BCB14DA74D841EEEB7F7FBC8750F104D69D512AB286EB70AC048794
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B08AF, Relevance: .1, Instructions: 65COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 224843b4fb8d19a3628bfde94d46695e1bbc1fc059f7d4dd69564122effc16b4
                                • Instruction ID: a01ee2819094d8a8dd5e4c9101d597d8961f943914c84282527fb5bd20485f25
                                • Opcode Fuzzy Hash: 224843b4fb8d19a3628bfde94d46695e1bbc1fc059f7d4dd69564122effc16b4
                                • Instruction Fuzzy Hash: 24113631E463149FD360DAB894849EFBFB9AB85360B058A7BD806DB341CBB44C0687E0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BE638, Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 394c52eaafffc17de80b5953917af65de475bea4c7620284c82bd029b4302076
                                • Instruction ID: c26f9c10df057074da77b349f713259471884bfe038817516fa2e6e49a53ae69
                                • Opcode Fuzzy Hash: 394c52eaafffc17de80b5953917af65de475bea4c7620284c82bd029b4302076
                                • Instruction Fuzzy Hash: 29217F75E06205DFCB94CF68E5447EEFBF5BB88291F18847AD409E7241E7319981CBA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5DE8, Relevance: .1, Instructions: 63COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1eb4b10d7a4e8d845bddcae78be50068698bf6fc8f84e25bf41c50658db7b729
                                • Instruction ID: 1de316b5709cf3750f9cd13e791d0aaf70bf033dc333e316787a26ab76fac343
                                • Opcode Fuzzy Hash: 1eb4b10d7a4e8d845bddcae78be50068698bf6fc8f84e25bf41c50658db7b729
                                • Instruction Fuzzy Hash: 03118C306163508FCB19E7B458111ED77BABFC263075489EFD027CB1C5DE288C05836A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BCD78, Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 691b9025f2accafefd38e04b2cc291ec3f776456c201f56c2fde596c14dad9bc
                                • Instruction ID: b2351509c315b3e5d15d4922bd544b93d7b61e3686a4fb3bfd0067120231371b
                                • Opcode Fuzzy Hash: 691b9025f2accafefd38e04b2cc291ec3f776456c201f56c2fde596c14dad9bc
                                • Instruction Fuzzy Hash: 49118F75B011119BC748EB69C450AAEB7FBABC97507188079E40ADF390DE31AC02C794
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BE9B8, Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 72116f9b210621b9bee04e024efe6337abe9004a0f032e7a4274f433e3d98ac7
                                • Instruction ID: 6f5f6df992e3db2aab5d0097a66aec852098443c226784f945ca636f9d0f3343
                                • Opcode Fuzzy Hash: 72116f9b210621b9bee04e024efe6337abe9004a0f032e7a4274f433e3d98ac7
                                • Instruction Fuzzy Hash: DB113731A06104DFCB94CF98E545AFEBBF9FB48211B2484AAE446E3200D331BE42CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5730, Relevance: .1, Instructions: 60COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1f983456f34d4aa09799c4504e47e29cc5d94661895a6a0301223be3ca4151f9
                                • Instruction ID: 5b6c189bd725bc202db2cfc93da2e4551b52748f1aabc5cad41184f860239302
                                • Opcode Fuzzy Hash: 1f983456f34d4aa09799c4504e47e29cc5d94661895a6a0301223be3ca4151f9
                                • Instruction Fuzzy Hash: 66119D31B81204CFD718DBB4E8416EE7BF1FB86350F20057AD400E6284E33A9D42CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BCEA8, Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4f77f72d8bcf39923d5f42842d12c79d0b653f4e7457e5f07ecc5bc71c197d50
                                • Instruction ID: c0a5d19969f7d9d24b51ae5af9838e2944e4323c9a9e89af64b4d0546d6bb4a7
                                • Opcode Fuzzy Hash: 4f77f72d8bcf39923d5f42842d12c79d0b653f4e7457e5f07ecc5bc71c197d50
                                • Instruction Fuzzy Hash: 0D119470305242DBD614E728819067EBBF7EFC57147948C6E955BCF380DE32AC468B55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B6880, Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 40662893c91a8395368f0f77317b6c627aa8a95303c5cc342590518bf6546ce4
                                • Instruction ID: 21e78030cdfddf68d0d34b5ba9be55d575e21bd794b2a6463f00ec6c141e5566
                                • Opcode Fuzzy Hash: 40662893c91a8395368f0f77317b6c627aa8a95303c5cc342590518bf6546ce4
                                • Instruction Fuzzy Hash: A2014931A0A209DFDB14DA78A4106FEBBF89BC5750F040577C90ADB340EB6B4D0187E1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BD0F8, Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 840fad86e5278c336dc7244b675baebe48aa04928f9e669238e3e026bc5fc67a
                                • Instruction ID: 36bdd96dfc28a18d57dfe230ccdee13d60dc0d3fdc8c08bed2ab802f95c4368d
                                • Opcode Fuzzy Hash: 840fad86e5278c336dc7244b675baebe48aa04928f9e669238e3e026bc5fc67a
                                • Instruction Fuzzy Hash: D6112934302601BBC624DA59D9909AAF3FAFFC8214B14C819D95A87B90CB71FC42CB80
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0322087C, Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.602039750.0000000003220000.00000040.00000040.sdmp, Offset: 03220000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2a223ad4d8bda5b47f9a75892a0cf4830aa67001491eef8d3fc1323af06b09a6
                                • Instruction ID: a66f53480fde70a4599873a52bb792956a904ea4ef3dcd88387363a6b498570d
                                • Opcode Fuzzy Hash: 2a223ad4d8bda5b47f9a75892a0cf4830aa67001491eef8d3fc1323af06b09a6
                                • Instruction Fuzzy Hash: 8C11E430224245EFD715CB14DC44B26BF95EB88708F28C99CE9491B752C77BD843CA91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BE159, Relevance: .1, Instructions: 58COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e9ad21e86ba2f5418f76b60349758a6b8511e178c813d905727688edf8c47eed
                                • Instruction ID: 4e841fa986c05a375e54f6d7a93eaefbfb352b5ae56d06f78e264ad892f3c761
                                • Opcode Fuzzy Hash: e9ad21e86ba2f5418f76b60349758a6b8511e178c813d905727688edf8c47eed
                                • Instruction Fuzzy Hash: 5001D675B013619FDB185B7998045EFBBAABBCE620725493EE406CB381DD358C0197B0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BB680, Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a5e48b28ac45f17026623acb3cf042626ac0cfd41b95d443cad991455925e582
                                • Instruction ID: c0c01fe7a9aae1b555f3c682a470a511ca1c2e5b57f6d50a95f95fd154a14571
                                • Opcode Fuzzy Hash: a5e48b28ac45f17026623acb3cf042626ac0cfd41b95d443cad991455925e582
                                • Instruction Fuzzy Hash: 4711E3729057408FC765CB2986801D6BBF5FF94320B584D6ED08AC7A10E774EC818B51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B86E8, Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e2f455d28d06d4dbf8d785874443a80f122dcd95414a21e5bb1e27164a8b2a4e
                                • Instruction ID: 813c83f7c530eb3db157145bf247b07dd94cedf1d5707c21cf4d87b87d1d00e4
                                • Opcode Fuzzy Hash: e2f455d28d06d4dbf8d785874443a80f122dcd95414a21e5bb1e27164a8b2a4e
                                • Instruction Fuzzy Hash: 1E110235904248DFDB11CBA8D4086DEBBF5FF89304F1588A6D511AB270E73AAD49CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B11DF, Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7e12f79e132401e5e92bce3aeea11966a2a8ded35727624ad37542f06594454b
                                • Instruction ID: 503b9147077805779bcfab991e1b7ba0975f957bcb73ea24c8fb8decea2e3096
                                • Opcode Fuzzy Hash: 7e12f79e132401e5e92bce3aeea11966a2a8ded35727624ad37542f06594454b
                                • Instruction Fuzzy Hash: F911613030A290CFC71ADB38D5789AD7FF6AF8720071544EBD086CF6B6CA698C498752
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03220954, Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.602039750.0000000003220000.00000040.00000040.sdmp, Offset: 03220000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c2897aa7bf454d1e1d9a6f6bcd34ad705b1c940d375e1ec3b3046c068f146159
                                • Instruction ID: 06d2cbbb387aeda183f34e190ed8c4610e04fcb5fd624ab153dbdcb690bebed6
                                • Opcode Fuzzy Hash: c2897aa7bf454d1e1d9a6f6bcd34ad705b1c940d375e1ec3b3046c068f146159
                                • Instruction Fuzzy Hash: A4117F3510D3819FC703CB25D850A51BFB1AB46618F19C6DAD5858B6A3C33A9857CB52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B4FF0, Relevance: .1, Instructions: 55COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7dc2d7600f7303e6e425e418e2fcabee89d3ac16c70910dc76de72502f83144b
                                • Instruction ID: db514786a926b75ad6da8ae8871c835140e2bbda560bdb6d8b928d773a16e5b3
                                • Opcode Fuzzy Hash: 7dc2d7600f7303e6e425e418e2fcabee89d3ac16c70910dc76de72502f83144b
                                • Instruction Fuzzy Hash: E6018432E252068FC784DAB89C516FE77F5EB86220F544977C409D7240EB7949428BD6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B54F8, Relevance: .1, Instructions: 55COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7fe6a0fd8edcc5ca4831bb00a8221a694f091a164631d8f1a426785fc02906e6
                                • Instruction ID: d78ee9ae921f3b4cc021511e356434dd5cf9d747734837180d439d226fa1ab54
                                • Opcode Fuzzy Hash: 7fe6a0fd8edcc5ca4831bb00a8221a694f091a164631d8f1a426785fc02906e6
                                • Instruction Fuzzy Hash: 37114C30A513048FC758EFB8EC51AEE7BF6EB89311B50486AD505D7354EB385D42CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B4789, Relevance: .1, Instructions: 54COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d0a806522c3a5e5cd12c7925196bb7985bde16d51706d0c8996d6e90f64589ae
                                • Instruction ID: c6c0c5c88e7df001c4a7a46c97e642a746a8ab826c3986eeb707711ddfba23b6
                                • Opcode Fuzzy Hash: d0a806522c3a5e5cd12c7925196bb7985bde16d51706d0c8996d6e90f64589ae
                                • Instruction Fuzzy Hash: 8A014472E042098FDB55DFBC98502EE7BF2EB85320F60487AC509E7244EA354E46C7D1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0153B090, Relevance: .1, Instructions: 52COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601045799.0000000001532000.00000040.00000001.sdmp, Offset: 01532000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7ed00065e29b60049f6d6e4b4e0ea693d2e70b12451e7666ecd11b8c539df2c5
                                • Instruction ID: 7fe06b7a7d0564c397fc84df4fcbeebfac2b80245eccc73f2be8100d7edb9afa
                                • Opcode Fuzzy Hash: 7ed00065e29b60049f6d6e4b4e0ea693d2e70b12451e7666ecd11b8c539df2c5
                                • Instruction Fuzzy Hash: E711FEB5608301AFD350CF19DC80A57FBE9FB88660F14892EFD9997311D231E9048FA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B238F, Relevance: .1, Instructions: 52COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 488974bf85b8c007f723d1aad6bf22e0718b30750b058bb6241ce5322e28d18f
                                • Instruction ID: 4648e0af69ce9cb47039b604576195a021ed2fb335578fb13617301ee97cb9ad
                                • Opcode Fuzzy Hash: 488974bf85b8c007f723d1aad6bf22e0718b30750b058bb6241ce5322e28d18f
                                • Instruction Fuzzy Hash: A2114870D1525ACFCB28CF94D550AEEBBB9FB44310F104C6AD506ABB40DB780986CF60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5740, Relevance: .0, Instructions: 50COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0dd6386ed4a9fe3f344bdab79190a137f2e6d767a6a498620a8a546a6b77dad7
                                • Instruction ID: 0caa862fc6e7a14789aaa77b696d6a20e05d67154f2fb521cea92f083d5b498e
                                • Opcode Fuzzy Hash: 0dd6386ed4a9fe3f344bdab79190a137f2e6d767a6a498620a8a546a6b77dad7
                                • Instruction Fuzzy Hash: 66113930A51208DFD718DBB5E9816EE7BF6FB4A340F6045AAD401A7384E73A9D01CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BE168, Relevance: .0, Instructions: 50COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d72bb22aa31933fb9e38158f05090330b631556eeacbaceb31d2fde52c09a5e1
                                • Instruction ID: 9baaf24f4eaf458d183b1c167727e612f12fa1f5130ba2d3c1e39c475cd7682a
                                • Opcode Fuzzy Hash: d72bb22aa31933fb9e38158f05090330b631556eeacbaceb31d2fde52c09a5e1
                                • Instruction Fuzzy Hash: 2901A275B012259BCB186BB998085AFBAEAFBCE6647214939E406CB385DD359C0193B0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BA8A0, Relevance: .0, Instructions: 50COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 31c83df09df5c172643a09d0b0bc03d83bc7797fbe298a2e6219198be67b4f99
                                • Instruction ID: 167b842d54af5764a2f4b7264b72a916ac2512fabe92e8c3b64575dc67471337
                                • Opcode Fuzzy Hash: 31c83df09df5c172643a09d0b0bc03d83bc7797fbe298a2e6219198be67b4f99
                                • Instruction Fuzzy Hash: 0B01BC31B06209DBCB28DA54C854AFFBBF1AB84310F14486EC117B7A80DB31AE069BD1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5CD1, Relevance: .0, Instructions: 50COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aada8a1aa75e81b6455bca5a072772235473eb0f3e5a743616a9a040c45c4cde
                                • Instruction ID: 9813cc5f478ec811922e6842f2c0a1b2c0745ba039470e5f5601ab3257b43db9
                                • Opcode Fuzzy Hash: aada8a1aa75e81b6455bca5a072772235473eb0f3e5a743616a9a040c45c4cde
                                • Instruction Fuzzy Hash: AC01D871E012048FCF94EF7C98456EF7BF5ABC6610714456AC009D7302EF30890587A6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BA892, Relevance: .0, Instructions: 48COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 970323176bea594719e028a032c4397fa361cf74feb48014aa8c4b19b0cb199d
                                • Instruction ID: 5bc68d6218558f800ffa5784ce3f69f76a75cb634b2498bcd9657abc36f8b895
                                • Opcode Fuzzy Hash: 970323176bea594719e028a032c4397fa361cf74feb48014aa8c4b19b0cb199d
                                • Instruction Fuzzy Hash: C301BC32B06606DFD768DA54C5946FEBBF1AB88310F15482EC017E7A80DB31AE069B91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BAF50, Relevance: .0, Instructions: 46COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 02c350f4d7323eac67c5bd71fbf32787e6237fd7f5adffc4aa23c8fb7d741612
                                • Instruction ID: 57d70e393aa180e735b1de86d0084678af41688c7db14d30085aa41270037202
                                • Opcode Fuzzy Hash: 02c350f4d7323eac67c5bd71fbf32787e6237fd7f5adffc4aa23c8fb7d741612
                                • Instruction Fuzzy Hash: 70012CB5A112198FCB50EBB9E8057DEBBF5EB88220F10452AD618D3240FB3599408BD1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 032205CF, Relevance: .0, Instructions: 46COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.602039750.0000000003220000.00000040.00000040.sdmp, Offset: 03220000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9208c4d5d8e9feccb7895648881a3f9c5761d1194566330bd326b52188b0f141
                                • Instruction ID: 1fd738337823fedb3c32e5d4c59ab2e632940a1b2879659b26b540bc58015bea
                                • Opcode Fuzzy Hash: 9208c4d5d8e9feccb7895648881a3f9c5761d1194566330bd326b52188b0f141
                                • Instruction Fuzzy Hash: 4C01DBB250D7815FD7128F19DC41867FFB8DF86220709C49FEC899B612D225B809CBB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B4700, Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 41c574c0774c640cda76e5d9a8bd50ee701e306c187547474c747c23a5dde175
                                • Instruction ID: 1aadb803e4b0ffd81bf141c580f5c8f4effffbcb01ae750d4ea948526f393a5a
                                • Opcode Fuzzy Hash: 41c574c0774c640cda76e5d9a8bd50ee701e306c187547474c747c23a5dde175
                                • Instruction Fuzzy Hash: 84F0C2363863908FC75686B964102FE37F99BC3270B2508BFD141CB292D52A8D83C364
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B9F10, Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 50a2ae6aa9b4cb6007b7c85a8b75712a1f88ef7712b41312e568ed1b8490dac5
                                • Instruction ID: 78e5eecb8414b57a503009b2d244ffd43729225564e8c9f4833c36b93d0ba196
                                • Opcode Fuzzy Hash: 50a2ae6aa9b4cb6007b7c85a8b75712a1f88ef7712b41312e568ed1b8490dac5
                                • Instruction Fuzzy Hash: 07011235B142418FCB499B78E06996E3FF2EFCD221351406AE90AC73B1DE355C4A8B11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BAF40, Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ff37e31ff5d961826a50e27c29f6c429f03321ecd2ca151748108256eed3c6aa
                                • Instruction ID: 90d71608cddd1f3fdaf970469ec8003692de4c1f3893b3872d845ccc2a5ef582
                                • Opcode Fuzzy Hash: ff37e31ff5d961826a50e27c29f6c429f03321ecd2ca151748108256eed3c6aa
                                • Instruction Fuzzy Hash: F3017CB1A0120A9ECB50DFB8D8027EABBF4EB08210F14852AD945E6244FB399940CFD1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B6EA0, Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e571f4321caa4c83626fef8342c7551413d1430c6e5e790ef2f1f488023783af
                                • Instruction ID: c93ee92a7893446212a3586e38322eacb7b287c5b023a851340de9cb1a74abc8
                                • Opcode Fuzzy Hash: e571f4321caa4c83626fef8342c7551413d1430c6e5e790ef2f1f488023783af
                                • Instruction Fuzzy Hash: 9B016D71E012199FDB50EBB9E8417EEBBF4EB84610F50017BD508D7280EB359951CBD1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BB0C0, Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 90e2f04346c59a3fdfae06a6c35e482eeb68f772ae5d87865017a0857c1291c8
                                • Instruction ID: 91526e8bbfa5031dd2468ab183e3d53b7048315fdd15c124ed6750b8b5c5c001
                                • Opcode Fuzzy Hash: 90e2f04346c59a3fdfae06a6c35e482eeb68f772ae5d87865017a0857c1291c8
                                • Instruction Fuzzy Hash: C301AD36201211CFC744EB78D4055AC7BB3EB8D221B488869D50BCB354EF3A9C068756
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B1218, Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 06b70dfc599dc559e4a08082f5246834834ad9cf5b4044f9725ca90c75b00590
                                • Instruction ID: a490970e17048390648f12d85bdf859ecfdaa93dc0effb946c5f74416985ced8
                                • Opcode Fuzzy Hash: 06b70dfc599dc559e4a08082f5246834834ad9cf5b4044f9725ca90c75b00590
                                • Instruction Fuzzy Hash: 8F011D30315110CBC74CDB2CD1689AD77FABFC5600B2444AAE446CB7A4CF759C098782
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B891F, Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c977e3eac7464d41e35583df771f3076dee68d9b71f7f366e400b59396b855f2
                                • Instruction ID: b0b054a919a7ca0f11bfa303bca95ae92b606e1bc464daf5ad6d3156dcca24f7
                                • Opcode Fuzzy Hash: c977e3eac7464d41e35583df771f3076dee68d9b71f7f366e400b59396b855f2
                                • Instruction Fuzzy Hash: 1B018FB4815244DFCB05EFA0E4587ACBBB1EB0E301F249499D94657251D7381E44CF11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B8A30, Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 36ef7d0ce63db411956dbbf05f3e7492abad2df39aa61d8e25c66cd5f374a5a9
                                • Instruction ID: 6dfb32efcf9bf9c0189e060ef117e3e759c2197bdadc2d348f693a1188349714
                                • Opcode Fuzzy Hash: 36ef7d0ce63db411956dbbf05f3e7492abad2df39aa61d8e25c66cd5f374a5a9
                                • Instruction Fuzzy Hash: BC01E2B5E05208DFDB44DFA9C480AEEBFF5EF88300F2080AAD804A3315E7346A41CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BA691, Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 094bb30bc3bbf5db8e5611bf845821c6336d19057464de2e233f011128d0bc76
                                • Instruction ID: a850d6b99cf75622bf95968af4dae79ea815ff5db3df66d59a05983e053ce427
                                • Opcode Fuzzy Hash: 094bb30bc3bbf5db8e5611bf845821c6336d19057464de2e233f011128d0bc76
                                • Instruction Fuzzy Hash: 40F0FCB67093418FC7459778A8645A93FB2FFCA21430D44AFE146CF6A2DE355C0B8751
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B8539, Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: eb940ed10f58c206affcb4052bd28bb6de54563d68e186e618fff8ba904e487b
                                • Instruction ID: e931b0d005be9bcd094da3cd1f15e000923c177071c4a962acd8d7888cf03cbc
                                • Opcode Fuzzy Hash: eb940ed10f58c206affcb4052bd28bb6de54563d68e186e618fff8ba904e487b
                                • Instruction Fuzzy Hash: BBF06235A09285DFC700DA65E8854EEBBF8EB45220B04C8A7D505D7221E6759840C796
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BB0D0, Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4f40db407c0cdd2cdd38c825db193459ea37528732edf9210667b3a01c4f06b2
                                • Instruction ID: 93baa4f14b0204117d359e759e06f867485e2cfdf46cdd319e6a4a56085e0048
                                • Opcode Fuzzy Hash: 4f40db407c0cdd2cdd38c825db193459ea37528732edf9210667b3a01c4f06b2
                                • Instruction Fuzzy Hash: D7F03C35201215DBC704FB78D41586D7BF6EBC9220B548969E50BCB354EF36AC068796
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B68E0, Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 35d90612af3f6ad003a641d0769be8d2e841587bd51ad637453718e6b81a7668
                                • Instruction ID: a0dcc89adfe1d02e285e424424a26beb0aae12ffb3abb659cdb9931be0477012
                                • Opcode Fuzzy Hash: 35d90612af3f6ad003a641d0769be8d2e841587bd51ad637453718e6b81a7668
                                • Instruction Fuzzy Hash: 52F0E231B0A119EBCF14D63898102FFBBFD97C6690F004876C90BD3340EE265A0586E2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B64A0, Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f62e48db19c63eb96f16b13e1d3b4dc75116f052fb9e578a5ee06253e37b699b
                                • Instruction ID: 5ee30780a3701fe1708314da644c5439ef9710bd55b9f7cd6f44f6c313e24479
                                • Opcode Fuzzy Hash: f62e48db19c63eb96f16b13e1d3b4dc75116f052fb9e578a5ee06253e37b699b
                                • Instruction Fuzzy Hash: BDF02431A052488BCB14C63894546FFBBF9E784750F40487AC80AA7641EB365A0686D1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B8A40, Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 82a5b4fd306595d065c36e3868d5b2f530f1a531d60c55190f0bcf9ec0b49b2f
                                • Instruction ID: d57b99f9f34e7a9fab5b0d592c680e60cadc2a174d113dd5fe5610a362de1e64
                                • Opcode Fuzzy Hash: 82a5b4fd306595d065c36e3868d5b2f530f1a531d60c55190f0bcf9ec0b49b2f
                                • Instruction Fuzzy Hash: B20192B4E05209EFDB44DFA9D584A9EBBF5FB88300F2091AA9804A3355EB346A41CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BCD68, Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ec027840b78f3754ab14870835f94bc463ae12d0031d354bea27cf8d1e61318f
                                • Instruction ID: f1ffb8833faef8f632c82d4a8d271a28c5774da86ec8301cf2fc7b018d43f88a
                                • Opcode Fuzzy Hash: ec027840b78f3754ab14870835f94bc463ae12d0031d354bea27cf8d1e61318f
                                • Instruction Fuzzy Hash: 77F0E5767062202BC2A9A16E58106EF3BFF87C5A6039A013BE485DB385DD11AC0253F9
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B68DA, Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8bdc0ae4fcd7726f4387c34c023e93cd83cc4f54c5bfd5789b0009d3e7a5c4b7
                                • Instruction ID: 5ff11409b3f954cc13db4f8e5fa4e07593b28c2f59b1f6b1919791859f6944f8
                                • Opcode Fuzzy Hash: 8bdc0ae4fcd7726f4387c34c023e93cd83cc4f54c5bfd5789b0009d3e7a5c4b7
                                • Instruction Fuzzy Hash: E4F0E931A05209EFCB54C628A8102FFB7F8D7C5660F000877C906D3240EB365E0586E1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B45B9, Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 20bb38b4068b3df9a9e3bef42a3097a27b931488abdc5a8e55d4ee77a6b4e762
                                • Instruction ID: 611fe874fff108e21b81e55fac1f59d4b911d01e1b31cd6fadacc93b9144c15f
                                • Opcode Fuzzy Hash: 20bb38b4068b3df9a9e3bef42a3097a27b931488abdc5a8e55d4ee77a6b4e762
                                • Instruction Fuzzy Hash: 89F0E231E4031A9FCB90CBA8AC01AEABBF8EBC5230F10007FD108D7251E2784D058761
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B0908, Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c414c5a01ce446905844b707d02fa29e0665f10b8a4702d5d01ec7a3771e2413
                                • Instruction ID: 610eaeebb3ba52610531030c0eddbbfb5399a34a9cfaf0d94eec6dfa233e3a45
                                • Opcode Fuzzy Hash: c414c5a01ce446905844b707d02fa29e0665f10b8a4702d5d01ec7a3771e2413
                                • Instruction Fuzzy Hash: D4F0E23091A3408FD760CAB488149EF7FB9AB82350B06486B9803AB302CB784C0A8661
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B0918, Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0d18a90363340f58fc5e0b9d9cc7386e614c79a4595c6ab2b93c3afdbd49d96b
                                • Instruction ID: aa2f6aaaeb30b2977996644bdd86df40f9ff20fbbae7059cfb2ec538ef225a3e
                                • Opcode Fuzzy Hash: 0d18a90363340f58fc5e0b9d9cc7386e614c79a4595c6ab2b93c3afdbd49d96b
                                • Instruction Fuzzy Hash: 8CE0E532E16218DADB6095F898001EFBBB9E786650F004C379907A3304DB70980A4291
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B46A9, Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: eb38d26bff5c8cdef984a18d1c62f13fb543432a3a7dbec840e722a715f6ad26
                                • Instruction ID: d7c547503e3bc7d6fed152157af39c3fff6d38f345d41d354019ea6092d5fd4f
