Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 256ec8f8f67b59c5e085b0bb63afcd13.exe

Overview

General Information

Sample Name:256ec8f8f67b59c5e085b0bb63afcd13.exe
Analysis ID:355753
MD5:0bbcc2e64e3edf053ed4af2c0bafb0eb
SHA1:c006b8d2ec4b92f441815b20f1bdadf98eab1b4d
SHA256:52d01903f7c366e01359a00ea771ca1f71d4e1bb54731290bc62c3a218f5af80
Tags:exeNanoCoreRAT

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Yara detected Nanocore RAT
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • 256ec8f8f67b59c5e085b0bb63afcd13.exe (PID: 6720 cmdline: 'C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe' MD5: 0BBCC2E64E3EDF053ED4AF2C0BAFB0EB)
    • 256ec8f8f67b59c5e085b0bb63afcd13.exe (PID: 6416 cmdline: {path} MD5: 0BBCC2E64E3EDF053ED4AF2C0BAFB0EB)
      • schtasks.exe (PID: 6540 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp98F0.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 6744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 6632 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpA082.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 6764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • dhcpmon.exe (PID: 2460 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0 MD5: 0BBCC2E64E3EDF053ED4AF2C0BAFB0EB)
    • dhcpmon.exe (PID: 6500 cmdline: {path} MD5: 0BBCC2E64E3EDF053ED4AF2C0BAFB0EB)
  • dhcpmon.exe (PID: 7160 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' MD5: 0BBCC2E64E3EDF053ED4AF2C0BAFB0EB)
    • dhcpmon.exe (PID: 5748 cmdline: {path} MD5: 0BBCC2E64E3EDF053ED4AF2C0BAFB0EB)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "94----", "Group": "V-HASH", "Domain1": "cloudhost.myfirewall.org", "Domain2": "cloudhost.myfirewall.org", "Port": 5654, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "cloudhost.myfirewall.org", "BackupDNSServer": "cloudhost.myfirewall.orgbxpU=", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>4</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>\"#EXECUTABLEPATH\"</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0x23877:$a: NanoCore
    • 0x238d0:$a: NanoCore
    • 0x2390d:$a: NanoCore
    • 0x23986:$a: NanoCore
    • 0x238d9:$b: ClientPlugin
    • 0x23916:$b: ClientPlugin
    • 0x24214:$b: ClientPlugin
    • 0x24221:$b: ClientPlugin
    • 0x1b5fe:$e: KeepAlive
    • 0x23d61:$g: LogClientMessage
    • 0x23ce1:$i: get_Connected
    • 0x158a9:$j: #=q
    • 0x158d9:$j: #=q
    • 0x15915:$j: #=q
    • 0x1593d:$j: #=q
    • 0x1596d:$j: #=q
    • 0x1599d:$j: #=q
    • 0x159cd:$j: #=q
    • 0x159fd:$j: #=q
    • 0x15a19:$j: #=q
    • 0x15a49:$j: #=q
    00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x23761d:$x1: NanoCore.ClientPluginHost
    • 0x26a03d:$x1: NanoCore.ClientPluginHost
    • 0x23765a:$x2: IClientNetworkHost
    • 0x26a07a:$x2: IClientNetworkHost
    • 0x23b18d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0x26dbad:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0x237385:$a: NanoCore
      • 0x237395:$a: NanoCore
      • 0x2375c9:$a: NanoCore
      • 0x2375dd:$a: NanoCore
      • 0x23761d:$a: NanoCore
      • 0x269da5:$a: NanoCore
      • 0x269db5:$a: NanoCore
      • 0x269fe9:$a: NanoCore
      • 0x269ffd:$a: NanoCore
      • 0x26a03d:$a: NanoCore
      • 0x2373e4:$b: ClientPlugin
      • 0x2375e6:$b: ClientPlugin
      • 0x237626:$b: ClientPlugin
      • 0x269e04:$b: ClientPlugin
      • 0x26a006:$b: ClientPlugin
      • 0x26a046:$b: ClientPlugin
      • 0x1835a1:$c: ProjectData
      • 0x23750b:$c: ProjectData
      • 0x269f2b:$c: ProjectData
      • 0x237f12:$d: DESCrypto
      • 0x26a932:$d: DESCrypto
      Click to see the 62 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      14.2.dhcpmon.exe.400000.0.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0x1018d:$x1: NanoCore.ClientPluginHost
      • 0x101ca:$x2: IClientNetworkHost
      • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      14.2.dhcpmon.exe.400000.0.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xff05:$x1: NanoCore Client.exe
      • 0x1018d:$x2: NanoCore.ClientPluginHost
      • 0x117c6:$s1: PluginCommand
      • 0x117ba:$s2: FileCommand
      • 0x1266b:$s3: PipeExists
      • 0x18422:$s4: PipeCreated
      • 0x101b7:$s5: IClientLoggingHost
      14.2.dhcpmon.exe.400000.0.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        14.2.dhcpmon.exe.400000.0.unpackNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
        • 0xfef5:$a: NanoCore
        • 0xff05:$a: NanoCore
        • 0x10139:$a: NanoCore
        • 0x1014d:$a: NanoCore
        • 0x1018d:$a: NanoCore
        • 0xff54:$b: ClientPlugin
        • 0x10156:$b: ClientPlugin
        • 0x10196:$b: ClientPlugin
        • 0x1007b:$c: ProjectData
        • 0x10a82:$d: DESCrypto
        • 0x1844e:$e: KeepAlive
        • 0x1643c:$g: LogClientMessage
        • 0x12637:$i: get_Connected
        • 0x10db8:$j: #=q
        • 0x10de8:$j: #=q
        • 0x10e04:$j: #=q
        • 0x10e34:$j: #=q
        • 0x10e50:$j: #=q
        • 0x10e6c:$j: #=q
        • 0x10e9c:$j: #=q
        • 0x10eb8:$j: #=q
        2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0xd9ad:$x1: NanoCore.ClientPluginHost
        • 0xd9da:$x2: IClientNetworkHost
        Click to see the 122 entries

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe, ProcessId: 6416, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
        Sigma detected: Scheduled temp file as task from temp locationShow sources
        Source: Process startedAuthor: Joe Security: Data: Command: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp98F0.tmp', CommandLine: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp98F0.tmp', CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: {path}, ParentImage: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe, ParentProcessId: 6416, ProcessCommandLine: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp98F0.tmp', ProcessId: 6540

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "94----", "Group": "V-HASH", "Domain1": "cloudhost.myfirewall.org", "Domain2": "cloudhost.myfirewall.org", "Port": 5654, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "cloudhost.myfirewall.org", "BackupDNSServer": "cloudhost.myfirewall.orgbxpU=", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.707013030.0000000004471000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.742484463.0000000003FB1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.722378411.0000000003371000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.730081391.00000000044D1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.741098736.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.719796822.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.907264968.0000000005C20000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.742370218.0000000002FB1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.721387726.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.721168712.0000000004471000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.903845537.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.905880969.0000000004057000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.722411296.0000000004371000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.676219646.00000000042A1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6416, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5748, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 2460, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6720, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6888, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7160, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6260, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6500, type: MEMORY
        Source: Yara matchFile source: 14.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.3ffeab4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.dhcpmon.exe.3c7ffe0.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.dhcpmon.exe.46f8490.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.459ffe0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.dhcpmon.exe.3d78490.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43beab4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.dhcpmon.exe.45fffe0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4059c7e.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43c30dd.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.3ffeab4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.40630dd.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.dhcpmon.exe.46f8490.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c30dd.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.3ff9c7e.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44beab4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c24629.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.dhcpmon.exe.3d78490.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.43cffe0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.40030dd.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44beab4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43b9c7e.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44b9c7e.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43beab4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.raw.unpack, type: UNPACKEDPE
        Machine Learning detection for dropped fileShow sources
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJoe Sandbox ML: detected
        Machine Learning detection for sampleShow sources
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exeJoe Sandbox ML: detected
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.unpackAvira: Label: TR/NanoCore.fadte
        Source: 12.2.dhcpmon.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 14.2.dhcpmon.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7

        Compliance:

        barindex
        Uses 32bit PE filesShow sources
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Uses new MSVCR DllsShow sources
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Binary contains paths to debug symbolsShow sources
        Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.904860246.0000000002A85000.00000004.00000040.sdmp
        Source: Binary string: mscorrc.pdb source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.680575404.0000000008770000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.907073740.0000000005920000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.717914840.00000000082E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.724995186.00000000076E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.734162357.0000000008310000.00000002.00000001.sdmp
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 4x nop then lea ecx, dword ptr [ebp-30h]0_2_05470608
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 4x nop then lea ecx, dword ptr [ebp-30h]7_2_055C0608
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 4x nop then lea ecx, dword ptr [ebp-30h]8_2_02560608
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 4x nop then lea ecx, dword ptr [ebp-30h]10_2_017F0608

        Networking:

        barindex
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs: cloudhost.myfirewall.org
        Source: global trafficTCP traffic: 192.168.2.4:49743 -> 79.134.225.105:5654
        Source: Joe Sandbox ViewIP Address: 79.134.225.105 79.134.225.105
        Source: Joe Sandbox ViewASN Name: FINK-TELECOM-SERVICESCH FINK-TELECOM-SERVICESCH
        Source: unknownDNS traffic detected: queries for: cloudhost.myfirewall.org
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639713902.00000000056BE000.00000004.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639797895.00000000056BE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639860700.00000000056BE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comTC
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639713902.00000000056BE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comV
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639918482.00000000056BE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comcy5
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639900319.00000000056BE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comgne
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639918482.00000000056BE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comgy
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639713902.00000000056BE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comint
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639713902.00000000056BE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comlay
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639797895.00000000056BE000.00000004.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639991224.00000000056BE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comypo
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.640116720.00000000056BE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comypooo
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
        Source: dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.642010809.00000000056B5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers&
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.642401940.00000000056B5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.htmln
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.641965748.00000000056B5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/k
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.642184941.00000000056B5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers=
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.642184941.00000000056B5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersQ
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.643199147.00000000056B5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersb
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.642893460.00000000056B5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersr
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.643315337.0000000005684000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/mzN
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.643315337.0000000005684000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comFpz3
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.643315337.0000000005684000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comals
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.643315337.0000000005684000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comalsekz
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.676929479.0000000005680000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comm
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.676929479.0000000005680000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.commzN
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638167842.000000000569B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comWh2
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638167842.000000000569B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comX
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638167842.000000000569B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comc
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638167842.000000000569B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comi
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639259634.0000000005684000.00000004.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639244161.00000000056BD000.00000004.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639394139.0000000005684000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639244161.00000000056BD000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn7
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.644178396.000000000568D000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.637926766.000000000569B000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com;
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.637926766.000000000569B000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.coma-d
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638866258.0000000005686000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krC
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638866258.0000000005686000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr~y8
        Source: dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638355631.000000000569B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comF
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638389150.000000000569B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comFalMY~
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638412498.000000000569B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comalMY~
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.907264968.0000000005C20000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.707013030.0000000004471000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.742484463.0000000003FB1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.722378411.0000000003371000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.730081391.00000000044D1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.741098736.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.719796822.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.907264968.0000000005C20000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.742370218.0000000002FB1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.721387726.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.721168712.0000000004471000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.903845537.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.905880969.0000000004057000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.722411296.0000000004371000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.676219646.00000000042A1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6416, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5748, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 2460, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6720, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6888, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7160, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6260, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6500, type: MEMORY
        Source: Yara matchFile source: 14.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.3ffeab4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.dhcpmon.exe.3c7ffe0.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.dhcpmon.exe.46f8490.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.459ffe0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.dhcpmon.exe.3d78490.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43beab4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.dhcpmon.exe.45fffe0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4059c7e.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43c30dd.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.3ffeab4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.40630dd.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.dhcpmon.exe.46f8490.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c30dd.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.3ff9c7e.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44beab4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c24629.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.dhcpmon.exe.3d78490.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.43cffe0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.40030dd.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44beab4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43b9c7e.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44b9c7e.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43beab4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.raw.unpack, type: UNPACKEDPE

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000007.00000002.707013030.0000000004471000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000007.00000002.707013030.0000000004471000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000E.00000002.742484463.0000000003FB1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000C.00000002.722378411.0000000003371000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000002.00000002.907132131.0000000005980000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000A.00000002.730081391.00000000044D1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000A.00000002.730081391.00000000044D1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000E.00000002.741098736.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000E.00000002.741098736.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000B.00000002.719796822.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000B.00000002.719796822.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000002.00000002.907264968.0000000005C20000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000E.00000002.742370218.0000000002FB1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000C.00000002.721387726.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000C.00000002.721387726.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000B.00000002.721168712.0000000004471000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000002.00000002.903845537.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000002.00000002.903845537.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000002.00000002.905880969.0000000004057000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000C.00000002.722411296.0000000004371000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000002.676219646.00000000042A1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.676219646.00000000042A1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6416, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6416, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 5748, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 5748, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 2460, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 2460, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6720, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6720, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6888, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6888, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 7160, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 7160, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6260, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6260, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 6500, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 6500, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 14.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 14.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 14.2.dhcpmon.exe.2fd3ac8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 14.2.dhcpmon.exe.3ffeab4.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.3493a98.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.dhcpmon.exe.3c7ffe0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.dhcpmon.exe.3c7ffe0.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 10.2.dhcpmon.exe.46f8490.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.dhcpmon.exe.46f8490.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.459ffe0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.459ffe0.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 8.2.dhcpmon.exe.3d78490.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.dhcpmon.exe.3d78490.1.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.dhcpmon.exe.43beab4.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.dhcpmon.exe.45fffe0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.dhcpmon.exe.45fffe0.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4059c7e.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4059c7e.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.dhcpmon.exe.43c30dd.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5980000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 14.2.dhcpmon.exe.3ffeab4.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.40630dd.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.dhcpmon.exe.46f8490.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.dhcpmon.exe.46f8490.2.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.dhcpmon.exe.3393ac8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c30dd.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 14.2.dhcpmon.exe.3ff9c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 14.2.dhcpmon.exe.3ff9c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44beab4.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.3021680.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c24629.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.dhcpmon.exe.3d78490.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.dhcpmon.exe.3d78490.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.43cffe0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.43cffe0.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 14.2.dhcpmon.exe.40030dd.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44beab4.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.dhcpmon.exe.43b9c7e.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.dhcpmon.exe.43b9c7e.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44b9c7e.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44b9c7e.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.dhcpmon.exe.43beab4.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_052516DA NtQuerySystemInformation,2_2_052516DA
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_0525169F NtQuerySystemInformation,2_2_0525169F
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_054799600_2_05479960
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_054708780_2_05470878
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_054730D00_2_054730D0
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_05472F1F0_2_05472F1F
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_054799500_2_05479950
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_054799F60_2_054799F6
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_054740500_2_05474050
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_054708680_2_05470868
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_054730C00_2_054730C0
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_05475B170_2_05475B17
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_05473E080_2_05473E08
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_05473E180_2_05473E18
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_06DA06E50_2_06DA06E5
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_00C420500_2_00C42050
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_02AC0C8B2_2_02AC0C8B
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_051289D82_2_051289D8
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_051238502_2_05123850
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_05122FA82_2_05122FA8
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_0512B2382_2_0512B238
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_051295D82_2_051295D8
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_0512306F2_2_0512306F
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_0512969F2_2_0512969F
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_008F20502_2_008F2050
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_055C99607_2_055C9960
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_055C08787_2_055C0878
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_055C30D07_2_055C30D0
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_055C2F1F7_2_055C2F1F
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_055C99507_2_055C9950
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_055C99F67_2_055C99F6
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_055C40507_2_055C4050
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_055C08687_2_055C0868
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_055C30C07_2_055C30C0
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_055C5B177_2_055C5B17
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_055C3E187_2_055C3E18
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_055C3E087_2_055C3E08
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_06CB06E57_2_06CB06E5
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_00DA20507_2_00DA2050
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_02562F308_2_02562F30
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_025608788_2_02560878
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_025630D08_2_025630D0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_025699608_2_02569960
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_02563E188_2_02563E18
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_02563E088_2_02563E08
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_02565B178_2_02565B17
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_025640508_2_02564050
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_025640608_2_02564060
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_025608688_2_02560868
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_025630C08_2_025630C0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_025699508_2_02569950
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_025699F68_2_025699F6
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_05EF06E58_2_05EF06E5
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_001C20508_2_001C2050
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_017F996010_2_017F9960
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_017F087810_2_017F0878
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_017F30D010_2_017F30D0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_017F2F3010_2_017F2F30
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_017F995010_2_017F9950
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_017F99F610_2_017F99F6
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_017F086810_2_017F0868
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_017F406010_2_017F4060
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_017F405010_2_017F4050
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_017F30C010_2_017F30C0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_017F5B1710_2_017F5B17
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_017F3E1810_2_017F3E18
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_017F3E0810_2_017F3E08
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_06B506E510_2_06B506E5
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_00DB205010_2_00DB2050
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 11_2_0563385011_2_05633850
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 11_2_056323A011_2_056323A0
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 11_2_05632FA811_2_05632FA8
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 11_2_0563306F11_2_0563306F
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 11_2_00E0205011_2_00E02050
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exeBinary or memory string: OriginalFilename vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.680775118.0000000008940000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAssemblyReferenceEntry.exeD vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.680630357.00000000087D0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameBunifu.UI.dll4 vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.680575404.0000000008770000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exeBinary or memory string: OriginalFilename vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.905334352.0000000003011000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.907237424.0000000005C10000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.906613014.0000000005230000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.907073740.0000000005920000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.907264968.0000000005C20000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.907733213.00000000064D0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exeBinary or memory string: OriginalFilename vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.717914840.00000000082E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.707013030.0000000004471000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAssemblyReferenceEntry.exeD vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.718049286.0000000008340000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameBunifu.UI.dll4 vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.702880837.00000000014FA000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exeBinary or memory string: OriginalFilename vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 0000000B.00000002.722198116.0000000005750000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 0000000B.00000002.721168712.0000000004471000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exeBinary or memory string: OriginalFilename) vs 256ec8f8f67b59c5e085b0bb63afcd13.exe
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: 0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000007.00000002.707013030.0000000004471000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000002.707013030.0000000004471000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000E.00000002.742484463.0000000003FB1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000C.00000002.722378411.0000000003371000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000002.00000002.907132131.0000000005980000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000002.00000002.907132131.0000000005980000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000A.00000002.730081391.00000000044D1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000A.00000002.730081391.00000000044D1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000E.00000002.741098736.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000E.00000002.741098736.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000B.00000002.719796822.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000B.00000002.719796822.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000002.00000002.907264968.0000000005C20000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000002.00000002.907264968.0000000005C20000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000E.00000002.742370218.0000000002FB1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000C.00000002.721387726.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.721387726.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000B.00000002.721168712.0000000004471000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000002.00000002.903845537.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000002.00000002.903845537.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000002.00000002.905880969.0000000004057000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000C.00000002.722411296.0000000004371000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000002.676219646.00000000042A1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000000.00000002.676219646.00000000042A1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6416, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6416, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 5748, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 5748, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 2460, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 2460, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6720, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6720, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6888, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6888, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 7160, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 7160, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6260, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6260, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 6500, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 6500, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 14.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 14.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 14.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 14.2.dhcpmon.exe.2fd3ac8.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 14.2.dhcpmon.exe.2fd3ac8.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 14.2.dhcpmon.exe.3ffeab4.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 14.2.dhcpmon.exe.3ffeab4.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.3493a98.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.3493a98.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.dhcpmon.exe.3c7ffe0.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.dhcpmon.exe.3c7ffe0.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 10.2.dhcpmon.exe.46f8490.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.dhcpmon.exe.46f8490.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.459ffe0.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.459ffe0.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 8.2.dhcpmon.exe.3d78490.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.dhcpmon.exe.3d78490.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.dhcpmon.exe.3d78490.1.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.dhcpmon.exe.43beab4.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.dhcpmon.exe.43beab4.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 10.2.dhcpmon.exe.45fffe0.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.dhcpmon.exe.45fffe0.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4059c7e.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4059c7e.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4059c7e.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.dhcpmon.exe.43c30dd.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.dhcpmon.exe.43c30dd.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5980000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5980000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 14.2.dhcpmon.exe.3ffeab4.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 14.2.dhcpmon.exe.3ffeab4.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.40630dd.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.40630dd.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 10.2.dhcpmon.exe.46f8490.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.dhcpmon.exe.46f8490.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 10.2.dhcpmon.exe.46f8490.2.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.dhcpmon.exe.3393ac8.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.dhcpmon.exe.3393ac8.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c30dd.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c30dd.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 14.2.dhcpmon.exe.3ff9c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 14.2.dhcpmon.exe.3ff9c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 14.2.dhcpmon.exe.3ff9c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44beab4.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44beab4.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.3021680.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.3021680.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c24629.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c24629.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.dhcpmon.exe.3d78490.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.dhcpmon.exe.3d78490.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.43cffe0.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.43cffe0.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 14.2.dhcpmon.exe.40030dd.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 14.2.dhcpmon.exe.40030dd.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44beab4.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44beab4.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.dhcpmon.exe.43b9c7e.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.dhcpmon.exe.43b9c7e.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.dhcpmon.exe.43b9c7e.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44b9c7e.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44b9c7e.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44b9c7e.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.dhcpmon.exe.43beab4.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.dhcpmon.exe.43beab4.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: dhcpmon.exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 12.2.dhcpmon.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 12.2.dhcpmon.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 12.2.dhcpmon.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 12.2.dhcpmon.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 12.2.dhcpmon.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: classification engineClassification label: mal100.troj.evad.winEXE@18/8@20/1
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_0525149A AdjustTokenPrivileges,2_2_0525149A
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_05251463 AdjustTokenPrivileges,2_2_05251463
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeFile created: C:\Program Files (x86)\DHCP MonitorJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\256ec8f8f67b59c5e085b0bb63afcd13.exe.logJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6744:120:WilError_01
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6764:120:WilError_01
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{d1470c94-c693-4be3-b7c3-884d57fb2b86}
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeFile created: C:\Users\user\AppData\Local\Temp\tmp98F0.tmpJump to behavior
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeFile read: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe 'C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe'
        Source: unknownProcess created: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe {path}
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp98F0.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpA082.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe 0
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
        Source: unknownProcess created: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe {path}
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess created: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp98F0.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpA082.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess created: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.904860246.0000000002A85000.00000004.00000040.sdmp
        Source: Binary string: mscorrc.pdb source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.680575404.0000000008770000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.907073740.0000000005920000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.717914840.00000000082E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.724995186.00000000076E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.734162357.0000000008310000.00000002.00000001.sdmp