                                • Opcode Fuzzy Hash: eb38d26bff5c8cdef984a18d1c62f13fb543432a3a7dbec840e722a715f6ad26
                                • Instruction Fuzzy Hash: 0EF0A031A442508FC7619BB9A0641ED3BF5AF82320B2544ABE00ACF666DA5ECC468782
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B6120, Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e4893fd243538f236115c0fbd90c606475f974f4c36b2f469b14df7d2cd9c400
                                • Instruction ID: 76c71077daad1acbb468da3b23ee8d5d379fb329de2d261c3c5db0669bb58510
                                • Opcode Fuzzy Hash: e4893fd243538f236115c0fbd90c606475f974f4c36b2f469b14df7d2cd9c400
                                • Instruction Fuzzy Hash: 14F0E5367843175FC355527C58206AEA7EA6BDA321B15087BE106CF3A1CCAA0C438360
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5FD0, Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2a2492926b602521e8be67074df7e5f1a9679dbd082d8a0f527c81ef5b738cc3
                                • Instruction ID: 57bca8799c3ab5f0cb828a21e6e5907ea3e7aa7d80e7011368a0dff9313de40a
                                • Opcode Fuzzy Hash: 2a2492926b602521e8be67074df7e5f1a9679dbd082d8a0f527c81ef5b738cc3
                                • Instruction Fuzzy Hash: 6CF03A71E1530ADFCF90DFB8A8495EEBBF4EB88320F10043AD115E7200E73949058BA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BED50, Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 43ba6b6e04b6c33ffa65dc6264af0c43494fc2a926a176cd08ded6b429e0fc96
                                • Instruction ID: 2ba4078db10eb0aaae65da8ce190c2f0d3f6f55d39e60438c2ea794dff3f190a
                                • Opcode Fuzzy Hash: 43ba6b6e04b6c33ffa65dc6264af0c43494fc2a926a176cd08ded6b429e0fc96
                                • Instruction Fuzzy Hash: 28F0553620A2115FC311D7A8E4200D83BF5EFC62203098C9FC00A8F342DA728C06C791
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BE5A8, Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0e8b3ffe2ab46c37434fa1a8443919d14871543b42e0955d568adf8189cc1599
                                • Instruction ID: c73291fe7084685e878768f3b594e5e124f5f0f5663def38d14ce7d2c208babc
                                • Opcode Fuzzy Hash: 0e8b3ffe2ab46c37434fa1a8443919d14871543b42e0955d568adf8189cc1599
                                • Instruction Fuzzy Hash: EEF0A7312092914FC351D36CD4204E97FF6DFC651431889AFC44A8F342EA61CC068391
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BEDE0, Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5bb03f6201ff081079e6deebc8f1b2ed3fa2a9bdc9057a18d75694c0adf28ae1
                                • Instruction ID: da1116877569c8a14191f48df613d6c6fc607d775dc9e1ab289665f79b66e1c3
                                • Opcode Fuzzy Hash: 5bb03f6201ff081079e6deebc8f1b2ed3fa2a9bdc9057a18d75694c0adf28ae1
                                • Instruction Fuzzy Hash: 8CE02B2260A16057DB34D81CF84C7EA5ABCA3843A0F090C7AE94BCB142CCD05804C3E2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 03220938, Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.602039750.0000000003220000.00000040.00000040.sdmp, Offset: 03220000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                • Instruction ID: 618e09ddbf49d729c97f02359bfbfc1044610f8c8f8a815d88dab1c4d9ff73a7
                                • Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                • Instruction Fuzzy Hash: 37F01D35104645DFC716CF04D940B16FBA6EB89718F24C6ADE9490B752C337D813DA81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BA6A8, Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 76d3eb4a982405195df0937f54625b87e7aa48c0cacc265f75ac02382999ac0b
                                • Instruction ID: 804ce4478166c63d24214f860eba8abe603c0c497145a39cca9259ef96d3d06c
                                • Opcode Fuzzy Hash: 76d3eb4a982405195df0937f54625b87e7aa48c0cacc265f75ac02382999ac0b
                                • Instruction Fuzzy Hash: 68F0A7713001018FCB04966CA45456E3BB6EBC9225354843EE50ACB351DE329C068791
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B8015, Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5f1d8f24a4674dd76603aaed30a248420eb67ba1df25ba0e0043ca8c7e0ef738
                                • Instruction ID: 6a6c9b4b001c7efe635129cb577a4bcebf22c52c053eda3996aab1a801394fc7
                                • Opcode Fuzzy Hash: 5f1d8f24a4674dd76603aaed30a248420eb67ba1df25ba0e0043ca8c7e0ef738
                                • Instruction Fuzzy Hash: 75F0E238202348CBCB25DB78D4408EEBBB5FF8224472095AED8555735BD734D802CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B57A2, Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 74486610a2c941a47f4fc9cab20055eee2cbb74473f315b3fac6e5c39ca29a40
                                • Instruction ID: acb571bba091b7ad205a64fc20d3eddcf1dc8c0970d69232e350b3e6e7cc1e35
                                • Opcode Fuzzy Hash: 74486610a2c941a47f4fc9cab20055eee2cbb74473f315b3fac6e5c39ca29a40
                                • Instruction Fuzzy Hash: 75F0E530B46204CBCB48E778FC113FD77B19F86204F2084B6E0169B2C0EF246C0587A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B77B7, Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cfa4829b05657277fdc9af16c3ce489ee827b521f42f0d83936f83ea9cece4aa
                                • Instruction ID: 62f7d2b70d6a32762836e69a92b458bd3409526934bcb068303a27701188995a
                                • Opcode Fuzzy Hash: cfa4829b05657277fdc9af16c3ce489ee827b521f42f0d83936f83ea9cece4aa
                                • Instruction Fuzzy Hash: 8BE09238B423555BCF94F3B998203EE66AA9FC1D14F94047DC516DF7C4EE204C0597A6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B89D8, Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ef6fc5745900270efb5e26271ff98339efc0d8002273fe75a240a306eeea8e7c
                                • Instruction ID: d0b0b50c06296d942aa49373b18e512a28c21bae561c8e3eef2812fbe488e62a
                                • Opcode Fuzzy Hash: ef6fc5745900270efb5e26271ff98339efc0d8002273fe75a240a306eeea8e7c
                                • Instruction Fuzzy Hash: 03F034B8D4A248EFCB40DFA4E59549DBFB0EF4A300B20A4E6C905D7212EA340A42CB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B8C38, Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1cac401e1af2b17213c9c054593f2f5e412cb8e93feae82541236089581bb3e2
                                • Instruction ID: 129acb2424c564d6614f11341ce1fa1abf6494b4df22bd264bc8903abb6bac26
                                • Opcode Fuzzy Hash: 1cac401e1af2b17213c9c054593f2f5e412cb8e93feae82541236089581bb3e2
                                • Instruction Fuzzy Hash: 2FF0E536B436518FC7628BB0A8281A47BF5EB4927231A45EBD902CB350DF788C40CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BD09E, Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b0452cf259ea180face8ad2d6b0e87bec0af5fbb5c0299005406a8495eaa78cf
                                • Instruction ID: 95f6ed72e94a20067376928d04420138c789f558e9d060bcd8a96eb5f8876d05
                                • Opcode Fuzzy Hash: b0452cf259ea180face8ad2d6b0e87bec0af5fbb5c0299005406a8495eaa78cf
                                • Instruction Fuzzy Hash: AFE0D81272E190ABCA05A62950211FDB7B7ABCA461319489BD906CB251DD518C03C3A3
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5D5F, Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 584983e5e72f20d595da8935420ca3b9e82c14639bdc86486277eab52a31c7cf
                                • Instruction ID: ca09f69bb526c26b3790b0d4d6f7238afe2648adee407f991b8a8bc4987bafe0
                                • Opcode Fuzzy Hash: 584983e5e72f20d595da8935420ca3b9e82c14639bdc86486277eab52a31c7cf
                                • Instruction Fuzzy Hash: 14E022215053808FC771DFAD685C2E5BBF45A5309032946EBD055CB113C9208800C714
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BEDD1, Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5c2e6f35902e7cc2df02707c34648b9496fd0f4d177dae2fba06da97ea601936
                                • Instruction ID: 68627ee0d8a9c2f4a7ea4d549e8b17f33c669e663a59835db3e216de5a87e686
                                • Opcode Fuzzy Hash: 5c2e6f35902e7cc2df02707c34648b9496fd0f4d177dae2fba06da97ea601936
                                • Instruction Fuzzy Hash: FFE026A360E3508BD766C498F8887F99B79ABAA255F0E0C77E44BCF143D4544804C3A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 032205F6, Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.602039750.0000000003220000.00000040.00000040.sdmp, Offset: 03220000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c36d67415599909fec25fc986f625186130003184b14398fdfcf4b2aa0c845ed
                                • Instruction ID: 5df8cfcc533b83817b1b4cf061b1085d18662eda8dbbd142d684cb0870f5ddcb
                                • Opcode Fuzzy Hash: c36d67415599909fec25fc986f625186130003184b14398fdfcf4b2aa0c845ed
                                • Instruction Fuzzy Hash: E3E092B66046004FD650DF0AEC81452F7D8EB88631718C47FDC4D8B701D535B504CFA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0153B0DF, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601045799.0000000001532000.00000040.00000001.sdmp, Offset: 01532000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e79af6730fe19fbb991dea650f98d4b3eff8524173a1096e041ea8b6c7feaed8
                                • Instruction ID: 9ee79cab3f560c2b90711145835f0031f861e601fa435866f060477a5a813f32
                                • Opcode Fuzzy Hash: e79af6730fe19fbb991dea650f98d4b3eff8524173a1096e041ea8b6c7feaed8
                                • Instruction Fuzzy Hash: 27E0D8B26412046BD2109F0A9C85B13FB98EB94A30F14C567ED495F702D171B5148AF5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BC2E8, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
                                • Instruction ID: 2089c863bd12f5a29711a4d52a5e455c9330caf11f5c11200cae4ba20d1e9258
                                • Opcode Fuzzy Hash: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
                                • Instruction Fuzzy Hash: 92F01536200B009FC330DF5AD584C47F7FAEF89A203558A6EE59A93A20C770F8048BA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B6130, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6db9df3df5b48a9e8424323a48fa8cbda27dfcfa06a91900fa0064e6ed39953e
                                • Instruction ID: 02e22bb0ff580e87cdaaf8b2b5e9dae1ea8393273b2c74bc49ab3d85b2489fb9
                                • Opcode Fuzzy Hash: 6db9df3df5b48a9e8424323a48fa8cbda27dfcfa06a91900fa0064e6ed39953e
                                • Instruction Fuzzy Hash: 66E0CD3574421B67C214A26D5810B6FE3EF6BD9652F150C3EE2079F390CC625C4343A4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BED60, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ff3e124cbed369b3332c40f88a7b2a6356df584e9cbd5261da657740b0682c5e
                                • Instruction ID: 64166625518a1a4cbee51c743a3e67e1a9109058b8024e8ee81c9975312eb96b
                                • Opcode Fuzzy Hash: ff3e124cbed369b3332c40f88a7b2a6356df584e9cbd5261da657740b0682c5e
                                • Instruction Fuzzy Hash: FFE086363055215FC624E69DD4209EE7BEAEBC56A03548C6ED80A8F340EEB2DC0687D0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BE5B8, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c1b7b814873beded3d6bb013241e9be5cc659282dbb6c1256d524d12e4c6fa6c
                                • Instruction ID: 23fd1195ecb5ced3829de5e85ed1733d74a824bd98d25b93f8a01df2062c6e74
                                • Opcode Fuzzy Hash: c1b7b814873beded3d6bb013241e9be5cc659282dbb6c1256d524d12e4c6fa6c
                                • Instruction Fuzzy Hash: 6BE04F322056225BC624D65DD9208EE77EAEBC6A60354886ED40A8F340FEA2DC0687D0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BE5F8, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ae8b89e69fccde00645756de82b32cf3acc323ee4b9313ff01ed45f3a2a7bb7d
                                • Instruction ID: 335c07c13eb0983ab1a5613e5aa8b8d155e6d8abd0e826f6b00415d8b2907cbd
                                • Opcode Fuzzy Hash: ae8b89e69fccde00645756de82b32cf3acc323ee4b9313ff01ed45f3a2a7bb7d
                                • Instruction Fuzzy Hash: 65E0267240B210CEC7E68A20F4191FA3B70B70D2627051C5BD54B86040D6215842C793
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BB002, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4d0b009d3f8199cc17b14eae8d572161ea8dd263550a4e4950f4ea47334cf547
                                • Instruction ID: 8fd6a743477f5643d63458d4cc7dd0ae516534badc1ca2325fcbf5524ab979df
                                • Opcode Fuzzy Hash: 4d0b009d3f8199cc17b14eae8d572161ea8dd263550a4e4950f4ea47334cf547
                                • Instruction Fuzzy Hash: 3BE022B561A2808FC3865BBCA4294683FF29F9E310301059AD416CF3A1EE398C40C322
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B8C48, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5f3f9ccd3b1f542d0dc8fc66bea28aea2829601849558f9d981ec71e43b8a122
                                • Instruction ID: 876859abb7dec2742966af24c11eacfc6000142d79de93f72cb0741494313e16
                                • Opcode Fuzzy Hash: 5f3f9ccd3b1f542d0dc8fc66bea28aea2829601849558f9d981ec71e43b8a122
                                • Instruction Fuzzy Hash: 98E09235B1352187C7A597A8A4145A877FEE78869132581AAEA06D7388DF70CC008BD1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B88D1, Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5b3d0ccd5e4987c9251ba133fb21251f5e17f54cb36d15eca35e0cf7963ea114
                                • Instruction ID: e1aac7835591b91338e14620844cc025f795f0b76f046b96346f514029dac219
                                • Opcode Fuzzy Hash: 5b3d0ccd5e4987c9251ba133fb21251f5e17f54cb36d15eca35e0cf7963ea114
                                • Instruction Fuzzy Hash: EAE06DB0806346CFC705EFB8D94A9ACBFB0EB06300F0055D9E80163151DB782A48CF25
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BD0E8, Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 88e6823407b5ac471184f0e8d10536b7bd2ab48ef75577ebd0bd261c45e84754
                                • Instruction ID: 2a2740f9ae507e23589d393d127da3cbe8d6e42f79be74295ba66540c9d9e094
                                • Opcode Fuzzy Hash: 88e6823407b5ac471184f0e8d10536b7bd2ab48ef75577ebd0bd261c45e84754
                                • Instruction Fuzzy Hash: 10E0DF36706610AFC315CA98E8608B8B7B6EFC9231309C8ABD509C7B41CA35AC039790
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BD0B0, Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ca1f1670f22d8c484d91be52f7e99da1208239aff412940046cfaafa4044cb28
                                • Instruction ID: be0f84fdca7366df289019909ebd7c0e20b73241d1c5ca47190d4422619534d7
                                • Opcode Fuzzy Hash: ca1f1670f22d8c484d91be52f7e99da1208239aff412940046cfaafa4044cb28
                                • Instruction Fuzzy Hash: CFE02B21329015E7C914E92E90205FEB3AFEBC9462318482FD507CB350CD52DC03C3A3
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B8AC0, Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b14eff5a544ece04cc402ebc3b3858c6aa4288cc78456654f497b27358e133d
                                • Instruction ID: 730a38017aed12d97da17ca92f3e391185aed4ad0954b7b99fbc7fa9186fa582
                                • Opcode Fuzzy Hash: 4b14eff5a544ece04cc402ebc3b3858c6aa4288cc78456654f497b27358e133d
                                • Instruction Fuzzy Hash: DDE01A7010568ECBD704EF58EA80CED3B7AFB50314F14DD56A4028B528EBB8AD058B82
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B89E8, Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a1c91f441a1aa82939ab4462d9a7e20ffa9de460c641c2856905d76cf6e3a288
                                • Instruction ID: 9be3fb6290a6f99d5f2729c1edca8e80f93417d338fdc7c61cd5af9e9c98ff6b
                                • Opcode Fuzzy Hash: a1c91f441a1aa82939ab4462d9a7e20ffa9de460c641c2856905d76cf6e3a288
                                • Instruction Fuzzy Hash: 83E0E578D15108EFCB44EFA9E549A9DBBF9FB48304F10D1A69C09A3311EB346A44CF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BB010, Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 67f5d5b66bd44b31534b1d9eabd38ae9abc83c9a2476140ad7d7ec1a0955f182
                                • Instruction ID: a3216d64bc9b5fcf144c53782d6c4f4bc18c3e12abf4988d7e4a7dd67e73bfb9
                                • Opcode Fuzzy Hash: 67f5d5b66bd44b31534b1d9eabd38ae9abc83c9a2476140ad7d7ec1a0955f182
                                • Instruction Fuzzy Hash: A0E0C2747282248BC748A77CA0199BD7EFB9B9D6513100569A92ACB390EE369C0143A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B88E0, Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b96c0bf66c096b2949e236f2f89fe92167235e9e4289f0fd3e652b8356fd38c1
                                • Instruction ID: 44ba6359b027b494f24b92be387a87a8ebffa714edbae132a3a26b82a82bd3e8
                                • Opcode Fuzzy Hash: b96c0bf66c096b2949e236f2f89fe92167235e9e4289f0fd3e652b8356fd38c1
                                • Instruction Fuzzy Hash: 2FE08CB0C15208DFC704EFB8E946AADBF74EB06305F1055A8E80533250DB746A48CB99
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BB690, Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dd308b636086000a756d626108a63c7d08cf5d8728cef833462d95d7242abeac
                                • Instruction ID: 3f92db7d254629d2702ac7b4198591e423a4aa1921bf716427057f0cc4bc98e0
                                • Opcode Fuzzy Hash: dd308b636086000a756d626108a63c7d08cf5d8728cef833462d95d7242abeac
                                • Instruction Fuzzy Hash: 67E0EC75A00B258B8334DF5F9401857FBFAFEC5A20714CA3E915987614DBB0A9058BE0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B0170, Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a089c434d27d93f85c7e38a29532e767ce0b01272586ec51e0d620a1d1d554d0
                                • Instruction ID: dbd74a015974ce7a16bbaf02d3e22432ea4e35120e2261343816d10eb6108741
                                • Opcode Fuzzy Hash: a089c434d27d93f85c7e38a29532e767ce0b01272586ec51e0d620a1d1d554d0
                                • Instruction Fuzzy Hash: D9E086751453009FC7195B70E4154987BB4EF4613031105BFD805CB751E67E8885DB11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BF3A6, Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7bc1e1b66762cec9ef26c2bc0cf7f16f728ad6a9b1308e69bf075c5c573f3e07
                                • Instruction ID: c885e111d90e39dc6fe2da89a3ee3c2123befb7212ddcdbe9a9ffd0743124557
                                • Opcode Fuzzy Hash: 7bc1e1b66762cec9ef26c2bc0cf7f16f728ad6a9b1308e69bf075c5c573f3e07
                                • Instruction Fuzzy Hash: B1D05B757901345F9648E56C98518FD67DEFBD5614304885EF80ADB341C9669C0247D0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B02A0, Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0ca7128454c13adc098c3138401d05d840198f325b14e553332962f1ef18a90e
                                • Instruction ID: 03f3e766f97260ecd181598eee56b49d1d7ce2e8a1ae627dbdeaa244b20018db
                                • Opcode Fuzzy Hash: 0ca7128454c13adc098c3138401d05d840198f325b14e553332962f1ef18a90e
                                • Instruction Fuzzy Hash: 90E0EC71549781DFC3618794E9598DABBF1FB822203158C5ED4928B554C728AD458711
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BEDA0, Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 64bada1b2d496d68ef17b2e476a312ad0f695997bb495ad1f34f2789fd3c0438
                                • Instruction ID: 49d1782227cb86515cde01f3b5be176d54565f091e4f72746d298295ebb332b3
                                • Opcode Fuzzy Hash: 64bada1b2d496d68ef17b2e476a312ad0f695997bb495ad1f34f2789fd3c0438
                                • Instruction Fuzzy Hash: E6E0C23110F641DFC3198720EC508E67B32DE4A3953064D9BE08B47A41EBA16840C351
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B6890, Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2caf17b54eb9ee99a95f033747192ba86ffe21506d50fdd32bdfaf651a9d6de3
                                • Instruction ID: 90c128975f9e8489824230120c5b904aec846232fbda20fa143a62edbf3eba81
                                • Opcode Fuzzy Hash: 2caf17b54eb9ee99a95f033747192ba86ffe21506d50fdd32bdfaf651a9d6de3
                                • Instruction Fuzzy Hash: 30D05E31A0D05EC7E61466E96414BED3AA99B84651F4D0227EE0ACB340DEC78C4063EA
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BF3A8, Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 56a406dd76d1b51a342a919c45eab1db50e8bc2f4c942ccc849b17f0fa2c0d4b
                                • Instruction ID: 5c5070223ad75c79956836a14dfda2376d3c1221fe6e6e918049cd7ab0074eb7
                                • Opcode Fuzzy Hash: 56a406dd76d1b51a342a919c45eab1db50e8bc2f4c942ccc849b17f0fa2c0d4b
                                • Instruction Fuzzy Hash: 5ED0A7253441342F9508F5AD8C518B977CEFBC69143448C5EF80ADF341CD62DC0243D0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B57F6, Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a32144dee5912ea227a7e1cbaeb5cdf217b08cc7ffe45433169818cc69acf114
                                • Instruction ID: bd2408be05ec483e6ca99dff922c5a0bd047b812e9b86764c81459f83a0f52f6
                                • Opcode Fuzzy Hash: a32144dee5912ea227a7e1cbaeb5cdf217b08cc7ffe45433169818cc69acf114
                                • Instruction Fuzzy Hash: BED01275F06208CBCF44E7E4A9551ECBB719BC5129B0454B6C117AB180DE21140997A1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BE608, Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e99de48e2d1aaf89af4f6ce471094d41795fd21fda976c6319093630a7fd32c7
                                • Instruction ID: bd55d947c2b0659bf75ff1d1d2a05bd082451111592418714d36d6c4b326102a
                                • Opcode Fuzzy Hash: e99de48e2d1aaf89af4f6ce471094d41795fd21fda976c6319093630a7fd32c7
                                • Instruction Fuzzy Hash: 7AD05E3151B220DBCA66DA64F0109FAB3B8A709592B005D2AE64B92140DA22B801D3E2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B064F, Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b2d624e25f63843939a97f97e32965d6b5160c81f87fbf9f82466d0266bf3ead
                                • Instruction ID: a1f157dc84f384b98c5307d8d4642b0c64d17a706fd175c995aa53cf2500d053
                                • Opcode Fuzzy Hash: b2d624e25f63843939a97f97e32965d6b5160c81f87fbf9f82466d0266bf3ead
                                • Instruction Fuzzy Hash: 09D05EF2886380CFC7568A706C164EA7BB4DAA226471288B6D81186911D27A2A579B61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B79A8, Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6764584f229702ddedde16a85011fc1f65be6d520517422627b7b8b01f5ff56f
                                • Instruction ID: 90ae7b87fb19114c68a64d40724a49b276eb4a276a72ec2b37d91aec3bbb7601
                                • Opcode Fuzzy Hash: 6764584f229702ddedde16a85011fc1f65be6d520517422627b7b8b01f5ff56f
                                • Instruction Fuzzy Hash: E2D0123100A754DAD736D675B404AE6BAFAAF85A14F440D6E9187056508561A584C3A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 015223F4, Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.600997574.0000000001522000.00000040.00000001.sdmp, Offset: 01522000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c2f50afaa2a2d3fec4a543413b9521b7f60e8b930490a7005770e1dce1980167
                                • Instruction ID: aa4a7d1ff04f64ee12849c3f5566f1fab05a79e3fd3849d530f46843ce4e9857
                                • Opcode Fuzzy Hash: c2f50afaa2a2d3fec4a543413b9521b7f60e8b930490a7005770e1dce1980167
                                • Instruction Fuzzy Hash: CDD05E7A205A914FE3268A1CC1A8B993FA4FF52B04F4644FAE8008F6A3C368D581D650
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5F51, Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2cfe1feaf901bd70abedb25629dd0f868109363adf503e2c0c215e20e8645945
                                • Instruction ID: cf939b1712fbb34148b6b2eb3d42b7ae36f226eaab3867a82fe9671427d40e8d
                                • Opcode Fuzzy Hash: 2cfe1feaf901bd70abedb25629dd0f868109363adf503e2c0c215e20e8645945
                                • Instruction Fuzzy Hash: AAD012301CA383AFCBA64BA0AC650E97FFCDD4313071505E7E846CA126E6AD5C86CB21
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BEDB0, Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0328847bcaa424d620cda079e0ac9c8b5f6b55dcdb82abc69a9d9e5f16c6b28b
                                • Instruction ID: d3c0c2b8f354bde343e9072d226bd6f16bec520274c5aa344aee5d349f6411ad
                                • Opcode Fuzzy Hash: 0328847bcaa424d620cda079e0ac9c8b5f6b55dcdb82abc69a9d9e5f16c6b28b
                                • Instruction Fuzzy Hash: 15D0C93111A614DBC228D665F4448EAB77ADA496E63114E6AD41B47640ABA2B881C790
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B7400, Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                • Instruction ID: a1a6767a169fa27621b888f489ff441393c9cd21b13d150b68c98dbcc25e0201
                                • Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                • Instruction Fuzzy Hash: 10D0423AA010048FC704DB88D5949D9FBF1EF88225F28C1A6D915A7651C732ED56CA50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 015223BC, Relevance: .0, Instructions: 14COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.600997574.0000000001522000.00000040.00000001.sdmp, Offset: 01522000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dd69b110f4907040851b9f501f4ce245f0b0c73001f9021944a3b58e6faa7de3
                                • Instruction ID: c619aee84b06a6c49b6a38bcaa3276684c64c32842e95fef656aae36e237559a
                                • Opcode Fuzzy Hash: dd69b110f4907040851b9f501f4ce245f0b0c73001f9021944a3b58e6faa7de3
                                • Instruction Fuzzy Hash: 56D05E392012814BD719DB1CC194F5D3BD4BF52B00F0644E8EC008F2A2C3A4E881C600
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BF3E1, Relevance: .0, Instructions: 14COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fff014a918b6299347e71d42d8a0eb9abc565a54e79207ccba0994aceaa0d4d2
                                • Instruction ID: bf9dd429699ee6e6526a61a764be31f11b67663bd126dca3e757ca00a1e62e96