        Data Obfuscation:

        barindex
        .NET source code contains potential unpackerShow sources
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 12.2.dhcpmon.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 12.2.dhcpmon.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 0_2_05477743 push ds; retf 0_2_0547774A
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_055C7743 push ds; retf 7_2_055C774A
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_06CB0440 push ss; retf 7_2_06CB0443
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_06CB0500 push ss; retf 7_2_06CB0503
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 7_2_06CB052C push ss; retf 7_2_06CB0530
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 8_2_02567743 push ds; retf 8_2_0256774A
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_017F7743 push ds; retf 10_2_017F774A
        Source: initial sampleStatic PE information: section name: .text entropy: 7.95731162888
        Source: initial sampleStatic PE information: section name: .text entropy: 7.95731162888
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 12.2.dhcpmon.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 12.2.dhcpmon.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeFile created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to dropped file

        Boot Survival:

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp98F0.tmp'

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeFile opened: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeWindow / User API: foregroundWindowGot 860Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe TID: 5936Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe TID: 6876Thread sleep time: -1844674407370954s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe TID: 6876Thread sleep count: 216 > 30Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe TID: 6876Thread sleep count: 234 > 30Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe TID: 6648Thread sleep count: 204 > 30Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe TID: 6872Thread sleep time: -200000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe TID: 4780Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 7136Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6208Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe TID: 4864Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 7064Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5724Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_052511C2 GetSystemInfo,2_2_052511C2
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.907733213.00000000064D0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.907733213.00000000064D0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.907733213.00000000064D0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000003.890425064.0000000006290000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.907733213.00000000064D0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Injects a PE file into a foreign processesShow sources
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeMemory written: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeMemory written: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMemory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMemory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess created: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp98F0.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpA082.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeProcess created: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}Jump to behavior
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.905453286.00000000030CF000.00000004.00000001.sdmpBinary or memory string: Program Manager
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.904742882.0000000001590000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.904742882.0000000001590000.00000002.00000001.sdmpBinary or memory string: Progman
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.904742882.0000000001590000.00000002.00000001.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.707013030.0000000004471000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.742484463.0000000003FB1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.722378411.0000000003371000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.730081391.00000000044D1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.741098736.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.719796822.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.907264968.0000000005C20000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.742370218.0000000002FB1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.721387726.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.721168712.0000000004471000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.903845537.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.905880969.0000000004057000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.722411296.0000000004371000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.676219646.00000000042A1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6416, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5748, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 2460, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6720, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6888, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7160, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6260, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6500, type: MEMORY
        Source: Yara matchFile source: 14.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.3ffeab4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.dhcpmon.exe.3c7ffe0.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.dhcpmon.exe.46f8490.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.459ffe0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.dhcpmon.exe.3d78490.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43beab4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.dhcpmon.exe.45fffe0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4059c7e.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43c30dd.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.3ffeab4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.40630dd.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.dhcpmon.exe.46f8490.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c30dd.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.3ff9c7e.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44beab4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c24629.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.dhcpmon.exe.3d78490.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.43cffe0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.40030dd.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44beab4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43b9c7e.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44b9c7e.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43beab4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.raw.unpack, type: UNPACKEDPE

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.676219646.00000000042A1000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.905334352.0000000003011000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000002.00000002.905334352.0000000003011000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.707013030.0000000004471000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 0000000A.00000002.730081391.00000000044D1000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: 256ec8f8f67b59c5e085b0bb63afcd13.exe, 0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: dhcpmon.exe, 0000000C.00000002.722378411.0000000003371000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 0000000C.00000002.722378411.0000000003371000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: dhcpmon.exe, 0000000E.00000002.742484463.0000000003FB1000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 0000000E.00000002.742484463.0000000003FB1000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.707013030.0000000004471000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.742484463.0000000003FB1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.722378411.0000000003371000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.730081391.00000000044D1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.741098736.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.719796822.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.907264968.0000000005C20000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.742370218.0000000002FB1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.721387726.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000002.721168712.0000000004471000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.903845537.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.905880969.0000000004057000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.722411296.0000000004371000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.676219646.00000000042A1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6416, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5748, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 2460, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6720, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6888, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7160, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6260, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6500, type: MEMORY
        Source: Yara matchFile source: 14.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.3ffeab4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.405eab4.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.dhcpmon.exe.3c7ffe0.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.dhcpmon.exe.46f8490.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.459ffe0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.dhcpmon.exe.3d78490.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43beab4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.dhcpmon.exe.45fffe0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4059c7e.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43c30dd.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.3ffeab4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.40630dd.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.dhcpmon.exe.46f8490.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.4698490.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c30dd.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.3ff9c7e.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44beab4.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c24629.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.dhcpmon.exe.3d78490.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.43cffe0.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.40030dd.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44beab4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43b9c7e.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44b9c7e.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.dhcpmon.exe.43beab4.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.44c8490.2.raw.unpack, type: UNPACKEDPE
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_05252906 bind,2_2_05252906
        Source: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exeCode function: 2_2_052528E3 bind,2_2_052528E3

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsScheduled Task/Job1Scheduled Task/Job1Access Token Manipulation1Masquerading2Input Capture11Security Software Discovery1Remote ServicesInput Capture11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection112Virtualization/Sandbox Evasion2LSASS MemoryVirtualization/Sandbox Evasion2Remote Desktop ProtocolArchive Collected Data11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Scheduled Task/Job1Disable or Modify Tools1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Access Token Manipulation1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection112LSA SecretsSystem Information Discovery13SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsHidden Files and Directories1DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobObfuscated Files or Information3Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Software Packing13/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 355753 Sample: 256ec8f8f67b59c5e085b0bb63a... Startdate: 21/02/2021 Architecture: WINDOWS Score: 100 48 cloudhost.myfirewall.org 2->48 52 Found malware configuration 2->52 54 Malicious sample detected (through community Yara rule) 2->54 56 Sigma detected: Scheduled temp file as task from temp location 2->56 58 8 other signatures 2->58 9 256ec8f8f67b59c5e085b0bb63afcd13.exe 3 2->9         started        13 dhcpmon.exe 3 2->13         started        15 dhcpmon.exe 2 2->15         started        17 256ec8f8f67b59c5e085b0bb63afcd13.exe 2 2->17         started        signatures3 process4 file5 46 256ec8f8f67b59c5e085b0bb63afcd13.exe.log, ASCII 9->46 dropped 62 Injects a PE file into a foreign processes 9->62 19 256ec8f8f67b59c5e085b0bb63afcd13.exe 1 14 9->19         started        24 dhcpmon.exe 2 13->24         started        26 dhcpmon.exe 15->26         started        28 256ec8f8f67b59c5e085b0bb63afcd13.exe 2 17->28         started        signatures6 process7 dnsIp8 50 cloudhost.myfirewall.org 79.134.225.105, 49743, 49744, 49745 FINK-TELECOM-SERVICESCH Switzerland 19->50 38 C:\Program Files (x86)\...\dhcpmon.exe, PE32 19->38 dropped 40 C:\Users\user\AppData\Roaming\...\run.dat, Non-ISO 19->40 dropped 42 C:\Users\user\AppData\Local\...\tmp98F0.tmp, XML 19->42 dropped 44 C:\...\dhcpmon.exe:Zone.Identifier, ASCII 19->44 dropped 60 Hides that the sample has been downloaded from the Internet (zone.identifier) 19->60 30 schtasks.exe 1 19->30         started        32 schtasks.exe 1 19->32         started        file9 signatures10 process11 process12 34 conhost.exe 30->34         started        36 conhost.exe 32->36         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        256ec8f8f67b59c5e085b0bb63afcd13.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe100%Joe Sandbox ML

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.5c20000.11.unpack100%AviraTR/NanoCore.fadteDownload File
        12.2.dhcpmon.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        14.2.dhcpmon.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        2.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        11.2.256ec8f8f67b59c5e085b0bb63afcd13.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

        Domains

        SourceDetectionScannerLabelLink
        cloudhost.myfirewall.org1%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        cloudhost.myfirewall.org1%VirustotalBrowse
        cloudhost.myfirewall.org0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.tiro.comFalMY~0%Avira URL Cloudsafe
        http://www.sandoll.co.kr~y80%Avira URL Cloudsafe
        http://www.sajatypeworks.com;0%Avira URL Cloudsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.comF0%Avira URL Cloudsafe
        http://www.carterandcone.comypooo0%Avira URL Cloudsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.carterandcone.com0%URL Reputationsafe
        http://www.carterandcone.com0%URL Reputationsafe
        http://www.carterandcone.com0%URL Reputationsafe
        http://www.carterandcone.comypo0%Avira URL Cloudsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.carterandcone.comV0%Avira URL Cloudsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.carterandcone.comlay0%Avira URL Cloudsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sandoll.co.krC0%Avira URL Cloudsafe
        http://www.galapagosdesign.com/0%URL Reputationsafe
        http://www.galapagosdesign.com/0%URL Reputationsafe
        http://www.galapagosdesign.com/0%URL Reputationsafe
        http://www.fonts.comc0%URL Reputationsafe
        http://www.fonts.comc0%URL Reputationsafe
        http://www.fonts.comc0%URL Reputationsafe
        http://www.carterandcone.comgy0%Avira URL Cloudsafe
        http://www.carterandcone.comTC0%URL Reputationsafe
        http://www.carterandcone.comTC0%URL Reputationsafe
        http://www.carterandcone.comTC0%URL Reputationsafe
        http://www.fonts.comi0%Avira URL Cloudsafe
        http://www.carterandcone.comcy50%Avira URL Cloudsafe
        http://www.fonts.comWh20%Avira URL Cloudsafe
        http://www.tiro.comalMY~0%Avira URL Cloudsafe
        http://www.fonts.comX0%Avira URL Cloudsafe
        http://www.fontbureau.comFpz30%Avira URL Cloudsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.founder.com.cn/cn/0%URL Reputationsafe
        http://www.founder.com.cn/cn/0%URL Reputationsafe
        http://www.founder.com.cn/cn/0%URL Reputationsafe
        http://www.fontbureau.comalsekz0%Avira URL Cloudsafe
        http://www.carterandcone.comint0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.founder.com.cn/cn70%Avira URL Cloudsafe
        http://www.fontbureau.commzN0%Avira URL Cloudsafe
        http://www.fontbureau.comm0%URL Reputationsafe
        http://www.fontbureau.comm0%URL Reputationsafe
        http://www.fontbureau.comm0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.sajatypeworks.coma-d0%Avira URL Cloudsafe
        http://www.fontbureau.comals0%URL Reputationsafe
        http://www.fontbureau.comals0%URL Reputationsafe
        http://www.fontbureau.comals0%URL Reputationsafe
        http://www.carterandcone.comgne0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        cloudhost.myfirewall.org
        		79.134.225.105
        		truetrueunknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        cloudhost.myfirewall.orgtrue
        • 1%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.fontbureau.com/designersG256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
          		high
          http://www.fontbureau.com/designers/?256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
            		high
            http://www.founder.com.cn/cn/bThe256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://www.tiro.comFalMY~256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638389150.000000000569B000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		low
            http://www.fontbureau.com/designers?256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
              		high
              http://www.sandoll.co.kr~y8256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638866258.0000000005686000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://www.sajatypeworks.com;256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.637926766.000000000569B000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://www.tiro.comdhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.com/designersdhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                		high
                http://www.tiro.comF256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638355631.000000000569B000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.carterandcone.comypooo256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.640116720.00000000056BE000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.goodfont.co.kr256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.carterandcone.com256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639713902.00000000056BE000.00000004.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639797895.00000000056BE000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.fontbureau.com/designersQ256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.642184941.00000000056B5000.00000004.00000001.sdmpfalse
                  		high
                  http://www.carterandcone.comypo256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639797895.00000000056BE000.00000004.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639991224.00000000056BE000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fontbureau.com/mzN256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.643315337.0000000005684000.00000004.00000001.sdmpfalse
                    		high
                    http://www.sajatypeworks.com256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.typography.netD256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cn/cThe256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.galapagosdesign.com/staff/dennis.htm256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://fontfabrik.com256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designersb256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.643199147.00000000056B5000.00000004.00000001.sdmpfalse
                      		high
                      http://www.galapagosdesign.com/DPlease256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.carterandcone.comV256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639713902.00000000056BE000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.fonts.com256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                        		high
                        http://www.sandoll.co.kr256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.carterandcone.comlay256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639713902.00000000056BE000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.urwpp.deDPlease256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.zhongyicts.com.cn256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.sakkal.com256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.sandoll.co.krC256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638866258.0000000005686000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.fontbureau.com/designersr256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.642893460.00000000056B5000.00000004.00000001.sdmpfalse
                          		high
                          http://www.apache.org/licenses/LICENSE-2.0256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.com256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                              		high
                              http://www.galapagosdesign.com/256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.644178396.000000000568D000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fonts.comc256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638167842.000000000569B000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.carterandcone.comgy256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639918482.00000000056BE000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.carterandcone.comTC256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639860700.00000000056BE000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fonts.comi256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638167842.000000000569B000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.com/designers/frere-user.htmln256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.642401940.00000000056B5000.00000004.00000001.sdmpfalse
                                		high
                                http://www.carterandcone.comcy5256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639918482.00000000056BE000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.fonts.comWh2256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638167842.000000000569B000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.tiro.comalMY~256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638412498.000000000569B000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		low
                                http://www.fonts.comX256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.638167842.000000000569B000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.fontbureau.comFpz3256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.643315337.0000000005684000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.carterandcone.coml256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cn/256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639394139.0000000005684000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/cabarga.htmlN256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.fontbureau.comalsekz256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.643315337.0000000005684000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.carterandcone.comint256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639713902.00000000056BE000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fontbureau.com/designers&256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.642010809.00000000056B5000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cn256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639259634.0000000005684000.00000004.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639244161.00000000056BD000.00000004.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/frere-user.html256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn7256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639244161.00000000056BD000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fontbureau.commzN256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.676929479.0000000005680000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fontbureau.comm256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.676929479.0000000005680000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.jiyu-kobo.co.jp/256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.sajatypeworks.coma-d256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.637926766.000000000569B000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fontbureau.com/designers/k256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.641965748.00000000056B5000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designers8256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000002.677120512.0000000005960000.00000002.00000001.sdmp, 256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000007.00000002.715867498.00000000059B0000.00000002.00000001.sdmp, dhcpmon.exe, 00000008.00000002.720166161.0000000004DB0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.732352387.0000000005A00000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.fontbureau.com/designers=256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.642184941.00000000056B5000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.fontbureau.comals256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.643315337.0000000005684000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.carterandcone.comgne256ec8f8f67b59c5e085b0bb63afcd13.exe, 00000000.00000003.639900319.00000000056BE000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown

                                            Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public

                                            IPDomainCountryFlagASNASN NameMalicious
                                            79.134.225.105
                                            		unknownSwitzerland
                                            		6775FINK-TELECOM-SERVICESCHtrue

                                            General Information

                                            Joe Sandbox Version:31.0.0 Emerald
                                            Analysis ID:355753
                                            Start date:21.02.2021
                                            Start time:19:09:11
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 12m 58s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Sample file name:256ec8f8f67b59c5e085b0bb63afcd13.exe
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                            Number of analysed new started processes analysed:24
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal100.troj.evad.winEXE@18/8@20/1
                                            EGA Information:Failed
                                            HDC Information:
                                            • Successful, ratio: 1.3% (good quality ratio 1.3%)
                                            • Quality average: 88.6%
                                            • Quality standard deviation: 6.7%
                                            HCA Information:
                                            • Successful, ratio: 99%
                                            • Number of executed functions: 480
                                            • Number of non-executed functions: 5
                                            Cookbook Comments:
                                            • Adjust boot time
                                            • Enable AMSI
                                            • Found application associated with file extension: .exe
                                            Warnings:
                                            Show All
                                            • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                            • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                            • Excluded IPs from analysis (whitelisted): 52.255.188.83, 168.61.161.212, 52.147.198.201, 40.126.31.137, 40.126.31.6, 20.190.159.138, 20.190.159.134, 40.126.31.8, 20.190.159.136, 40.126.31.1, 40.126.31.143, 93.184.220.29, 51.104.144.132, 13.107.4.50, 52.155.217.156, 20.54.26.129, 92.122.213.194, 92.122.213.247
                                            • Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, arc.msn.com.nsatc.net, Edge-Prod-FRA.env.au.au-msedge.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, ocsp.digicert.com, login.live.com, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, elasticShed.au.au-msedge.net, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, c-0001.c-msedge.net, www.tm.a.prd.aadg.akadns.net, login.msa.msidentity.com, afdap.au.au-msedge.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, au.au-msedge.net, blobcollector.events.data.trafficmanager.net, au.c-0001.c-msedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            19:09:59API Interceptor852x Sleep call for process: 256ec8f8f67b59c5e085b0bb63afcd13.exe modified
                                            19:10:12AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                            19:10:14Task SchedulerRun new task: DHCP Monitor path: "C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe" s>$(Arg0)
                                            19:10:14Task SchedulerRun new task: DHCP Monitor Task path: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" s>$(Arg0)
                                            19:10:15API Interceptor2x Sleep call for process: dhcpmon.exe modified

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            79.134.225.105d88e07467ddcf9e3b19fa972b9f000d1.exeGet hashmaliciousBrowse
                                              73a4f40d0affe5eea89174f8917bba73.exeGet hashmaliciousBrowse
                                                9a08c8a2b49d6348f2ef35f85a1c6351.exeGet hashmaliciousBrowse
                                                  7eec14e7cec4dc93fbf53e08998b2340.exeGet hashmaliciousBrowse
                                                    f2a22415c1b108ce91fd76e3320431d0.exeGet hashmaliciousBrowse
                                                      1d8eff2bc76e46dc186fa501e24f5cb1.exeGet hashmaliciousBrowse
                                                        1464bbe24dac1f403f15b3c3860f37ca.exeGet hashmaliciousBrowse
                                                          1d78424ce6944359d546dbcbc030f19e.exeGet hashmaliciousBrowse
                                                            84ab43f7eda35ae038b199d3a3586b77.exeGet hashmaliciousBrowse
                                                              Require_Quote_20200128 SSG.pdf ind.exeGet hashmaliciousBrowse
                                                                DHL FILE 987634732.exeGet hashmaliciousBrowse
                                                                  file.exeGet hashmaliciousBrowse
                                                                    NKF20205 LIST.exeGet hashmaliciousBrowse
                                                                      URGENT PO.exeGet hashmaliciousBrowse
                                                                        scan002947779488.exeGet hashmaliciousBrowse

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          cloudhost.myfirewall.org9a08c8a2b49d6348f2ef35f85a1c6351.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.105
                                                                          zSDBuG8gDl.exeGet hashmaliciousBrowse
                                                                          • 185.229.243.67
                                                                          65d1beae1fc7eb126cd4a9b277afb942.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.96
                                                                          f2a22415c1b108ce91fd76e3320431d0.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.105
                                                                          1d8eff2bc76e46dc186fa501e24f5cb1.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.105
                                                                          5134b758f8eb77424254ce67f4697ffe.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.96
                                                                          1d8eff2bc76e46dc186fa501e24f5cb1.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.96
                                                                          460f7e6048ed3ca91f1573a7410fedd6.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.96
                                                                          1d78424ce6944359d546dbcbc030f19e.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.105

                                                                          ASN

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          FINK-TELECOM-SERVICESCHJOIN.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.30
                                                                          Delivery pdf.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.25
                                                                          d88e07467ddcf9e3b19fa972b9f000d1.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.105
                                                                          fnfqzfwC44.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.25
                                                                          Solicitud de oferta 6100003768.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.96
                                                                          Nrfgylra.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.96
                                                                          HTQ19-P0401-Q0539 NE-Q22940 GR2P5 TYPBLDG-NASER AL FERDAN.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.62
                                                                          HTQ19-P0401-Q0539 NE-Q22940 GR2P5 TYPBLDG-NASER AL FERDAN.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.62
                                                                          HTQ19-P0401-Q0539 NE-Q22940 GR2P5 TYPBLDG-NASER AL FERDAN.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.62
                                                                          Form pdf.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.25
                                                                          Quotation 3342688.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.120
                                                                          REQUEST FOR QUOTATION.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.76
                                                                          Orden.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.6
                                                                          Ordine.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.11
                                                                          73a4f40d0affe5eea89174f8917bba73.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.105
                                                                          ToolNcatalogpri00088756564162021.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.45
                                                                          INV WJD000030036000137675999, xlsx.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.69
                                                                          Kreuzmayr_PO_22656_65564345565643ETD,pdf.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.73
                                                                          jYHhaKx7OH.exeGet hashmaliciousBrowse
                                                                          • 79.134.225.96
                                                                          request.docGet hashmaliciousBrowse
                                                                          • 79.134.225.69

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          No context

                                                                          Created / dropped Files

                                                                          C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                          Process:C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe
                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):412672
                                                                          Entropy (8bit):7.944378053087377
                                                                          Encrypted:false
                                                                          SSDEEP:6144:x/7jHNyWI+b1m3N2teCoTpkB/Bm8V/7bLf8q2/MQo1m1dupfmndJLvG:fEaE3N20CBTHU/Noydupf2
                                                                          MD5:0BBCC2E64E3EDF053ED4AF2C0BAFB0EB
                                                                          SHA1:C006B8D2EC4B92F441815B20F1BDADF98EAB1B4D
                                                                          SHA-256:52D01903F7C366E01359A00EA771CA1F71D4E1BB54731290BC62C3A218F5AF80
                                                                          SHA-512:0BED9AC8299A16BA8F9DEFA6160A97654B08C86BF038367FC5508A90240C5801320955DCA4D452FD7E41F16CC1A71A20AC0A946D80101DC65E9495C15F98EF3C
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                          Reputation:low
                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._h2`..............0..@..........j^... ...`....@.. ....................................@..................................^..O....`.. ............................................................................ ............... ..H............text...p>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc...............J..............@..B................L^......H.......LQ..$>......\...p................................................0...........r...p.+..*..0...........r...p.+..*".(.....*^..}.....(.......(.....*.0...........s....%.{....o....o......+..*..*.0..+.........,..{.......+....,...{....o........(.....*..0............s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....{....o......{....o......(......{....o.....{....o......{....o.....{....o......{........s ...o!.....{....r...po".....{.... .....#s#...o$.....{.....o%.
                                                                          C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
                                                                          Process:C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):26
                                                                          Entropy (8bit):3.95006375643621
                                                                          Encrypted:false
                                                                          SSDEEP:3:ggPYV:rPYV
                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                          Malicious:true
                                                                          Reputation:high, very likely benign file
                                                                          Preview: [ZoneTransfer]....ZoneId=0
                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\256ec8f8f67b59c5e085b0bb63afcd13.exe.log
                                                                          Process:C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):525
                                                                          Entropy (8bit):5.2874233355119316
                                                                          Encrypted:false
                                                                          SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T
                                                                          MD5:61CCF53571C9ABA6511D696CB0D32E45
                                                                          SHA1:A13A42A20EC14942F52DB20FB16A0A520F8183CE
                                                                          SHA-256:3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
                                                                          SHA-512:90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F
                                                                          Malicious:true
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..
                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
                                                                          Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):525
                                                                          Entropy (8bit):5.2874233355119316
                                                                          Encrypted:false
                                                                          SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T
                                                                          MD5:61CCF53571C9ABA6511D696CB0D32E45
                                                                          SHA1:A13A42A20EC14942F52DB20FB16A0A520F8183CE
                                                                          SHA-256:3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
                                                                          SHA-512:90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..
                                                                          C:\Users\user\AppData\Local\Temp\tmp98F0.tmp
                                                                          Process:C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe
                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):1322
                                                                          Entropy (8bit):5.162258309875531
                                                                          Encrypted:false
                                                                          SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0YbGPxtn:cbk4oL600QydbQxIYODOLedq3uj
                                                                          MD5:B78304EA0D7AFCCEFC8CFF617158D17C
                                                                          SHA1:76DD98BBFE885893DC19059C139EDCB829DFA21E
                                                                          SHA-256:B80490FC583697FD68F2B7D0986C9F3BA3944BDB9AEA7F17C826E26BF1749C7F
                                                                          SHA-512:44682D75002B56551B4075616110FF4887DD298D7B9B96A312BDDAB6AB94A7E42AFADF690CED378FF403337185DD74C77D2B4DABE3BB60B9642C24079AC51067
                                                                          Malicious:true
                                                                          Reputation:low
                                                                          Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                                                          C:\Users\user\AppData\Local\Temp\tmpA082.tmp
                                                                          Process:C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe
                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                          Category:modified
                                                                          Size (bytes):1310
                                                                          Entropy (8bit):5.109425792877704
                                                                          Encrypted:false
                                                                          SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j
                                                                          MD5:5C2F41CFC6F988C859DA7D727AC2B62A
                                                                          SHA1:68999C85FC7E37BAB9216E0099836D40D4545C1C
                                                                          SHA-256:98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
                                                                          SHA-512:B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334
                                                                          Malicious:false
                                                                          Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                                                          C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                                                          Process:C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe
                                                                          File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):8
                                                                          Entropy (8bit):3.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:JPn:JPn
                                                                          MD5:5BF06D5C11AE13FC9970936540EB0703
                                                                          SHA1:54B778FC0BA984A04D47CB1E5C6E8252E9BE3FF9
                                                                          SHA-256:39974C521C78E35079501265DF5A694586DAB94A7EE52F6E923756C5AFE5F3F0
                                                                          SHA-512:C0CF94EB89C82DD4D0B9F798D1C30D02F93C8A02C526F5605356F649259F23ED47820D99F10B94A34929EC144835D9F389121AEF98E55EB5CB30CCBFF6B0FC30
                                                                          Malicious:true
                                                                          Preview: .>....H
                                                                          C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
                                                                          Process:C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):59
                                                                          Entropy (8bit):4.5831339906659565
                                                                          Encrypted:false
                                                                          SSDEEP:3:oNt+WfWXQj0I/sPDWsC:oNwvAj0Gs7lC
                                                                          MD5:90C08D85024FAD583545EC9562AA4A7E
                                                                          SHA1:FB6483F47BEC7ED49479D276986B4B789D9725AD
                                                                          SHA-256:28D29127F67EA98D32833FAC5491366FEC57805EAFF2B15A8AB9AF2555EADCA3
                                                                          SHA-512:EEC099998337F7294CFA0C273BFC1D31CDBA555935163CC483E00D7451A529ECF71131EAB74549B031EA9F6A15531F68D5CA1A4070D3EB7B97E5CC13D1701C73
                                                                          Malicious:false
                                                                          Preview: C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Entropy (8bit):7.944378053087377
                                                                          TrID:
                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                          File name:256ec8f8f67b59c5e085b0bb63afcd13.exe
                                                                          File size:412672
                                                                          MD5:0bbcc2e64e3edf053ed4af2c0bafb0eb
                                                                          SHA1:c006b8d2ec4b92f441815b20f1bdadf98eab1b4d
                                                                          SHA256:52d01903f7c366e01359a00ea771ca1f71d4e1bb54731290bc62c3a218f5af80
                                                                          SHA512:0bed9ac8299a16ba8f9defa6160a97654b08c86bf038367fc5508a90240c5801320955dca4d452fd7e41f16cc1a71a20ac0a946d80101dc65e9495c15f98ef3c
                                                                          SSDEEP:6144:x/7jHNyWI+b1m3N2teCoTpkB/Bm8V/7bLf8q2/MQo1m1dupfmndJLvG:fEaE3N20CBTHU/Noydupf2
                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._h2`..............0..@..........j^... ...`....@.. ....................................@................................

                                                                          File Icon

                                                                          Icon Hash:00828e8e8686b000

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x465e6a
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                          Time Stamp:0x6032685F [Sun Feb 21 14:04:15 2021 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:v2.0.50727
                                                                          OS Version Major:4
                                                                          OS Version Minor:0
                                                                          File Version Major:4
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:4
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          jmp dword ptr [00402000h]
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x65e180x4f.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x660000x620.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x680000xc.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x20000x63e700x64000False0.948125data7.95731162888IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                          .rsrc0x660000x6200x800False0.3427734375data3.56974614095IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .reloc0x680000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountry
                                                                          RT_VERSION0x660900x390data
                                                                          RT_MANIFEST0x664300x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                          Imports

                                                                          DLLImport
                                                                          mscoree.dll_CorExeMain

                                                                          Version Infos

                                                                          DescriptionData
                                                                          Translation0x0000 0x04b0
                                                                          LegalCopyright2013-2021 (C) Blackboard Learn
                                                                          Assembly Version16.60.0.4
                                                                          InternalName0FDM.exe
                                                                          FileVersion16.69.0.4
                                                                          CompanyNameBlackboard Learn
                                                                          LegalTrademarks
                                                                          CommentsMoodle
                                                                          ProductNameStudent Studio
                                                                          ProductVersion16.69.0.4
                                                                          FileDescriptionStudent Studio
                                                                          OriginalFilename0FDM.exe

                                                                          Network Behavior

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Feb 21, 2021 19:10:14.481653929 CET497435654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:14.565690994 CET56544974379.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:15.072868109 CET497435654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:15.159531116 CET56544974379.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:15.664880037 CET497435654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:15.747469902 CET56544974379.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:19.969670057 CET497445654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:20.058454990 CET56544974479.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:20.618283033 CET497445654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:20.703840017 CET56544974479.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:21.212810993 CET497445654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:21.301839113 CET56544974479.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:25.510416985 CET497455654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:25.595660925 CET56544974579.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:26.196866989 CET497455654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:26.282290936 CET56544974579.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:26.884773016 CET497455654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:26.970243931 CET56544974579.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:31.217709064 CET497465654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:31.301038027 CET56544974679.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:31.816807032 CET497465654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:31.899502993 CET56544974679.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:32.416230917 CET497465654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:32.501424074 CET56544974679.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:36.666985035 CET497515654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:36.751816034 CET56544975179.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:37.307209015 CET497515654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:37.393260002 CET56544975179.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:37.916681051 CET497515654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:38.001872063 CET56544975179.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:42.088305950 CET497525654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:42.175749063 CET56544975279.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:42.682614088 CET497525654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:42.768296957 CET56544975279.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:43.276427984 CET497525654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:43.364061117 CET56544975279.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:48.494093895 CET497545654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:48.576904058 CET56544975479.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:49.089562893 CET497545654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:49.172209024 CET56544975479.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:49.683207989 CET497545654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:49.765983105 CET56544975479.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:53.863328934 CET497555654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:53.950566053 CET56544975579.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:54.464886904 CET497555654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:54.550196886 CET56544975579.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:55.058656931 CET497555654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:55.144181013 CET56544975579.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:59.228866100 CET497645654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:59.318568945 CET56544976479.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:10:59.825444937 CET497645654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:10:59.908130884 CET56544976479.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:00.418479919 CET497645654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:00.504683018 CET56544976479.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:04.667921066 CET497685654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:04.753856897 CET56544976879.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:05.262670040 CET497685654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:05.377309084 CET56544976879.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:05.887820959 CET497685654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:05.970722914 CET56544976879.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:10.697511911 CET497725654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:10.784476042 CET56544977279.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:11.294397116 CET497725654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:11.388797998 CET56544977279.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:11.904058933 CET497725654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:11.988487959 CET56544977279.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:16.086658955 CET497755654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:16.169102907 CET56544977579.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:16.669847012 CET497755654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:16.762417078 CET56544977579.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:17.263628960 CET497755654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:17.346447945 CET56544977579.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:21.496545076 CET497765654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:21.582596064 CET56544977679.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:22.092253923 CET497765654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:22.179691076 CET56544977679.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:22.685975075 CET497765654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:22.773654938 CET56544977679.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:26.892983913 CET497775654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:26.977591991 CET56544977779.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:27.483406067 CET497775654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:27.567987919 CET56544977779.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:28.077723980 CET497775654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:28.160851002 CET56544977779.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:32.253349066 CET497785654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:32.341033936 CET56544977879.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:32.843106031 CET497785654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:32.946002960 CET56544977879.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:33.452650070 CET497785654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:33.540216923 CET56544977879.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:37.963520050 CET497795654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:38.048171043 CET56544977979.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:38.577904940 CET497795654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:38.662389040 CET56544977979.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:39.171739101 CET497795654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:39.258052111 CET56544977979.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:43.969376087 CET497805654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:44.054805994 CET56544978079.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:44.562824965 CET497805654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:44.648353100 CET56544978079.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:45.156672955 CET497805654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:45.243479967 CET56544978079.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:49.331191063 CET497835654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:49.417354107 CET56544978379.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:49.922643900 CET497835654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:50.006444931 CET56544978379.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:50.516642094 CET497835654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:50.599564075 CET56544978379.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:54.704582930 CET497845654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:54.789083958 CET56544978479.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:55.298079967 CET497845654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:55.382844925 CET56544978479.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:11:55.891885996 CET497845654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:11:55.974745035 CET56544978479.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:12:00.047844887 CET497855654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:12:00.135193110 CET56544978579.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:12:00.642287016 CET497855654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:12:00.729650021 CET56544978579.134.225.105192.168.2.4
                                                                          Feb 21, 2021 19:12:01.236108065 CET497855654192.168.2.479.134.225.105
                                                                          Feb 21, 2021 19:12:01.322819948 CET56544978579.134.225.105192.168.2.4

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Feb 21, 2021 19:09:48.930857897 CET5453153192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:09:48.982146978 CET53545318.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:09:49.823251963 CET4971453192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:09:49.871979952 CET53497148.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:09:51.212296963 CET5802853192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:09:51.260798931 CET53580288.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:09:52.114397049 CET5309753192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:09:52.168731928 CET53530978.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:09:53.199487925 CET4925753192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:09:53.249475002 CET53492578.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:09:54.438493967 CET6238953192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:09:54.491493940 CET53623898.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:09:55.249241114 CET4991053192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:09:55.298619032 CET53499108.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:09:56.177673101 CET5585453192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:09:56.229222059 CET53558548.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:09:57.144870043 CET6454953192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:09:57.196521044 CET53645498.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:09:58.704134941 CET6315353192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:09:58.752796888 CET53631538.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:09:59.582113028 CET5299153192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:09:59.631140947 CET53529918.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:00.345346928 CET5370053192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:00.396811008 CET53537008.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:01.173523903 CET5172653192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:01.225342989 CET53517268.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:02.044966936 CET5679453192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:02.093724966 CET53567948.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:03.014596939 CET5653453192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:03.064789057 CET53565348.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:03.832214117 CET5662753192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:03.884660959 CET53566278.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:04.691565037 CET5662153192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:04.742393970 CET53566218.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:05.521996021 CET6311653192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:05.571896076 CET53631168.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:14.237704992 CET6407853192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:14.307945013 CET53640788.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:19.900085926 CET6480153192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:19.956199884 CET53648018.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:25.420279980 CET6172153192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:25.490183115 CET53617218.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:31.005204916 CET5125553192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:31.065110922 CET53512558.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:32.919872046 CET6152253192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:32.982388973 CET53615228.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:33.138350964 CET5233753192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:33.191318989 CET53523378.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:33.450341940 CET5504653192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:33.501333952 CET53550468.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:36.605760098 CET4961253192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:36.665493011 CET53496128.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:42.038508892 CET4928553192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:42.087125063 CET53492858.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:43.471916914 CET5060153192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:43.520714045 CET53506018.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:48.389977932 CET6087553192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:48.440829992 CET53608758.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:53.801810980 CET5644853192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:53.860038996 CET53564488.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:54.833420992 CET5917253192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:54.928378105 CET53591728.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:55.452928066 CET6242053192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:55.510045052 CET53624208.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:56.095340014 CET6057953192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:56.144824028 CET53605798.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:56.231909037 CET5018353192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:56.306546926 CET53501838.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:56.870721102 CET6153153192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:56.919975996 CET53615318.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:57.407344103 CET4922853192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:57.497565031 CET53492288.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:58.045015097 CET5979453192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:58.133251905 CET53597948.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:58.729538918 CET5591653192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:58.795614958 CET53559168.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:59.175395966 CET5275253192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:59.227727890 CET53527528.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:10:59.520904064 CET6054253192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:10:59.570298910 CET53605428.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:00.651365995 CET6068953192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:00.708756924 CET53606898.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:01.183861017 CET6420653192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:01.243877888 CET53642068.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:04.595330954 CET5090453192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:04.662915945 CET53509048.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:09.863444090 CET5752553192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:09.914339066 CET53575258.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:09.970029116 CET5381453192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:10.047624111 CET53538148.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:10.646823883 CET5341853192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:10.696320057 CET53534188.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:11.946039915 CET6283353192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:12.011301041 CET53628338.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:16.027312040 CET5926053192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:16.085422993 CET53592608.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:21.439564943 CET4994453192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:21.494040966 CET53499448.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:26.815378904 CET6330053192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:26.889494896 CET53633008.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:32.201236010 CET6144953192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:32.251133919 CET53614498.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:37.896838903 CET5127553192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:37.962276936 CET53512758.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:43.917714119 CET6349253192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:43.968136072 CET53634928.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:45.245934963 CET5894553192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:45.295686960 CET53589458.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:49.000189066 CET6077953192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:49.059232950 CET53607798.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:49.281303883 CET6401453192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:49.329972982 CET53640148.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:54.650861025 CET5709153192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:11:54.702620029 CET53570918.8.8.8192.168.2.4
                                                                          Feb 21, 2021 19:11:59.986953974 CET5590453192.168.2.48.8.8.8
                                                                          Feb 21, 2021 19:12:00.047180891 CET53559048.8.8.8192.168.2.4