                                • Opcode Fuzzy Hash: fff014a918b6299347e71d42d8a0eb9abc565a54e79207ccba0994aceaa0d4d2
                                • Instruction Fuzzy Hash: 90D0126990F7C44FCB87777078640D63F24094A11174A00C7EC998F347E9558409DB63
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B7E9E, Relevance: .0, Instructions: 13COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f441053dc40b223997c7433818ff2fce5af058b36fc4c9f6c03c36e6cea91bdd
                                • Instruction ID: 66d1498f4b6f83a1ad8f8d27b796e7ffbd6857a02b7c321c747636cc06593a06
                                • Opcode Fuzzy Hash: f441053dc40b223997c7433818ff2fce5af058b36fc4c9f6c03c36e6cea91bdd
                                • Instruction Fuzzy Hash: 5ED052B4A21208CFCB92CF71D9900DD77F0EB0A2207200B2AE822AB380F3385D048F10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5478, Relevance: .0, Instructions: 13COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1bd77ef5293d25fc1ad23ff06ac7d718e4b3055b079625255bcb9f18928d604a
                                • Instruction ID: 1b49ad1e2523ac1e9995216bc8942a4ac1093895606bfe84fc71ab37970feff0
                                • Opcode Fuzzy Hash: 1bd77ef5293d25fc1ad23ff06ac7d718e4b3055b079625255bcb9f18928d604a
                                • Instruction Fuzzy Hash: A3D012704052048FD7B497AA7D0D3AE7FBCA70A20FF0A41C1F42786E15DB745058E712
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B0180, Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: df231b92141abc46dbe43d528261181d99f6c54e50bb601602b6e06a970d9145
                                • Instruction ID: b0fd661731d8a7422639aa38ccd5bdcdcee578f6a03c4add8f850fbf7fddbbbf
                                • Opcode Fuzzy Hash: df231b92141abc46dbe43d528261181d99f6c54e50bb601602b6e06a970d9145
                                • Instruction Fuzzy Hash: 9CD01275201304CFCB1C2B74F01941C73A9AB49205351087DE8168B744EF36E840DB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5D70, Relevance: .0, Instructions: 11COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 22fce2bf484443aa44154e149ad65cc862c14d2b11d08792173d1402d737b3b0
                                • Instruction ID: 0d2fa086c1a0dbae3c7da657f861ccb1dc6bb63d1685c09897bc9b6388480c3c
                                • Opcode Fuzzy Hash: 22fce2bf484443aa44154e149ad65cc862c14d2b11d08792173d1402d737b3b0
                                • Instruction Fuzzy Hash: C4C08C20202E048FCA7467F06C0E26D37AC4A450803800294B80A8F200EE2098005241
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B9990, Relevance: .0, Instructions: 11COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c983fb90b3d1438a5381b67acc390b889191bccb71b1e10cc0f98ac356b9c7c1
                                • Instruction ID: 84136ea01b8050ffebfdddee51c303a5fb0ed248fc361e88eb5749f56e805cb9
                                • Opcode Fuzzy Hash: c983fb90b3d1438a5381b67acc390b889191bccb71b1e10cc0f98ac356b9c7c1
                                • Instruction Fuzzy Hash: 89B0923226820C0AEEA09AB97805B6636DC9780669F4440A2F90CC2900EA8AE4501245
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B6861, Relevance: .0, Instructions: 11COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b0cdf94b7a40a15bb974ddd7735aab5805282f8b746d8af54191c5100b70480
                                • Instruction ID: d873ce4a687b2088ec32b7410809f9810f4265ae6c8b93ccfb194dbe15a62479
                                • Opcode Fuzzy Hash: 4b0cdf94b7a40a15bb974ddd7735aab5805282f8b746d8af54191c5100b70480
                                • Instruction Fuzzy Hash: 17C08CEAB4F78C0FC302CA186839C907BE0F9E100838F00E7C08C8F662E316800C5318
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B0660, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7489637b789b8e8140d0d95b34ddef5ccaac6c924ffde304315e0c49ce0f75b2
                                • Instruction ID: 462d4d44294c111455e1ae6ea4bb056c2a4ab05a473882eb723bf9ffa258a5b6
                                • Opcode Fuzzy Hash: 7489637b789b8e8140d0d95b34ddef5ccaac6c924ffde304315e0c49ce0f75b2
                                • Instruction Fuzzy Hash: F9C02BB1047388CEC214967028054BF722956C0304300CC319811002108B337861D921
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BCE78, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9b6003c0ae9ea252fbb8ddf9afbb42b3ef8c3c119ab7d797985eba55b9c3ed51
                                • Instruction ID: 97dbc13cfc8e6ad64e9f7eb021126171bef2e5760850bef2561a90a05c7b6fb4
                                • Opcode Fuzzy Hash: 9b6003c0ae9ea252fbb8ddf9afbb42b3ef8c3c119ab7d797985eba55b9c3ed51
                                • Instruction Fuzzy Hash: 2EC09B335095584FD741555554941882B21DFF7224BAA3C92C151D7442D674C5A58625
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B998A, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0a53d73a7c36f4e4970ae8a110b429b466fb1c74b2aef4f4077d2f3a51ad31a1
                                • Instruction ID: 6eecdf22496efc132b85fda77e52cdeea22061dcabcaf41547cb6721b270d801
                                • Opcode Fuzzy Hash: 0a53d73a7c36f4e4970ae8a110b429b466fb1c74b2aef4f4077d2f3a51ad31a1
                                • Instruction Fuzzy Hash: ECB0123629C01546EF90C8E43E0156233ECC2411BF70819B3DF0CC0100F36AC1214785
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BF0F3, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 574212989d6d9752a5aed202b9db957939e0681236141f1c01d5019acf52f37c
                                • Instruction ID: 7e2beeea10890bd9af5855e464046bcafd8a1e2988939d491cb7d4f6b639c0f4
                                • Opcode Fuzzy Hash: 574212989d6d9752a5aed202b9db957939e0681236141f1c01d5019acf52f37c
                                • Instruction Fuzzy Hash: 0BC04C76E0504A8FDB149B99F4453ECB770E78436AF104466D21E52581867501599791
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B5F60, Relevance: .0, Instructions: 9COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 76e578032e9d97d535e0690a66b1dd97b6c49db7fd48e3b7d144618bd1ed4273
                                • Instruction ID: 3d1399a0d076c3cf3ae859494fafa264836a469ad8b905455cc31282a229bebf
                                • Opcode Fuzzy Hash: 76e578032e9d97d535e0690a66b1dd97b6c49db7fd48e3b7d144618bd1ed4273
                                • Instruction Fuzzy Hash: 57B09230246A4ACBC6A06BB1690C2A9B7AC99496097490195F56FC6208EA6198149662
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BF3F0, Relevance: .0, Instructions: 8COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f37190008183e958868cfd765057d3d0b04453dd994fac991eeed6f2411b0dd8
                                • Instruction ID: afa5fcf536814994247141acdeefedc02bdd7bb3ef172c04b65ad16a3d13ec9b
                                • Opcode Fuzzy Hash: f37190008183e958868cfd765057d3d0b04453dd994fac991eeed6f2411b0dd8
                                • Instruction Fuzzy Hash: D9B0123454170C4BCD8433F8B0080DEBB9C0980500B810411781D4B301BD6464048551
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030B7424, Relevance: .0, Instructions: 8COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                • Instruction ID: 81128c6d82dc98a0c9eae4aaef6e702a85789d30d5f472c15fd3a3ceb0ee2eca
                                • Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                • Instruction Fuzzy Hash: B2B092B7A09008C9DB00DA84B4413EDFB30EB90226F104433C31062800D33201A88691
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions

                                Function 030BDDE0, Relevance: 5.0, Strings: 4, Instructions: 50COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: U$X1(r$X1(r$X1(r
                                • API String ID: 0-2854810989
                                • Opcode ID: 2340c41ab705a28abeb719a216c7ce0919992a1e8f6e82704746431d98cea14b
                                • Instruction ID: 869ef1f6264ceb8751744ca7a24057f19dca2204102cb89d0294a8ecb695489a
                                • Opcode Fuzzy Hash: 2340c41ab705a28abeb719a216c7ce0919992a1e8f6e82704746431d98cea14b
                                • Instruction Fuzzy Hash: AD01F530B0A2559BC759EF6D88202EEBBF6AFC2640B2844ADC44A8F785CD31CD019396
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BDDD0, Relevance: 5.0, Strings: 4, Instructions: 46COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: U$X1(r$X1(r$X1(r
                                • API String ID: 0-2854810989
                                • Opcode ID: e6f36d6531803d55976d3d9296ef81d3581752800538e219e806ce61849777a9
                                • Instruction ID: 00f22261b8d398e3a9feb83f69937b92302ba219974c99be1f725b4d96c50f8d
                                • Opcode Fuzzy Hash: e6f36d6531803d55976d3d9296ef81d3581752800538e219e806ce61849777a9
                                • Instruction Fuzzy Hash: 4301F962B0E3908FC7969F6858203E97FB6BFD665571D44DBC0CACF656D921CC028392
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BDC01, Relevance: 5.0, Strings: 4, Instructions: 29COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: U$X1(r$X1(r$X1(r
                                • API String ID: 0-2854810989
                                • Opcode ID: f853773f40ec495335d17f00cf79501849f47871399db636f0d83b7657289ee7
                                • Instruction ID: fb55bdb9e686f4edd8b06a3c878f16f91f6e204f14e622d41a35dc66d1c9ed7b
                                • Opcode Fuzzy Hash: f853773f40ec495335d17f00cf79501849f47871399db636f0d83b7657289ee7
                                • Instruction Fuzzy Hash: 13E02B227093914BC3E4EF6C94141EA77E61BD6A5571D44AEC099CF386D970CC0193D5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 030BDC59, Relevance: 5.0, Strings: 4, Instructions: 27COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000006.00000002.601624836.00000000030B0000.00000040.00000001.sdmp, Offset: 030B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: U$X1(r$X1(r$X1(r
                                • API String ID: 0-2854810989
                                • Opcode ID: 42bf52941891903a081ed105612350c8d079adc030b5c2107309b33c1a46ea4a
                                • Instruction ID: a4da9479fca0fafaab8e9fcb62d7fe640a864d0b1ebf0c8affdd1719f0168bd5
                                • Opcode Fuzzy Hash: 42bf52941891903a081ed105612350c8d079adc030b5c2107309b33c1a46ea4a
                                • Instruction Fuzzy Hash: EFE0E5223093D14FC365EB6C84141A97BE65FD6A4471840EAC0958F386C920CC0193A6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Analysis Process: Doc.exe PID: 1112 Parent PID: 904 Doc.exeCOMMON

                                Executed Functions

                                Function 070D1D09, Relevance: 1.9, Strings: 1, Instructions: 676COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.337156681.00000000070D0000.00000040.00000001.sdmp, Offset: 070D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: (
                                • API String ID: 0-3887548279
                                • Opcode ID: 9cc45f6d91986e04a3a97c7e8421275bdc978f32eb12166e9ba54bf3f03e5139
                                • Instruction ID: abfce6c60e4d8221ae7bb6127dfe54ebc6d8a13e4ae8cfe28ec730aafb851287
                                • Opcode Fuzzy Hash: 9cc45f6d91986e04a3a97c7e8421275bdc978f32eb12166e9ba54bf3f03e5139
                                • Instruction Fuzzy Hash: 5652E4B0945329CFDB64DF68C888BECB7B5BB4A310F1092E9856DA6291DB744EC5CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B056F4, Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: $g%r
                                • API String ID: 0-359987751
                                • Opcode ID: 0f8fbc7be542c7a7170054e2cecfb7dea180d6c4b37f10369f8a9a2c896e29fb
                                • Instruction ID: 3fbce42c375e2b938eccff26976259a9eaa9582fa396fca3954fd2607be7afa2
                                • Opcode Fuzzy Hash: 0f8fbc7be542c7a7170054e2cecfb7dea180d6c4b37f10369f8a9a2c896e29fb
                                • Instruction Fuzzy Hash: 8B22B274945228CFDB64CF64C888BEDBBB2FB49304F1091E9D50AA76A1DB706E85CF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170A55B, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                Download Yara Rule
                                APIs
                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0170A5DB
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: AdjustPrivilegesToken
                                • String ID:
                                • API String ID: 2874748243-0
                                • Opcode ID: b37db742eebc22c631e4314fe52aeff64b12674c51042561a58e4e4795a11f66
                                • Instruction ID: 33b073c65f5e67205a26cba8919ec70874da4828a715fcaa9f6ace8b0e46bad0
                                • Opcode Fuzzy Hash: b37db742eebc22c631e4314fe52aeff64b12674c51042561a58e4e4795a11f66
                                • Instruction Fuzzy Hash: 87219F755097849FEB138F25DC44B52BFF4EF06310F08849AE9858F1A3D275A918CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170ABB3, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0170AC29
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: InformationQuerySystem
                                • String ID:
                                • API String ID: 3562636166-0
                                • Opcode ID: 0b81ea44a4d7a1445c6a9be574aab42672c6b2bd501f21c827035ec7d9f21a30
                                • Instruction ID: b3c5ec8011cffce5d52bdc9221053f3bffa0ab8a996e90bb7ff0024ecac77273
                                • Opcode Fuzzy Hash: 0b81ea44a4d7a1445c6a9be574aab42672c6b2bd501f21c827035ec7d9f21a30
                                • Instruction Fuzzy Hash: F021CD7640D7C4AFDB238B20DC45A52FFB4EF16314F0984DBE9848B1A3D265A90DDB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170A592, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0170A5DB
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: AdjustPrivilegesToken
                                • String ID:
                                • API String ID: 2874748243-0
                                • Opcode ID: 852b5a87ee3fdfae37e75b598de8c319e1d6e7bf0a06387840cf294eae3b2164
                                • Instruction ID: 02eebb7010cfd7eeb70dda71c45954e7a72f93f3a449087a09248913f59ac7ce
                                • Opcode Fuzzy Hash: 852b5a87ee3fdfae37e75b598de8c319e1d6e7bf0a06387840cf294eae3b2164
                                • Instruction Fuzzy Hash: 61118C75500700DFDB218F69D884B56FBE8EF04220F18C4AAED558B692D371E418CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170ABEE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0170AC29
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: InformationQuerySystem
                                • String ID:
                                • API String ID: 3562636166-0
                                • Opcode ID: 97c809722eab8b6d372299b82256aafbf05227f471e6bc5bb9198b3b9c56d790
                                • Instruction ID: d9addc99bc39a88b41ae2b6835045e4c30e282de714aa0bedde54dc2cac3be56
                                • Opcode Fuzzy Hash: 97c809722eab8b6d372299b82256aafbf05227f471e6bc5bb9198b3b9c56d790
                                • Instruction Fuzzy Hash: 86018B31804744DFDB228F19D884B66FFE4EF48720F08C49AED894B296C275A458CF62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B01370, Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: X1(r
                                • API String ID: 0-3909273932
                                • Opcode ID: 264d5eb7c77e81906aa5dbd251b1bfd7bdd4725339f6a2c1279c5bde6390d2d6
                                • Instruction ID: 03bcaf93fa0b6ad67f8dc0adca8d4d7e3d2b0a2a52ea6bffb129cf0d593c4643
                                • Opcode Fuzzy Hash: 264d5eb7c77e81906aa5dbd251b1bfd7bdd4725339f6a2c1279c5bde6390d2d6
                                • Instruction Fuzzy Hash: 8F510474D05208DFDB08DFA9D4986AEBBF2FF88314F20E06AD915A7384D7345946CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031BFD28, Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: V,'
                                • API String ID: 0-3577607949
                                • Opcode ID: 64db9d70e6f898d78250d5b9ce75735f870ddaffcf2f8ebb8f3d72bfde7afe6c
                                • Instruction ID: ce430b1dc05215d6bdab3d58518c3111835e4dafa2e8fc1b2a6dfada1066f0c4
                                • Opcode Fuzzy Hash: 64db9d70e6f898d78250d5b9ce75735f870ddaffcf2f8ebb8f3d72bfde7afe6c
                                • Instruction Fuzzy Hash: B041B1B4D052099FCB48DFA9D9845AEFBF2EF88311F24846AD805A7368DB345A41CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B00988, Relevance: .3, Instructions: 342COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0d838b9571ed62db9abebbda79c7b4be307a90965009e5f0550737510637bed4
                                • Instruction ID: 49ec31b415eb2e5afebca8d54a5e9a767b9c07ab33e49511be1a9264c50b8cb5
                                • Opcode Fuzzy Hash: 0d838b9571ed62db9abebbda79c7b4be307a90965009e5f0550737510637bed4
                                • Instruction Fuzzy Hash: 6EE12374D4922DCFDB24DFA5D948BAEFFB2FB49310F50A4AAC419AB284DB7065418F10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B0097A, Relevance: .3, Instructions: 338COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 15910cd2872778196f3a2bdca676932c8b2dbe7ff2dd4855e9f9fc2c93007e3e
                                • Instruction ID: 973f98d672c462c29c45070de8f49fd2495d80a50ef5446411306d95a97b2229
                                • Opcode Fuzzy Hash: 15910cd2872778196f3a2bdca676932c8b2dbe7ff2dd4855e9f9fc2c93007e3e
                                • Instruction Fuzzy Hash: 89E13374D4921DCFCB24DFA5D988BAEFFB2FB49310F54A4AAC409AB284DB7065418F10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B3CA5, Relevance: .3, Instructions: 337COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5a27c2253c1fd7a1f5641ce8f03d1353b0054ce3786b913a5452181aa8d4daa4
                                • Instruction ID: 5a1517ce7e1790ae74b6c960812380f38f4814d771bcc72fb70c5a2d035710b3
                                • Opcode Fuzzy Hash: 5a27c2253c1fd7a1f5641ce8f03d1353b0054ce3786b913a5452181aa8d4daa4
                                • Instruction Fuzzy Hash: 79E19D74905219DFCB04CFA8C9809DEFBB2FF4D350B559A99C412AB209C731EA95CFA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B3C9E, Relevance: .3, Instructions: 325COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 05287083065f2df5d977eec709f765e9e5950e856a6bc7cc464369fa603015fd
                                • Instruction ID: e82381178413d288c555dd3f35b75dac62d27b9ba6153d97628eeb7caef26cbb
                                • Opcode Fuzzy Hash: 05287083065f2df5d977eec709f765e9e5950e856a6bc7cc464369fa603015fd
                                • Instruction Fuzzy Hash: EAE19E74905219DFCB04CFA8C9808EEFBB2FF4D350B559999C412AB209C731EA95CFA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B3D80, Relevance: .3, Instructions: 254COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 587673009029007676ea71d5bf3b74ef7851b48da8490f5d377408fc12058fad
                                • Instruction ID: b9e18721dd1b31f4ad97d2d18ad680435ccabd480733e1194bdcb2e1bd63d8af
                                • Opcode Fuzzy Hash: 587673009029007676ea71d5bf3b74ef7851b48da8490f5d377408fc12058fad
                                • Instruction Fuzzy Hash: DFB11A7490521ADFCB08CFA8C5848EEFBB2FF48350B559959D412BB218C731DA91CFA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B1CF9, Relevance: .2, Instructions: 233COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 204895a22aedf0ab245deca0e9e9e5d09e7f239c3e88e0c1dd767c515bb2e24e
                                • Instruction ID: f2af2fc0b5aa42407e44db3e6f2a7efc5ab9ac16c82521f8b2565089a60612c6
                                • Opcode Fuzzy Hash: 204895a22aedf0ab245deca0e9e9e5d09e7f239c3e88e0c1dd767c515bb2e24e
                                • Instruction Fuzzy Hash: F5A14274D05219DFCB18CFA9C894ADDBBB2FF8A300F1585A9D401AB218D734AA46CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031BA420, Relevance: .2, Instructions: 225COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a9251946d3eff8b138a2842c53bce6c5c3dcacafceea96df7c99072c9aea9fa0
                                • Instruction ID: a231a3bfca035bec0d28c9ac52a961f174ddab48804178406c602e8c37c5d452
                                • Opcode Fuzzy Hash: a9251946d3eff8b138a2842c53bce6c5c3dcacafceea96df7c99072c9aea9fa0
                                • Instruction Fuzzy Hash: 21A1FFB4E15208DFCB18DFA8E5986EDBBB1FF4D311F24842AD406AB244DB349985CF24
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B1D90, Relevance: .2, Instructions: 175COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ebcfef76076f3fda4625e3e97eaa27de0b60a8d2ab488baae43081834cddae37
                                • Instruction ID: 39cffaf42dbcb43c4752ec8f8f30c6fcee9c1d25dbb2acc7ad8090f5423c2046
                                • Opcode Fuzzy Hash: ebcfef76076f3fda4625e3e97eaa27de0b60a8d2ab488baae43081834cddae37
                                • Instruction Fuzzy Hash: 3181D274D05219EFDB18CFA9C494AEEFBB2FF89300F118169D406BB254D7349A468F54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B907F, Relevance: .2, Instructions: 158COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6399627d2d74db9d363ec49830123ab3c552a0652d7035125d94afa2db99b781
                                • Instruction ID: 96120a855f43dfc6f3531f2d72cfdf99bc57c522653dbb5fb479d946558cfcb6
                                • Opcode Fuzzy Hash: 6399627d2d74db9d363ec49830123ab3c552a0652d7035125d94afa2db99b781
                                • Instruction Fuzzy Hash: 2C7103B4D05209DFCB18DFA8D5885ADBBB6FF8D310F20806AD906A7354DB345A42CB55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B1229, Relevance: .1, Instructions: 139COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6f76a77d56a561db49eca1b79e46751250f3af0242d27bc0bf85ca3ccda91c80
                                • Instruction ID: 905ae0fc2c1916693e48d7cd25eba39ee6e988d5a8ac24b77ad70ea06fbd318c
                                • Opcode Fuzzy Hash: 6f76a77d56a561db49eca1b79e46751250f3af0242d27bc0bf85ca3ccda91c80
                                • Instruction Fuzzy Hash: 9D515071D00218DFDB18CF6ACC94B9ABBB2FF9A300F09C5A5C8489B219D7306645CF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B2594, Relevance: .1, Instructions: 137COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a668e160e1bc3483454e9c1420532ce90fb0dcba6c8803e4f28e19c63bbbde58
                                • Instruction ID: df471fa9cf48b64a04d9304735a7d94eeed28f09d2b9cd02f8282dab25d696fc
                                • Opcode Fuzzy Hash: a668e160e1bc3483454e9c1420532ce90fb0dcba6c8803e4f28e19c63bbbde58
                                • Instruction Fuzzy Hash: 23511A74D042098FCB08CFAAC5945EEFBF2EB88300F15D869D515B7254D7349A86CFA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B03B98, Relevance: .1, Instructions: 132COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f4813f0e8ec0917c33bc0b63cea52bef48ab7f3b7f64dca85de33ad79b859e0c
                                • Instruction ID: b2703638d44f4b0f9cf20f734e9a5c04ea40ff36964f246cc40e627ebd7b86e2
                                • Opcode Fuzzy Hash: f4813f0e8ec0917c33bc0b63cea52bef48ab7f3b7f64dca85de33ad79b859e0c
                                • Instruction Fuzzy Hash: FA41DE71F042698BDB18DF6A884469EFFF7AFC9210F24C4AAD509EB284DB305D058B61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B2F18, Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 86bd9fa105d71dc40a98029ca73640561857e81d5541d654b589203d6671c372
                                • Instruction ID: e8f22bf5ee831ea8669c9e9d5af4d97723336ca6058b0a5bdc080d70957f2fd8
                                • Opcode Fuzzy Hash: 86bd9fa105d71dc40a98029ca73640561857e81d5541d654b589203d6671c372
                                • Instruction Fuzzy Hash: BC31EAB5E013188BDB19CFAAD84469EBBB3EF89310F14C0AAD409AB359DB355985CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B6031, Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 41d5f5228392dc04e5410ecce9bb3c4ff17e2a42bd61fa55fdfa553a88ac0390
                                • Instruction ID: c2cd4c934e648d5f3ca82dc71374d8e4cb544a0404d669f3e383eea87655337e
                                • Opcode Fuzzy Hash: 41d5f5228392dc04e5410ecce9bb3c4ff17e2a42bd61fa55fdfa553a88ac0390
                                • Instruction Fuzzy Hash: 02211971E056189FEB18CF6BDC406DEBBF3AFDD200F19C0A6C448AA265DB740A458F51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B043F8, Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 84a3313cc08e468019f1133233a74ade75e68839e529ccb8b7ebd08fccc8929c
                                • Instruction ID: 5bd2afdc6406ced1dc00f78f824e9e689f9beb60f245cbea5b2203f9db6a618a
                                • Opcode Fuzzy Hash: 84a3313cc08e468019f1133233a74ade75e68839e529ccb8b7ebd08fccc8929c
                                • Instruction Fuzzy Hash: 3011A8B1D05609CBEB48DFABD84429EFAF7BFC8200F14D17A8A18A6254EB7416458F51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF10EA, Relevance: 1.6, APIs: 1, Instructions: 145fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05AF11F9
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: CreateFile
                                • String ID:
                                • API String ID: 823142352-0
                                • Opcode ID: d809200856dec5cfa8266f13872b324829091703c12a65db8b753cf19d9e2496
                                • Instruction ID: 2460a25fc4e89c86dd7ff6057987fecb43dba22fc2967fdb1cf2f1a2b2d73e6b
                                • Opcode Fuzzy Hash: d809200856dec5cfa8266f13872b324829091703c12a65db8b753cf19d9e2496
                                • Instruction Fuzzy Hash: BA515C7150E3C09FE7138B658C64A56BFB8AF47210F0A44DBE9C4DF1A3D264A809C775
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF155F, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05AF160F
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: c2685f14a3ee8af1026dc9ffb3c4216e38bdf51e49496181bc20068308cd779c
                                • Instruction ID: 3f82430a161b9e44d0f9b43ad19a8a389f7e1170463475afc0b7acb5367f5333
                                • Opcode Fuzzy Hash: c2685f14a3ee8af1026dc9ffb3c4216e38bdf51e49496181bc20068308cd779c
                                • Instruction Fuzzy Hash: 4E31B6714043446FEB128B65DC44F66BFBCEF05310F0884AAF985CB152D724A919DB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF0B92, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                Download Yara Rule
                                APIs
                                • GetTokenInformation.KERNELBASE(?,00000E2C,C826936B,00000000,00000000,00000000,00000000), ref: 05AF0C3C
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: InformationToken
                                • String ID:
                                • API String ID: 4114910276-0
                                • Opcode ID: d91123c9f1c986b70a2acc63efb6457d47f55e55739fa23d4dc416216d437dc7
                                • Instruction ID: 076639ef6fbe4a8daf63184048630fad7d8e4ad3459b8919f38e41a06ff4c30b
                                • Opcode Fuzzy Hash: d91123c9f1c986b70a2acc63efb6457d47f55e55739fa23d4dc416216d437dc7
                                • Instruction Fuzzy Hash: DC31E7B14093806FEB228F64DC45F97BFB8EF06310F08849AFA859F153D620A509D7B1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170B5EE, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0170B69D
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: 5b6389c7c515829cae331b80673754f85f0592ec71edffec0aba7741f89f3005
                                • Instruction ID: e9e6b96ef0c0e27d46c319f18adca786b0acf25f2db33ce94dad2b9092a7945e
                                • Opcode Fuzzy Hash: 5b6389c7c515829cae331b80673754f85f0592ec71edffec0aba7741f89f3005
                                • Instruction Fuzzy Hash: 4431A472504384AFE7128B65CC45FA7BFFCEF05310F08849AED819B152D665A509CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF08CE, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateMutexW.KERNELBASE(?,?), ref: 05AF0975
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: CreateMutex
                                • String ID:
                                • API String ID: 1964310414-0
                                • Opcode ID: 3caeb4716dfe85ef420cf4e1727dbaf9aac39bb683f2b84598f586706e1095f7
                                • Instruction ID: 979ac4d42059c42f7c5438b31fbd6302bfb943d2b49acb6c56dd99b5d445f81b
                                • Opcode Fuzzy Hash: 3caeb4716dfe85ef420cf4e1727dbaf9aac39bb683f2b84598f586706e1095f7
                                • Instruction Fuzzy Hash: DF3181715097806FE712CB65DC84F56BFF8FF06310F08849AE985CB293D364A909C761
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170B6E5, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,C826936B,00000000,00000000,00000000,00000000), ref: 0170B7A0
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 9c0a98e1f6b92cba19ea71b3f1e8b801f8ab3e06ec70b6f1cc53d5a6787a8042
                                • Instruction ID: ebf41a5db16e663e365678fc21edeb36a3c47e99d99afbb134abc49b4e831f27
                                • Opcode Fuzzy Hash: 9c0a98e1f6b92cba19ea71b3f1e8b801f8ab3e06ec70b6f1cc53d5a6787a8042
                                • Instruction Fuzzy Hash: C131AF75508780AFE722CB25CC84F92BFF8EF06320F18849AE985CB192D264E549CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170A7C8, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                Download Yara Rule
                                APIs
                                • GetExitCodeProcess.KERNELBASE(?,00000E2C,C826936B,00000000,00000000,00000000,00000000), ref: 0170A85C
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: CodeExitProcess
                                • String ID:
                                • API String ID: 3861947596-0
                                • Opcode ID: 148937bfb98122c8018c05db31a19adce7b15024cf9048e666bfa3b1d665e3a1
                                • Instruction ID: de3ebe7605d7a8d0f7341c3fe4c46d0123dcc495ecb802b1b3bed92230e5b148
                                • Opcode Fuzzy Hash: 148937bfb98122c8018c05db31a19adce7b15024cf9048e666bfa3b1d665e3a1
                                • Instruction Fuzzy Hash: 5E21E7B15093806FE7128B64DC45F96BFB8EF42320F0884EBE984CF193D264A545C761
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170AD2C, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                Download Yara Rule
                                APIs
                                • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0170ADC6
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: 22e63dd7d0d306ceae35f38600670659272b4013735f98d0f4a17bd8563d51a8
                                • Instruction ID: 89fef7a56231db7a036e88a1c6dcf5b3d700c37d408d6e0367d4f0285f420248
                                • Opcode Fuzzy Hash: 22e63dd7d0d306ceae35f38600670659272b4013735f98d0f4a17bd8563d51a8
                                • Instruction Fuzzy Hash: 9E21A77144D7C06FD7138B259C51B62BFB8EF87610F0A81DBE884CB5A7D224A919C7B2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF1592, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05AF160F
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: 55a9ee71874292af401e38c902efaab970e8a04b49c9715855ab28e2350b9afc
                                • Instruction ID: 9882788fb53a657c1b41fb52193c720511bf3d445574e57ef732f9159ffe87c9
                                • Opcode Fuzzy Hash: 55a9ee71874292af401e38c902efaab970e8a04b49c9715855ab28e2350b9afc
                                • Instruction Fuzzy Hash: 81219072500204AFEB219FA5DC84F6AFBADEF08320F18886AFA459B151D674A554CBB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF1250, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                Download Yara Rule
                                APIs
                                • GetFileType.KERNELBASE(?,00000E2C,C826936B,00000000,00000000,00000000,00000000), ref: 05AF12E5
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: FileType
                                • String ID:
                                • API String ID: 3081899298-0
                                • Opcode ID: 874f33d41a3e6dfaa76e52770ccae664cd134a3c4e6c5d7f806b0c5d1482402f
                                • Instruction ID: e35e0f561887339071422d75a4f8552e97f03a0c82e909b1b3d90511c96a0c5e
                                • Opcode Fuzzy Hash: 874f33d41a3e6dfaa76e52770ccae664cd134a3c4e6c5d7f806b0c5d1482402f
                                • Instruction Fuzzy Hash: 522128B58087806FE7128B65DC40FA6BFBCEF42320F1880DAF9809B153D224A909C771
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF166D, Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                Download Yara Rule
                                APIs
                                • DeleteFileW.KERNELBASE(?), ref: 05AF16F4
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: DeleteFile
                                • String ID:
                                • API String ID: 4033686569-0
                                • Opcode ID: 492f76d76c3fafca6eeb9a6a92fb37a2b919861d86bf703884b8d04f33a0f5b6
                                • Instruction ID: 62f170b2ac9a0a039be74754767f218cc480e96271c8c0228070182a4604dfa5
                                • Opcode Fuzzy Hash: 492f76d76c3fafca6eeb9a6a92fb37a2b919861d86bf703884b8d04f33a0f5b6
                                • Instruction Fuzzy Hash: B0219F7650D3C09FDB12CB35DC54A92BFB4AF13610F0D84DAED858F263D225A908CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF117A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05AF11F9
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: CreateFile
                                • String ID:
                                • API String ID: 823142352-0
                                • Opcode ID: d7b3505f34c94e3890c69cf909e85868925c150a5ccae9ed40b82a4dca80933f
                                • Instruction ID: fb6db3f6a5259cfc9f605f5121816ed589f6e8e0a0987c372b01838165f899ef
                                • Opcode Fuzzy Hash: d7b3505f34c94e3890c69cf909e85868925c150a5ccae9ed40b82a4dca80933f
                                • Instruction Fuzzy Hash: EE217C71504640AFEB21DFA6D944F6AFBE8FF08310F14846DEA859B252D771F404CB65
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF1320, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                Download Yara Rule
                                APIs
                                • WriteFile.KERNELBASE(?,00000E2C,C826936B,00000000,00000000,00000000,00000000), ref: 05AF13B1
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: FileWrite
                                • String ID:
                                • API String ID: 3934441357-0
                                • Opcode ID: b817375b986ddb52d985a29e4f2d2029ced1f79d98d5c561de23e1cb63685f0a
                                • Instruction ID: 43c476791a6099696a2a8c64e8e05803e5b752ee281371201b0a58493001e6a7
                                • Opcode Fuzzy Hash: b817375b986ddb52d985a29e4f2d2029ced1f79d98d5c561de23e1cb63685f0a
                                • Instruction Fuzzy Hash: 92219271409780AFD7228B65DC84F56BFB8EF06314F08849BFA849F153C264A409CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170B61E, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0170B69D
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: 068f89a7cd7b51c73214e05b28e13137362a3974337677380efbcc6554ada537
                                • Instruction ID: 2d6dbf932f08df31b203236930babb5862e85144ee0a5637591e9d4e4bb4edd8
                                • Opcode Fuzzy Hash: 068f89a7cd7b51c73214e05b28e13137362a3974337677380efbcc6554ada537
                                • Instruction Fuzzy Hash: C521A4B6500304AFEB219B59DC85F6BFBECEF04310F14845AEE459B281D631E5088A71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF0902, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateMutexW.KERNELBASE(?,?), ref: 05AF0975
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: CreateMutex
                                • String ID:
                                • API String ID: 1964310414-0
                                • Opcode ID: 77f1834efaff28f98f809ca01378a007df0d93df759c18b1246ecc21a5257c6c
                                • Instruction ID: 781fb1c13bd015fb5a67b997c5dd95f328a299f3294faadc123e98d967ddb8d9
                                • Opcode Fuzzy Hash: 77f1834efaff28f98f809ca01378a007df0d93df759c18b1246ecc21a5257c6c
                                • Instruction Fuzzy Hash: 15218EB1604240AFF720DF69DC89F66FBE8FF04320F14846AEA559B286E770E504CB65
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170AAEF, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                • K32EnumProcesses.KERNEL32(?,?,?,C826936B,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 0170AB6A
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: EnumProcesses
                                • String ID:
                                • API String ID: 84517404-0
                                • Opcode ID: 4abbf370ac4a8f8d910de40cad716ee713bc39777d908aa25760f7fa0ef670c7
                                • Instruction ID: 26f3922fa5f756be612e74ccc479de8963cd8d23cc8bf75df36b881b80459157
                                • Opcode Fuzzy Hash: 4abbf370ac4a8f8d910de40cad716ee713bc39777d908aa25760f7fa0ef670c7
                                • Instruction Fuzzy Hash: 6A219D755097809FEB138B25DC54BA2FFB8EF47210F0984EAE9848F193D264A808CB21
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170A1F4, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE ref: 0170A26C
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: 9ba11b0966b9ea404eee563abf1dc3b20d2e596ed69f201730d446c34bbb94f1
                                • Instruction ID: f26805dd4a0249f8324a128bb38ac21b2f60be0044057eb5f35ccfc78ff13b34
                                • Opcode Fuzzy Hash: 9ba11b0966b9ea404eee563abf1dc3b20d2e596ed69f201730d446c34bbb94f1
                                • Instruction Fuzzy Hash: CC21597540E7C09FD7138B65C854656BFB4AF43220F0A84EBD984CF1A3D279A848CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF0BD2, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                • GetTokenInformation.KERNELBASE(?,00000E2C,C826936B,00000000,00000000,00000000,00000000), ref: 05AF0C3C
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: InformationToken
                                • String ID:
                                • API String ID: 4114910276-0
                                • Opcode ID: f6772fc08b9e23510b64f212482975cff5b540327fe74bac8f541247dc57aa14
                                • Instruction ID: 9da16899226a33930558d914fc0e546140a0250e9a005c7add1c9d89789198e6
                                • Opcode Fuzzy Hash: f6772fc08b9e23510b64f212482975cff5b540327fe74bac8f541247dc57aa14
                                • Instruction Fuzzy Hash: 92118EB1500204AFEB21CFA5DC84FABBBECEF04320F14846AEA45DB141D664A409DB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170B726, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,C826936B,00000000,00000000,00000000,00000000), ref: 0170B7A0
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 4350662dc74db5286d3b1ed05c98121b3ea22f5676b5000befa02371961a7fcf
                                • Instruction ID: 66817ae667eeaff3ac325516b3de60a4bc515b3f879c85d25abb3d6a40131d74
                                • Opcode Fuzzy Hash: 4350662dc74db5286d3b1ed05c98121b3ea22f5676b5000befa02371961a7fcf
                                • Instruction Fuzzy Hash: 8E218EB5500704AFE721CE29CC84F66FBECEF04710F18946AEA45DB291D760E508CA71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF1930, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05AF19B0
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: 7d7adc212f83c453a344410a2d7660f9d5afb99003a2aff9d196c84ea40c9ef7
                                • Instruction ID: 0db154f66d0612f3265c947b3a298ba1f9adf024932915e7667fd0607a0aba35
                                • Opcode Fuzzy Hash: 7d7adc212f83c453a344410a2d7660f9d5afb99003a2aff9d196c84ea40c9ef7
                                • Instruction Fuzzy Hash: 5621B3761097C09FD7228B65DC95E96FFB4EF07210F0984DFE9858B163D224A848DB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170A628, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE(?), ref: 0170A694
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: bd970e93d534b18f41e11376b79f968f4b8d9aa573d9616f10ae0e83a0ea665f
                                • Instruction ID: 792fa2eb414466d07e48be7cafdda16571cc1a731fcc0a9bb890248fd824ecfe
                                • Opcode Fuzzy Hash: bd970e93d534b18f41e11376b79f968f4b8d9aa573d9616f10ae0e83a0ea665f
                                • Instruction Fuzzy Hash: AB21C37250D3C09FDB138B25DC54792BFB4AF47324F0984DAEC858F2A3D264A908CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170A8C0, Relevance: 1.6, APIs: 1, Instructions: 68memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0170A93D
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 2f86cbef914d18900accabe78abc117fb75f40043257d09466cc9a30b570881b
                                • Instruction ID: 67e9972744f36fa3bb5987bbbbe36ad28460b22f45d115db0c6e420e7a8e8af6
                                • Opcode Fuzzy Hash: 2f86cbef914d18900accabe78abc117fb75f40043257d09466cc9a30b570881b
                                • Instruction Fuzzy Hash: 2B21AF765097C09FD7238B24DC50A52BFB4EF07220F0984DFE9858F1A3D224A918DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170A34F, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                Download Yara Rule
                                APIs
                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0170A3BE
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: LookupPrivilegeValue
                                • String ID:
                                • API String ID: 3899507212-0
                                • Opcode ID: 20284b7a9ce3d20e155fa5e9ca799be6b2fd41455515dd9ca070420db6b2dc80
                                • Instruction ID: a8a6c806ac2f2fc67154822894a2a2d2d2a3504d91099d628f2fb8039e3995a0
                                • Opcode Fuzzy Hash: 20284b7a9ce3d20e155fa5e9ca799be6b2fd41455515dd9ca070420db6b2dc80
                                • Instruction Fuzzy Hash: 2B2163715093809FEB228F29DC44B56FFE8EF55220F0884AAED45CB252D264E404CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170BDFD, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0170BE79
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: LibraryLoadShim
                                • String ID:
                                • API String ID: 1475914169-0
                                • Opcode ID: 48ceb1bbe7e62d3753324df63745d9217ee74e16d44a06d10ed622c0aeb84b3a
                                • Instruction ID: 2d709f3f5bd3bc0aebbd1cdd75f9510ea5f5ce6ba79ef2949c893af02e428333
                                • Opcode Fuzzy Hash: 48ceb1bbe7e62d3753324df63745d9217ee74e16d44a06d10ed622c0aeb84b3a
                                • Instruction Fuzzy Hash: 092193755097849FE7228A25DC45B52FFF8EF06610F08849AED84CB293D275A908CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF1A91, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageW.USER32(?,?,?,?), ref: 05AF1B05
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: 8e5d8a1255c1742b8d1e75f41ef7bcb3a74a5d982555575a8ba768df5928aeb2
                                • Instruction ID: 82bf8271d0fc6997619235c3ad1d30f4afddf63583f75193d4c8f09b5bb3287e
                                • Opcode Fuzzy Hash: 8e5d8a1255c1742b8d1e75f41ef7bcb3a74a5d982555575a8ba768df5928aeb2
                                • Instruction Fuzzy Hash: EA21897240D7C09FDB238B25DC54A62BFB4EF07220F0984DAE9848F163D225A858DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170AFC0, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0170B032
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: 39d35e540943623d0ff12dc3f5b2aab84939ac0887f082167b32a5ece224af21
                                • Instruction ID: 01c9b85ed1f9b34a2a01a2d9d26ebbd4b77e692e043b3b870642f6bf733b1391
                                • Opcode Fuzzy Hash: 39d35e540943623d0ff12dc3f5b2aab84939ac0887f082167b32a5ece224af21
                                • Instruction Fuzzy Hash: D9219035409780AFDB22CF65DC45A52FFF4EF0A220F0984DAE9858F163C375A459DB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170A806, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                Download Yara Rule
                                APIs
                                • GetExitCodeProcess.KERNELBASE(?,00000E2C,C826936B,00000000,00000000,00000000,00000000), ref: 0170A85C
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: CodeExitProcess
                                • String ID:
                                • API String ID: 3861947596-0
                                • Opcode ID: 40f4efc5b31c23e6ccb6010f32e1ccff869ce02d1f7a1a48ce2b745e3e815f0b
                                • Instruction ID: 319fdf68950a62615aee01e1ca84fc87fb6165189681e1266950d31d1f153367
                                • Opcode Fuzzy Hash: 40f4efc5b31c23e6ccb6010f32e1ccff869ce02d1f7a1a48ce2b745e3e815f0b
                                • Instruction Fuzzy Hash: B711C471504300AFEB128B69DC85B6AFB98EF44320F18C4AAED04CB281D674A5448A71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF1352, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                Download Yara Rule
                                APIs
                                • WriteFile.KERNELBASE(?,00000E2C,C826936B,00000000,00000000,00000000,00000000), ref: 05AF13B1
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: FileWrite
                                • String ID:
                                • API String ID: 3934441357-0
                                • Opcode ID: c34cd20f3b4d4c1019d322df6c0cdf34c1882c6b87c9af3710f6ccc719159f4e
                                • Instruction ID: b9835173a91879b3697c3ad943e14bbd61c7407ae47b1b7ff89ff580e2d23484
                                • Opcode Fuzzy Hash: c34cd20f3b4d4c1019d322df6c0cdf34c1882c6b87c9af3710f6ccc719159f4e
                                • Instruction Fuzzy Hash: B411C171904600EFEB21CFA5DC84FAAFBA8EF44320F14856AFE559B641C774A408CBB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF188F, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05AF18F4
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 347fbcc819386da2455b3d78f37d0b7f3347b73495bdb0df92318c9a6060ad5a
                                • Instruction ID: df641d0e4c4cf8cbfee80ff16cbd71788fc1ae8df26512d8066d3c344468173b
                                • Opcode Fuzzy Hash: 347fbcc819386da2455b3d78f37d0b7f3347b73495bdb0df92318c9a6060ad5a
                                • Instruction Fuzzy Hash: 2811B2764097809FDB228F25DC44E62FFB4EF06220F08C4DEED858B563D275A558DB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF17E8, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                Download Yara Rule
                                APIs
                                • SetThreadContext.KERNELBASE(?,?), ref: 05AF1847
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: ContextThread
                                • String ID:
                                • API String ID: 1591575202-0
                                • Opcode ID: 9e02fdce3f59975b53c8fe15d840fb037e9eb0a2cc0a35c12613ed831a491bcc
                                • Instruction ID: 59a87114e015a7bdfafab50eaf9920c92b5cc7455b8bbbf67fbc0ae5e5f9bac5
                                • Opcode Fuzzy Hash: 9e02fdce3f59975b53c8fe15d840fb037e9eb0a2cc0a35c12613ed831a491bcc
                                • Instruction Fuzzy Hash: D311C1715083849FE711CF65DC84F66FFE8EF06220F0880AAED458B262D274E848CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170A376, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                Download Yara Rule
                                APIs
                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0170A3BE
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: LookupPrivilegeValue
                                • String ID:
                                • API String ID: 3899507212-0
                                • Opcode ID: 34b2f184cd7831733565ee42d2565c478b72b9a334bdadf2ad77af7d56af9fd3
                                • Instruction ID: df337b436367222c8ba2640651003488fccd8efae08801b2f5dc6b1df0f91326
                                • Opcode Fuzzy Hash: 34b2f184cd7831733565ee42d2565c478b72b9a334bdadf2ad77af7d56af9fd3
                                • Instruction Fuzzy Hash: 32116175A04341CFEB21CF69D885B56FBE8EF54220F08C4AAED49CB682D6B4E444CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF1292, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • GetFileType.KERNELBASE(?,00000E2C,C826936B,00000000,00000000,00000000,00000000), ref: 05AF12E5
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: FileType
                                • String ID:
                                • API String ID: 3081899298-0
                                • Opcode ID: a28d1f1036bfb790b811df8c0e7a7f9969e6ea1e64b4572c793590bb044620f0
                                • Instruction ID: cde21bd31f2887b77aac10e87d14313146cc4c4809b4420ec3c2907cccc21103
                                • Opcode Fuzzy Hash: a28d1f1036bfb790b811df8c0e7a7f9969e6ea1e64b4572c793590bb044620f0
                                • Instruction Fuzzy Hash: 2201D2B1904604AFE710CB99DC85FAAFBACEF44720F14C4AAFE549B281C674A504CBB5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170ADEC, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                Download Yara Rule
                                APIs
                                • OutputDebugStringW.KERNELBASE(?), ref: 0170AE48
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: DebugOutputString
                                • String ID:
                                • API String ID: 1166629820-0
                                • Opcode ID: b964f405afcdec011193d17a32da998e4cceec00b1f33c9b726dbcd9caff5e37
                                • Instruction ID: 157a15085e2d90dfd9d71b4b961aac53cf6d65f9bd5bf22ec598cb5a9d7a8bbc
                                • Opcode Fuzzy Hash: b964f405afcdec011193d17a32da998e4cceec00b1f33c9b726dbcd9caff5e37
                                • Instruction Fuzzy Hash: B01182715097849FD712CB25DC85B56FFF8EF06620F0980DAED858F293D274A948CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170B8BC, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0170B91C
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: f0a8f98f9533607c6ace8da85dff9adc02e54cef67c90cc6d1dff3059e032560
                                • Instruction ID: 99dfd0df7710052989a8779fd722777336d0799877e3553b60f7072cca321b54
                                • Opcode Fuzzy Hash: f0a8f98f9533607c6ace8da85dff9adc02e54cef67c90cc6d1dff3059e032560
                                • Instruction Fuzzy Hash: C8118836409784EFDB228F15DC84E56FFF4EF0A220F08849AED854B262C375A558DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170AB2A, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                Download Yara Rule
                                APIs
                                • K32EnumProcesses.KERNEL32(?,?,?,C826936B,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 0170AB6A
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: EnumProcesses
                                • String ID:
                                • API String ID: 84517404-0
                                • Opcode ID: d9a7b2e01188cc916588d85646ec1f7edc4abf747c3940150ff4e5ac8694f8b8
                                • Instruction ID: 1a24637340f956f538cc2418b37280e621da598bfa80de91291922da386ad5ee
                                • Opcode Fuzzy Hash: d9a7b2e01188cc916588d85646ec1f7edc4abf747c3940150ff4e5ac8694f8b8
                                • Instruction Fuzzy Hash: 27118475504705CFDB21CF69D884756FBE8EF44220F08C4AADD49CB292D674E444CF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170AE86, Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                Download Yara Rule