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                          Feb 21, 2021 19:10:14.237704992 CET192.168.2.48.8.8.80x58b3Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:19.900085926 CET192.168.2.48.8.8.80x2e69Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:25.420279980 CET192.168.2.48.8.8.80xc51Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:31.005204916 CET192.168.2.48.8.8.80x9380Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:36.605760098 CET192.168.2.48.8.8.80x18dbStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:42.038508892 CET192.168.2.48.8.8.80xbe86Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:48.389977932 CET192.168.2.48.8.8.80x5bdfStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:53.801810980 CET192.168.2.48.8.8.80x5d7eStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:59.175395966 CET192.168.2.48.8.8.80x964cStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:04.595330954 CET192.168.2.48.8.8.80xce78Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:10.646823883 CET192.168.2.48.8.8.80x80eeStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:16.027312040 CET192.168.2.48.8.8.80x831cStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:21.439564943 CET192.168.2.48.8.8.80xdff9Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:26.815378904 CET192.168.2.48.8.8.80x9982Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:32.201236010 CET192.168.2.48.8.8.80x54b7Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:37.896838903 CET192.168.2.48.8.8.80x429eStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:43.917714119 CET192.168.2.48.8.8.80xcd9dStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:49.281303883 CET192.168.2.48.8.8.80x2942Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:54.650861025 CET192.168.2.48.8.8.80x7faeStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:59.986953974 CET192.168.2.48.8.8.80x3e30Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                          Feb 21, 2021 19:10:14.307945013 CET8.8.8.8192.168.2.40x58b3No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:19.956199884 CET8.8.8.8192.168.2.40x2e69No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:25.490183115 CET8.8.8.8192.168.2.40xc51No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:31.065110922 CET8.8.8.8192.168.2.40x9380No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:32.982388973 CET8.8.8.8192.168.2.40x73f3No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)
                                                                          Feb 21, 2021 19:10:36.665493011 CET8.8.8.8192.168.2.40x18dbNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:42.087125063 CET8.8.8.8192.168.2.40xbe86No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:48.440829992 CET8.8.8.8192.168.2.40x5bdfNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:53.860038996 CET8.8.8.8192.168.2.40x5d7eNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:10:59.227727890 CET8.8.8.8192.168.2.40x964cNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:04.662915945 CET8.8.8.8192.168.2.40xce78No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:10.696320057 CET8.8.8.8192.168.2.40x80eeNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:16.085422993 CET8.8.8.8192.168.2.40x831cNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:21.494040966 CET8.8.8.8192.168.2.40xdff9No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:26.889494896 CET8.8.8.8192.168.2.40x9982No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:32.251133919 CET8.8.8.8192.168.2.40x54b7No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:37.962276936 CET8.8.8.8192.168.2.40x429eNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:43.968136072 CET8.8.8.8192.168.2.40xcd9dNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:49.329972982 CET8.8.8.8192.168.2.40x2942No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:11:54.702620029 CET8.8.8.8192.168.2.40x7faeNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                          Feb 21, 2021 19:12:00.047180891 CET8.8.8.8192.168.2.40x3e30No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)

                                                                          Code Manipulations

                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          Analysis Process: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6720 Parent PID: 6088

                                                                          General

                                                                          Start time:19:09:54
                                                                          Start date:21/02/2021
                                                                          Path:C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:'C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe'
                                                                          Imagebase:0xc40000
                                                                          File size:412672 bytes
                                                                          MD5 hash:0BBCC2E64E3EDF053ED4AF2C0BAFB0EB
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Yara matches:
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.676219646.00000000042A1000.00000004.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.676219646.00000000042A1000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.676219646.00000000042A1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6416 Parent PID: 6720

                                                                          General

                                                                          Start time:19:10:08
                                                                          Start date:21/02/2021
                                                                          Path:C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:{path}
                                                                          Imagebase:0x8f0000
                                                                          File size:412672 bytes
                                                                          MD5 hash:0BBCC2E64E3EDF053ED4AF2C0BAFB0EB
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Yara matches:
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000002.00000002.907132131.0000000005980000.00000004.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000002.00000002.907132131.0000000005980000.00000004.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000002.00000002.907264968.0000000005C20000.00000004.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000002.00000002.907264968.0000000005C20000.00000004.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000002.00000002.907264968.0000000005C20000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000002.00000002.903845537.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000002.00000002.903845537.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 00000002.00000002.903845537.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000002.00000002.905880969.0000000004057000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 00000002.00000002.905880969.0000000004057000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: schtasks.exe PID: 6540 Parent PID: 6416

                                                                          General

                                                                          Start time:19:10:10
                                                                          Start date:21/02/2021
                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp98F0.tmp'
                                                                          Imagebase:0xc00000
                                                                          File size:185856 bytes
                                                                          MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Analysis Process: conhost.exe PID: 6744 Parent PID: 6540

                                                                          General

                                                                          Start time:19:10:12
                                                                          Start date:21/02/2021
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff724c50000
                                                                          File size:625664 bytes
                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Analysis Process: schtasks.exe PID: 6632 Parent PID: 6416

                                                                          General

                                                                          Start time:19:10:12
                                                                          Start date:21/02/2021
                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmpA082.tmp'
                                                                          Imagebase:0xc00000
                                                                          File size:185856 bytes
                                                                          MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Analysis Process: conhost.exe PID: 6764 Parent PID: 6632

                                                                          General

                                                                          Start time:19:10:13
                                                                          Start date:21/02/2021
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff724c50000
                                                                          File size:625664 bytes
                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Analysis Process: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6888 Parent PID: 968

                                                                          General

                                                                          Start time:19:10:14
                                                                          Start date:21/02/2021
                                                                          Path:C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe 0
                                                                          Imagebase:0xda0000
                                                                          File size:412672 bytes
                                                                          MD5 hash:0BBCC2E64E3EDF053ED4AF2C0BAFB0EB
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Yara matches:
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000002.707013030.0000000004471000.00000004.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000002.707013030.0000000004471000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 00000007.00000002.707013030.0000000004471000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: dhcpmon.exe PID: 2460 Parent PID: 968

                                                                          General

                                                                          Start time:19:10:14
                                                                          Start date:21/02/2021
                                                                          Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
                                                                          Imagebase:0x1c0000
                                                                          File size:412672 bytes
                                                                          MD5 hash:0BBCC2E64E3EDF053ED4AF2C0BAFB0EB
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Yara matches:
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 00000008.00000002.717514074.0000000003B51000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          Antivirus matches:
                                                                          • Detection: 100%, Joe Sandbox ML
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: dhcpmon.exe PID: 7160 Parent PID: 3424

                                                                          General

                                                                          Start time:19:10:20
                                                                          Start date:21/02/2021
                                                                          Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
                                                                          Imagebase:0xdb0000
                                                                          File size:412672 bytes
                                                                          MD5 hash:0BBCC2E64E3EDF053ED4AF2C0BAFB0EB
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Yara matches:
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000A.00000002.730081391.00000000044D1000.00000004.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000A.00000002.730081391.00000000044D1000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 0000000A.00000002.730081391.00000000044D1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6260 Parent PID: 6888

                                                                          General

                                                                          Start time:19:10:24
                                                                          Start date:21/02/2021
                                                                          Path:C:\Users\user\Desktop\256ec8f8f67b59c5e085b0bb63afcd13.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:{path}
                                                                          Imagebase:0xe00000
                                                                          File size:412672 bytes
                                                                          MD5 hash:0BBCC2E64E3EDF053ED4AF2C0BAFB0EB
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 0000000B.00000002.721135661.0000000003471000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000B.00000002.719796822.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000B.00000002.719796822.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 0000000B.00000002.719796822.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000B.00000002.721168712.0000000004471000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 0000000B.00000002.721168712.0000000004471000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: dhcpmon.exe PID: 6500 Parent PID: 2460

                                                                          General

                                                                          Start time:19:10:25
                                                                          Start date:21/02/2021
                                                                          Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:{path}
                                                                          Imagebase:0xb90000
                                                                          File size:412672 bytes
                                                                          MD5 hash:0BBCC2E64E3EDF053ED4AF2C0BAFB0EB
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.722378411.0000000003371000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.722378411.0000000003371000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.721387726.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.721387726.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.721387726.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.722411296.0000000004371000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.722411296.0000000004371000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: dhcpmon.exe PID: 5748 Parent PID: 7160

                                                                          General

                                                                          Start time:19:10:36
                                                                          Start date:21/02/2021
                                                                          Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:{path}
                                                                          Imagebase:0x810000
                                                                          File size:412672 bytes
                                                                          MD5 hash:0BBCC2E64E3EDF053ED4AF2C0BAFB0EB
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000E.00000002.742484463.0000000003FB1000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 0000000E.00000002.742484463.0000000003FB1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000E.00000002.741098736.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000E.00000002.741098736.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 0000000E.00000002.741098736.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000E.00000002.742370218.0000000002FB1000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: NanoCore, Description: unknown, Source: 0000000E.00000002.742370218.0000000002FB1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Disassembly

                                                                          Code Analysis

                                                                          Reset < >

                                                                            Analysis Process: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6720 Parent PID: 6088 256ec8f8f67b59c5e085b0bb63afcd13.exeCOMMON

                                                                            Executed Functions

                                                                            Function 06DA06E5, Relevance: 3.4, Strings: 2, Instructions: 898COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.679665800.0000000006DA0000.00000040.00000001.sdmp, Offset: 06DA0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ($>_kq
                                                                            • API String ID: 0-3093543653
                                                                            • Opcode ID: 521121f0c0119be11a1832ddbb29279dd68f3af46b65f13c8634654705761298
                                                                            • Instruction ID: e49bd780362914ef94aa3af79a325fa19347cf721a2fd8ffa9de985bd4d605a5
                                                                            • Opcode Fuzzy Hash: 521121f0c0119be11a1832ddbb29279dd68f3af46b65f13c8634654705761298
                                                                            • Instruction Fuzzy Hash: 7C82F370D4A229CFEBA4DF65C948BEDB7B5BB49304F1091E9808DA7290DB749AC4CF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05470868, Relevance: 3.2, Strings: 1, Instructions: 1909COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `-Qp
                                                                            • API String ID: 0-3646087301
                                                                            • Opcode ID: fdbdbb6ea458463f0677978134219e061e9f6eef7e74512cc7ee4eaca9daa185
                                                                            • Instruction ID: 416358be1e7c756aac002495d6fe3c1c5224d84184d46cfea572cd7e65aa24a9
                                                                            • Opcode Fuzzy Hash: fdbdbb6ea458463f0677978134219e061e9f6eef7e74512cc7ee4eaca9daa185
                                                                            • Instruction Fuzzy Hash: 1513D634A41219DFDB65DB24C898AE9B7B2FF89304F5541F8E409AB361CB35AE85CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05470878, Relevance: 3.2, Strings: 1, Instructions: 1903COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `-Qp
                                                                            • API String ID: 0-3646087301
                                                                            • Opcode ID: cc8862cbda885b941e9f27ee1ea4644a81476e15dfd8ddf93293259a91358cd6
                                                                            • Instruction ID: 9e83b2882bc9789be001ec2662b5e316cdec7e4a36310a6b296cb453e134e72a
                                                                            • Opcode Fuzzy Hash: cc8862cbda885b941e9f27ee1ea4644a81476e15dfd8ddf93293259a91358cd6
                                                                            • Instruction Fuzzy Hash: 2213D634A41219DFDB65DB24C894AE9B7B2FF89304F5541F8E409AB361CB35AE85CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05470608, Relevance: .2, Instructions: 169COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 33663d647b97ba5ec89657962a721faba87f2657f07817f9e0cb7269a0ce181d
                                                                            • Instruction ID: ccf2c4f27604ab2f426b2ac987ebf8c0b2512696835eb8f6de9e8e9cf3e88615
                                                                            • Opcode Fuzzy Hash: 33663d647b97ba5ec89657962a721faba87f2657f07817f9e0cb7269a0ce181d
                                                                            • Instruction Fuzzy Hash: EE71C470E01219CFDB24DFBAC894A9EBBB3BF89304F208469D419AB355DB359985CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054730D0, Relevance: .2, Instructions: 153COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dc2610e8543fc920940f64e44b8dc532fe8f6f5c46fdb6961c235792789d845d
                                                                            • Instruction ID: 97a4707c500c31904d8a1d981296f251ffc985e0e8fb2aec13a4afb833476120
                                                                            • Opcode Fuzzy Hash: dc2610e8543fc920940f64e44b8dc532fe8f6f5c46fdb6961c235792789d845d
                                                                            • Instruction Fuzzy Hash: 4F618CB4E05208DFDB58DFA9D884AEDBBF2BF88300F20942AD819AB354DB345945DF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054730C0, Relevance: .2, Instructions: 151COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5ac3793f2bb7f70c18c8346165d65a27241797ec5a3881c709238460d488c5d9
                                                                            • Instruction ID: 5813265deac213963ecadafd445bb6d09a29a3209ba4f932af1eadad072a18ad
                                                                            • Opcode Fuzzy Hash: 5ac3793f2bb7f70c18c8346165d65a27241797ec5a3881c709238460d488c5d9
                                                                            • Instruction Fuzzy Hash: 8F519FB4E04208DFDB58DFA9D885AEDBBF2BF88300F20942AD819AB354DB345945DF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05472F1F, Relevance: .1, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6f24dab7f86943a7e8545ed11cd6ad0891a5bd5c096e8c5fab1d3f1e1f024475
                                                                            • Instruction ID: 664b2edf906db1078c3d732ef16a957eac4597351a77cacb941cb5cc22dcffaa
                                                                            • Opcode Fuzzy Hash: 6f24dab7f86943a7e8545ed11cd6ad0891a5bd5c096e8c5fab1d3f1e1f024475
                                                                            • Instruction Fuzzy Hash: 3C51B1B4D05608DFDB08CFAAC5447EEBBF2BF88304F2480AAD415A73A4D7B55A85DB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05479950, Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0a0624b60e3273c091cc05da6d05b0b76583d30bbae9b90324bc3be5a4ace1c6
                                                                            • Instruction ID: b7731de23da8cfd2a9de95dd379c586b5d62e9b12ab2924a6f8d524d2a6ddfee
                                                                            • Opcode Fuzzy Hash: 0a0624b60e3273c091cc05da6d05b0b76583d30bbae9b90324bc3be5a4ace1c6
                                                                            • Instruction Fuzzy Hash: 922197B1E056089BEB58CFABD8446DEBAF7BFC8200F14C17AC819A7258EB3405068F10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05479960, Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bebaf4902cfcb7e65f9c6c131c2712376806085f16d19341c95b1b1c6a5c63f6
                                                                            • Instruction ID: 8ecb71b6bfa37d1b474b1c82ddbde59fcc88f5d98eb5a4447e55a75160b05282
                                                                            • Opcode Fuzzy Hash: bebaf4902cfcb7e65f9c6c131c2712376806085f16d19341c95b1b1c6a5c63f6
                                                                            • Instruction Fuzzy Hash: ED1174B1E056099BEB18CFABD9446DEBAF7BFC8200F14C17A8819A6258EB3405068B50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054799F6, Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b70cab88d9aafc74b37bfb7775e7ee6c7de6bb1e37b26aa76c4ca834623d62bc
                                                                            • Instruction ID: 31449c718dee2ce402d085d2a677d0a7896a25872272c8fad2a6cb98d9ab678d
                                                                            • Opcode Fuzzy Hash: b70cab88d9aafc74b37bfb7775e7ee6c7de6bb1e37b26aa76c4ca834623d62bc
                                                                            • Instruction Fuzzy Hash: A81156B1E05609DBEB08CFABD9846EDBAF7BFC9200F14D16AC819A7258DB3405468F50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AAC22, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 015AACD1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: e25874018fa579b342c0ac357e05e00ca4a8309759e83286965eb1e22ca2e5ac
                                                                            • Instruction ID: 1b9fb6ca2af2e9e1aada3d70b46809d00f8577240e9ddf4ee1fd2eb1564e3b6d
                                                                            • Opcode Fuzzy Hash: e25874018fa579b342c0ac357e05e00ca4a8309759e83286965eb1e22ca2e5ac
                                                                            • Instruction Fuzzy Hash: 3D31B3715443846FE7228B25CC45F6BBFA8EF05310F0884AAED818B153D224E909CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AAD19, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,CFEF3817,00000000,00000000,00000000,00000000), ref: 015AADD4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: d9bfcad39623ef6e69b2fd45de7b8802787d8a8abc33f41cd544ad67abc67182
                                                                            • Instruction ID: a855d18a7f58cff23420bf3ebafa0e89879ee705856f31d2b5b4d0874f82cd5c
                                                                            • Opcode Fuzzy Hash: d9bfcad39623ef6e69b2fd45de7b8802787d8a8abc33f41cd544ad67abc67182
                                                                            • Instruction Fuzzy Hash: 1E318F715097846FE722CF25DC84FA6BFF8EF06710F18849AE9858B153D264E548CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AA2AC, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 015AA346
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ConsoleCtrlHandler
                                                                            • String ID:
                                                                            • API String ID: 1513847179-0
                                                                            • Opcode ID: 44c49d6866c679270d152e7026436cedef895b8c2d9d422d4fbd12d88fa9c9ad
                                                                            • Instruction ID: b536ec3e327659892e0212ff76b6a1d5200a446810a7d3020edbe751e9e1f4ee
                                                                            • Opcode Fuzzy Hash: 44c49d6866c679270d152e7026436cedef895b8c2d9d422d4fbd12d88fa9c9ad
                                                                            • Instruction Fuzzy Hash: 2D21C77144D3C06FD3138B259C51B62BFB8EF87624F0A80DBE884CB5A3D225A919C772
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AAC52, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 015AACD1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: d2ceae0d3ce01d473666941b5d5340ef371c10ae9acc3addf39902e1ff5dff55
                                                                            • Instruction ID: c38cc0ca30fbf56c28bab9e76edecdf8d8525c6f4f121ea12c74b930e5e4a6a1
                                                                            • Opcode Fuzzy Hash: d2ceae0d3ce01d473666941b5d5340ef371c10ae9acc3addf39902e1ff5dff55
                                                                            • Instruction Fuzzy Hash: E021CF72540704AFE7219F59DC84F6AFBECEF08320F44886AED419B242D224E508CBB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05920361, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DrawTextExW.USER32(?,?,?,?,?), ref: 059203E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.677088834.0000000005920000.00000040.00000001.sdmp, Offset: 05920000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DrawText
                                                                            • String ID:
                                                                            • API String ID: 2175133113-0
                                                                            • Opcode ID: c6f667f1aba65fc91d93bee3508e8a32b921b0e3cffb233990e7207c31b353b7
                                                                            • Instruction ID: ef25fd796b9ffbdcbbbf5dd08f7be260628c7e0664182fb8be4eb1a536a86225
                                                                            • Opcode Fuzzy Hash: c6f667f1aba65fc91d93bee3508e8a32b921b0e3cffb233990e7207c31b353b7
                                                                            • Instruction Fuzzy Hash: 982160715097849FDB22CF25DC44B62BFF8EF06214F09859AE9858B663D275E808CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AAD5A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,CFEF3817,00000000,00000000,00000000,00000000), ref: 015AADD4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: f92fd934690fbf4572462a919c7190c09af61c1ecc50d87ae9dea13d08c519fd
                                                                            • Instruction ID: 853928128f337bc9dc9f004136b2a434a271aafac0874c7d739dba9cc5094004
                                                                            • Opcode Fuzzy Hash: f92fd934690fbf4572462a919c7190c09af61c1ecc50d87ae9dea13d08c519fd
                                                                            • Instruction Fuzzy Hash: 78218E71640704AFE721CE29DC84FAABBECEF04710F48846AE9858B656D764E504CAB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05920D2C, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05920DAC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.677088834.0000000005920000.00000040.00000001.sdmp, Offset: 05920000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: e42ccdc171b250ea671eda09d229bba6772e86d2cc420390d6942124a97380ff
                                                                            • Instruction ID: 635f487a60f479e88833e3ad662d0c78cf89bd2b39cc3dd45ca42d311721e2d3
                                                                            • Opcode Fuzzy Hash: e42ccdc171b250ea671eda09d229bba6772e86d2cc420390d6942124a97380ff
                                                                            • Instruction Fuzzy Hash: 4221B0761097C09FD7128B25DC85AA6FFF4EF07210F0984DEE8858B563D225A848DB21
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AB379, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 015AB3F5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoadShim
                                                                            • String ID:
                                                                            • API String ID: 1475914169-0
                                                                            • Opcode ID: e8dd480ca5a97c478c725b547968670b088164321a868b5d7648c85e125f73ed
                                                                            • Instruction ID: ff7fac504652a95469a6e22ce522a75e5d11f5cd59857fefabbb566fc7d22a7f
                                                                            • Opcode Fuzzy Hash: e8dd480ca5a97c478c725b547968670b088164321a868b5d7648c85e125f73ed
                                                                            • Instruction Fuzzy Hash: 452190715093805FE7228E15DC84B66BFE8EF06614F08809AED85CF293D265E808CB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05920E8D, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 05920F01
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.677088834.0000000005920000.00000040.00000001.sdmp, Offset: 05920000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: bad2dcba30e92f816abc09d15056514111bcf8c3c42f4eb5510ae1cc83dbe771
                                                                            • Instruction ID: 7ce1328cde2b3a8b77b8103c2d442c35d3a14c2f2b9fc92c2bd77ff992f61767
                                                                            • Opcode Fuzzy Hash: bad2dcba30e92f816abc09d15056514111bcf8c3c42f4eb5510ae1cc83dbe771
                                                                            • Instruction Fuzzy Hash: 36215C7240D3C09FDB238B25DC44AA2FFB4EF17210F0985DBE9848F563D265A958DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AA5FB, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015AA666
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 123d2d9a047705df4aafaf6d068389d9f24ee038af2a6ebd5b02a9b69521ec59
                                                                            • Instruction ID: 476f425b2a50ffb0bd085a32f3c1901ff648bfa0b856bd7d770c43b1efc9cb3c
                                                                            • Opcode Fuzzy Hash: 123d2d9a047705df4aafaf6d068389d9f24ee038af2a6ebd5b02a9b69521ec59
                                                                            • Instruction Fuzzy Hash: D711AF72409380AFDB238F55DC44A66FFF4EF4A210F08889AED858F163D235A418DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05920C8B, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05920CF0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.677088834.0000000005920000.00000040.00000001.sdmp, Offset: 05920000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: 3ca0dca73dfaa2c66f45c840cea5517aa855c0354aaacc67f46f08c25e167ce6
                                                                            • Instruction ID: cb7d3e6fe9aab91a26293bd85de5be59b9612f40bff191d9629308c13e4f7f41
                                                                            • Opcode Fuzzy Hash: 3ca0dca73dfaa2c66f45c840cea5517aa855c0354aaacc67f46f08c25e167ce6
                                                                            • Instruction Fuzzy Hash: 1E11B2764097C49FDB228F25DC44A62FFB4EF06220F0884DEED858B563C275A458DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0592121F, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 05921289
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.677088834.0000000005920000.00000040.00000001.sdmp, Offset: 05920000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 3b82cf9988d44c9d749fb4b5e83c8151114993bbbf915e26a4cc0c04249778a3
                                                                            • Instruction ID: 3d721974e7d541cd630bf060e189944cd8803fbf6aa92c5d88fc89fcc7d3c174
                                                                            • Opcode Fuzzy Hash: 3b82cf9988d44c9d749fb4b5e83c8151114993bbbf915e26a4cc0c04249778a3
                                                                            • Instruction Fuzzy Hash: F711D0714093809FDB228F15DC45B62FFB4EF06224F18C49EED858B663C275A558DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05920BE4, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetThreadContext.KERNELBASE(?,?), ref: 05920C43
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.677088834.0000000005920000.00000040.00000001.sdmp, Offset: 05920000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: 854943abdfa8f167c1cd4fbd7097dfdcc2adb9bf5a8e2556a3e4fcfcda6de9f3
                                                                            • Instruction ID: 5aa582f595ec55aa889c54ff42dae8fc5a02b7fd9a4a2e3cdbe84e0fec58ea18
                                                                            • Opcode Fuzzy Hash: 854943abdfa8f167c1cd4fbd7097dfdcc2adb9bf5a8e2556a3e4fcfcda6de9f3
                                                                            • Instruction Fuzzy Hash: 4B1191755093849FD721CF15DC85F66FFE8EF06220F0980AEED498B262D274E848CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05920392, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DrawTextExW.USER32(?,?,?,?,?), ref: 059203E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.677088834.0000000005920000.00000040.00000001.sdmp, Offset: 05920000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DrawText
                                                                            • String ID:
                                                                            • API String ID: 2175133113-0
                                                                            • Opcode ID: 5fdfaef3a49e2d92423f9ce840ffcdb32c81fd30fe6cce8725fdfd4274fbfb17
                                                                            • Instruction ID: 65cabd911ae4ac31d687766796d7ab37a01b93cc1f5238b2549e772844f1a6a6
                                                                            • Opcode Fuzzy Hash: 5fdfaef3a49e2d92423f9ce840ffcdb32c81fd30fe6cce8725fdfd4274fbfb17
                                                                            • Instruction Fuzzy Hash: C7112A715043449FDB20DF66D988B66FBE8FF04620F08C8AAED45CB656E775E404CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AAEF0, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 015AAF50
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AllocVirtual
                                                                            • String ID:
                                                                            • API String ID: 4275171209-0
                                                                            • Opcode ID: 34f8c9425218a69a13930a23e9af094f6daaa07da41c28179bfeb2ae2c7042d6
                                                                            • Instruction ID: 1ac8dfce145c3ac95d11fd4bd72b2da3bffd4fec72400afe01b46704a63b7437
                                                                            • Opcode Fuzzy Hash: 34f8c9425218a69a13930a23e9af094f6daaa07da41c28179bfeb2ae2c7042d6
                                                                            • Instruction Fuzzy Hash: 3A119E76409780AFDB228F15DC44A56FFF4EF09220F08849EED854B663C375A418CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AAAEC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LongWindow
                                                                            • String ID:
                                                                            • API String ID: 1378638983-0
                                                                            • Opcode ID: f480205121f04ce7bb729bbde8e1c7a87d1d20954f34de92cbe3ba3206735958
                                                                            • Instruction ID: 11579caa2c22e22e46e7fb2a0dbed7d3388d63783f37c38b75bef7ea73394538
                                                                            • Opcode Fuzzy Hash: f480205121f04ce7bb729bbde8e1c7a87d1d20954f34de92cbe3ba3206735958
                                                                            • Instruction Fuzzy Hash: DC117932449784AFD7228F15DC85A56FFB4EF46620F08C49AED858F263C375A818CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AA42A, Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ResumeThread.KERNELBASE(?), ref: 015AA480
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ResumeThread
                                                                            • String ID:
                                                                            • API String ID: 947044025-0
                                                                            • Opcode ID: 71117571044782611254173cc6dcb82c18e2cb6f3991af10dbc9f03adef31921
                                                                            • Instruction ID: c29213382d7bba3ee8502ab908fe4b5d718e7c0941bb0996983f739b59a6de81
                                                                            • Opcode Fuzzy Hash: 71117571044782611254173cc6dcb82c18e2cb6f3991af10dbc9f03adef31921
                                                                            • Instruction Fuzzy Hash: A5018475409384AFD7128B15DD44B66FFA8EF46624F08C0DAED858F257D275A808CB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05920D66, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05920DAC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.677088834.0000000005920000.00000040.00000001.sdmp, Offset: 05920000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: 4e07ba15674b7ce925359df4f0619a30e13dfa79c160eb9d00e0db95ed73e325
                                                                            • Instruction ID: 8809b0457578bb1cec69f440c3e4a07468c6d06a139d7be3ce0c9fa7a37930ce
                                                                            • Opcode Fuzzy Hash: 4e07ba15674b7ce925359df4f0619a30e13dfa79c160eb9d00e0db95ed73e325
                                                                            • Instruction Fuzzy Hash: 41015E396017449FDB20CF15D884B66FBA8EF04620F08C46ADD458B65AD275E458DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AB3AA, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 015AB3F5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoadShim
                                                                            • String ID:
                                                                            • API String ID: 1475914169-0
                                                                            • Opcode ID: 02ca7d790eb424512cec02a74f847e5010a36e19245a5f7ddd7263c1de46a716
                                                                            • Instruction ID: 0e96048813d7e712c4b16304ee9b4f7e90addf38e2aa0ebd54c461263499a268
                                                                            • Opcode Fuzzy Hash: 02ca7d790eb424512cec02a74f847e5010a36e19245a5f7ddd7263c1de46a716
                                                                            • Instruction Fuzzy Hash: C50140715403409FEB60DE5AD885B6AFBE8FF04620F48C46ADD498B656D275E404CAB2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AA622, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015AA666
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: e315ae8e3a72ee071094b9dd49fd1a65d59e013749720dc2ec2a250cd91ed117
                                                                            • Instruction ID: 5d6b31c206ba83d38fe2899a20659b4700a4ffd1053f8b0e0eea8662bdca4b87
                                                                            • Opcode Fuzzy Hash: e315ae8e3a72ee071094b9dd49fd1a65d59e013749720dc2ec2a250cd91ed117
                                                                            • Instruction Fuzzy Hash: ED015B319007409FDB228F55D944B6AFFE4EF48720F08C8AAED894F656D375A414CF62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05920C06, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetThreadContext.KERNELBASE(?,?), ref: 05920C43
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.677088834.0000000005920000.00000040.00000001.sdmp, Offset: 05920000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: df3e0a2007a7aad050fdb3a9387466b20af1cf172546e163137a6c500393c517
                                                                            • Instruction ID: 65485a931bdf4055e630584483580bd9d6c336c4095f5d3f9fc88b568e5e51e0
                                                                            • Opcode Fuzzy Hash: df3e0a2007a7aad050fdb3a9387466b20af1cf172546e163137a6c500393c517
                                                                            • Instruction Fuzzy Hash: 780184756043448FDB20CF16D889B66FBD8EF04720F08C4AADD498B65AE375E844CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AA2F6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 015AA346
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ConsoleCtrlHandler
                                                                            • String ID:
                                                                            • API String ID: 1513847179-0
                                                                            • Opcode ID: 7b53ea44ebfb8ec67af9988b664dc4ed1435ec3de89d46af3195b6d589553896