                                APIs
                                • ResumeThread.KERNELBASE(?), ref: 0170AEDC
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: 87591108fcd78f3b8e7819842da8a74c439e76154c3d68de304c750afca250dc
                                • Instruction ID: 95bfa3f3eb01a055347bc99f13b3e43150568ad89e3e134eabc3ed72331c2bb1
                                • Opcode Fuzzy Hash: 87591108fcd78f3b8e7819842da8a74c439e76154c3d68de304c750afca250dc
                                • Instruction Fuzzy Hash: 07016171409384AFD7128B15DC44B62FFB8EF46620F08C09AED859B252D275A958DB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF16BA, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                Download Yara Rule
                                APIs
                                • DeleteFileW.KERNELBASE(?), ref: 05AF16F4
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: DeleteFile
                                • String ID:
                                • API String ID: 4033686569-0
                                • Opcode ID: 47bf02fd6ce31cd38e29ac2e5ce35b7bbaac521db79217e39023e18f595ab5ba
                                • Instruction ID: b4dd1007f69b27db84ca7d002bcfe91305720c54da269828ac98b2fbbf8616df
                                • Opcode Fuzzy Hash: 47bf02fd6ce31cd38e29ac2e5ce35b7bbaac521db79217e39023e18f595ab5ba
                                • Instruction Fuzzy Hash: 8B01B171A04240CFDB10CF6AD884B66FBE8EF00220F08C0AAEE59CF242D674E404CF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF196A, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05AF19B0
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: a6c1a156a134b1eecc776a833585f6d321885efc0d31cfcd2efb6779e9ef7e87
                                • Instruction ID: 3fb59a2a76b0f0b8c7e0e897146d69426b4dfb6094a793b9829741a013cda0f4
                                • Opcode Fuzzy Hash: a6c1a156a134b1eecc776a833585f6d321885efc0d31cfcd2efb6779e9ef7e87
                                • Instruction Fuzzy Hash: CE016D75504604DFEB20CF55D884F66FBE8EF04320F08C4AAEE598B655D271E458DFA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170BE2E, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0170BE79
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: LibraryLoadShim
                                • String ID:
                                • API String ID: 1475914169-0
                                • Opcode ID: ee1802406108b1050319c527b08f8ffd88ae40112c3ce8a4ae921325875bc36a
                                • Instruction ID: 31b479588f33c3f1cea32775f72a2232f5ad001e17f13a86438a156ebcb09bc6
                                • Opcode Fuzzy Hash: ee1802406108b1050319c527b08f8ffd88ae40112c3ce8a4ae921325875bc36a
                                • Instruction Fuzzy Hash: 49018075500700DFEB21CE19D885B16FFE8EF08620F08C49ADE498B296D270E908CA71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170AFEE, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0170B032
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: c8b9486813a2db2c70e81465fb5be1558d950c609a365f2f3b1e86999c89ccf7
                                • Instruction ID: 6a711ba2b8500b4d154173dbd9df591bbc8008aed36bc4a2af821958a04ac310
                                • Opcode Fuzzy Hash: c8b9486813a2db2c70e81465fb5be1558d950c609a365f2f3b1e86999c89ccf7
                                • Instruction Fuzzy Hash: 92018B75800700DFDB22CF55D844B56FFE4EF08320F08C4AAEE598B692C275A018CF62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF180A, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                Download Yara Rule
                                APIs
                                • SetThreadContext.KERNELBASE(?,?), ref: 05AF1847
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: ContextThread
                                • String ID:
                                • API String ID: 1591575202-0
                                • Opcode ID: 243ccf7aa6d3e06c4ba0dc2b8ef207cedfd11383046c075f30413f03d92ac100
                                • Instruction ID: eb7274921406b8ab436c2160d92dedb1fee5070a614d8ead2e3462f783748668
                                • Opcode Fuzzy Hash: 243ccf7aa6d3e06c4ba0dc2b8ef207cedfd11383046c075f30413f03d92ac100
                                • Instruction Fuzzy Hash: 2501D475604200CFEB10CF55E984B65FFE8EF04220F08C0AAEE598B252D274E444CFA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF18B6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05AF18F4
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: b983389835fc3b290a4848fdeb95d0a90b1844da0f23bec5d14b4167e060601c
                                • Instruction ID: b0768382e0e3b175a52ea3dec4d2aee890f5aca79a15565465478ee1ade728c2
                                • Opcode Fuzzy Hash: b983389835fc3b290a4848fdeb95d0a90b1844da0f23bec5d14b4167e060601c
                                • Instruction Fuzzy Hash: 9B019E36500640DFDB208FA5E884B66FFA4EF04320F08C49EEE958A651C275A458DFA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170AD76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0170ADC6
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: ad95125fac326baec936bc0dc635cfd7b7528fb4cc40a108f41eb6e0b3d7c1df
                                • Instruction ID: 4e6214f4e25607956736aadd01b5433069bc24b34f275e9b3eb933a9768959c2
                                • Opcode Fuzzy Hash: ad95125fac326baec936bc0dc635cfd7b7528fb4cc40a108f41eb6e0b3d7c1df
                                • Instruction Fuzzy Hash: AC01AD72500600ABD310DF1ADC86B26FBF8FB88B20F14815AED088B745E635F915CBE6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170A662, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE(?), ref: 0170A694
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: d6671416384cacea7619a6c18ca022e91bbf54b6945dd56b269648a18625a87c
                                • Instruction ID: 374a00e756e0fd6475f5aad5c138a2ecafa5969b1bf3dd9c6ac70d46a47b9ac2
                                • Opcode Fuzzy Hash: d6671416384cacea7619a6c18ca022e91bbf54b6945dd56b269648a18625a87c
                                • Instruction Fuzzy Hash: 5B01BC75904340CFDB118F29E884756FBE8EF80321F08C0AADC498B282D274A458CA62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170A23A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE ref: 0170A26C
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: 55b32fe109c4463721eb2f67117e7d7a193fb270ac08cb38424901e2398da252
                                • Instruction ID: 9a3763badf9001a7b878820bcd5d59d2d8273b46c3572c426f5e40013c831296
                                • Opcode Fuzzy Hash: 55b32fe109c4463721eb2f67117e7d7a193fb270ac08cb38424901e2398da252
                                • Instruction Fuzzy Hash: E101DF71908300CFDB118F29D884766FBE4EF80220F08C0BAEC098F282D275A404CA61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170A902, Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0170A93D
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: afcd4d0a138eb2c02bbacaabf61550eacdfc7688dc4f8f721706101419128c70
                                • Instruction ID: 76c5693120247aa652841c024952ba7cc9e77dd5f9b756b54b870afe647a7532
                                • Opcode Fuzzy Hash: afcd4d0a138eb2c02bbacaabf61550eacdfc7688dc4f8f721706101419128c70
                                • Instruction Fuzzy Hash: 5D01B176610700CFDB218F19D884B65FFE4EF04320F08C09AED868B692D271A418CF62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170AE0E, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                Download Yara Rule
                                APIs
                                • OutputDebugStringW.KERNELBASE(?), ref: 0170AE48
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: DebugOutputString
                                • String ID:
                                • API String ID: 1166629820-0
                                • Opcode ID: dc17828b528b738887be1c1ead7db0fd307dda8aa15cb5ab1d5cf92abfaf8bd2
                                • Instruction ID: b944bbd8784b417f95ac8b61033ecc7e784b224465e9da881267676702a7f0d5
                                • Opcode Fuzzy Hash: dc17828b528b738887be1c1ead7db0fd307dda8aa15cb5ab1d5cf92abfaf8bd2
                                • Instruction Fuzzy Hash: 44016271504744DFDB11CF29D886765FFE8EF48620F18C49ADD498B286D275E844CA61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170B8DE, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0170B91C
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 20eb01834fb8376304dadf7b8fca1bbdf6a3f1fba85ec8c6a9d25f66128da8b4
                                • Instruction ID: 831b8a1316866d5f04df2b406408bc76818dc8711149dfbab497871c55cceae0
                                • Opcode Fuzzy Hash: 20eb01834fb8376304dadf7b8fca1bbdf6a3f1fba85ec8c6a9d25f66128da8b4
                                • Instruction Fuzzy Hash: 3401DF35414700DFDB228F15D884B25FFE0EF08320F08C49AED890B292C371A158DF62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05AF1ACA, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageW.USER32(?,?,?,?), ref: 05AF1B05
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333077235.0000000005AF0000.00000040.00000001.sdmp, Offset: 05AF0000, based on PE: false
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: ba24727e726d4c03bb5a844c51ffb171a7dc385724d2a8f150255ce9ba210622
                                • Instruction ID: 28692dfe40e7c35373614c5a3f59805faf9e01a88fd3a32017221d2dc8376fb3
                                • Opcode Fuzzy Hash: ba24727e726d4c03bb5a844c51ffb171a7dc385724d2a8f150255ce9ba210622
                                • Instruction Fuzzy Hash: 6A018B31404640DFDB20CF55D884B65FFA5EF48320F08C49AEE594B652D275A458CFB2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0170AEAA, Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
                                Download Yara Rule
                                APIs
                                • ResumeThread.KERNELBASE(?), ref: 0170AEDC
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323124364.000000000170A000.00000040.00000001.sdmp, Offset: 0170A000, based on PE: false
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: 5e53fed60fa4c876a9f8ad6bc7f6de618b0d42ee6df12d46b28ed5b64f2de3ba
                                • Instruction ID: 0fd76bc88eddf714a592d23c68e77a9c74def358294c399cdbc7f6aff005f330
                                • Opcode Fuzzy Hash: 5e53fed60fa4c876a9f8ad6bc7f6de618b0d42ee6df12d46b28ed5b64f2de3ba
                                • Instruction Fuzzy Hash: 39F0AF74414744CFDB21CF19D885765FFE4EF48321F18C0AADD498F296D275A848CEA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B01380, Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: X1(r
                                • API String ID: 0-3909273932
                                • Opcode ID: 5d6d5f714ce759c72cb7662a3819e8e08f3c5b23c177beacc027ee1250e3f502
                                • Instruction ID: 9829392a45ed86c1d142dde6e5dc485a10c398095e81eadd59bc6b29edcc3977
                                • Opcode Fuzzy Hash: 5d6d5f714ce759c72cb7662a3819e8e08f3c5b23c177beacc027ee1250e3f502
                                • Instruction Fuzzy Hash: DF51F474D05208DFDB08DFA9D4986AEBBF2FB88314F20E069D916A7388D7345942CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B00006, Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: 6)m3
                                • API String ID: 0-2887479794
                                • Opcode ID: 71253c3cb6fdfc55215d32dea90a204b4e1af02c7969e1a8bf25e370e13a0607
                                • Instruction ID: fce7cc12f3928644538388aa23a659594c6f68f7c753a6965d39e1f6c42fce58
                                • Opcode Fuzzy Hash: 71253c3cb6fdfc55215d32dea90a204b4e1af02c7969e1a8bf25e370e13a0607
                                • Instruction Fuzzy Hash: 82514D71C0A3899FCB01DFA4D4846EEBFB1FF46210F5590DAC441EB292E2385A45CF62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B0CD9B, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: p
                                • API String ID: 0-2181537457
                                • Opcode ID: 546f02ce80bebc2a76ef6eed716d42293415c6b29fabac380c3d1e4ee0c208d2
                                • Instruction ID: b5c883616811f75fa4cc142f89181a754471ffef6847285dda30451b52a79232
                                • Opcode Fuzzy Hash: 546f02ce80bebc2a76ef6eed716d42293415c6b29fabac380c3d1e4ee0c208d2
                                • Instruction Fuzzy Hash: 42312834D89219CFCB60CF68C4407BDFFBABB0A214F50A2D9D159A7282DB356E818F51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B0CD98, Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: p
                                • API String ID: 0-2181537457
                                • Opcode ID: 11401d09c82f90d8e3d655d41ff3245011ace537837512e03c0a3094995b6185
                                • Instruction ID: e0f23f45202b28cd3acf1cf0a5faf8f51fd2feab4352b3d5d0cc571c87e0dfd4
                                • Opcode Fuzzy Hash: 11401d09c82f90d8e3d655d41ff3245011ace537837512e03c0a3094995b6185
                                • Instruction Fuzzy Hash: 03310574D89219CFCB60CF58C8407BDFEBABB4A210F10A2D5915AA7282DB306E818F51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B04ECC, Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: 5N?q^
                                • API String ID: 0-3362871639
                                • Opcode ID: f07e78f8e01e2cbdee5e809e3d97f17b0907400747f1ef49b770094652de297f
                                • Instruction ID: 9946f4ea67849f8627a7d03a53c1f52d4ec5221278eff878d57afeeee35d7a1d
                                • Opcode Fuzzy Hash: f07e78f8e01e2cbdee5e809e3d97f17b0907400747f1ef49b770094652de297f
                                • Instruction Fuzzy Hash: 39318D78905349CFCB00DFA9D9846ADBBF2FF49204F15A09AC551E7395EB306A02CF90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B0CE1F, Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: p
                                • API String ID: 0-2181537457
                                • Opcode ID: 159a8f584e6b3ba62edb2bb1411cf0ae42126d5514df3988c05bb8b59850e4aa
                                • Instruction ID: eb1ccc1129ceb90a45e25c884d789f796885ad08b5314c394f6fdd20c86080d9
                                • Opcode Fuzzy Hash: 159a8f584e6b3ba62edb2bb1411cf0ae42126d5514df3988c05bb8b59850e4aa
                                • Instruction Fuzzy Hash: 22212D34E89219CFCB60CB68D8407BDBFB6BF46210F10A2D5D15DA7292DB316D858F41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B28D0, Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: l
                                • API String ID: 0-2517025534
                                • Opcode ID: 3a2cf3bb677a6091a1090e1db89a8c4a2130d3f983d6c3885e99abd106f309fd
                                • Instruction ID: fbfbba5421d2f79b2ef09104b5f4e9f05f016e9ee534969c3ae67876b3fa290f
                                • Opcode Fuzzy Hash: 3a2cf3bb677a6091a1090e1db89a8c4a2130d3f983d6c3885e99abd106f309fd
                                • Instruction Fuzzy Hash: F62139B4E0421ADFCB08CF99C5849AEFBF2FF89300F1189A9D418AB214D3349A458F91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B42C1, Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: 7a<
                                • API String ID: 0-3256968585
                                • Opcode ID: 900ce95516c5e5ab464fdcbc5a543623da488bda06dd3599b497ab7ff975cb15
                                • Instruction ID: b64b76accb0b517f03a57baf6c7803a7f1b05a41cec7a6f76989807bdee48f6a
                                • Opcode Fuzzy Hash: 900ce95516c5e5ab464fdcbc5a543623da488bda06dd3599b497ab7ff975cb15
                                • Instruction Fuzzy Hash: E4216870904219DBCB08CFAAC5809AEFBB5FF49300F99C5A6C055AB266DB309A41DF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B04F20, Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: 5N?q^
                                • API String ID: 0-3362871639
                                • Opcode ID: a70de1fe8318a6afcea40eb733c5eb6f8d64265a8ee6bd48f8dfd30a95ca3b26
                                • Instruction ID: 8e1636414d42855cb678f3f451f148d0c633d06585a41b31b9583f4a7ac5bf37
                                • Opcode Fuzzy Hash: a70de1fe8318a6afcea40eb733c5eb6f8d64265a8ee6bd48f8dfd30a95ca3b26
                                • Instruction Fuzzy Hash: FC21D674E01309DFCB44DFA9D8849ADBBB2FF88300F148169D915A7354DB34AA01CF91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B8A21, Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: (
                                • API String ID: 0-3887548279
                                • Opcode ID: a78c8c886114e4749f4014e088dc0894843574c8880a7e64a9172a845c56ae2c
                                • Instruction ID: c6f9346216a5fe56b11902f8f6da7e917944cea443d285c54633f0b8111de3f8
                                • Opcode Fuzzy Hash: a78c8c886114e4749f4014e088dc0894843574c8880a7e64a9172a845c56ae2c
                                • Instruction Fuzzy Hash: C1F01770D0021A8BCB55CF64CC44BEEB7B6BF89300F2080A9C40977298DB315E80CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B8096, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: <
                                • API String ID: 0-4251816714
                                • Opcode ID: 521f5de5cb0532a801f85aa8e93948a6e5babfb8a3eafe1e8806991fa371c0f5
                                • Instruction ID: 900679d9f031d7d4604ee731ae2fae0dc7a7fbbcce75886062eb830f3999ef02
                                • Opcode Fuzzy Hash: 521f5de5cb0532a801f85aa8e93948a6e5babfb8a3eafe1e8806991fa371c0f5
                                • Instruction Fuzzy Hash: B2F03AB09012688BCBB4DF24C9486EDBAB5AB49761F1180E9C40D76224DB305AC58F01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B06985, Relevance: .3, Instructions: 292COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8800169d21945cf2cfcce8ed63b43147c32f77f811876ca165698796a71ba2f1
                                • Instruction ID: e090c132a72a2278dc416b9bf00df771cc6d57d2804136357ea950a316afd072
                                • Opcode Fuzzy Hash: 8800169d21945cf2cfcce8ed63b43147c32f77f811876ca165698796a71ba2f1
                                • Instruction Fuzzy Hash: 5FD13674905245CFDB10CF98C188A9CFFB2FB05318F19E0A5D445AB2A2DB79F885CBA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B06933, Relevance: .3, Instructions: 278COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 07074164cdd91874270d4353f29e2e912cae09b874e13d77ab8cb08fd4bd01f9
                                • Instruction ID: 305166a24e0486acc1a267b173defee45f61e6d92e3c06d6b36ace965ada43b5
                                • Opcode Fuzzy Hash: 07074164cdd91874270d4353f29e2e912cae09b874e13d77ab8cb08fd4bd01f9
                                • Instruction Fuzzy Hash: 48C10574901105CFDB10CF98C148AADFBB2FB08318F59E1A5D455AB2A2DB79F885CFA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B2043, Relevance: .2, Instructions: 231COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bf5d15cea653e465a1c7e134b1f9738924030760373024c3eb76815690adc413
                                • Instruction ID: 20b398aec437863b936d79242978544c9e8f04e1569ab45462a569d4b82cd106
                                • Opcode Fuzzy Hash: bf5d15cea653e465a1c7e134b1f9738924030760373024c3eb76815690adc413
                                • Instruction Fuzzy Hash: BCA19F74E0021ACFDB44DFA8C584ADEFBB2FF88310F218669D515AB259D730A946CF91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B03A15, Relevance: .2, Instructions: 219COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c7568554a120ea9893cb2676f1db53c4d70c7a964dbe81b963b214aba52e75bc
                                • Instruction ID: 05c592154332476c64c426ec535a925bf97e48e92c7c079289c02800bc5825fb
                                • Opcode Fuzzy Hash: c7568554a120ea9893cb2676f1db53c4d70c7a964dbe81b963b214aba52e75bc
                                • Instruction Fuzzy Hash: F391D5B4E08258DFDB10DFA8C488AADFBF2FF49304F24A599D405B7285D774A945CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B03D59, Relevance: .2, Instructions: 215COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 74f11637b11f705e62eb352bc0cff96c7340df0d362fe34fada42f8833fe5b82
                                • Instruction ID: c5de7aa00fc68a702e88a125b462c01eb5e243710ef286c5c7aa8d1416c025f7
                                • Opcode Fuzzy Hash: 74f11637b11f705e62eb352bc0cff96c7340df0d362fe34fada42f8833fe5b82
                                • Instruction Fuzzy Hash: 2F91E674E05368CFDB60DFA9C848BADBBF2FB49300F2065A9D509A7285DB706985CF01
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 070D2AA6, Relevance: .2, Instructions: 181COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.337156681.00000000070D0000.00000040.00000001.sdmp, Offset: 070D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5918590672018791d5a288575b49eb65aa904a815c300b55d37461ab830a739d
                                • Instruction ID: bc626c953c0a710586efb37bf062f946d1e58a082d19505162fbc1eb39bc0510
                                • Opcode Fuzzy Hash: 5918590672018791d5a288575b49eb65aa904a815c300b55d37461ab830a739d
                                • Instruction Fuzzy Hash: 167106B085A32ACFDB64DF68C8447ECB7B1BB46320F1092EA8069B6290D7354EC5CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B06150, Relevance: .1, Instructions: 141COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f3bc0ae6cd06d77b6591edd77f15331eb2370276f7e387f1eebfc987b13502f5
                                • Instruction ID: 67063fc8498f8554e9e1f9d9bdfb2cf0a5d7114813952dbe14cd2d01778a86e4
                                • Opcode Fuzzy Hash: f3bc0ae6cd06d77b6591edd77f15331eb2370276f7e387f1eebfc987b13502f5
                                • Instruction Fuzzy Hash: 1F51F674D8A208EFDF10CF98D544BEDBFB6BB0A310F1471A5E405A7281D334AAA5CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B029F8, Relevance: .1, Instructions: 119COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 005e0fdd64af555c5a9aff19d64a579e9c65853b2c10fc98188ed8b41fe540b6
                                • Instruction ID: 64e6002782e0bca30e91086c03a31537094da457658f1457884925d541739a3d
                                • Opcode Fuzzy Hash: 005e0fdd64af555c5a9aff19d64a579e9c65853b2c10fc98188ed8b41fe540b6
                                • Instruction Fuzzy Hash: 43415878D09209DFCB14DFA8E4586AEFFB2EB49300F14A0AAD805B3391DB346945CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031BA088, Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8df1e50becaff9a67918e50bb156887dc6c1d54c7c8307403b8c4f18d0a9ee4c
                                • Instruction ID: 4f3d44511114c846649f9a3a9890490e058b0bb065693e1ecc19bf58a15a0c6b
                                • Opcode Fuzzy Hash: 8df1e50becaff9a67918e50bb156887dc6c1d54c7c8307403b8c4f18d0a9ee4c
                                • Instruction Fuzzy Hash: 9641ADB1E012089FDB58CFE9D8946DDBBF6FF88310F24802AD41AAB255DB316946CF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B0619C, Relevance: .1, Instructions: 104COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 672e4a391eaa22e48521c3b24dda93cea8ad2e5c20f5ff5876526e7cf87670fd
                                • Instruction ID: 3b7e5442997630510802a7403efcb2d9e08797658fd4c943bc9604bf57c2671a
                                • Opcode Fuzzy Hash: 672e4a391eaa22e48521c3b24dda93cea8ad2e5c20f5ff5876526e7cf87670fd
                                • Instruction Fuzzy Hash: F741F670D49248DFDB41CFA8D584BECBFB6BF0A314F1460D9E445A7292D734AA95CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B09035, Relevance: .1, Instructions: 97COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e25806fbbb25915510c72766103ae759e98d9d2e153f765705926421bb0d534a
                                • Instruction ID: e89157a82ebe38403e5fa8464d81f9f95e880354c247fda6cd8b05377aa78889
                                • Opcode Fuzzy Hash: e25806fbbb25915510c72766103ae759e98d9d2e153f765705926421bb0d534a
                                • Instruction Fuzzy Hash: 4941B474E05209DFCB18DFA9D5849AEBBB2FF89300F209169D80577395DB35AA41CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B02A40, Relevance: .1, Instructions: 95COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6588a412c620d88310a19aaf4860fecaa1c8f6a77e47ac0613edfdac6e1a5436
                                • Instruction ID: ef7adc6520157eb202447ddc4d911127c028eb630ef14010087df7446f4195f4
                                • Opcode Fuzzy Hash: 6588a412c620d88310a19aaf4860fecaa1c8f6a77e47ac0613edfdac6e1a5436
                                • Instruction Fuzzy Hash: 50412578D05209DFCB04DFA9D4586EEFBB2FB49304F14A0AAD905A3390DB356945CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B02A50, Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bc3686b70e75f7744361870a0fa8e02a93a8324c1411d38665fc4f0237046531
                                • Instruction ID: 12c8721a446496e8878b3775367e46bd516cdae7712c4c55b726bab7b4ed9993
                                • Opcode Fuzzy Hash: bc3686b70e75f7744361870a0fa8e02a93a8324c1411d38665fc4f0237046531
                                • Instruction Fuzzy Hash: E541F578E45209CFCB44DFA9D4586EEFBB2FB48304F10A069D906A3384DB356945CF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B00070, Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 24658ca4353fdf55048859390bd8e82bd42c21f1f9cd398493ffe6eac2b9005c
                                • Instruction ID: 46930663fc3354dbe6a5c4bc0996dff020252b2132c312a87b61adaac497f533
                                • Opcode Fuzzy Hash: 24658ca4353fdf55048859390bd8e82bd42c21f1f9cd398493ffe6eac2b9005c
                                • Instruction Fuzzy Hash: 5F310970D0520DDFCB04DFA9D5856AEBFF2FB49310F60A4AAD405A7294E7346640CF52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B0006, Relevance: .1, Instructions: 85COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a7c56477baba924c57c608dc542affb19bab810dcd35021c45dc9f138d8867a8
                                • Instruction ID: e395fb615f95789fbcd7b0873795e746a693b7d11118e9b7c9804973be2195d3