                                                                            • Instruction ID: d4cb83e6d2b8c8c16e824fbe5a3febac5adb8ad56d8b22c35c48f14a60a37c9a
                                                                            • Opcode Fuzzy Hash: 7b53ea44ebfb8ec67af9988b664dc4ed1435ec3de89d46af3195b6d589553896
                                                                            • Instruction Fuzzy Hash: BA01A271500600ABD214DF1ADC82B26FBA8FB89B20F14C15AED084B741D235F916CBE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05920CB2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05920CF0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.677088834.0000000005920000.00000040.00000001.sdmp, Offset: 05920000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: 0e272018d7ea69b58539a6416160532558b562927526196361d9292899fcc2b4
                                                                            • Instruction ID: 2c805fbfd92292d0760d600a737d7d3d0a134061db8ed149db9936a258570b3b
                                                                            • Opcode Fuzzy Hash: 0e272018d7ea69b58539a6416160532558b562927526196361d9292899fcc2b4
                                                                            • Instruction Fuzzy Hash: 82019E365007409FDB208F56D848B66FBA4EF04320F08C4AEED494B65AD375E458CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0592124E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 05921289
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.677088834.0000000005920000.00000040.00000001.sdmp, Offset: 05920000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 18ff2ed89438947652598af51814db4ef8a02b856f44b9f236fa467468b08d83
                                                                            • Instruction ID: 7ab7a91f1025da35e88b1c12076e267d3cfe3fc56278efd4e2e41dd8784822c9
                                                                            • Opcode Fuzzy Hash: 18ff2ed89438947652598af51814db4ef8a02b856f44b9f236fa467468b08d83
                                                                            • Instruction Fuzzy Hash: 6701D4315007408FDB208F56D844B66FBA4EF04320F18C4AEED458BA56D375E458DFB2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AAF12, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 015AAF50
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AllocVirtual
                                                                            • String ID:
                                                                            • API String ID: 4275171209-0
                                                                            • Opcode ID: d856aa9198e9f34b83471b707879ce6aebef8f5cc75e3fc2cd8ed64061746b68
                                                                            • Instruction ID: 40fdfeb1bdb3ce328a5566a7deb015f809863a928208a90b8f7c63d36f3db5d0
                                                                            • Opcode Fuzzy Hash: d856aa9198e9f34b83471b707879ce6aebef8f5cc75e3fc2cd8ed64061746b68
                                                                            • Instruction Fuzzy Hash: BC017C755007409FDB218F56D884B69FBA4FF08720F08C49EEE494B666D375A458CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05920EC6, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 05920F01
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.677088834.0000000005920000.00000040.00000001.sdmp, Offset: 05920000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: c34fda5e9dd0968d404324a8a91d5c4e4acd7a8394771347171324faa1095589
                                                                            • Instruction ID: 0aa61f719a89b1820794a3d97685d9dcdbca4773b58c5d807efdbedd5fccaac5
                                                                            • Opcode Fuzzy Hash: c34fda5e9dd0968d404324a8a91d5c4e4acd7a8394771347171324faa1095589
                                                                            • Instruction Fuzzy Hash: 3A018B315043409FDB20CF56D888B66FBA4EF08320F08C49AED894BA5AD375E558CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AAB0E, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LongWindow
                                                                            • String ID:
                                                                            • API String ID: 1378638983-0
                                                                            • Opcode ID: 5c08814bcfad53c9fafd45f314997a3112380f69ad2aa5b8e95ee0a5d36aabbb
                                                                            • Instruction ID: e8101c1fe9a7f05376be2bf9d94b5a692a8e7acabb52e89d99f2a8f166460f12
                                                                            • Opcode Fuzzy Hash: 5c08814bcfad53c9fafd45f314997a3112380f69ad2aa5b8e95ee0a5d36aabbb
                                                                            • Instruction Fuzzy Hash: 5E01AD315447448FDB218F0AD884B29FBA0EF04720F08C8AADD864F656D379A408CBB2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015AA44E, Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ResumeThread.KERNELBASE(?), ref: 015AA480
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674842667.00000000015AA000.00000040.00000001.sdmp, Offset: 015AA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ResumeThread
                                                                            • String ID:
                                                                            • API String ID: 947044025-0
                                                                            • Opcode ID: aa6fdb9710e0191f63e11caa2a29e500f4805ccb1392e657919cdc06bdf2c832
                                                                            • Instruction ID: 810542ff0ea66562f8c5b491c3a374b9043d725a6498749fa318b5d6cd95c06c
                                                                            • Opcode Fuzzy Hash: aa6fdb9710e0191f63e11caa2a29e500f4805ccb1392e657919cdc06bdf2c832
                                                                            • Instruction Fuzzy Hash: D9F0A4355443408FD7208F0AE888769FF94EF04720F48C4AAED454F656D279A404CEA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0547014A, Relevance: .3, Instructions: 288COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: de1a9a658395b67d16fbafd53538db30dbbb4c098f2b87ecddf7e0c2d7b4f654
                                                                            • Instruction ID: ddac9630899ac4b4b26aaf54d249a8b9cf4b69773aaae536c17591f331a8dd42
                                                                            • Opcode Fuzzy Hash: de1a9a658395b67d16fbafd53538db30dbbb4c098f2b87ecddf7e0c2d7b4f654
                                                                            • Instruction Fuzzy Hash: A0D1AB34E0120ACFCB54DFA8D585AAEBBB2FB89301F208569E815AB354DB35AD45CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05470158, Relevance: .3, Instructions: 281COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cf5ecd57d63f939adf9ead2ab77a2b77db653a356e6661a8b86f598f4f2f8cbb
                                                                            • Instruction ID: b28aecd247b22a0d58bf4b9da024a9f7365721eb5f11033ac299c1828cd62451
                                                                            • Opcode Fuzzy Hash: cf5ecd57d63f939adf9ead2ab77a2b77db653a356e6661a8b86f598f4f2f8cbb
                                                                            • Instruction Fuzzy Hash: 4FD19B34E0120ACFCB54DFA8D585AAEBBB2FF89301F208569E815AB354DB35AD45CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05473493, Relevance: .2, Instructions: 221COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4f3962c37cfdd41a2cca6782cd40213c4496b39ed2c024dfaf9ff93c4de93e08
                                                                            • Instruction ID: 60a5faceef3295d4b0978797e65bbac5627bda54589caba88bfd4327cd7379c3
                                                                            • Opcode Fuzzy Hash: 4f3962c37cfdd41a2cca6782cd40213c4496b39ed2c024dfaf9ff93c4de93e08
                                                                            • Instruction Fuzzy Hash: 6FA10574E00228DFDB24CFA9C884BEDBBB2BF49304F1485DAD508AB251DB709A85DF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 06DA1674, Relevance: .2, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.679665800.0000000006DA0000.00000040.00000001.sdmp, Offset: 06DA0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b327ad94493171d43faa7360551aa00866339fa51f39751743433285f62db163
                                                                            • Instruction ID: 507a08b4a574da983a8e61cfcbcc70630cc5094497b203411974f0abc2ac5d2b
                                                                            • Opcode Fuzzy Hash: b327ad94493171d43faa7360551aa00866339fa51f39751743433285f62db163
                                                                            • Instruction Fuzzy Hash: 5C712970D49229CFEBA4DF65CC447ECB7B5BB4A304F1091E9C05AA6291DB748AC8CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054728B0, Relevance: .1, Instructions: 136COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 70d147453a8d64e186e2afe5842ebbb2c61b5b7aea8ee9eb883cae18322842bc
                                                                            • Instruction ID: b51bae3a6e90aa66ff81902ec52f091b83592d25b3325515529c0b39dd948866
                                                                            • Opcode Fuzzy Hash: 70d147453a8d64e186e2afe5842ebbb2c61b5b7aea8ee9eb883cae18322842bc
                                                                            • Instruction Fuzzy Hash: E35105B4D04218DFDB18CFA5D8487EEBBB2BF88304F14806AD4156B394D7B41A85CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054728A0, Relevance: .1, Instructions: 115COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cfa0f81692e50eb144f3c5f33c64be5c90c30143fc159b41457797d688b737f6
                                                                            • Instruction ID: 2f547f0f0117b87d665606d8eb29bd7a8f851cc58204963c8feafde1811d452b
                                                                            • Opcode Fuzzy Hash: cfa0f81692e50eb144f3c5f33c64be5c90c30143fc159b41457797d688b737f6
                                                                            • Instruction Fuzzy Hash: 3941D1B4D052089FDB18DFA6D8887EEBBB2FF88304F24816AD8156B394D7745A46CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05470018, Relevance: .1, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 44d8b1ee6e7211559e25054e4ea6c0b58ac0faec164f18ab7a7e262d9ea1c60a
                                                                            • Instruction ID: 1b922894051d39fef73122aa6357cc6bd866380adbef98959c7ac8ce76a880fe
                                                                            • Opcode Fuzzy Hash: 44d8b1ee6e7211559e25054e4ea6c0b58ac0faec164f18ab7a7e262d9ea1c60a
                                                                            • Instruction Fuzzy Hash: 3511C75145E3C51FC302A77888622EABFB0AF03104F0A49EBC0C59A693D128881AC7A6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02E505CF, Relevance: .1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.675000175.0000000002E50000.00000040.00000040.sdmp, Offset: 02E50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9817b5cdf67e19617a17aed83988bb52392137719953ff2d217dc9bb23a761f3
                                                                            • Instruction ID: 14628a95ee4ba853f4e06d9442ec17092fdb4cfac26cc5c643a7411d3d1e166c
                                                                            • Opcode Fuzzy Hash: 9817b5cdf67e19617a17aed83988bb52392137719953ff2d217dc9bb23a761f3
                                                                            • Instruction Fuzzy Hash: F901F9B554D7805FD7118B15EC10997BFE8DF87260709C0ABEC48CB212D125A909CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02E5075C, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.675000175.0000000002E50000.00000040.00000040.sdmp, Offset: 02E50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 96eeeb40bb8a0f50c7be2411ee3e5a14d58e3c1c851f586470bf84966be1d8d5
                                                                            • Instruction ID: a7072d9bb2cac8bd6c0bbeff6ef8b5ebfcf33c819df49c3e04ace20e514967f7
                                                                            • Opcode Fuzzy Hash: 96eeeb40bb8a0f50c7be2411ee3e5a14d58e3c1c851f586470bf84966be1d8d5
                                                                            • Instruction Fuzzy Hash: B211AF35294684DFD315DB24C980B26BB95AB88B08F28C9ACFD490B652C77BD803CE91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02E5072C, Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.675000175.0000000002E50000.00000040.00000040.sdmp, Offset: 02E50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ad05eb719cb929cd60ca136a595beec4be2325c645da174c521e7e13fa66804f
                                                                            • Instruction ID: 1a8e28df5bc28208667f7ebb6c74604c6fca0f67944a8d32fd51505b97337961
                                                                            • Opcode Fuzzy Hash: ad05eb719cb929cd60ca136a595beec4be2325c645da174c521e7e13fa66804f
                                                                            • Instruction Fuzzy Hash: A22162351497C09FD7179B24C450B15BFA1EF4A708F19C6DED8854BAA3C3369806CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02E50710, Relevance: .1, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.675000175.0000000002E50000.00000040.00000040.sdmp, Offset: 02E50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2f454c0f355266f77eb82f36967fba1a877ff183f47f811475acdc2b03c62c13
                                                                            • Instruction ID: 084aa099d28cace0704fab7eb459b20f13e17f2e9cb05ff7393e4bde3dc9f7d8
                                                                            • Opcode Fuzzy Hash: 2f454c0f355266f77eb82f36967fba1a877ff183f47f811475acdc2b03c62c13
                                                                            • Instruction Fuzzy Hash: BC2151351597C49FC707DB20C850B55BFB1EF4A718F29C6EAE8854B663C33A9806CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02E50638, Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.675000175.0000000002E50000.00000040.00000040.sdmp, Offset: 02E50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 39536a3659395d0c40367d45585a91360b193fe6019470ffe951f201803aa161
                                                                            • Instruction ID: f0382833dc92823df99a6467e02b8303c94e0969c937157486abdf9976e2f0c6
                                                                            • Opcode Fuzzy Hash: 39536a3659395d0c40367d45585a91360b193fe6019470ffe951f201803aa161
                                                                            • Instruction Fuzzy Hash: 2B01A2BA5097805FD3128F15EC408A7BBE8EB86720715C5ABFC49CB613D135E909CBB2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02E50818, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.675000175.0000000002E50000.00000040.00000040.sdmp, Offset: 02E50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                                            • Instruction ID: fa84bf862a997e85eefe30bfc8eebc9bb3f43d16d97712358c59f15db601a551
                                                                            • Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                                            • Instruction Fuzzy Hash: D3F0FB35144644DFC206DB40D940B25FBA2EB89718F24C6A9E9490B752C337D813DA81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05473308, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 46d79b5e83e25f3181ce11d5e80a1f3090381d3cefa4c60f330d19933a3d0f75
                                                                            • Instruction ID: 5e6dbe697df70035b8a3addc80bf42c4b6f9f4e23e0e7e48b06ae59c5d93a6a7
                                                                            • Opcode Fuzzy Hash: 46d79b5e83e25f3181ce11d5e80a1f3090381d3cefa4c60f330d19933a3d0f75
                                                                            • Instruction Fuzzy Hash: BAF06531C4411CDFC724DE9CD8857EE7BB8FF48305F2455A998A5A73C1D6305541DB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02E505F6, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.675000175.0000000002E50000.00000040.00000040.sdmp, Offset: 02E50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ab6c77a92b863a0d1d51ca562fe115bb7523a129e759deff7f6e0f0d7ae93bad
                                                                            • Instruction ID: 06fea35b6d31bd6a77815e54cba0a697b277f66d653c315a7378df98badeae92
                                                                            • Opcode Fuzzy Hash: ab6c77a92b863a0d1d51ca562fe115bb7523a129e759deff7f6e0f0d7ae93bad
                                                                            • Instruction Fuzzy Hash: DDE06D766046405BD650DF0AEC41466FBD8EB84630B18C07FDC0D8B701E53AB5048EA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05473360, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 56b999373f043d7a4d328ee7684fee760a46dcbe8ef58acb4eaf47c3f3022320
                                                                            • Instruction ID: a72287123df75ead92480ace8f4b0130c20d43d0fd758c249ca88392b1a838e2
                                                                            • Opcode Fuzzy Hash: 56b999373f043d7a4d328ee7684fee760a46dcbe8ef58acb4eaf47c3f3022320
                                                                            • Instruction Fuzzy Hash: 42E01231C45108DFC714DF9CD4867EDBBB4FB48305F2095A9D85567381D7305545DB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05470070, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: aeb8f34f2095fcbf4e8f482f6dcaba5ea20de6fca1f73bc223b87ef35e2e3316
                                                                            • Instruction ID: 1788a0552e76b3993abc44f357bce75964a95e114dfb08b9dc149a1ffd084cc2
                                                                            • Opcode Fuzzy Hash: aeb8f34f2095fcbf4e8f482f6dcaba5ea20de6fca1f73bc223b87ef35e2e3316
                                                                            • Instruction Fuzzy Hash: C1E04F719622089EC718FBB8945A5AEBFB0BB42205F101CBD84052B280DE35A965CBA9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 06DA069C, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.679665800.0000000006DA0000.00000040.00000001.sdmp, Offset: 06DA0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c5a839420bc2f8598c480450bfb1fcbf297958e7f2116cbf1c573c9739358069
                                                                            • Instruction ID: 7da2cd53c445b2b307e3166531f2477744e6307f18e8471a23155c0f4fb86515
                                                                            • Opcode Fuzzy Hash: c5a839420bc2f8598c480450bfb1fcbf297958e7f2116cbf1c573c9739358069
                                                                            • Instruction Fuzzy Hash: BCF03075D082189FDB10CF50CC49BECBBB9AB09314F0440D5A24EAA290CB705B80DFA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054700C0, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 28337f1e47270b05a69c306b099039a95d3b1dca1f48d6fb4212279764e9ff43
                                                                            • Instruction ID: 7fd89cb41c7302b4f9db95b9d614a4fd1e1fa30697c6ea2d388054e1ee5c22b7
                                                                            • Opcode Fuzzy Hash: 28337f1e47270b05a69c306b099039a95d3b1dca1f48d6fb4212279764e9ff43
                                                                            • Instruction Fuzzy Hash: 9FE02230905248DFC301EFA9D8896AC7B78FB41300F22448AC8459B391DB705E04CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0547DA90, Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e2d962f8045367bf34ef04f03b2d83918bdeb977f87675a78bc13d5f7d9a27f1
                                                                            • Instruction ID: 93b679f7f05e505e23e9c98ecae7aa9bbad6cbe95388fd333b077c4515bfba5b
                                                                            • Opcode Fuzzy Hash: e2d962f8045367bf34ef04f03b2d83918bdeb977f87675a78bc13d5f7d9a27f1
                                                                            • Instruction Fuzzy Hash: A8E0DF30D08208DBC720EF60E4886EEBB34FB85301F100198C90627288DB701948CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0547A0F3, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 665446b6e359793b60c809b7dd93596c35ef3c404af7ad6f9404fba5c0aac7d6
                                                                            • Instruction ID: eff23ce22a781ae4c41cf2fa645d1f4a2f17dfb09e3fac02aa7867dbfac436f6
                                                                            • Opcode Fuzzy Hash: 665446b6e359793b60c809b7dd93596c35ef3c404af7ad6f9404fba5c0aac7d6
                                                                            • Instruction Fuzzy Hash: F0F062B0901259CFCBA0CF68D98879CBBB1FB49214F1085D6C92EB6254DB705E85CF20
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 054700D0, Relevance: .0, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4c8cd92c29570827146761b9587e38ed2ef07f3fc1cb1a2bb488986684f755b1
                                                                            • Instruction ID: 26c977684286d3c0f222f8790a2847fb680584362cda8efc6739e4b06dfadb09
                                                                            • Opcode Fuzzy Hash: 4c8cd92c29570827146761b9587e38ed2ef07f3fc1cb1a2bb488986684f755b1
                                                                            • Instruction Fuzzy Hash: 1FE0C230A4110DDBC710EFB9E549AAD7BA8FB84300F20459ECC055B384DE706E10DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015A23F4, Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674823053.00000000015A2000.00000040.00000001.sdmp, Offset: 015A2000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: eb827e50f19976c22d9543ab916c613c87d347d1594f25e4144aad1a3d523d7e
                                                                            • Instruction ID: 71ef94c446b9bc2522df6a21b5edfc41fc7de9bc525e4b1e2ce95bfd0effd62c
                                                                            • Opcode Fuzzy Hash: eb827e50f19976c22d9543ab916c613c87d347d1594f25e4144aad1a3d523d7e
                                                                            • Instruction Fuzzy Hash: 12D05E79245B914FE3268A1CC1A9B9D3FE4BB51B04F8644F9E8008F667C369D681D200
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015A23BC, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.674823053.00000000015A2000.00000040.00000001.sdmp, Offset: 015A2000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c280c8d6beaa71d9dbd9d7e1957c184f3501aa60f919228f11c0bb2584f183b9
                                                                            • Instruction ID: c02db9efe8d00baf76023f492ee691bb3c639d9e3d25b216e2a62e5578eefbc7
                                                                            • Opcode Fuzzy Hash: c280c8d6beaa71d9dbd9d7e1957c184f3501aa60f919228f11c0bb2584f183b9
                                                                            • Instruction Fuzzy Hash: 1DD05E342402814BDB15DB0CC195F5D3BD4BB42B00F0644E9AD008F266C7A8D881C600
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 05473E08, Relevance: 3.9, Strings: 3, Instructions: 139COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: :@fq$>_kq$f]kq
                                                                            • API String ID: 0-1744552541
                                                                            • Opcode ID: a9197b648b2dcc1511e39775c68356f1ace4b5ba9be94cd1be22308385814a44
                                                                            • Instruction ID: 9fa133ab80eb52c81cb32f94e2748eac173ddafd30dafb5ca6bd1b6b911c568c
                                                                            • Opcode Fuzzy Hash: a9197b648b2dcc1511e39775c68356f1ace4b5ba9be94cd1be22308385814a44
                                                                            • Instruction Fuzzy Hash: 5B511B70E0020A8FD754DF6AE58979EBBF2FFC9304F15C52AD0259B298DF74580A8B51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05473E18, Relevance: 3.9, Strings: 3, Instructions: 136COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: :@fq$>_kq$f]kq
                                                                            • API String ID: 0-1744552541
                                                                            • Opcode ID: 72fd54a3d7bfff5e9d3c78ae725ca7ade3cca0eeedc95b114527f18880bbe047
                                                                            • Instruction ID: 506da5b4a72e3060b6d9b8e3732334ff63094c6940d483db9b1f7138539be30e
                                                                            • Opcode Fuzzy Hash: 72fd54a3d7bfff5e9d3c78ae725ca7ade3cca0eeedc95b114527f18880bbe047
                                                                            • Instruction Fuzzy Hash: 73511A70E0020A8FD754DF6AE58879EBBE2FFC8304F25852AD4259B298DF74580A8B51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05475B17, Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 9
                                                                            • API String ID: 0-2366072709
                                                                            • Opcode ID: 2fb90309c1adeeaebc1c36c9da9647d5323c53e8687d87016b38f7c8d6b8a9b4
                                                                            • Instruction ID: 1b34cfbc1bdcd3ec1a98536c6391db5d7bb7ec02aa2bcee297064e2db2d102ec
                                                                            • Opcode Fuzzy Hash: 2fb90309c1adeeaebc1c36c9da9647d5323c53e8687d87016b38f7c8d6b8a9b4
                                                                            • Instruction Fuzzy Hash: 3B9191B0E006288BDBA4DF29C9957C8BBF1EF4A300F1181E9D14CA6255EB319ED5CF16
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05474050, Relevance: .1, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.676796378.0000000005470000.00000040.00000001.sdmp, Offset: 05470000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4cc204a76d4783b529b1881c51c379d70754f1fa1e662a4cc01c481c610dfa89
                                                                            • Instruction ID: 3fc06b87d9aa932667d2d83db1451b10a499198909e05d38ed5f6cce5c287f16
                                                                            • Opcode Fuzzy Hash: 4cc204a76d4783b529b1881c51c379d70754f1fa1e662a4cc01c481c610dfa89
                                                                            • Instruction Fuzzy Hash: 5D416FB1E056588BEB6CCF6B8D407DAFAF3AFC9200F14C1FA850CAA255DB3045868F55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Analysis Process: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6416 Parent PID: 6720 256ec8f8f67b59c5e085b0bb63afcd13.exeCOMMON

                                                                            Executed Functions

                                                                            Function 0512B238, Relevance: 2.2, Strings: 1, Instructions: 962COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: r
                                                                            • API String ID: 0-1812594589
                                                                            • Opcode ID: 2c85e028528e91c7c97a7ece559470cd962290426e09a5031e9024affc5870b2
                                                                            • Instruction ID: be22d93f69c5b528c08d6f000ada70da7ddad7bbfbcdbd1233a24ddec5746544
                                                                            • Opcode Fuzzy Hash: 2c85e028528e91c7c97a7ece559470cd962290426e09a5031e9024affc5870b2
                                                                            • Instruction Fuzzy Hash: 1A927670A04619DFCB14CF68C884AAEBBB2FF88310F25C569D45AAB655D730F991CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05251463, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 052514E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AdjustPrivilegesToken
                                                                            • String ID:
                                                                            • API String ID: 2874748243-0
                                                                            • Opcode ID: cfe80b3519c88834b2f796330c64139acb5c794d2081debce1398661487ef681
                                                                            • Instruction ID: ad31618181e35f537f4efa759851cfa573ff9a10fa1d51a177098fdece0010ec
                                                                            • Opcode Fuzzy Hash: cfe80b3519c88834b2f796330c64139acb5c794d2081debce1398661487ef681
                                                                            • Instruction Fuzzy Hash: C52191765097809FDB238F25DC40B52BFF4EF06210F08849AED898F563D275D918CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052528E3, Relevance: 1.6, APIs: 1, Instructions: 73networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • bind.WS2_32(?,00000E2C,83689A98,00000000,00000000,00000000,00000000), ref: 05252967
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: bind
                                                                            • String ID:
                                                                            • API String ID: 1187836755-0
                                                                            • Opcode ID: ab7d4ee509eae691059bf2e145309eed9fe76b58c818c88e2e4b3bb029b13211
                                                                            • Instruction ID: e762d37ae64a4d63f18a9fc4040948ba8861783a667a5b5f21f382dd12a6b5ff
                                                                            • Opcode Fuzzy Hash: ab7d4ee509eae691059bf2e145309eed9fe76b58c818c88e2e4b3bb029b13211
                                                                            • Instruction Fuzzy Hash: CB2183B1508384AFD722CF25DC84F96BFA8EF45220F1884ABED499B252D374E504CB76
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0525169F, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05251715
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: InformationQuerySystem
                                                                            • String ID:
                                                                            • API String ID: 3562636166-0
                                                                            • Opcode ID: d7d3ebcd30a07e752e9b8980d584b6b6f3ea2d684ec36d602926b23d088284af
                                                                            • Instruction ID: eb977ee74dc0429c5816f91deebc799ca9faf23ab7345d11528ff6b4c6f3720b
                                                                            • Opcode Fuzzy Hash: d7d3ebcd30a07e752e9b8980d584b6b6f3ea2d684ec36d602926b23d088284af
                                                                            • Instruction Fuzzy Hash: 3D21AE764097C09FDB238B25DC45A52FFB4EF16224F0980DBED848B163D275A519CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05252906, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • bind.WS2_32(?,00000E2C,83689A98,00000000,00000000,00000000,00000000), ref: 05252967
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: bind
                                                                            • String ID:
                                                                            • API String ID: 1187836755-0
                                                                            • Opcode ID: 2b2312db5722404d01d27ab70abae985824a0dc45786fd40e8a56638e49ceccf
                                                                            • Instruction ID: 8c815461d71475c78dec777c5b91964f1fe3615c7a5dcea99744637cd3a4d776
                                                                            • Opcode Fuzzy Hash: 2b2312db5722404d01d27ab70abae985824a0dc45786fd40e8a56638e49ceccf
                                                                            • Instruction Fuzzy Hash: 751190B5504300AFE721CF59DC84FA6FBA8EF44320F54846AED499B286D674E404CAB2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0525149A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 052514E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AdjustPrivilegesToken
                                                                            • String ID:
                                                                            • API String ID: 2874748243-0
                                                                            • Opcode ID: 9fb890c7f605f0f26109255c9013c688efe02de38006144edf5b173d26edc4b9
                                                                            • Instruction ID: 65679073603e7e63fa9eda987a8108468330054df92430cbf7f2e2cfbf169aa6
                                                                            • Opcode Fuzzy Hash: 9fb890c7f605f0f26109255c9013c688efe02de38006144edf5b173d26edc4b9
                                                                            • Instruction Fuzzy Hash: 2C1170766103419FDB21CF59D844B66FBE5FF04320F08846ADD8A8B656D375E414CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052511C2, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSystemInfo.KERNELBASE(?), ref: 052511F4
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: InfoSystem
                                                                            • String ID:
                                                                            • API String ID: 31276548-0
                                                                            • Opcode ID: 53936321e1506664e0317235bb9661605c052987d3feff02dad4466f1f8a837b
                                                                            • Instruction ID: e270ed788391ada53c87044e79de346252b7adf4ff4c92ea4f65e8622493288b
                                                                            • Opcode Fuzzy Hash: 53936321e1506664e0317235bb9661605c052987d3feff02dad4466f1f8a837b
                                                                            • Instruction Fuzzy Hash: BC018F709103409FDB20CF5AE884765FBA4EF04220F48C4AADD48CF646D2B9A414CA62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052516DA, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05251715
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: InformationQuerySystem
                                                                            • String ID:
                                                                            • API String ID: 3562636166-0
                                                                            • Opcode ID: 35e9e16b1bc8b81233685a09705fb554a23f590f500ca6162405094db4a1f1fb
                                                                            • Instruction ID: 1a7332fb0f54c95986a6b1c34552573722c57b9df204c98e738a6adee35e9d27
                                                                            • Opcode Fuzzy Hash: 35e9e16b1bc8b81233685a09705fb554a23f590f500ca6162405094db4a1f1fb
                                                                            • Instruction Fuzzy Hash: 4D0178359107409FDB20CF6AD885B61FBA1EF08720F08C49ADE994A616D3B5A428CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051289D8, Relevance: .5, Instructions: 505COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cd30db12d137072f82d3201edfc1342723a3be7b205d984b3551f2e7fd062b16
                                                                            • Instruction ID: dd1e1d9972482963146e5d7268c62f7a141a5927e7a55e57e1f5fc53ff546fdd
                                                                            • Opcode Fuzzy Hash: cd30db12d137072f82d3201edfc1342723a3be7b205d984b3551f2e7fd062b16
                                                                            • Instruction Fuzzy Hash: 2112BC35E04225DFCB28DF69C88466EBBF3FB84304F25857DE016AB251DB799892CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05123850, Relevance: .5, Instructions: 466COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2f08c8d5e6825338f9590bed3fd13f3558d1d8bce2a262711c865967396d692b
                                                                            • Instruction ID: 41e720d2017f583815ce706b29458f02106040743b5b1ef06b1547415a2957af
                                                                            • Opcode Fuzzy Hash: 2f08c8d5e6825338f9590bed3fd13f3558d1d8bce2a262711c865967396d692b
                                                                            • Instruction Fuzzy Hash: 0BF11731A04229DFCB29CF68C4849BDBBB2FF46300B1589AAD465AF252C735DC25CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05122FA8, Relevance: .2, Instructions: 239COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c72a87a75f57e8bf6009e1fb4432528b6d914ae91072a8e0384a6d98f2212585
                                                                            • Instruction ID: c308a56722d4800cb0f2b637fc2a9a9aabbeb7489f47cd701a1ac59a3109f11d
                                                                            • Opcode Fuzzy Hash: c72a87a75f57e8bf6009e1fb4432528b6d914ae91072a8e0384a6d98f2212585
                                                                            • Instruction Fuzzy Hash: D281AC32F011259BDB18DB69D894A6EB7F3AFC8310B2A8574D426AB365DF34DC418B90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512E021, Relevance: 3.8, Strings: 3, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 0$0$0
                                                                            • API String ID: 0-1491684333
                                                                            • Opcode ID: f92487095f778fa4669c569c71f37cc8d804759f371942263ea54f68411250b3
                                                                            • Instruction ID: f74872c541338b2318f3b763bcb2272fab54dc0bf50cf21fbfe2470ee3f9e96f
                                                                            • Opcode Fuzzy Hash: f92487095f778fa4669c569c71f37cc8d804759f371942263ea54f68411250b3
                                                                            • Instruction Fuzzy Hash: 303136316017058FC765AB38C46167A77A3BFC87047A48A6CD1469F798DEB6EC038B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052501F4, Relevance: 3.1, APIs: 2, Instructions: 100synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMutexW.KERNELBASE(?,?), ref: 0525019D
                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 05250264
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ChangeCloseCreateFindMutexNotification
                                                                            • String ID:
                                                                            • API String ID: 2967213129-0
                                                                            • Opcode ID: 9d198214030672a7c58d0a39d739cbaf1005e5856a84e985578da4b4b5169c88
                                                                            • Instruction ID: 1042bca0203bf01e813ae2e7e13739992c8d0e2c2a9cfd0283f5d951d1405a2e
                                                                            • Opcode Fuzzy Hash: 9d198214030672a7c58d0a39d739cbaf1005e5856a84e985578da4b4b5169c88
                                                                            • Instruction Fuzzy Hash: AB31D4715053809FE711CF19DD89BA6BFA4EF02324F0884ABDD488F253D375A909CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051220D0, Relevance: 2.7, Strings: 2, Instructions: 200COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: n$r*+
                                                                            • API String ID: 0-3373005577
                                                                            • Opcode ID: 7669f5e0859145d4498686c6bd69fd7d17aa5e90650b4e6981f2012f099c0222
                                                                            • Instruction ID: 02012a7bf931a6c0881d72bcb760f6cb577cfac73f9f5ba00e17c8ef70a81f81
                                                                            • Opcode Fuzzy Hash: 7669f5e0859145d4498686c6bd69fd7d17aa5e90650b4e6981f2012f099c0222
                                                                            • Instruction Fuzzy Hash: 8F719138E08219DFCB18DFA5C441A7EBBB2FF44300F21806AC526AB264DB359E55CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05122D58, Relevance: 2.6, Strings: 2, Instructions: 125COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $>_kq
                                                                            • API String ID: 0-1412446344
                                                                            • Opcode ID: 4bbeeaab64e404a49afbb6b954567c87adc9e791ba00cec4a3ff116b2fed9bbb
                                                                            • Instruction ID: cc208f8ab1434c61dc442004b724a6e7b84ad9392a01b843a4203a08cf77acfb
                                                                            • Opcode Fuzzy Hash: 4bbeeaab64e404a49afbb6b954567c87adc9e791ba00cec4a3ff116b2fed9bbb
                                                                            • Instruction Fuzzy Hash: 3A41B338F041658FCB28DF69C8405FEBB73FBC5214B2AC966C4219B605C735E8A2D792
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05120006, Relevance: 2.6, Strings: 2, Instructions: 90COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $l$i
                                                                            • API String ID: 0-2599576434
                                                                            • Opcode ID: 65149d29696e0d679a3d2302e14a2abf15aae62a8ee7c412446cf247cb086a8a
                                                                            • Instruction ID: e7b93d08701a58b6a302930795b8553d399e5350ee13140e7d753faf65a91b0b
                                                                            • Opcode Fuzzy Hash: 65149d29696e0d679a3d2302e14a2abf15aae62a8ee7c412446cf247cb086a8a
                                                                            • Instruction Fuzzy Hash: B831433010D3C59FC70A9B7498596283FF1EF86344B0985AAD1C1DB167DE398C59CB22
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05251820, Relevance: 1.6, APIs: 1, Instructions: 104networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 052518F2
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Query_
                                                                            • String ID:
                                                                            • API String ID: 428220571-0
                                                                            • Opcode ID: 04c7eec3414376a2344467cfcdc8bece64b2037285d36227c92dd1281d8b7aba
                                                                            • Instruction ID: 281fa77e71ae3860fdbbdbc53fd17a3f56320cdec512164f5851fe3f09261e2e
                                                                            • Opcode Fuzzy Hash: 04c7eec3414376a2344467cfcdc8bece64b2037285d36227c92dd1281d8b7aba
                                                                            • Instruction Fuzzy Hash: 3431697540E3C05FD3138B358C61A61BFB4EF87614B0A80CBE884CF5A3D169691AD7B2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05251D6F, Relevance: 1.6, APIs: 1, Instructions: 98networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSASocketW.WS2_32(?,?,?,?,?), ref: 05251E2A
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Socket
                                                                            • String ID:
                                                                            • API String ID: 38366605-0
                                                                            • Opcode ID: e44310616c4e5d2d7c68dc6a423eeba9845432c35ed45911fa00fb11a8c84858
                                                                            • Instruction ID: 001eb9401137edf0d9674c65c46735d351665a8202cceb4c99b9110d7773559d
                                                                            • Opcode Fuzzy Hash: e44310616c4e5d2d7c68dc6a423eeba9845432c35ed45911fa00fb11a8c84858
                                                                            • Instruction Fuzzy Hash: 4A316D7140D7C0AFE7238B659C55B56BFB4EF07210F0988DBE9C58F1A3D265A808CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05250EB8, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05250F5B
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: f011d70c344c848611ace07368ba5fdbca4af61f1e3f5765abce1d236244dd10
                                                                            • Instruction ID: 006965e38e06da22cf3a4c884817ba1124153d52314b6d2b9cad5ec3332b3186
                                                                            • Opcode Fuzzy Hash: f011d70c344c848611ace07368ba5fdbca4af61f1e3f5765abce1d236244dd10
                                                                            • Instruction Fuzzy Hash: BE318171504345AFEB228F65DC44FA7BFACEF05320F0488AAF985DB152D224A919CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05250C58, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 05250D1A
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileNameTemp
                                                                            • String ID:
                                                                            • API String ID: 745986568-0
                                                                            • Opcode ID: 1d7cb6c0e3a8752586db36ddfcc5d608d675d643734fd6673a79f88b33414798
                                                                            • Instruction ID: 804bfcc4371bd2ddaa093b63d195ac1ffbd90ba8b290008a4a51f9f4ec6cf436
                                                                            • Opcode Fuzzy Hash: 1d7cb6c0e3a8752586db36ddfcc5d608d675d643734fd6673a79f88b33414798
                                                                            • Instruction Fuzzy Hash: 16317A6140E3C06FD7138B258C51B62BFB4EF47620F0E85DBD9848F5A3D225A81AC7A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05250390, Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0525045E
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: 3c73b90f1cab54ed2daed866097ab6005ec9ade007c28391a99e5ef1c32e7006
                                                                            • Instruction ID: 7b9f635afbd52d9eedf78e38ee5f6abeaf8594d2bd7753467a0716ba09264f86
                                                                            • Opcode Fuzzy Hash: 3c73b90f1cab54ed2daed866097ab6005ec9ade007c28391a99e5ef1c32e7006
                                                                            • Instruction Fuzzy Hash: 1D31C4B2004344AFE7228F15CC45FA6FFB8EF05324F04899EE9858B192D2B5A949CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052507F4, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05250899
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: cc09ade50d4cd1bdc1e0a1dbe17d18fba85c21bc37882d176b818006454a2404
                                                                            • Instruction ID: 4ddfb0ba375aa2b92dbc60288d4b39ca545d90ab713edb99861e1f84b6c487ef
                                                                            • Opcode Fuzzy Hash: cc09ade50d4cd1bdc1e0a1dbe17d18fba85c21bc37882d176b818006454a2404
                                                                            • Instruction Fuzzy Hash: DA316EB1504780AFE722CF65DC44F66BFE8EF05320F0884AEE9858B252D275E405DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05252B9B, Relevance: 1.6, APIs: 1, Instructions: 90windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 05252C56
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FormatMessage
                                                                            • String ID:
                                                                            • API String ID: 1306739567-0
                                                                            • Opcode ID: 087061461b22b6944b70f5935c7475c3bb0a5cfa2f9af3d4e1ddf5a3e3342a07
                                                                            • Instruction ID: dbbcfb8858bea4cd1901283c2549144d84db431d58c56be0110d0938239dba81
                                                                            • Opcode Fuzzy Hash: 087061461b22b6944b70f5935c7475c3bb0a5cfa2f9af3d4e1ddf5a3e3342a07
                                                                            • Instruction Fuzzy Hash: 03319F7250D7C45FD7138B258C61A62BFB4EF47710F0A80CBD984CF2A3E6246909C7A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05250FB9, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetExitCodeProcess.KERNELBASE(?,00000E2C,83689A98,00000000,00000000,00000000,00000000), ref: 0525105C
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CodeExitProcess
                                                                            • String ID:
                                                                            • API String ID: 3861947596-0
                                                                            • Opcode ID: 6d5f1eac3f8af3af9f43df9fa91f531c406f634ca619fbb06b960e774989fcff
                                                                            • Instruction ID: 7e918eaa7a988a2708f1758270bbaab380698ccb09909f0458af61a2abbe5318
                                                                            • Opcode Fuzzy Hash: 6d5f1eac3f8af3af9f43df9fa91f531c406f634ca619fbb06b960e774989fcff
                                                                            • Instruction Fuzzy Hash: 7231E5715093C09FEB12CB25DC54FA6BFB8EF46720F0984DAED848F1A3D624A908C761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052500F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMutexW.KERNELBASE(?,?), ref: 0525019D
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID:
                                                                            • API String ID: 1964310414-0
                                                                            • Opcode ID: ae4b5bcea4818bc54ad23bbc4d7ad6e43c4eb1da23506ba2544b24006ea78ac6
                                                                            • Instruction ID: a8ddb59b7f87ec34ffaf2879dfad0cf5286b9291133cbbb97fe215ddd31a8437
                                                                            • Opcode Fuzzy Hash: ae4b5bcea4818bc54ad23bbc4d7ad6e43c4eb1da23506ba2544b24006ea78ac6
                                                                            • Instruction Fuzzy Hash: 5C3184715097806FE722CB25DC44B56BFE8EF06310F08849AE9858B292D375E905C766
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052527DC, Relevance: 1.6, APIs: 1, Instructions: 89timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcessTimes.KERNELBASE(?,00000E2C,83689A98,00000000,00000000,00000000,00000000), ref: 05252879
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ProcessTimes
                                                                            • String ID:
                                                                            • API String ID: 1995159646-0
                                                                            • Opcode ID: d2be6f0cc62b98bf4165852c284508297239344904294f3f99f32f39baec49cb
                                                                            • Instruction ID: 4d369eaeb069f24e511b94dcd202307443cd2640d32e1f004374f0a0257df856
                                                                            • Opcode Fuzzy Hash: d2be6f0cc62b98bf4165852c284508297239344904294f3f99f32f39baec49cb
                                                                            • Instruction Fuzzy Hash: 623195B2509780AFE7128F65DC45FA6BFB8EF06320F0884AAE9859B193D2359505CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05252370, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileView
                                                                            • String ID:
                                                                            • API String ID: 3314676101-0
                                                                            • Opcode ID: 925466f36415d8bd21ba802d584ee3d2a13d9e456f377884d45a574c4afc4bc3
                                                                            • Instruction ID: 428633a3bf34387a480647dee7f0bfa7b4ed0c72fec70c4ae9aca373e8dd23ba
                                                                            • Opcode Fuzzy Hash: 925466f36415d8bd21ba802d584ee3d2a13d9e456f377884d45a574c4afc4bc3
                                                                            • Instruction Fuzzy Hash: 5131B3B2504780AFE722CF55DC45F96FFF8EF05320F04859AE9848B152D375A509CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052504AB, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,83689A98,00000000,00000000,00000000,00000000), ref: 0525055C
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: 4fa78b6c03a12700423e7474a867cd18c7873089618093bbc89be076b90ee774
                                                                            • Instruction ID: 9bbbe437548e3838afcddc2c95ec5ccfd30fa9930ba35e6ccd27706d78d5005e
                                                                            • Opcode Fuzzy Hash: 4fa78b6c03a12700423e7474a867cd18c7873089618093bbc89be076b90ee774
                                                                            • Instruction Fuzzy Hash: 31318071509780AFD722CF25DC44F92BFF8AF06320F0885DAE9859B1A3D264E808CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05250EDE, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05250F5B
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 642a2e8dce3ce6692498e4e44b370326be0864688e1422010ad3c91050ed8237
                                                                            • Instruction ID: b82194bc413dcfabbe55d0db1cfc82766970a914d8837e616f434b0d00c1b948
                                                                            • Opcode Fuzzy Hash: 642a2e8dce3ce6692498e4e44b370326be0864688e1422010ad3c91050ed8237
                                                                            • Instruction Fuzzy Hash: 6121B072500305AFEB21CF69DC84FAAFBACEF08320F04886AFD459A651D674E505CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052502AB, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05250353
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: 16813bfe2999a24d4cef7e8fff0cf13e871713027050b9612945a8fc374b31c4
                                                                            • Instruction ID: 313dbdf4f788dca2fad2710a9b6fdfbfd4e4544739997cde34a939ce8a60f7dc
                                                                            • Opcode Fuzzy Hash: 16813bfe2999a24d4cef7e8fff0cf13e871713027050b9612945a8fc374b31c4
                                                                            • Instruction Fuzzy Hash: 0721B571009380AFE7228F25DC45FA6FFB8EF06310F0884DAE9848B193D275A909CB75
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0525228E, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OpenFileMappingW.KERNELBASE(?,?), ref: 05252319
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileMappingOpen
                                                                            • String ID:
                                                                            • API String ID: 1680863896-0
                                                                            • Opcode ID: a41125bce7b618f4e376c155116d9f994ce6635d6d3b49fba7430a7f9b49e0e4
                                                                            • Instruction ID: c4b955d91d2c05df93a73367192113087676de4f4acd0c6bf38eda66e674ed8f
                                                                            • Opcode Fuzzy Hash: a41125bce7b618f4e376c155116d9f994ce6635d6d3b49fba7430a7f9b49e0e4
                                                                            • Instruction Fuzzy Hash: FD2160B5509780AFE721CB65DC45F66FFE8EF05220F08849AED858B292D275E504C761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052508F0, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileType.KERNELBASE(?,00000E2C,83689A98,00000000,00000000,00000000,00000000), ref: 05250985
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileType
                                                                            • String ID:
                                                                            • API String ID: 3081899298-0
                                                                            • Opcode ID: d8efb3b04f69ddde7d213ee1e15a00c45287ebb09736ca374f25b44e893a782a
                                                                            • Instruction ID: 65084d7a86ceb3443778d0ee5c9400278f4657c86627b25770ddd2a0c5ff4ff6
                                                                            • Opcode Fuzzy Hash: d8efb3b04f69ddde7d213ee1e15a00c45287ebb09736ca374f25b44e893a782a