                                • Opcode Fuzzy Hash: a7c56477baba924c57c608dc542affb19bab810dcd35021c45dc9f138d8867a8
                                • Instruction Fuzzy Hash: 0131163050A381DFC716DF789854A957FB1EF1B220B1A45DBD080DB1ABD738A948CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B2790, Relevance: .1, Instructions: 83COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 382562ffdee5b356e37eeaba10882ed506d631b2d81d6f8e365def101822159d
                                • Instruction ID: 9ce96b7dac18edfadb4383934e8f4c4100493f5ecbc6b06a33b015d86b8ac5ce
                                • Opcode Fuzzy Hash: 382562ffdee5b356e37eeaba10882ed506d631b2d81d6f8e365def101822159d
                                • Instruction Fuzzy Hash: 60310AB4D04209DFCB44CFA5C584AEEBBF1FB48310F10956AD815A7754D734AA46CF64
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B08076, Relevance: .1, Instructions: 80COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ef21e9f2e250862f21dc08362a75c7055d73150058ef9b84fac59d11024bbab3
                                • Instruction ID: a81daef215dcd6c70d60a019a9ba3be6f094fc20483f19c53a4e6de295845940
                                • Opcode Fuzzy Hash: ef21e9f2e250862f21dc08362a75c7055d73150058ef9b84fac59d11024bbab3
                                • Instruction Fuzzy Hash: CF318478E44208CFCB44CF99D4849AEBBB6FF49310F10A5A5E919AB351DB30AA41CF90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B27A0, Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cd348611efb204a9984ec1771dccac9c36ff4854496b6a85ea1f700b130b5f1f
                                • Instruction ID: 20d0bab5f8d6b277af07bc593980ebcbccaa853b5fa6cc3ece8c3c80fa917453
                                • Opcode Fuzzy Hash: cd348611efb204a9984ec1771dccac9c36ff4854496b6a85ea1f700b130b5f1f
                                • Instruction Fuzzy Hash: 3E31F7B4D04209DFCB48CFA5C5809EEBBF1FB88300F10996AD815A7754D738AA42CF64
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031BAD10, Relevance: .1, Instructions: 77COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 33dc5ac4c10d8d7c7b0f3e56e2a4d2f68d9156d458fccc114680d02168111233
                                • Instruction ID: 6a735035d7318c5d1f6e46125fc664adb1419fb2537c2d2614ada2e061cb0e97
                                • Opcode Fuzzy Hash: 33dc5ac4c10d8d7c7b0f3e56e2a4d2f68d9156d458fccc114680d02168111233
                                • Instruction Fuzzy Hash: E231EAB4D402198FDF18DFA8D9446EEBBB2FB89311F1084A5D805A3314DB355A54CF60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B4398, Relevance: .1, Instructions: 60COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a50b01c85757187b7fa82b0a98591e6eacebe0c568a304625353ba836bda5fdf
                                • Instruction ID: 2a7bee878c5b405aec345096b58ec5843820280ebb1a574040571fdd94baea39
                                • Opcode Fuzzy Hash: a50b01c85757187b7fa82b0a98591e6eacebe0c568a304625353ba836bda5fdf
                                • Instruction Fuzzy Hash: A5212C74E04208DFDB04DFA9C584A9DFBF6EF89210F59C499D519AB366DB709A00CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031BAA20, Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9c6e6f9f763f8c88e9e05231a403913d0f77434ce0cc5e5b44cce060178e5856
                                • Instruction ID: c0c1dd1d14ce4abdd94d0958aa33c575eef1f8808321bab8bb6f981178348940
                                • Opcode Fuzzy Hash: 9c6e6f9f763f8c88e9e05231a403913d0f77434ce0cc5e5b44cce060178e5856
                                • Instruction Fuzzy Hash: 04115E70D1624DEFCB08CFF5D2805ADFBB2EF89610F25E4A9C04AA7254D7346B409B18
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031C07DC, Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324152833.00000000031C0000.00000040.00000040.sdmp, Offset: 031C0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b51ea6d49f39ae318a24196f1afc1623c8c21cd1cc339064e4ae7f6baf9b1954
                                • Instruction ID: aa6ceccf6708f229fe23b595760c0536cd5969bcfda814358fe46a22a5f76c54
                                • Opcode Fuzzy Hash: b51ea6d49f39ae318a24196f1afc1623c8c21cd1cc339064e4ae7f6baf9b1954
                                • Instruction Fuzzy Hash: 1A11E430614280DFD705CB54D840B26BB95EB9C708F28C5ACE9491B642C37BD803CA91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031C07A6, Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324152833.00000000031C0000.00000040.00000040.sdmp, Offset: 031C0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2ddc69ce868dc9d80ee65b89daef3e84d6884683d905f83e4c68819715265713
                                • Instruction ID: ec903dad72f9b5cf057d4d86e4c4d39bc1e8d12a46ceef1a851bb5e33ddaba26
                                • Opcode Fuzzy Hash: 2ddc69ce868dc9d80ee65b89daef3e84d6884683d905f83e4c68819715265713
                                • Instruction Fuzzy Hash: 58215E315093C0CFD707CB20D850B11BFA1AB5B714F2985EED8848B6A3C73A9916CB92
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B07712, Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 039ead8e82c0553d7858d1b74b9fcfac95aa27e9f1c65ad2e86473a86b56b11a
                                • Instruction ID: 56adc652aa49e2b6e60f383b636225297cb7073ad615c3a0720fc106fadde481
                                • Opcode Fuzzy Hash: 039ead8e82c0553d7858d1b74b9fcfac95aa27e9f1c65ad2e86473a86b56b11a
                                • Instruction Fuzzy Hash: 7711DD7490534ADFCB01EFA4C65809CFF72FF45300F1552AAC920A7396DB306A01DBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B43A8, Relevance: .1, Instructions: 51COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d1c82db6b0cc72a95215a150401b870649acf92c2959cb9f47fbba433745f9a5
                                • Instruction ID: 2bc5804ebd8aef17dc5c80f255ebeec784eb16c4ad00cecb164d37b1dbad980f
                                • Opcode Fuzzy Hash: d1c82db6b0cc72a95215a150401b870649acf92c2959cb9f47fbba433745f9a5
                                • Instruction Fuzzy Hash: 45110678E04118EFCB48DFA9C588A9DFBF6EF8C200F55C099D519AB365DB309A50DB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031BA8E8, Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 69c4ea36863c5e338154e28506fe7fde23c2a0f8d2b696fd74f1827252ac4ed6
                                • Instruction ID: 81b0a70e43338f54751baabc30da5a118d9705628d1ac894b2b1e58eeb19add2
                                • Opcode Fuzzy Hash: 69c4ea36863c5e338154e28506fe7fde23c2a0f8d2b696fd74f1827252ac4ed6
                                • Instruction Fuzzy Hash: DC018C70C05208EBCB18EFA8E1455ACFBB4EF8E351F1198A9C006B7244DB309B449B55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031BF198, Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1f12e443ad4236852f54fcd013e02c698cf6d643485b8836691cb78296f3521e
                                • Instruction ID: 5ba9a7fc10d92743aff8cca6f3f101862ba5bf560d2c33a6138a2e887c25ce56
                                • Opcode Fuzzy Hash: 1f12e443ad4236852f54fcd013e02c698cf6d643485b8836691cb78296f3521e
                                • Instruction Fuzzy Hash: 9B019E70E04209DFCB04DFA8D58459DBBB6FB8D310F20C5A9D80997258EB309A528B52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B076C8, Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e0c686f64f5755f54a9d76fc37f12d5aa965e6f5d9401d5ab74f0f519ac2720a
                                • Instruction ID: 4cf000d8a04a6639ba62f78fc79234dfaef37a8b35a40ce003591851cae62246
                                • Opcode Fuzzy Hash: e0c686f64f5755f54a9d76fc37f12d5aa965e6f5d9401d5ab74f0f519ac2720a
                                • Instruction Fuzzy Hash: 6101757690011A9FCB00DF94C54989DFF71FF05204B11A6AAD825BB355D730BE12DF90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 070D30C2, Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.337156681.00000000070D0000.00000040.00000001.sdmp, Offset: 070D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dc301f765fe7a438c34dd1f949afa98e60b41a45d323e1f324148b81ba90d798
                                • Instruction ID: 6f23406d82b718bf0d62393f1f04a06e88591f1f24df1f509670bc87e5853eeb
                                • Opcode Fuzzy Hash: dc301f765fe7a438c34dd1f949afa98e60b41a45d323e1f324148b81ba90d798
                                • Instruction Fuzzy Hash: 7F011EB095A359CBCB60CF68C8806FDB779BB4B221F209398C469A73D5CE358E41CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B04328, Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 666f816b8ecc7c19956fab9d5210a7ad2649bb396b411c8dfef8659fd2baf57a
                                • Instruction ID: 6f4c3e5b91fab2276de023dbce9e4b7eb1e882dcb3e5942166fd7cf99f145f95
                                • Opcode Fuzzy Hash: 666f816b8ecc7c19956fab9d5210a7ad2649bb396b411c8dfef8659fd2baf57a
                                • Instruction Fuzzy Hash: 7101A974A092449FCB15DBAC94056BCBF74FB81310F14D1FADA04A73C1C6756941CBE2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031C05CF, Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324152833.00000000031C0000.00000040.00000040.sdmp, Offset: 031C0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b0b2280203800ad676514de57e2a8ad67813d6853f6c495513ae41c02e6fce67
                                • Instruction ID: cc9ee19cb86321b2c17bc3b71314d491ca63cf804ea8d42fcccdf1cb2b773369
                                • Opcode Fuzzy Hash: b0b2280203800ad676514de57e2a8ad67813d6853f6c495513ae41c02e6fce67
                                • Instruction Fuzzy Hash: 080186B65097805FC7118B16EC41853FFA8DF4663070984ABEC898B212D135B958CBA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B035F7, Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 01b3437d7913fdd236c1d0d20a926e9694e4d066a08eabbe01a204aca1e2cd8b
                                • Instruction ID: 6282cc65687a0e86159e75730cbf8f4f783e818b97dba9d5e107d4389dbab01f
                                • Opcode Fuzzy Hash: 01b3437d7913fdd236c1d0d20a926e9694e4d066a08eabbe01a204aca1e2cd8b
                                • Instruction Fuzzy Hash: CE018F34C0D248EFCB45DFA8D4956ACBFB1EF46300F2481EAD88467381D736AA55DB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B0F0B, Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 597fa764645bd897680cefd64455ecbee3872f15a7eb2d297989470e9a781e48
                                • Instruction ID: 814152865fc941e314d5af1f72c4a8fe2797f1e2aa6fdf2610e1b3a5376db5ea
                                • Opcode Fuzzy Hash: 597fa764645bd897680cefd64455ecbee3872f15a7eb2d297989470e9a781e48
                                • Instruction Fuzzy Hash: 4411AE74D0021A8FCB24DFA8C891ADEF7B2BF4A304F1185D9D058AB244C739EA81CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031BF078, Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0d6d0fefe568c9a8591a7d886593ca78067c36a2bf15025ebbc0d3ad8e6f4409
                                • Instruction ID: d1afee5661fa0eb29dfb209d62fe333216fd22dbaa7f0f247de09d89436e8a26
                                • Opcode Fuzzy Hash: 0d6d0fefe568c9a8591a7d886593ca78067c36a2bf15025ebbc0d3ad8e6f4409
                                • Instruction Fuzzy Hash: F2F06D71D14208EBCB08DFE9D9815DDFBB6EB49301F60D0AAC416E7224E3349682CF56
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B0070, Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f6850387fae50c2e00671a3656080073264dfc1d144dd234934dbd70043a8bac
                                • Instruction ID: 46cf369a2518f8b8f915b64ac2559f53de3b02fb16ee8d89e533c735a6b05977
                                • Opcode Fuzzy Hash: f6850387fae50c2e00671a3656080073264dfc1d144dd234934dbd70043a8bac
                                • Instruction Fuzzy Hash: 0EF06274A05308DFCB14EFB8E5081AEBFB6FB4D362F24C5A5D445A7208DB304A84CB15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B09AF, Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 95776516d622ef484af50411b5b2b581f6bf04d37d7659619d9896a06a4a3479
                                • Instruction ID: 7797dbd3cf73295a04dc52e061a5889e1f2eb372fd50cdda7db146d6649e66a4
                                • Opcode Fuzzy Hash: 95776516d622ef484af50411b5b2b581f6bf04d37d7659619d9896a06a4a3479
                                • Instruction Fuzzy Hash: 561119B4D0022D8FDB69CF68C982AD9BBF0AB0D300F1085DA9649A7200D7309E81CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B07740, Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e4bd5df4bab2a311e24a8a576ce6637c373afd3c1ce39443b33ba7159025792f
                                • Instruction ID: 764d229e05fbfd5bfc99e5da5e067e3b7ab73ce5755c770ec6c9cdecd8951c5b
                                • Opcode Fuzzy Hash: e4bd5df4bab2a311e24a8a576ce6637c373afd3c1ce39443b33ba7159025792f
                                • Instruction Fuzzy Hash: 7701D674E0130ADFCB04EFA9D54959DFBB2FB44300F1486A99A15AB354DB30AA41DB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B042E0, Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 287fd5d6aa9d93573fcc8909c603e67da91974aeec9e57439a62d77cf74e7222
                                • Instruction ID: be3c9bb1903e5133655b01a132d77b9f6245551e0304f3c4ea05581f7cfc6b02
                                • Opcode Fuzzy Hash: 287fd5d6aa9d93573fcc8909c603e67da91974aeec9e57439a62d77cf74e7222
                                • Instruction Fuzzy Hash: 78F09030A092489FCF15EFB8D4511A8BFB1EF87310F2891EAD985A7382C6326911CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031C0898, Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324152833.00000000031C0000.00000040.00000040.sdmp, Offset: 031C0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                • Instruction ID: 63eec30e57cab69ff91be7aea67be65a5b55ef2a4b43b10ddb1244eb96bb8ef6
                                • Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                • Instruction Fuzzy Hash: E8F0FB35544685DFC606CF40D940B25FBA6FB8D718F24C6ADE9490B652C337D913DA81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B15FA, Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 35ffed44cecb4b3b3722a248f7bffc222719b4fb7f8a9a7f971148b8e4e5c8e5
                                • Instruction ID: 5e53e20249049509a849fa82eb1760bec87b71b22103c4f316062b5eeb8f7dea
                                • Opcode Fuzzy Hash: 35ffed44cecb4b3b3722a248f7bffc222719b4fb7f8a9a7f971148b8e4e5c8e5
                                • Instruction Fuzzy Hash: 1801B6B0A01329DFDB94DF68C994B9DBBB2FF49200F1145E9D40AA7259DB309E84CF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031C05F6, Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324152833.00000000031C0000.00000040.00000040.sdmp, Offset: 031C0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9488c3f9adafe4fff970431261dd8c72fa2670957ae5af409978f7b2b19cf60d
                                • Instruction ID: 541b1abdf7d1dc934f45279045f1469c19ce89a5f8ae982f37ecf000407d57ec
                                • Opcode Fuzzy Hash: 9488c3f9adafe4fff970431261dd8c72fa2670957ae5af409978f7b2b19cf60d
                                • Instruction Fuzzy Hash: 11E092B6604A008BD750CF0AEC81456F7E8EB84631718C47FDC0D8B701D535B504CFA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B043A2, Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 84437fdf9d7af0d255685ceab234715cb38ad3fcfec0e0935d357f0ec6626e8c
                                • Instruction ID: c035f2ab0ffa71f760fd71d54bb72f15141ae18e3aad8f62ff650b3b52c53136
                                • Opcode Fuzzy Hash: 84437fdf9d7af0d255685ceab234715cb38ad3fcfec0e0935d357f0ec6626e8c
                                • Instruction Fuzzy Hash: 24F03070909348AFCF06DFA8E4555ADBF71EB41310F2491E6D940A7281D2715A60DB95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B01321, Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 355d3b8bd02cf0f627e97be2edcdf0d6d9d07e9f52b2c1343d1c5e9fc1f6432a
                                • Instruction ID: 61519c97980b00980e6b9176585cb4db8fd3d5d3e9ad127304c9eda4a33e861b
                                • Opcode Fuzzy Hash: 355d3b8bd02cf0f627e97be2edcdf0d6d9d07e9f52b2c1343d1c5e9fc1f6432a
                                • Instruction Fuzzy Hash: B7F05E70C09348AFCB45DF6CC8406ADBFB1FB06300F6041E6D454A3341D3305A51CB55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B03681, Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0d82307b9a5b230ddf3b89f6479d0779192023c448c3082bb70d5829e8ea67cd
                                • Instruction ID: 674b41e7468efd45802c8d0e2010ef546ccc52a6c4fc7c9422d12a2f61f348e0
                                • Opcode Fuzzy Hash: 0d82307b9a5b230ddf3b89f6479d0779192023c448c3082bb70d5829e8ea67cd
                                • Instruction Fuzzy Hash: CAF06530908348AFCB01DFB8D8595ADBFF4EB06310F2490DAD484A3381C7305911DB96
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B02989, Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e8e902301c2590797a2727f78ee59e800fce4ebccf3ba461ab7b9116a0159b70
                                • Instruction ID: e8b159327c7306087bc89680f7cf8e84c33fed700478c7fb30a9002cdfb034a5
                                • Opcode Fuzzy Hash: e8e902301c2590797a2727f78ee59e800fce4ebccf3ba461ab7b9116a0159b70
                                • Instruction Fuzzy Hash: 6DE0923890C3449FCB06DBA8D8869ACBF75EF42310F6490EAC8446B392C6316D4AD792
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B0435A, Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7897815a8ea82f63b4ac73200f1ff325c554274ddb985a066f6a85cdc75b6bb6
                                • Instruction ID: f1d910854ce6abc741b29cffbc72c462c35a9dca6143a9d76324d14b3f83b783
                                • Opcode Fuzzy Hash: 7897815a8ea82f63b4ac73200f1ff325c554274ddb985a066f6a85cdc75b6bb6
                                • Instruction Fuzzy Hash: C7F0A034808348AFCB05DBA8D4406A8FFB4EF46300F2490EAD984A7382C6316A02DB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B1117, Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4a585944baf4042186d0330b0fd4ef9d156ea742f612ac0afe9bc800386e7bd8
                                • Instruction ID: 1f932d54a64eac772b4efd5a2edf3e06996da26b71bd24133cc5ca0735f58c18
                                • Opcode Fuzzy Hash: 4a585944baf4042186d0330b0fd4ef9d156ea742f612ac0afe9bc800386e7bd8
                                • Instruction Fuzzy Hash: 66F0E77084426BCACB74DF61D960BEEBBB0AB05200F1094E9C559A6600E7314A82DF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B29C8, Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2766087097af38e943c857927fd9c1987909560d2e0c849dee64f2803c565206
                                • Instruction ID: 0ecbc28ceaa4480879debf0637d8b73901855326e7e7eb97056010c07f31690a
                                • Opcode Fuzzy Hash: 2766087097af38e943c857927fd9c1987909560d2e0c849dee64f2803c565206
                                • Instruction Fuzzy Hash: 7BF015B4D04308EFCB55EFA8C904AAEBFB2FB09311F1085AAD858A3311D3729A54CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B02D31, Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3a29cb8862dc1a07fff8560fd6e95561b51f514b9835405747ce6f6a3ad3164d
                                • Instruction ID: 1c158951520010e1cfaa4f8b1c0a18fb4058828b826f46ff973a3d8baf37ac87
                                • Opcode Fuzzy Hash: 3a29cb8862dc1a07fff8560fd6e95561b51f514b9835405747ce6f6a3ad3164d
                                • Instruction Fuzzy Hash: 6BE09230408384AFCB029B78D45A56CBF70AF02200F1411D5D885A7292DA305956D752
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 070D1A24, Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.337156681.00000000070D0000.00000040.00000001.sdmp, Offset: 070D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3a38427a09146fc1dd3ea890d6f6d43cc6f2d41544d0dbe9409718a6a1cb0fef
                                • Instruction ID: f4f75fc8b23d015563d0b3eb072cf9dd77d3da6961102aae7b7f23b000591466
                                • Opcode Fuzzy Hash: 3a38427a09146fc1dd3ea890d6f6d43cc6f2d41544d0dbe9409718a6a1cb0fef
                                • Instruction Fuzzy Hash: FDF03075918318DFDB20DFA1DC48BECBBB8AB0A311F1440E1A259AA290C7705A84CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B02D08, Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 884fd6d9416ac3070b8fffdc652ce15cf4bddba096654e4267bea563cf41559a
                                • Instruction ID: de9c1386a475c4522a81433ce304859c79695ebaaeb9f9cf3b887562fdf2a5b2
                                • Opcode Fuzzy Hash: 884fd6d9416ac3070b8fffdc652ce15cf4bddba096654e4267bea563cf41559a
                                • Instruction Fuzzy Hash: A6E0923840D2849FC702CB78E4A65A8BF70EF03214F1811C6D48563192D6715C56D741
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B04AC8, Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 299ff3e4d58ee24e237ef404576d071a73d9afd2a8167e316c2021a1aa27a68a
                                • Instruction ID: 9389855f428e189c91161f9ab954aa480d0fe1f9e84c049839ef4fa8b496c255
                                • Opcode Fuzzy Hash: 299ff3e4d58ee24e237ef404576d071a73d9afd2a8167e316c2021a1aa27a68a
                                • Instruction Fuzzy Hash: D2F0F974806229CFCB50DF65EC44B987B72FB45300F1492DAC60DA3290D7702E81CF60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B01258, Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 09da7100ae9e108bd7e411f031a04ba33938d3867cccf6d0ec744827b0d12bb6
                                • Instruction ID: 2ac135b5b368cbbbdbdb751c11a38a31259cdb833d4366a88dbbf549f84bac07
                                • Opcode Fuzzy Hash: 09da7100ae9e108bd7e411f031a04ba33938d3867cccf6d0ec744827b0d12bb6
                                • Instruction Fuzzy Hash: 76E06D70D093C49FCB86EBB8841829CBFF0DF07300F1480EBC88493252E6355925DB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B29D0, Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f1dad044ee34fa72767d677e27e0fbca4097d148bdf6633e696ad65eecc06772
                                • Instruction ID: 93e5165732e2ad71cdd93c810759592a0ca07f559c19f9de2c991b5be8939634
                                • Opcode Fuzzy Hash: f1dad044ee34fa72767d677e27e0fbca4097d148bdf6633e696ad65eecc06772
                                • Instruction Fuzzy Hash: 32E0E5B4D04218EFCB54EFA8D945AAEBBB1FB08301F1085AAE818A3304D7719A55DF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B3C43, Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ae0a3db54c79054fe72babee4dd3dc6b1955791815a0f9de495c6cba38334312
                                • Instruction ID: 56d64a7f20c4131d9666524a2a7d5cf74ff487c420a7f24933298fa80ed13f1d
                                • Opcode Fuzzy Hash: ae0a3db54c79054fe72babee4dd3dc6b1955791815a0f9de495c6cba38334312
                                • Instruction Fuzzy Hash: 3BE01A7A601314CFC7259FA8E4449987772FF89326B5181AAE5168B361CB32DD95CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B1C8C, Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d9fdfe8f74c5864950cd3c1644ff59c5a5310b36bda85030dfcc9b9ec26653c4
                                • Instruction ID: cef935a8097a6d85022474edad996e5ee9bbb4b80bca3e82711dcced12a6dce0
                                • Opcode Fuzzy Hash: d9fdfe8f74c5864950cd3c1644ff59c5a5310b36bda85030dfcc9b9ec26653c4
                                • Instruction Fuzzy Hash: 71F0127490526ADFDBA1CF69CC94B8DFBB1BB46100F6155EAD04CEB281D6304A858F21
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 070D0750, Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.337156681.00000000070D0000.00000040.00000001.sdmp, Offset: 070D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2f677a49f9d6fa6ab92b7a50471081db5f4fd53a98daac3d89b6fa0c16c7374b
                                • Instruction ID: 3787ad33841cfe1d365e5ec6aafc07da047fa66efe32a67413ba60a19962301e
                                • Opcode Fuzzy Hash: 2f677a49f9d6fa6ab92b7a50471081db5f4fd53a98daac3d89b6fa0c16c7374b
                                • Instruction Fuzzy Hash: 76E04F74D0A308DBC744DF61E5496FDBB75EB46701F6052A9DD0527281D7B22D40CF54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B0D52D, Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6a12bd86d41d5029ec7d642702f45d21ba570c48e00cf98966eefa6af0f9ee12
                                • Instruction ID: e67c4757175fe758c3e1327903e1b8bbe16bcfa53b246197de9e5c2d0ef232df
                                • Opcode Fuzzy Hash: 6a12bd86d41d5029ec7d642702f45d21ba570c48e00cf98966eefa6af0f9ee12
                                • Instruction Fuzzy Hash: 03E065708491148FCF849BB8C45977CBB75EF12335F5053E0A858362D5D73159404F65
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B01330, Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1a9938ea9d755b8c2bd529d132224373101360f0206d71f1024aa6464617c837
                                • Instruction ID: 1efb4659ce977b74c7affd6814d41f2bfca1695298f1b8ab801477de3db103a6
                                • Opcode Fuzzy Hash: 1a9938ea9d755b8c2bd529d132224373101360f0206d71f1024aa6464617c837
                                • Instruction Fuzzy Hash: 4CE0EEB0D05208EFCB48EFACC8456AEBBB5FB48300F2085AAD814A3340D771AA50CB95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B03641, Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0691e41ade1b2f9ebb27d129ea02f14a6c9d7417169f24272b564fc85863e751
                                • Instruction ID: 4037c74e55f74bdf230c9e8f74f141f45c73cf99bd7df3b6fbd781d1fa8a9c43
                                • Opcode Fuzzy Hash: 0691e41ade1b2f9ebb27d129ea02f14a6c9d7417169f24272b564fc85863e751
                                • Instruction Fuzzy Hash: 76E01A7490A385DECB169BB8945569C7F71EF03304F2400DAC4805A282E6765995DB92
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B015A8, Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0adcb9ffffceeaee77147ca1f7bfb175cadaff59836bc4a342f127fc175a4768
                                • Instruction ID: c9e4c0bf3c8d42f6a3513e335ba3d475583f743049371902d79d33e64d9021f8
                                • Opcode Fuzzy Hash: 0adcb9ffffceeaee77147ca1f7bfb175cadaff59836bc4a342f127fc175a4768
                                • Instruction Fuzzy Hash: ADD02E2000C3804FC71A277C28643F07FA98B83728F0820C6EB86690E3C3381042E373
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 070D0742, Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.337156681.00000000070D0000.00000040.00000001.sdmp, Offset: 070D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9819dff63b3263e1919586e20732ad1b558f542364012ddf94919f76836669b3