                                                                            • Instruction Fuzzy Hash: BA21F5B64087806FE712CB25DC44FA2BFB8EF46720F1884DAED949B153D224A909C7B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0525081A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05250899
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: ea9d1e5bbff97ec9523d46ea35bc87a55d2e30e7adb39730c040c73f2d30d910
                                                                            • Instruction ID: 4a0d04cdc801c7d5b693225044188de0a6a9c4db614bce0c2278151eb36a291d
                                                                            • Opcode Fuzzy Hash: ea9d1e5bbff97ec9523d46ea35bc87a55d2e30e7adb39730c040c73f2d30d910
                                                                            • Instruction Fuzzy Hash: 53216D71500700AFE721DF65CD48F66FBE8FF08720F04846AED858A651D375E404CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052509C0, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteFile.KERNELBASE(?,00000E2C,83689A98,00000000,00000000,00000000,00000000), ref: 05250A51
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileWrite
                                                                            • String ID:
                                                                            • API String ID: 3934441357-0
                                                                            • Opcode ID: 1f5a67ae204066ed39d99d1221dd48dc7f673a6625b4be01e4ab1aca96e80382
                                                                            • Instruction ID: 89f96826d06a239467596e77ecb46a9ba5f93981cecaa18d0827156e5b8845ff
                                                                            • Opcode Fuzzy Hash: 1f5a67ae204066ed39d99d1221dd48dc7f673a6625b4be01e4ab1aca96e80382
                                                                            • Instruction Fuzzy Hash: 00216071509380AFE722CF65DD44F56BFB8EF46324F08849BE9849B153C275A409CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052503CA, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0525045E
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: 626b156eed0ba0cfa5376c69ddec2e866aae7cc62a961d0a51205936bc93334b
                                                                            • Instruction ID: 19fc506595367508688361e0520e22717d5a70c465e65cfdf6e27a4577f0819d
                                                                            • Opcode Fuzzy Hash: 626b156eed0ba0cfa5376c69ddec2e866aae7cc62a961d0a51205936bc93334b
                                                                            • Instruction Fuzzy Hash: B321C272100304AFEB32DF55DC45FA6FBACEF04720F14895AEE858A181D6B5A949CBB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0525012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMutexW.KERNELBASE(?,?), ref: 0525019D
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID:
                                                                            • API String ID: 1964310414-0
                                                                            • Opcode ID: 2f7d7a8b61e9a03961611bf9240300affdd74448824726204fcb13aa6f042e8f
                                                                            • Instruction ID: 4fee7c8895e187d7050da16c1c16a4bc8a5e16b5c0f2f07f0adddf9085588bef
                                                                            • Opcode Fuzzy Hash: 2f7d7a8b61e9a03961611bf9240300affdd74448824726204fcb13aa6f042e8f
                                                                            • Instruction Fuzzy Hash: DB219F71604740AFE720DF69DD89B6AFBE8EF04320F04846AED498B241E775E504CB76
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05250723, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateDirectoryW.KERNELBASE(?,?), ref: 0525079F
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateDirectory
                                                                            • String ID:
                                                                            • API String ID: 4241100979-0
                                                                            • Opcode ID: 9dfea9ecd54ae7a8d0f2eab058b788c749bc9fe3e074bfe8f10686575d779221
                                                                            • Instruction ID: a6e98aaaa37cd0af7c92dfd1ccddb7bc9d434cf65c034992617e148a4cc200f2
                                                                            • Opcode Fuzzy Hash: 9dfea9ecd54ae7a8d0f2eab058b788c749bc9fe3e074bfe8f10686575d779221
                                                                            • Instruction Fuzzy Hash: 692171725093819FD751CB29DC49B56BFE8EF06224F0984EAED49CF152D274D908CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052510BF, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteFileA.KERNELBASE(?,00000E2C), ref: 0525114B
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DeleteFile
                                                                            • String ID:
                                                                            • API String ID: 4033686569-0
                                                                            • Opcode ID: 8225689bda57ef7a21bd0cbbced91346d6a7dc22b4bff1918ff4f8719958afa0
                                                                            • Instruction ID: 922021f65ec61171b2e90e0dadf0e31b15ccaaf245cb970773060bfcbadfbc57
                                                                            • Opcode Fuzzy Hash: 8225689bda57ef7a21bd0cbbced91346d6a7dc22b4bff1918ff4f8719958afa0
                                                                            • Instruction Fuzzy Hash: 8921C371504381AFE7218B25DC45FA6BFA8EF05320F18C09AFD858B192D274A948CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05250A9B, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CopyFileW.KERNELBASE(?,?,?), ref: 05250B1E
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CopyFile
                                                                            • String ID:
                                                                            • API String ID: 1304948518-0
                                                                            • Opcode ID: 0d6499c31ae7c067b2c7170280bea145d86c1f2ff462eadb2fddbafb57d2a8cd
                                                                            • Instruction ID: cee3fa3c05ce9057882f1546e48cbd408f9b73465f2f3320d408c49495d7483a
                                                                            • Opcode Fuzzy Hash: 0d6499c31ae7c067b2c7170280bea145d86c1f2ff462eadb2fddbafb57d2a8cd
                                                                            • Instruction Fuzzy Hash: 042183B15093815FD722CB29DC95B62BFE8AF16324F0984EAED89CB253D235D804C761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05250B8C, Relevance: 1.6, APIs: 1, Instructions: 70registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegSetValueExW.KERNELBASE(?,00000E2C,83689A98,00000000,00000000,00000000,00000000), ref: 05250C10
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Value
                                                                            • String ID:
                                                                            • API String ID: 3702945584-0
                                                                            • Opcode ID: c0d195eca50b297db7535b3b8d07b453f0f4fcb1717a7cb310287e64fd100dbc
                                                                            • Instruction ID: abf183f0c397d50f335a78b2c263032e62ae2565234cca2a5a6aa730fc6194d1
                                                                            • Opcode Fuzzy Hash: c0d195eca50b297db7535b3b8d07b453f0f4fcb1717a7cb310287e64fd100dbc
                                                                            • Instruction Fuzzy Hash: 06115CB2600704AFEB218E15DC85FA7FBECEF45721F08895AFD499A252D271E804CA71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05251530, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 0525159C
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: 52b628858a2861ee113b8f7c658b7fa5377d935dbce7ffe229e14e057cbda070
                                                                            • Instruction ID: bfeaeb2d77d15e5746ff8c105e5833dee7366b5027deb96c2c4819e78f9b2d17
                                                                            • Opcode Fuzzy Hash: 52b628858a2861ee113b8f7c658b7fa5377d935dbce7ffe229e14e057cbda070
                                                                            • Instruction Fuzzy Hash: 2421A1725093C09FDB128B25DC54B92BFA4AF07224F0984DAED858F663D2749908CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052522AE, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OpenFileMappingW.KERNELBASE(?,?), ref: 05252319
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileMappingOpen
                                                                            • String ID:
                                                                            • API String ID: 1680863896-0
                                                                            • Opcode ID: 760b81ac095289cbe8bcd8176fa41d06dfc10d6b7ad945a53be5fffe505fb962
                                                                            • Instruction ID: d92e1f6c66c17432433f66d766385f5ffeb389c8b1cd53850ecca5b7cbb78557
                                                                            • Opcode Fuzzy Hash: 760b81ac095289cbe8bcd8176fa41d06dfc10d6b7ad945a53be5fffe505fb962
                                                                            • Instruction Fuzzy Hash: 5C21AEB5600240EFE725DF69CC85B66FBE8EF04320F04846AEE898B281D275E404CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052523AE, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileView
                                                                            • String ID:
                                                                            • API String ID: 3314676101-0
                                                                            • Opcode ID: 60d5368386bd17329d87c9cfe1f75fcc366139b81a8f6f0794e7c6249c9beb43
                                                                            • Instruction ID: 29a2a841d6e62930dc4b3e72d0bd7da2de835209a73fa6e6b09be07d9b4e1288
                                                                            • Opcode Fuzzy Hash: 60d5368386bd17329d87c9cfe1f75fcc366139b81a8f6f0794e7c6249c9beb43
                                                                            • Instruction Fuzzy Hash: 55219D71500240AFE722CF59DD44FA6FBE8EF08320F04845EE9899B681D275A508CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05251DBE, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSASocketW.WS2_32(?,?,?,?,?), ref: 05251E2A
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Socket
                                                                            • String ID:
                                                                            • API String ID: 38366605-0
                                                                            • Opcode ID: d0ad98d95caddc60b0b56c0f5577cad87ed26d977d53caae11ccfb90263508ce
                                                                            • Instruction ID: 0698107f8931220a877662a8bc288e9449cf6e1b4701be6b4cf10e3c25f618d2
                                                                            • Opcode Fuzzy Hash: d0ad98d95caddc60b0b56c0f5577cad87ed26d977d53caae11ccfb90263508ce
                                                                            • Instruction Fuzzy Hash: AF219F71500740AFEB21CF65DC45F66FBE8FF08320F04886EEE858A651D3B5A414CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052515E5, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • K32EnumProcesses.KERNEL32(?,?,?,83689A98,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 05251656
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: EnumProcesses
                                                                            • String ID:
                                                                            • API String ID: 84517404-0
                                                                            • Opcode ID: 75112c8ae0da9ba7f38ded951c326ed6d5aca0b1f27074f3c7edf165190e34d8
                                                                            • Instruction ID: 36e46fabc7a46c76161bcc81f511fe223935d13cfa27ad99b06052a6e878cdf8
                                                                            • Opcode Fuzzy Hash: 75112c8ae0da9ba7f38ded951c326ed6d5aca0b1f27074f3c7edf165190e34d8
                                                                            • Instruction Fuzzy Hash: 50215E715093849FD712CB25DC85B92BFE8EF06220F0984EAED89CF163D274A918CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05250B9E, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegSetValueExW.KERNELBASE(?,00000E2C,83689A98,00000000,00000000,00000000,00000000), ref: 05250C10
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Value
                                                                            • String ID:
                                                                            • API String ID: 3702945584-0
                                                                            • Opcode ID: a39b6e496bee55ddd54d787186b7fc2209bf093292b05312266b3eae9d2fbb0f
                                                                            • Instruction ID: 3d8b0b43d97c2ce600b0ebc61d7b518c8c1cf3738955611cb29f9309e439602e
                                                                            • Opcode Fuzzy Hash: a39b6e496bee55ddd54d787186b7fc2209bf093292b05312266b3eae9d2fbb0f
                                                                            • Instruction Fuzzy Hash: D3118EB2610304AFEB21CE19DC85FA7FBE8EF04721F08845AED499B646D674E404CA71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052504EA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,83689A98,00000000,00000000,00000000,00000000), ref: 0525055C
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: cebbd692dd759ebb74384257683986fafb0dbcab9bd8f1a279d3a74c7838d10d
                                                                            • Instruction ID: a6e6a5f11e78966b2aca7f06001c6a6b451d8fc8b83386d016520bee3c8446a8
                                                                            • Opcode Fuzzy Hash: cebbd692dd759ebb74384257683986fafb0dbcab9bd8f1a279d3a74c7838d10d
                                                                            • Instruction Fuzzy Hash: 00117F71610704AFEB21CE59DC84FA6FBE8FF08720F04845AED4A9B652D674E408CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0525281A, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcessTimes.KERNELBASE(?,00000E2C,83689A98,00000000,00000000,00000000,00000000), ref: 05252879
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ProcessTimes
                                                                            • String ID:
                                                                            • API String ID: 1995159646-0
                                                                            • Opcode ID: 95eb98cf3a78fd4bc82c9ab3c8876f6557ee82c29f6b52d522bae1a81ea3d57c
                                                                            • Instruction ID: cb312bea8ff67fce9a755f0b2197233b433f19127ef33fcd3a1f8be7e3959c15
                                                                            • Opcode Fuzzy Hash: 95eb98cf3a78fd4bc82c9ab3c8876f6557ee82c29f6b52d522bae1a81ea3d57c
                                                                            • Instruction Fuzzy Hash: 82119371500300EFEB21CF59DC45FA6FBA8EF04320F04846AED459B655D675E404CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052512F8, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05251362
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: 94fbe15bb2af3075c9c436714157dc490047275094f3c6e4ea1b1ad42c2c2e0e
                                                                            • Instruction ID: 29307b2380b503b34932a2b11600bc4e363057656aa334112ba12d7e2d712e74
                                                                            • Opcode Fuzzy Hash: 94fbe15bb2af3075c9c436714157dc490047275094f3c6e4ea1b1ad42c2c2e0e
                                                                            • Instruction Fuzzy Hash: 861175715053819FD711CF25DC85B56BFE8EF05220F0D84AAED89CB652D274E814CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05251006, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetExitCodeProcess.KERNELBASE(?,00000E2C,83689A98,00000000,00000000,00000000,00000000), ref: 0525105C
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CodeExitProcess
                                                                            • String ID:
                                                                            • API String ID: 3861947596-0
                                                                            • Opcode ID: f9132d93c882194d4a6b9f7652a16e87b46dee98f3f04160ac0e1478d82ce1f8
                                                                            • Instruction ID: 7789a1c4d8d5f51c8225f56ea497c7f06465d011ed5491625791960628bddac3
                                                                            • Opcode Fuzzy Hash: f9132d93c882194d4a6b9f7652a16e87b46dee98f3f04160ac0e1478d82ce1f8
                                                                            • Instruction Fuzzy Hash: 4E11A371600344AFEB21CF29DC85BAABB98EF44320F14846AED49DB286D678E404CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052510E2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteFileA.KERNELBASE(?,00000E2C), ref: 0525114B
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DeleteFile
                                                                            • String ID:
                                                                            • API String ID: 4033686569-0
                                                                            • Opcode ID: 1c03aa7b0147bb4a44ce394a18fc3d4f1a63a8a4d5e9255de10a3f4c89d74718
                                                                            • Instruction ID: d30f1ce5d593410627ee905cdbb12750e81182f08eb2545338dbd8cb59ef85f6
                                                                            • Opcode Fuzzy Hash: 1c03aa7b0147bb4a44ce394a18fc3d4f1a63a8a4d5e9255de10a3f4c89d74718
                                                                            • Instruction Fuzzy Hash: 8C11C271610305AFE720DB19DC86FB6FB98EF04720F14C0AAEE458A285D6B4E954CBB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052509F2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteFile.KERNELBASE(?,00000E2C,83689A98,00000000,00000000,00000000,00000000), ref: 05250A51
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileWrite
                                                                            • String ID:
                                                                            • API String ID: 3934441357-0
                                                                            • Opcode ID: fcd7bdb1ac77e0883b65abe90abf5c4a68b4f2ac3e9e61cdd442e0cba2f24203
                                                                            • Instruction ID: b9ba6a095a600ab3dbb8faa6a7cc0ef9728789a72b01f970cc8e46c46fe3e475
                                                                            • Opcode Fuzzy Hash: fcd7bdb1ac77e0883b65abe90abf5c4a68b4f2ac3e9e61cdd442e0cba2f24203
                                                                            • Instruction Fuzzy Hash: FB11E371500300AFEB21CF69DC44FA6FBA8EF04320F04886AEE499B246D375E404CBB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052502DE, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05250353
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: cf770fae36e5d425dad61f66a72ad2ed123f542e9e412b08f5d7108398b63544
                                                                            • Instruction ID: 4fec0ff629b059bd4d1dbd6ac27042c180e5802ee0b5a00dedf81974e03efa78
                                                                            • Opcode Fuzzy Hash: cf770fae36e5d425dad61f66a72ad2ed123f542e9e412b08f5d7108398b63544
                                                                            • Instruction Fuzzy Hash: B611C171100700AFEB31CF15DC45FA6FBA8EF04720F14849AEE454A696D2B5A508CBB2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0525118F, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSystemInfo.KERNELBASE(?), ref: 052511F4
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: InfoSystem
                                                                            • String ID:
                                                                            • API String ID: 31276548-0
                                                                            • Opcode ID: ad0cd0905248963aa9b540fb46be9532db5b9052079a35eb81ec1275f617a1ae
                                                                            • Instruction ID: 4dd7de58ce7afa9d7e21fdfecf2fd32f427a331bce7748aaac07936061800aa3
                                                                            • Opcode Fuzzy Hash: ad0cd0905248963aa9b540fb46be9532db5b9052079a35eb81ec1275f617a1ae
                                                                            • Instruction Fuzzy Hash: 521160714093C09FD7128B65DC84B96BFB4EF46224F0984EBED88CF153C275A859CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0525131A, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05251362
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: 207f01aff5c726e83b31976440cdfc3fab4274be9950bb24742e1278a18e2595
                                                                            • Instruction ID: b3371d0d3124117732d87a4d5a3c7f851f4b0e8952dc21f4c6526cf69df82e51
                                                                            • Opcode Fuzzy Hash: 207f01aff5c726e83b31976440cdfc3fab4274be9950bb24742e1278a18e2595
                                                                            • Instruction Fuzzy Hash: 8311A571A103019FDB64CF2AD885B66FBD8EF04620F08846ADD89CBA45E374E814CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05250AD6, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CopyFileW.KERNELBASE(?,?,?), ref: 05250B1E
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CopyFile
                                                                            • String ID:
                                                                            • API String ID: 1304948518-0
                                                                            • Opcode ID: 207f01aff5c726e83b31976440cdfc3fab4274be9950bb24742e1278a18e2595
                                                                            • Instruction ID: ada545090eb902c5744a5388522d90c636c7a79e8725eb04d0f43f7491dba68b
                                                                            • Opcode Fuzzy Hash: 207f01aff5c726e83b31976440cdfc3fab4274be9950bb24742e1278a18e2595
                                                                            • Instruction Fuzzy Hash: 2A113CB1A143058FDB60CF6ADC89B66FBD8EF04725F0884AADD49CB646E674E404CA71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05250932, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileType.KERNELBASE(?,00000E2C,83689A98,00000000,00000000,00000000,00000000), ref: 05250985
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileType
                                                                            • String ID:
                                                                            • API String ID: 3081899298-0
                                                                            • Opcode ID: 9b55e771d1df032ba0f5556f438f7027d503620b2f67c49a5aa34ced1b6c4df2
                                                                            • Instruction ID: 93b1df1ac2ee8f15267cdcd100a0d781cdadee31de3cbbbce6680cea64d376ec
                                                                            • Opcode Fuzzy Hash: 9b55e771d1df032ba0f5556f438f7027d503620b2f67c49a5aa34ced1b6c4df2
                                                                            • Instruction Fuzzy Hash: FE01D671514304AEE721CF19DC85FA6FB98EF04730F14845AED449B246D274E404CAB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0525075A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateDirectoryW.KERNELBASE(?,?), ref: 0525079F
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateDirectory
                                                                            • String ID:
                                                                            • API String ID: 4241100979-0
                                                                            • Opcode ID: f09d286df44ceafc26618ef9562c171f91e474a331796950f9267b4d33e424aa
                                                                            • Instruction ID: 0ec80f1b268b549c8840f9e8dec317dafa32fd0ed8eacb4656f4cc2dfbfc5017
                                                                            • Opcode Fuzzy Hash: f09d286df44ceafc26618ef9562c171f91e474a331796950f9267b4d33e424aa
                                                                            • Instruction Fuzzy Hash: FA115E756142418FDB60CF2ADC89B66FBD8EF04320F08C4AADD49CB646E674E404CF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05251616, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • K32EnumProcesses.KERNEL32(?,?,?,83689A98,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 05251656
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: EnumProcesses
                                                                            • String ID:
                                                                            • API String ID: 84517404-0
                                                                            • Opcode ID: 7b5fc1c0a69b89ef44844d749d99b1f15fa570b529c8319ba27e7e4ba7badc3b
                                                                            • Instruction ID: a3c2a9098b7ad0d555c02f188acef95df0ca021bbe36282215fabe68f9e763db
                                                                            • Opcode Fuzzy Hash: 7b5fc1c0a69b89ef44844d749d99b1f15fa570b529c8319ba27e7e4ba7badc3b
                                                                            • Instruction Fuzzy Hash: 4F1161716103458FDB60CF69D884B66FBE4EF04220F0884AADD898B655D375E418CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05252C06, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 05252C56
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FormatMessage
                                                                            • String ID:
                                                                            • API String ID: 1306739567-0
                                                                            • Opcode ID: 209733cbdc72c8bee098c7683a7862721830200d3e9987472e62bc0a5f85b6cd
                                                                            • Instruction ID: 6a005e2cc5545f5eb805f36187aaf3252ed23ed566a860b58e685a7e7a3b92e7
                                                                            • Opcode Fuzzy Hash: 209733cbdc72c8bee098c7683a7862721830200d3e9987472e62bc0a5f85b6cd
                                                                            • Instruction Fuzzy Hash: B301B171500600AFD310DF1ADC81B66FBA8FB88B20F14812AED088B641D231B915CBE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05250CCA, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 05250D1A
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: FileNameTemp
                                                                            • String ID:
                                                                            • API String ID: 745986568-0
                                                                            • Opcode ID: ed004baacf016a1db19348eb381c7e30a9a85fa7c6dad1795cb7a0a8525750eb
                                                                            • Instruction ID: 72d8745d9c500d8ebbb12f6cb5d6b57ccf00709109946f3a7ea45750ca7c2207
                                                                            • Opcode Fuzzy Hash: ed004baacf016a1db19348eb381c7e30a9a85fa7c6dad1795cb7a0a8525750eb
                                                                            • Instruction Fuzzy Hash: 9D01B171500600AFD310DF1ADC81B66FBA8FB88B20F14812AED088B641D231B915CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05250232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 05250264
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: 1e5e46948c16d0420d1435f91039634254ae22cbed081c064c7289fb190d47ee
                                                                            • Instruction ID: 4a20b85cacc575eb914ff2291b7f13c2fe74cff9d0ded5594371c76203efc30a
                                                                            • Opcode Fuzzy Hash: 1e5e46948c16d0420d1435f91039634254ae22cbed081c064c7289fb190d47ee
                                                                            • Instruction Fuzzy Hash: 000171759103419FDB50CF5AD888765FB94EF44330F08C4AADD49CF646D675E444CA62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0525156A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 0525159C
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: 777c20a94b0bf2803570e60d88110bd7de7ce4070b133e8cf279b79d5762d7cf
                                                                            • Instruction ID: 22bf0ae7a83b3f6db5c51ba44f4ba18895776149d507e60867da3b97b3565ee9
                                                                            • Opcode Fuzzy Hash: 777c20a94b0bf2803570e60d88110bd7de7ce4070b133e8cf279b79d5762d7cf
                                                                            • Instruction Fuzzy Hash: 1A01D4716103408FD710CF1AD884766FB94EF04230F08C0AADD4A8F646D674E418CB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 052518A2, Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 052518F2
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906640305.0000000005250000.00000040.00000001.sdmp