                                • Instruction ID: 408a928f5dd7d38c965153e8e295f04ffb0064b8388f5c4b9875fc5315f0b9de
                                • Opcode Fuzzy Hash: 9819dff63b3263e1919586e20732ad1b558f542364012ddf94919f76836669b3
                                • Instruction Fuzzy Hash: E9E08C788093C29FCB029B60A6905A9BF719F43201F2865C7C84497652C3311E11CB81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031BA3D8, Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1374d8dfd369df712bd6f3fd84861f13ecb5898be2d810a4dec71773ee9df557
                                • Instruction ID: f6e23af95acfe67ef8760febb026bd9914d94379fd66572e4af8e7d195115924
                                • Opcode Fuzzy Hash: 1374d8dfd369df712bd6f3fd84861f13ecb5898be2d810a4dec71773ee9df557
                                • Instruction Fuzzy Hash: C7E01274D05208DFC754EFB8D50569DBBB5EB48300F1085FEC84463340D7759A95CB95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B1C18, Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 490422564a741264e9213e1b4bb3b5ba32679cd9fc3a2a8d0bd4bf0884dcf3e0
                                • Instruction ID: 5631751fdf3d41ded01f6a14269a7ade418ddd0c3490fcd029d2df079154c5af
                                • Opcode Fuzzy Hash: 490422564a741264e9213e1b4bb3b5ba32679cd9fc3a2a8d0bd4bf0884dcf3e0
                                • Instruction Fuzzy Hash: 86E0ED74E1122ADFEBA4DF59CC84BDEF7B2FB86200F6045A9D40CAB684D6305E808F10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B1CA2, Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 26678aa8513ec95c6290c09fb493eb55e21007bb59bb1ce5f79de841b4f76b13
                                • Instruction ID: 517558b1b92bdb9af62b0613d0e280dea50dcacffd11a43d969b36365b065e53
                                • Opcode Fuzzy Hash: 26678aa8513ec95c6290c09fb493eb55e21007bb59bb1ce5f79de841b4f76b13
                                • Instruction Fuzzy Hash: F2E0D87491121AEFDB54CF99D8809CDFB71FB0A250F6157A5D4157B590D3300E808F10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B02CD5, Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c4366a8c4ae6bc8301290a1f57fa0bc962fae7b41e14d477861911b1afba5783
                                • Instruction ID: 164a9514ad3b5f4f19c29bdee74676110c81154007ce4c7096a1e4e2f32d1b8f
                                • Opcode Fuzzy Hash: c4366a8c4ae6bc8301290a1f57fa0bc962fae7b41e14d477861911b1afba5783
                                • Instruction Fuzzy Hash: 94E0B674900108AFCB54CF98D484A9CFBB1FB49310F24C199D81A63340C732AA52DF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B044C2, Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 775b121fa460f05ece9106dab88f06bc49f83eb84a15b48459696b5f7f6d9d58
                                • Instruction ID: 86901c1e1b6ce466c619cf963486833edfa35539fcc95382e411824ee4e09c06
                                • Opcode Fuzzy Hash: 775b121fa460f05ece9106dab88f06bc49f83eb84a15b48459696b5f7f6d9d58
                                • Instruction Fuzzy Hash: 5DE0EC78D4E3849FCF05CBB0F4A44EC7FB69B4A210F0920EBE655EB293D56519048B15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B9F70, Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9e511f54c0cd764a0e280fb8fc3217d39bc60f8dcffff17336aed2e5ff835636
                                • Instruction ID: 72322a3617cb0b8a5b6bf425c5cd43512dfbae21dfa74515d395a4e5cc736ee0
                                • Opcode Fuzzy Hash: 9e511f54c0cd764a0e280fb8fc3217d39bc60f8dcffff17336aed2e5ff835636
                                • Instruction Fuzzy Hash: F4E0C274900208DFC754EFBCD48825C7BF4EB08324F2440A9C90693300E7706A94CB52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031BA278, Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: edb0eda8952aea862b37e905cf8b81970a46f35051aca192ab7564993ab18b77
                                • Instruction ID: d6208187f392f3f20f2bd0e5378d058fc51d2d921ebe8640384e0ffa1ebb5290
                                • Opcode Fuzzy Hash: edb0eda8952aea862b37e905cf8b81970a46f35051aca192ab7564993ab18b77
                                • Instruction Fuzzy Hash: D9E01274D0120CDFCB54EFB8D00429CBBB4EB09704F5040F9C808A7340E7795A54CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031BA2B8, Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cff8fe350d93aa884c83f1a41b5f85babe0a7a9986e16c0801eee94afe085e77
                                • Instruction ID: 882688b1c1b51dc7ef34b01e0009018defdfaf446ffbf20a0be5884984e59183
                                • Opcode Fuzzy Hash: cff8fe350d93aa884c83f1a41b5f85babe0a7a9986e16c0801eee94afe085e77
                                • Instruction Fuzzy Hash: F0E0EC70D01208AFCB54EFB8D00829CBBB4EB09304F1040E9C844A2340E7755A54CB95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B06FE, Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6f92952bb329b3088009378835d3b8da72786ed428363e7162263c5829477832
                                • Instruction ID: 44b720ec3572a835e37f29db86e890f2833b45b26619169cca25fd6742cc3866
                                • Opcode Fuzzy Hash: 6f92952bb329b3088009378835d3b8da72786ed428363e7162263c5829477832
                                • Instruction Fuzzy Hash: 13E012B0C042299FCF10DFA8DC409EEBBB1BB49300F1050A9D085B7128CB309942CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B1BFE, Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fafded8993987adfd827afec3df8a6a675104a398eaf895c4199e2130163362b
                                • Instruction ID: f920cea3fb6318d815395637e37bac1fb93fa396d1d20fb72a62fca0c0db07b4
                                • Opcode Fuzzy Hash: fafded8993987adfd827afec3df8a6a675104a398eaf895c4199e2130163362b
                                • Instruction Fuzzy Hash: 1DE0D8349052D69BD755CB38D841E8DFFB1AB06210F644AFCD0599F5C1C7341680CF11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B766D, Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 90819760a430108c05ab3ef2590b40f3d7124faea5f64fe4ad2df8ab4c60b3c5
                                • Instruction ID: a5b2addea4094f55011ae27912f21e63d248d9b155070eae26169fa7715f26e1
                                • Opcode Fuzzy Hash: 90819760a430108c05ab3ef2590b40f3d7124faea5f64fe4ad2df8ab4c60b3c5
                                • Instruction Fuzzy Hash: 2EE0ECB4A142098FDB54CFA5C840BCDBBF9EF99310F05A0A5820CAB254D730AA85CF25
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B01268, Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 41357bcaa7f3c35ab4db6b0fcc76a09ab00f6e890eb1f66b44728b91800ccb7e
                                • Instruction ID: 9a2d86e68300a8aa95c563df07e1ace503e43562f597967df25fd4c5c4375f65
                                • Opcode Fuzzy Hash: 41357bcaa7f3c35ab4db6b0fcc76a09ab00f6e890eb1f66b44728b91800ccb7e
                                • Instruction Fuzzy Hash: B6D06274D052489FCB54EFACD54579DBFB4EB44700F1041EA980493340E6756A54CF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B8350, Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 15c1e9c62af22b15e077f021d06d66b35bfb7f6a6983a25b40e91cd28259f206
                                • Instruction ID: eac854000a6c2d3e63dee2071887ed46cdf598bc19c63e5e8fa8f367551f63bf
                                • Opcode Fuzzy Hash: 15c1e9c62af22b15e077f021d06d66b35bfb7f6a6983a25b40e91cd28259f206
                                • Instruction Fuzzy Hash: E8D05E34C042089BCF50CEA0C540BCEB775EBA5200F1169EAC01AE6244CB34AA86CF22
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 017023F4, Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323101631.0000000001702000.00000040.00000001.sdmp, Offset: 01702000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fef7f5d0d332b2b0f240c2849c0f78ccc6f101953fc14f007fd87bd4229d59cb
                                • Instruction ID: f4d9e86e641a317550704af9703bc505317876d0d46ab0107c0c1f9ac4a0f7aa
                                • Opcode Fuzzy Hash: fef7f5d0d332b2b0f240c2849c0f78ccc6f101953fc14f007fd87bd4229d59cb
                                • Instruction Fuzzy Hash: B8D05E7A305B818FE3278A1CC1A8B957FE4EF51B04F5744F9E8008B7A3C368D981D200
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B03650, Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1f12ecb2b049383c5b88536d041a1433edd4643bfa6a82a1574179b740b0f482
                                • Instruction ID: 1d26bc26359d16071defd6250a3ce4c43959b5cb322585c48a31ef6a2963b953
                                • Opcode Fuzzy Hash: 1f12ecb2b049383c5b88536d041a1433edd4643bfa6a82a1574179b740b0f482
                                • Instruction Fuzzy Hash: B5D05E30C15208DFC714EFACD04565CBFB5EB01305F2000E8C80427380D736AA80CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 017023BC, Relevance: .0, Instructions: 14COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.323101631.0000000001702000.00000040.00000001.sdmp, Offset: 01702000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e6cad852204865a44fe0d457c031be39c9dfba194e3199f87fc3bf9c6e69b0b1
                                • Instruction ID: 32f90e7eb400c5e8d5b8e1c8dafe1f4370277d8aeb1c87eeb5aa28e8ace61d5b
                                • Opcode Fuzzy Hash: e6cad852204865a44fe0d457c031be39c9dfba194e3199f87fc3bf9c6e69b0b1
                                • Instruction Fuzzy Hash: 60D05E352013818BDB16DB1CD198F59BBD4AB41B04F0644E8AC008B2A2C3B4E881C600
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B71C7, Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 89a95510156dc1c7cecc979ba16fdc2c10921658e90f1fc024dd1358982366cd
                                • Instruction ID: 00fda2454523153c3b735c592d73905f0135f16f7509c82b16f774f532b19bff
                                • Opcode Fuzzy Hash: 89a95510156dc1c7cecc979ba16fdc2c10921658e90f1fc024dd1358982366cd
                                • Instruction Fuzzy Hash: 3DD0C9B49046099BCB91DB948840BDDB7B9AB99700F10609AC109BB288CB309A84CF26
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B763A, Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fded4205b9abb6b8c2cf386ba100624144da822dc4068e39fa8640dbba9d5b31
                                • Instruction ID: da48204a3454da2586e068edac0559551dc9a8058005ea61c4e53cbb842b8304
                                • Opcode Fuzzy Hash: fded4205b9abb6b8c2cf386ba100624144da822dc4068e39fa8640dbba9d5b31
                                • Instruction Fuzzy Hash: 67D05E70C042098BCB80DE90C58068EF3F69B89200F1094958008A3544DB309A818F21
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B6E29, Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fcb8fe8066fc9c259f8a19db3c36d3b05a00fdbcd2f3f80e1fc61a5749edeaae
                                • Instruction ID: 85659e8303cfcc260132053f2d016013ed23d74001bc51d6e052c42c131c108e
                                • Opcode Fuzzy Hash: fcb8fe8066fc9c259f8a19db3c36d3b05a00fdbcd2f3f80e1fc61a5749edeaae
                                • Instruction Fuzzy Hash: 4AD0A734C08109DFCB88CFA0C49078EF7B5EF45340F019095900DE7154C7309A80CF11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B33EE, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 01d4a856a82fae7325b97d757a7885ec318c7a08690f40dc1a14c1bb49a4a982
                                • Instruction ID: 96916ead347b67f1033c48cc0bc788ff315ee009968972343be169397f952321
                                • Opcode Fuzzy Hash: 01d4a856a82fae7325b97d757a7885ec318c7a08690f40dc1a14c1bb49a4a982
                                • Instruction Fuzzy Hash: B5D09274906388CFCB64CBA8E290999BBB2BF49311F214599D0069B218C735EAC5CF10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 031B880F, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.324104713.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a8a574f8fd7be11c4ca83ce176eac8d6ebd801a856487db79f7f036d9f67d206
                                • Instruction ID: 3df7955f582c834718c1e718f3243a84ccccda1acc2fa0d4bd3b872b7b26bd9a
                                • Opcode Fuzzy Hash: a8a574f8fd7be11c4ca83ce176eac8d6ebd801a856487db79f7f036d9f67d206
                                • Instruction Fuzzy Hash: 10C012B4E081089FCB40CF90C4807EDF7759B58300F1060959108B3244CB305680CF15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B015B8, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3acf400881d0a0f7f942de009801cc69b3d742c18593ba29a2bb2083687a6023
                                • Instruction ID: 86918bd67fc4823e2eca0a28b368cf08edb77019891d1716863ae52152da0240
                                • Opcode Fuzzy Hash: 3acf400881d0a0f7f942de009801cc69b3d742c18593ba29a2bb2083687a6023
                                • Instruction Fuzzy Hash: 97C02B700086048BC32836CC741C3B076CEE38172DF580010B70F251C8CB782080C327
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B03968, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6baa7b0aba651b230426e1d8327b8a9d05c256a8df645ebc3bfccefc07539b4d
                                • Instruction ID: 626ca543ad29b076055b766bdcfa619f976b7417ab06e0ec77094cd793b90993
                                • Opcode Fuzzy Hash: 6baa7b0aba651b230426e1d8327b8a9d05c256a8df645ebc3bfccefc07539b4d
                                • Instruction Fuzzy Hash: F4C01278A04148EFCB00CB80D0A89ACFBB0EF08300F20C482DC061B34ADB30AA0AAB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 070D310E, Relevance: .0, Instructions: 8COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000D.00000002.337156681.00000000070D0000.00000040.00000001.sdmp, Offset: 070D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7c5ce0994b2c5532210d9e4062c6ff616e5405a4691e3f6654e1f2452b082586
                                • Instruction ID: 1aba529c518d8a59d37b49391478bcd8b7ed2e6a296c362a515b9905dedc9f6c
                                • Opcode Fuzzy Hash: 7c5ce0994b2c5532210d9e4062c6ff616e5405a4691e3f6654e1f2452b082586
                                • Instruction Fuzzy Hash: 21C04CF409E741DACA005B2888581FC7578BB07711F201794883A696EAC6754E019F05
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions

                                Function 05B0BBC0, Relevance: 5.1, Strings: 4, Instructions: 135COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: $g%r$X1(r$X1(r$`5(r
                                • API String ID: 0-1473244025
                                • Opcode ID: a8286c894a7d1132c038c73ad928c898187342b2cbafc10cf927a47620209829
                                • Instruction ID: eefc45031a5607ec7c055bda5ad49596a6b48803f09c51ea50272f8cac85af13
                                • Opcode Fuzzy Hash: a8286c894a7d1132c038c73ad928c898187342b2cbafc10cf927a47620209829
                                • Instruction Fuzzy Hash: 0C513E35B006059FCB18DB68C854BAEBBF2FF88721F244299E516A73E4DB35AC41CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05B0BBAB, Relevance: 5.1, Strings: 4, Instructions: 132COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000D.00000002.333087042.0000000005B00000.00000040.00000001.sdmp, Offset: 05B00000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: $g%r$X1(r$X1(r$`5(r
                                • API String ID: 0-1473244025
                                • Opcode ID: d0e4cf21fe9f046a77bdd6877bb78c483cdf93ecbd0f340eaa2cd6a3f1672f37
                                • Instruction ID: 5fb6364dad50a7a9cc2ea063e5bb60b70627037599d4e05663b94206d1513f97
                                • Opcode Fuzzy Hash: d0e4cf21fe9f046a77bdd6877bb78c483cdf93ecbd0f340eaa2cd6a3f1672f37
                                • Instruction Fuzzy Hash: 13415E31A006059FCB18DB68C894BAEBBF2FF85321F144295D512D77E5DB35A841CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Analysis Process: dhcpmon.exe PID: 3720 Parent PID: 904 dhcpmon.exeCOMMON

                                Executed Functions

                                Function 057556F4, Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: $g%r
                                • API String ID: 0-359987751
                                • Opcode ID: b2dd8651fb5bdf500c99a423cbdf850071b4a0de33045b0454b056d088c2e06c
                                • Instruction ID: 73f57c78606228b32509f0d24d30fa4821cae963d9209c1489999f656a357761
                                • Opcode Fuzzy Hash: b2dd8651fb5bdf500c99a423cbdf850071b4a0de33045b0454b056d088c2e06c
                                • Instruction Fuzzy Hash: 6322A274905228CFDB64CF64C888BEDBBB2BF49314F1080E9D90AA7261DBB45E85DF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00F0ABB3, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 00F0AC29
                                Memory Dump Source
                                • Source File: 0000000F.00000002.319706914.0000000000F0A000.00000040.00000001.sdmp, Offset: 00F0A000, based on PE: false
                                Similarity
                                • API ID: InformationQuerySystem
                                • String ID:
                                • API String ID: 3562636166-0
                                • Opcode ID: bdfe26b1d98a116fe7a66680d1159e4105822d5a25d589786543f15dd4eb3c6f
                                • Instruction ID: 298de9798433983df3751f96f3fc2922d998eaf71563b21cf558f3980794a4e5
                                • Opcode Fuzzy Hash: bdfe26b1d98a116fe7a66680d1159e4105822d5a25d589786543f15dd4eb3c6f
                                • Instruction Fuzzy Hash: C621AE754097C4AFDB238B20DC45A52FFB4EF16314F0DC0DBE9848B1A3D265A909DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00F0ABEE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 00F0AC29
                                Memory Dump Source
                                • Source File: 0000000F.00000002.319706914.0000000000F0A000.00000040.00000001.sdmp, Offset: 00F0A000, based on PE: false
                                Similarity
                                • API ID: InformationQuerySystem
                                • String ID:
                                • API String ID: 3562636166-0
                                • Opcode ID: c635d18dda37e4943ed573e02b6cca1d72fcc5c8b0395bc95f6a3e5bb4a6a18e
                                • Instruction ID: a34adee25a14a7204ee8ca7dc8aaf1749e9a09f70f2a0ed6c4ffa358dc8964a0
                                • Opcode Fuzzy Hash: c635d18dda37e4943ed573e02b6cca1d72fcc5c8b0395bc95f6a3e5bb4a6a18e
                                • Instruction Fuzzy Hash: 59018B328007449FEB208F15D884B65FFA0EF58720F18C49AED894B296C275E418EB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05750988, Relevance: .3, Instructions: 342COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 915c05d194caa40344127ca924363909d82f01e8930adecf4199f2c158afaeb1
                                • Instruction ID: 994032ab24b5f830c8f3d5aa2aec003fb6f153b5fb1ddcbea2620715312fae6c
                                • Opcode Fuzzy Hash: 915c05d194caa40344127ca924363909d82f01e8930adecf4199f2c158afaeb1
                                • Instruction Fuzzy Hash: 78E12174D09219CFDB24CFE5D988A9DFBB2FF89320F14942AD81AAB254DBB05941DF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0575097B, Relevance: .3, Instructions: 336COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 370a001ac5324828f718a5431a0b66af0bdad0956cf1ae30b84908d0a27fe948
                                • Instruction ID: c066f882bce2b2a233de7f16524b700bde2f95417ee84dbcd8bc2ee6e4cbc47a
                                • Opcode Fuzzy Hash: 370a001ac5324828f718a5431a0b66af0bdad0956cf1ae30b84908d0a27fe948
                                • Instruction Fuzzy Hash: 12E13074D09219CFDB24CFE5D988A9DFBB2FF89320F14A46AD819AB254DBB05941DF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05753B98, Relevance: .1, Instructions: 132COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a4a7d616d146223c8d07535d9ae5874c78c48ce6a4d873ae1eb16b7a109d9484
                                • Instruction ID: 8094c46161b2bdfa896656dc4c264a22a0d85f19ac3808314c1a12732b22baa4
                                • Opcode Fuzzy Hash: a4a7d616d146223c8d07535d9ae5874c78c48ce6a4d873ae1eb16b7a109d9484
                                • Instruction Fuzzy Hash: 2141B471F042598BDB18CF6E884069EFBB7AFC9750F24C4AAD809AB294DB704D059B51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057543E8, Relevance: .1, Instructions: 54COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7deb516a404be7bac50d607e5f4bcc5a5ea8cbb5e3606a6d13662cb2262073c1
                                • Instruction ID: 464807f8eb645c09cf4578e71f2df5d1be497563fcea5edfe1a98838b5e8f537
                                • Opcode Fuzzy Hash: 7deb516a404be7bac50d607e5f4bcc5a5ea8cbb5e3606a6d13662cb2262073c1
                                • Instruction Fuzzy Hash: 8A11D775D05648DBEB08DFABC80429EBBF7BFC9300F14C07AD919A7259EB7406429B51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057543F8, Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 955b12f76a5224a1f093203d6b37bbf1a6688bf5fe67d2b2dd40c67891638ed1
                                • Instruction ID: 92cdef00206abd3444c6725a20ec9a2b5becd5b54d9a3af277c85133d27b4f1d
                                • Opcode Fuzzy Hash: 955b12f76a5224a1f093203d6b37bbf1a6688bf5fe67d2b2dd40c67891638ed1
                                • Instruction Fuzzy Hash: 4F11E8B1D05609DBEB08DFABC80429EFAF7BFC8300F14C07A9909A6258EB7006429F51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00F0A7C8, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                Download Yara Rule
                                APIs
                                • GetExitCodeProcess.KERNELBASE(?,00000E2C,5257EACE,00000000,00000000,00000000,00000000), ref: 00F0A85C
                                Memory Dump Source
                                • Source File: 0000000F.00000002.319706914.0000000000F0A000.00000040.00000001.sdmp, Offset: 00F0A000, based on PE: false
                                Similarity
                                • API ID: CodeExitProcess
                                • String ID:
                                • API String ID: 3861947596-0
                                • Opcode ID: b7f3ab0892299bdb3c5773ce728a330dad90ef9f4a996fd2d8a9ed8c808679a5
                                • Instruction ID: 512f58240be14cf210c8847b98459a5631d5e6b3cbac9a3cce47d84ad1091679
                                • Opcode Fuzzy Hash: b7f3ab0892299bdb3c5773ce728a330dad90ef9f4a996fd2d8a9ed8c808679a5
                                • Instruction Fuzzy Hash: 4721F9B15093806FE7128B64DC45FA6BFB8EF42320F0884EBE984DF193D264A905D761
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00F0AAEF, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                • K32EnumProcesses.KERNEL32(?,?,?,5257EACE,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 00F0AB6A
                                Memory Dump Source
                                • Source File: 0000000F.00000002.319706914.0000000000F0A000.00000040.00000001.sdmp, Offset: 00F0A000, based on PE: false
                                Similarity
                                • API ID: EnumProcesses
                                • String ID:
                                • API String ID: 84517404-0
                                • Opcode ID: fb71ae24ea13074394fa4bc98ae9178437d5c7e4751f2945d948a4e6dc0860c7
                                • Instruction ID: 8091129419372ef94a06f4a007d6537a0cfc40e2e5d1af930706b921f5c01565
                                • Opcode Fuzzy Hash: fb71ae24ea13074394fa4bc98ae9178437d5c7e4751f2945d948a4e6dc0860c7
                                • Instruction Fuzzy Hash: 632190B55093805FEB12CB25DC54BA2BFB8EF57220F0980EAE9848B153D2649808DB22
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00F0A1F4, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE ref: 00F0A26C
                                Memory Dump Source
                                • Source File: 0000000F.00000002.319706914.0000000000F0A000.00000040.00000001.sdmp, Offset: 00F0A000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: cb8cfba1c15158b895de7e6fbf356f7661b7b29ed8d8177738c9fabf2bf16733
                                • Instruction ID: 24d20effbe8da9eb0ce2f37425cae1ecf549946ed10fd2488e6ff2ddfa881938
                                • Opcode Fuzzy Hash: cb8cfba1c15158b895de7e6fbf356f7661b7b29ed8d8177738c9fabf2bf16733
                                • Instruction Fuzzy Hash: 5D21597540E3C49FD7128B658854656BFB4EF13220F0E84EBD884CF1A3D279A808DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00F0B7C6, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,5257EACE,00000000,00000000,00000000,00000000), ref: 00F0B840
                                Memory Dump Source
                                • Source File: 0000000F.00000002.319706914.0000000000F0A000.00000040.00000001.sdmp, Offset: 00F0A000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 20244b14e27eb276aeaf0f052d14b23563d62128a410773c73a1fea9b491b25c
                                • Instruction ID: 40ede7e712a4c19356698a8b01a68414bbffb1d15cb55d6b368e8ec618bb6335
                                • Opcode Fuzzy Hash: 20244b14e27eb276aeaf0f052d14b23563d62128a410773c73a1fea9b491b25c
                                • Instruction Fuzzy Hash: 242160B1900604AFEB20DF55DC84F66FBECEF04720F18C46AEA45DB2A1D760E845EA71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00F0A8C0, Relevance: 1.6, APIs: 1, Instructions: 68memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00F0A93D
                                Memory Dump Source
                                • Source File: 0000000F.00000002.319706914.0000000000F0A000.00000040.00000001.sdmp, Offset: 00F0A000, based on PE: false
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 53e530a46bea58a237841e71f932ea7699d342b50df0289b97fc7d0e76053be6
                                • Instruction ID: d5ebf9339e546305568350c6f2aa644e9bdfb47930459c840caeb840309730c0
                                • Opcode Fuzzy Hash: 53e530a46bea58a237841e71f932ea7699d342b50df0289b97fc7d0e76053be6
                                • Instruction Fuzzy Hash: 6021A1715097C09FD7238B24DC54A52BFB4EF07220F0D84DFE9858B163D224A808DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00F0BDFD, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00F0BE79
                                Memory Dump Source
                                • Source File: 0000000F.00000002.319706914.0000000000F0A000.00000040.00000001.sdmp, Offset: 00F0A000, based on PE: false
                                Similarity
                                • API ID: LibraryLoadShim
                                • String ID:
                                • API String ID: 1475914169-0
                                • Opcode ID: 26a938654c610a8c86ca3ea98e98108b5e20a09cd1cd36f38e9e5f40d2a47f40
                                • Instruction ID: 2d7ca074612f9f0b4a71c6b621d698bbed33d20b094707b111147b5c578c7a18
                                • Opcode Fuzzy Hash: 26a938654c610a8c86ca3ea98e98108b5e20a09cd1cd36f38e9e5f40d2a47f40
                                • Instruction Fuzzy Hash: 082193715093845FDB22CA15DC45B62FFF8EF16710F08809AED84CB293D365A908D761
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00F0AEB2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 00F0AF02
                                Memory Dump Source
                                • Source File: 0000000F.00000002.319706914.0000000000F0A000.00000040.00000001.sdmp, Offset: 00F0A000, based on PE: false
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: 748acbe267c44b713bb03b890cf34cdf283a6681996b6c08b2c7114434646009
                                • Instruction ID: 55dad1405aac74540d1dfcbba57fa94632d6c25325fad797399d499369cd42a7
                                • Opcode Fuzzy Hash: 748acbe267c44b713bb03b890cf34cdf283a6681996b6c08b2c7114434646009
                                • Instruction Fuzzy Hash: C401A271500200ABD210DF1ADC86B26FBE8FF88B20F18815AED089B745E635F515CBE5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05751370, Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: X1(r
                                • API String ID: 0-3909273932
                                • Opcode ID: 7f7691284cdf4e6ff0f9c94c7f8c7476dccc992c3530fe4bd8cfb61cacc4b19f
                                • Instruction ID: 63fa73aba6164c4526939d76e0c7e3c800ff540bd14ac7398d33ef1e6e37b893
                                • Opcode Fuzzy Hash: 7f7691284cdf4e6ff0f9c94c7f8c7476dccc992c3530fe4bd8cfb61cacc4b19f
                                • Instruction Fuzzy Hash: 72511274E05208DFDB04DFA9D898AEDBBB2FF89311F10D029D816A7394D7B44946EB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05751380, Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: X1(r
                                • API String ID: 0-3909273932
                                • Opcode ID: c0efde016b599ef9b81b6e1e7819ad737201a98931ba56176649fc26a295d560
                                • Instruction ID: 0a1b2118f6ad1ab0a5f2b5a7c98f36a6ed6b3b89fbef14d8d200041aec9822a6
                                • Opcode Fuzzy Hash: c0efde016b599ef9b81b6e1e7819ad737201a98931ba56176649fc26a295d560
                                • Instruction Fuzzy Hash: 8E51F274E05208DFDB04DFA9D898AEDBBF2EF88311F10D029D916A7354D7B45942EB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0575CD9B, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: p
                                • API String ID: 0-2181537457
                                • Opcode ID: 100fd89b36fd3a7649fe29cb5c732205742ef9c67aa72a83eb0882bb289f4888
                                • Instruction ID: 936c24eb7d7286d6ddf3a1854b67bbfbe6748a3f07b4051511e95ac40e8eac35
                                • Opcode Fuzzy Hash: 100fd89b36fd3a7649fe29cb5c732205742ef9c67aa72a83eb0882bb289f4888
                                • Instruction Fuzzy Hash: 12316F74D49318CFCB51CF58C8407BDB7BEAB06324F0091A9E849B7241CBB14E81AF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0575CD98, Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: p
                                • API String ID: 0-2181537457
                                • Opcode ID: 77a57dd9b28198519a248ae6f3ff32e850cf47f69a19f49461df6096fa559172
                                • Instruction ID: d2426cd3e3360622d16dcc1539092c220e26b36c1dbd32d25c1e3964d03f6ce5
                                • Opcode Fuzzy Hash: 77a57dd9b28198519a248ae6f3ff32e850cf47f69a19f49461df6096fa559172
                                • Instruction Fuzzy Hash: 2C315C74D49318CFCB61CF58C8407BDB7BEAB4A324F1091A9E85AB7241DBB14E80AF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0575CE1F, Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: p
                                • API String ID: 0-2181537457
                                • Opcode ID: f98e6d272ac069560028ceb342f5c1fb0687aee7a0aa293c07ea8d5f05091bdf
                                • Instruction ID: 94729bfdcdfb808a45150831fac82b2050fd58d1b85fec4328551fc7446e526e
                                • Opcode Fuzzy Hash: f98e6d272ac069560028ceb342f5c1fb0687aee7a0aa293c07ea8d5f05091bdf
                                • Instruction Fuzzy Hash: 63217E74E493188FCB61CB68D8447BDB7BAAF46320F0091E5E94DA7392CB714E819F41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05756933, Relevance: .3, Instructions: 278COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 89eb8a22f23e8f62dd5bba314f5564c5eebca4103526beef846a0598d2395d4c
                                • Instruction ID: 2181e3ddb97ca3465fcd14413b59edbdd5c29a7313bb4e7418d9ebcf595dc399
                                • Opcode Fuzzy Hash: 89eb8a22f23e8f62dd5bba314f5564c5eebca4103526beef846a0598d2395d4c
                                • Instruction Fuzzy Hash: 12C19E74904205CFDB14DF98C188A9CBBB2FF053A8F54C0A4E885AB356D3B8D885DFA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05756985, Relevance: .3, Instructions: 274COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2fc22c61a897c4b050329afb27c720e033ab8eacaf8b89b0ced77f20df554e76
                                • Instruction ID: 3ecec327f276498affe395d24fed4243641ff364840bbc38d879ebb05ea2007a
                                • Opcode Fuzzy Hash: 2fc22c61a897c4b050329afb27c720e033ab8eacaf8b89b0ced77f20df554e76
                                • Instruction Fuzzy Hash: A3C19F74904245CFDB04DF98C184A9CBBB2FF053A8F55C094D885AB356D3B9D885DF64
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057569B4, Relevance: .3, Instructions: 264COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 37b33c9bce233ebfdd7a6a44029db9407306ef2f34ab45f728efb509a7442c1b
                                • Instruction ID: db73def08b695c069ea723a46102b88b89cf12e675a2fb9c871253b6dd2dddb7
                                • Opcode Fuzzy Hash: 37b33c9bce233ebfdd7a6a44029db9407306ef2f34ab45f728efb509a7442c1b
                                • Instruction Fuzzy Hash: 46C18E74904205CFDB04DF98C188A9CBBB2FF053A8F55C094E985AB356D3B9D889DFA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05753A15, Relevance: .2, Instructions: 219COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9c7187864f5d0cfc033007791dfa4e89c322c4fc6432903e0bf940640d4cb96f
                                • Instruction ID: 0c52686b0cb7449ef7f0e5f30f8c0bcb1de45137152d29d4c19d5fb84052f6ea
                                • Opcode Fuzzy Hash: 9c7187864f5d0cfc033007791dfa4e89c322c4fc6432903e0bf940640d4cb96f
                                • Instruction Fuzzy Hash: 4F9115B4E0825CCFDB10DFA4C488AEDFBB2BF49354F208919D805B7251D7B89981EB64
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05753D59, Relevance: .2, Instructions: 215COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fcda07f6ca4bdefe9d88479f3b47b17168aa02444fd87709be157d6802ffb57a
                                • Instruction ID: 76810ac1f6cfab8790b559025bb6a1654cadb505c6879bee5bf50f8d14e6b0f4
                                • Opcode Fuzzy Hash: fcda07f6ca4bdefe9d88479f3b47b17168aa02444fd87709be157d6802ffb57a
                                • Instruction Fuzzy Hash: AE91F974E04328CFDB50DFA5C848BADBBB6BB49310F5085A9E809B7386D7B44981EF11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05756150, Relevance: .2, Instructions: 155COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a3acbdf981911c06d1c6b79d9a5c8760a1f1a9a77cd64d17d5736ad8840d73ea
                                • Instruction ID: 9b6e059f1f568379dc6eb97240a77f3bc69bbb3f9e99e16d6660bc681571b353
                                • Opcode Fuzzy Hash: a3acbdf981911c06d1c6b79d9a5c8760a1f1a9a77cd64d17d5736ad8840d73ea
                                • Instruction Fuzzy Hash: 16513674D09208EFDF44CF99D544BFDBBF6BB49320F909069E805A3251D7B45A85EB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05750007, Relevance: .1, Instructions: 144COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8f03d8bef513a591e810b0466d91c94c9c50da24c94b161ab6d464d1c799ccd9
                                • Instruction ID: 094f4f3efa0fd33f5a580975488ddd3a13fcccb945517205de720a7c489ef643
                                • Opcode Fuzzy Hash: 8f03d8bef513a591e810b0466d91c94c9c50da24c94b161ab6d464d1c799ccd9
                                • Instruction Fuzzy Hash: 47517071C0A3499FCB01CFA4D9446AEBFB1FF46310F1980D6C845E7262E6788A45DF62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05754ECC, Relevance: .1, Instructions: 127COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a4cf101d0b872c39c608bfb8100c2cd5b9c9cd97896c6b9f861778fa2d29ec7a
                                • Instruction ID: 606742d5fd07264d34c79901ae94827ced9e61c1ea28ff90aca030f8a527bfc7
                                • Opcode Fuzzy Hash: a4cf101d0b872c39c608bfb8100c2cd5b9c9cd97896c6b9f861778fa2d29ec7a
                                • Instruction Fuzzy Hash: 0241D7F58082489FCF12DF78C885E7D7FB3FB45220B1480A9DC9287292DAB09946EB41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057529F8, Relevance: .1, Instructions: 123COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c0f098b6e7d5df508393ee669748cc19c747fe4b0fbb306a99812a3e033f77d1
                                • Instruction ID: b76273cb6a5add3ef6bd0bd37f63ca938270638a257db9a7f4ede2e92e383808
                                • Opcode Fuzzy Hash: c0f098b6e7d5df508393ee669748cc19c747fe4b0fbb306a99812a3e033f77d1
                                • Instruction Fuzzy Hash: AD415B78D08209DFCB14DFA8D8546EDBBB2FB49310F208069DC12A3392DBB55942EF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057576C8, Relevance: .1, Instructions: 106COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9ed9b9e02bd1253ed3983187c543b70a8c986693c1cb0f771d6d1fb465b70730
                                • Instruction ID: e55feced304ed401e58c84f24d1ba1b2d5e08d645d19e9bfac218c2269b3cce2
                                • Opcode Fuzzy Hash: 9ed9b9e02bd1253ed3983187c543b70a8c986693c1cb0f771d6d1fb465b70730
                                • Instruction Fuzzy Hash: E031123090424A9FCF19EE74D9488B9BFB2FB01260F118966DC049F353DBB05A06EF91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0575619C, Relevance: .1, Instructions: 104COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 388f8f3d4329f6491b3cc8e8417bc06925dbc9e4b02b3a10de83e485dce31855
                                • Instruction ID: be38c2c2357ffdcb0a536b65176dd3d90f319f313ac128168f6fd9b87df0e18b
                                • Opcode Fuzzy Hash: 388f8f3d4329f6491b3cc8e8417bc06925dbc9e4b02b3a10de83e485dce31855
                                • Instruction Fuzzy Hash: 73410B74D09248DFDB40CFA8D584BECBFF6BF0A324F949099E845A7252D7B45985DB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05759023, Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8ce6bfe5adf39d57468c48f2325cb694cb801ec302b232c5f16a16626a506821
                                • Instruction ID: 260ae5ee45751b70f8c3d167ed9e94d9ec330e0fd946510efec65ba1c9d405bd
                                • Opcode Fuzzy Hash: 8ce6bfe5adf39d57468c48f2325cb694cb801ec302b232c5f16a16626a506821
                                • Instruction Fuzzy Hash: 7D410774E00209DFCB18DFA9D984AAEBBB2FF89300F208469E90577354DB75A942DF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05752A40, Relevance: .1, Instructions: 95COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1036075e05a81eed930cf1c60d969a563f0372c86d430ef483c7cacfbb702def
                                • Instruction ID: e5cd26198f4cb9b98a45fd6c9b25b962af3b87db3374a872d62e84bd043f61f5
                                • Opcode Fuzzy Hash: 1036075e05a81eed930cf1c60d969a563f0372c86d430ef483c7cacfbb702def
                                • Instruction Fuzzy Hash: E5413A78E04209DFDB54DFA8D4546EEBBB2FB49310F208069E816A3342DBB55941EF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05752A50, Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9598169c4607748a0b26a2ced0ce95d1ec7dd66eeff184e4dccf36440ac6d2dc
                                • Instruction ID: 0b70944bef4b0a414b629b778e8e450e39f92878589801c6d54f5bfde3e85c7b
                                • Opcode Fuzzy Hash: 9598169c4607748a0b26a2ced0ce95d1ec7dd66eeff184e4dccf36440ac6d2dc
                                • Instruction Fuzzy Hash: CF410778E04209DFDB44DFA9D4586EEBBF6FB88310F108029E816A3345DB755941EF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05750070, Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fad1adbb608586f62a7d55127e2b13f4e5f3b59bd11dfbfef9d32ebef3355d79
                                • Instruction ID: 9e783e1ac75b32078e6008eb39f97e89cffa13b086aeffdc4c57975d2025e19d
                                • Opcode Fuzzy Hash: fad1adbb608586f62a7d55127e2b13f4e5f3b59bd11dfbfef9d32ebef3355d79
                                • Instruction Fuzzy Hash: AA314575C1530AEFCB04CFA5D6886EEBBB1FB48350F1084AAC806A7351E7745A81DF52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05758076, Relevance: .1, Instructions: 80COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: efe7845773387b8f2862a05567bcf188bcb4101dca356316bec94c44ad38c25d
                                • Instruction ID: 164fdae8a1011af3c22292714c4dad95268349a2f422a44b1a2c452eeb62a78d
                                • Opcode Fuzzy Hash: efe7845773387b8f2862a05567bcf188bcb4101dca356316bec94c44ad38c25d
                                • Instruction Fuzzy Hash: 5E31B478E14208CFCB44CF99D4849AEBBF6FF49320F209569E819AB311DB70A942DF51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05754328, Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c0d714714fee71597c5315fe0350f4285d377a7fa2d7a49a2224afc79f535274
                                • Instruction ID: d8ec1ce0b597a82120747c6b440a9cd6235bf19982f4884d812f2e40c1996652
                                • Opcode Fuzzy Hash: c0d714714fee71597c5315fe0350f4285d377a7fa2d7a49a2224afc79f535274
                                • Instruction Fuzzy Hash: 55213DB1D05208DBDF18DFAAD8443AEBBB7FFC8310F14C079D905A2354EBB05581AA55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05754F20, Relevance: .1, Instructions: 54COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fb4c84cf25f4183f5827f896a10cab46a7576e3d6f9cce8b6ac1d1fb77f86828
                                • Instruction ID: d80ec56d45280509da605c63297bb1aed073d6912c23511d2fc89e9306a87cae
                                • Opcode Fuzzy Hash: fb4c84cf25f4183f5827f896a10cab46a7576e3d6f9cce8b6ac1d1fb77f86828
                                • Instruction Fuzzy Hash: CD210D78E01209DFCB44EFA9D8859ADBBB2FF88300F108169E805A7355DB359D41EF91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057535F7, Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4dc226d948dc9a29e09b82f4ee61b14da4b44d323a8f7a2a73f33e67a272130c
                                • Instruction ID: 299df3abe5b139801d47c5cc4b94472e7adbbb7c6a52acb7d2c955f5f486a593
                                • Opcode Fuzzy Hash: 4dc226d948dc9a29e09b82f4ee61b14da4b44d323a8f7a2a73f33e67a272130c
                                • Instruction Fuzzy Hash: 80018B30C09208AFCB04EFB8D5456ACBFB1EB45350F2481EECC44673A0DA769A4AEF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057542E0, Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 32894f3fb9f46817a1325644336b9009f6d618e6752139f8f0c89b0a4662e093
                                • Instruction ID: 69a8165bf792f0126db41fd3b72e23af04d4ddfa91ad5c51a75398a8783de252
                                • Opcode Fuzzy Hash: 32894f3fb9f46817a1325644336b9009f6d618e6752139f8f0c89b0a4662e093
                                • Instruction Fuzzy Hash: 5DF09634E092489FCF15DBA5D8055ACBF72EF47320F1480DAEC48A7391C5725941EBA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05757740, Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4bb2668b4a9d223b763602088a076535d806673a89ffbb4ddd5efe007d41a591
                                • Instruction ID: e946128ea454dcf7ee8feaf9170fa196522a28c660a01b80be4c2c0973ab8fbf
                                • Opcode Fuzzy Hash: 4bb2668b4a9d223b763602088a076535d806673a89ffbb4ddd5efe007d41a591
                                • Instruction Fuzzy Hash: 1901E874E0020ADFCB04EFA8D98959DFBB1FF44304F1086A9E815A7355DB305A41EF91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05752CC1, Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4272ab98969226648573ca55302b5a346aaac30ce14317aa282bd83e3cdfd384
                                • Instruction ID: 69b050357b3c9eefad94aaf7daa9181699172150b0972213185dd5b0e4545f17
                                • Opcode Fuzzy Hash: 4272ab98969226648573ca55302b5a346aaac30ce14317aa282bd83e3cdfd384
                                • Instruction Fuzzy Hash: C9F0BE38D04248AFCB11CB94D9455ACBFB0FB06320F14C09ACC4563353C6719A42EBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05754AC8, Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b02fcc34571e491e71871dfe8f01fc37f6cb31803f337a7f4a9d54b76557bc6e
                                • Instruction ID: d05b0901228d0f9ebaea389f040ec548c1e4e09874234ad096b42e3b1c0134c0
                                • Opcode Fuzzy Hash: b02fcc34571e491e71871dfe8f01fc37f6cb31803f337a7f4a9d54b76557bc6e
                                • Instruction Fuzzy Hash: BC010478905219CFDB64DF24D854BA8BBB2FB49310F1081E6C84DA3255DBB05E81DF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05753681, Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b0a3e0cb749604e3d20fa2197105f74f97f2644663917f5d6dc4ece9ece1baeb
                                • Instruction ID: 7b2ed11e5fe9d2d9599b5423314e00b8204cad68ad95ed45c70dcc8d4a948363
                                • Opcode Fuzzy Hash: b0a3e0cb749604e3d20fa2197105f74f97f2644663917f5d6dc4ece9ece1baeb
                                • Instruction Fuzzy Hash: A4F03034D092489FCB11DFA4D85659CBFB0FB06250F1080EED854A33A1D6B00909EB92
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05752D31, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d7cb8769863a01377de47ffe09b38bdfc3da819c76f264231a2c4def71e1eb14
                                • Instruction ID: 4bec4253676ba7888e1cf285c01895835538ee563af62fd96e2b80aff0c795c9
                                • Opcode Fuzzy Hash: d7cb8769863a01377de47ffe09b38bdfc3da819c76f264231a2c4def71e1eb14
                                • Instruction Fuzzy Hash: ABE01274D1D3589FCB12DB74A89669C7F70BB02250F2440E6DC81A73A3D6F14946E7A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05751323, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 468e4997b73ba16cfa87a404e65d8d5ea39acd2fa40ebf9fcb2f25b2da5dcda0
                                • Instruction ID: dcb3f129ea4bd8ec613e7c7c4abc13d35ef55f805aeceaf41ff25a82c7ea4212
                                • Opcode Fuzzy Hash: 468e4997b73ba16cfa87a404e65d8d5ea39acd2fa40ebf9fcb2f25b2da5dcda0
                                • Instruction Fuzzy Hash: 76F0F2B4D052089FCB54EFA8C8557AEBFB1FB19300F6081BAD954A2340D2B54652DB95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05752D08, Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 358492267f7ee5f9c85de8164562eb9287440d6b0b0b0c3fd4383f6cdbdb38d2
                                • Instruction ID: a7e156db5b7ef239702e90cf17cb106a31961725fcb9fa4266097efec9ad4a55
                                • Opcode Fuzzy Hash: 358492267f7ee5f9c85de8164562eb9287440d6b0b0b0c3fd4383f6cdbdb38d2
                                • Instruction Fuzzy Hash: D6E0923DA0D7488FC352DB60E4951AC7B71BB02224F2400D5DC4563653D7B24941E791
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05751258, Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f2e76e3edf63ed01e6796902889a5989cd539c5aa42336f9d18334a340d0f92c
                                • Instruction ID: 25cd13e74bfc218af75da263539a5abf383687b08181967eb42c8fdb95a7ebde
                                • Opcode Fuzzy Hash: f2e76e3edf63ed01e6796902889a5989cd539c5aa42336f9d18334a340d0f92c
                                • Instruction Fuzzy Hash: 63E06DB0E0D2889FCB51EBB888187DCBFB0AB06211F4441EBC844E7291E9B59914EB52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0575435B, Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2b19f6af395c185def32d7c3d1b01bfd0399be89cec32cdd3617b15ac76997bd
                                • Instruction ID: 5947a160e6aff757efa4023896b801d85fa2f6492424a2c692d28d5704c64f0b
                                • Opcode Fuzzy Hash: 2b19f6af395c185def32d7c3d1b01bfd0399be89cec32cdd3617b15ac76997bd
                                • Instruction Fuzzy Hash: B6E03934D04108EFCB08DBE8D54179CFBB1EB45310F2480AADD04A7351D6715A42EB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05753641, Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 72dbc349438b57f512a0ea14ccddfc500cf9a8de62b80a1d192db4a94731fde0
                                • Instruction ID: 5d701185d2647b02245845e2bc4615d048d488810aa2beef70ef1b08dd7e2703
                                • Opcode Fuzzy Hash: 72dbc349438b57f512a0ea14ccddfc500cf9a8de62b80a1d192db4a94731fde0
                                • Instruction Fuzzy Hash: F6E09A35C1A288DFC715DF74944529C3F31FB02344F2000EEC8405A3A1E6B65A49EBA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0575D52D, Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6f0ec3f4c041772a46998ecbb1a7d1e8315d936b8697a56b88a3007722ed1fec
                                • Instruction ID: f8e5a420bf31c167c9b8d787589ec07014f07de10d23900369c341bf0032ac65
                                • Opcode Fuzzy Hash: 6f0ec3f4c041772a46998ecbb1a7d1e8315d936b8697a56b88a3007722ed1fec
                                • Instruction Fuzzy Hash: 67E06DB08091148BCFA49B7AC8497B8B735EF13339F9042E0AC683A2D5DB714A41AF75
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05751330, Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e50b87240f85af90d4d31099aa5973d05170c586b3a28d28e07a60000f1ea2fe
                                • Instruction ID: 4125b7af5eb155d765aab1356e31b90a8fff29a91720f289ac6199a9e2e6314c
                                • Opcode Fuzzy Hash: e50b87240f85af90d4d31099aa5973d05170c586b3a28d28e07a60000f1ea2fe
                                • Instruction Fuzzy Hash: FAE012B0D0520CEFCB84EFA8C8456AEBBB5FB48300F5085AAD814A3340D7B59A60DF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057515A8, Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cfe2c525f57eb2c54070d513ce33565b55ea0c0fe41d5d7e72a7c330c30eedbb
                                • Instruction ID: c7269c34a9bd2ad0b70b94decf9960327df06cb10a2e82c5602d80d356a9d4d8
                                • Opcode Fuzzy Hash: cfe2c525f57eb2c54070d513ce33565b55ea0c0fe41d5d7e72a7c330c30eedbb
                                • Instruction Fuzzy Hash: 1FD02E2080C3840FC32203762C383D83FB18B43302FAE81AED8C7954A3C2F90046F222
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057544C2, Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4d1e76ab27a35422fb5a66c205d4fcbbfbf94a68b54a30b1d687e9de7030abe4
                                • Instruction ID: e28a5dccb1e6a6bbf5c72cdc71e486595797705fce7368f4103bc407789895e3
                                • Opcode Fuzzy Hash: 4d1e76ab27a35422fb5a66c205d4fcbbfbf94a68b54a30b1d687e9de7030abe4
                                • Instruction Fuzzy Hash: 34E08C38C0E384AFCF01CBB0E4A04EC7FB79B4B310F0510ABE855EB253D9A108409B11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05751268, Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6e9272f03a905bff7b0853a0feb2f12be7f1c8cb1f14a1ccbb2d321c117dcb22
                                • Instruction ID: 309c180e219b170cdaad002dcccedd299d0199193fa2d853a22469d925a1ab39
                                • Opcode Fuzzy Hash: 6e9272f03a905bff7b0853a0feb2f12be7f1c8cb1f14a1ccbb2d321c117dcb22
                                • Instruction Fuzzy Hash: D7D017B0E0420CAFCB84EFE8D50479CBBB4EB04300F4080AA8808E3340EA746A60DF91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05753650, Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d3bbf833db34ee4eb175d3c6b542666202d8e2604aec05db0117ee31a08231b1
                                • Instruction ID: aabc61f0e3b1d4e8aef69f5e379f4861605a6348950d93b04904d98627637b0c
                                • Opcode Fuzzy Hash: d3bbf833db34ee4eb175d3c6b542666202d8e2604aec05db0117ee31a08231b1
                                • Instruction Fuzzy Hash: A7D05E30C1520CDFC704EFA8D54569CBF75EB01345F2000ACC80467350DB766A85EB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05753968, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6a80b6410d149cca3e6ad08bb9926db227b1faa25c010c1a503354e7e73e8a8f
                                • Instruction ID: be3625641d1c8af06a5f093d7afbab2f3001d56683f85c958d6e5b942dbb774d
                                • Opcode Fuzzy Hash: 6a80b6410d149cca3e6ad08bb9926db227b1faa25c010c1a503354e7e73e8a8f
                                • Instruction Fuzzy Hash: E1C01278A0414CEFCB00CF90D4A89ACFBB1EF08350F20C842DC061B326DB749A0AAB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057515B8, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 0000000F.00000002.329771600.0000000005750000.00000040.00000001.sdmp, Offset: 05750000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5e725d97e6802df4dae1804a76d8ff10596cf59c7b456e872cc15206fb5c5ef4
                                • Instruction ID: da19bbd8feb07a1050f6f360741981e513d0ba149e2e220ee1b4614da1349b66
                                • Opcode Fuzzy Hash: 5e725d97e6802df4dae1804a76d8ff10596cf59c7b456e872cc15206fb5c5ef4
                                • Instruction Fuzzy Hash: 21C08C7000860C87C304278A68183E032CA9341716F8800186A0A111A1CAF81080F1A6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions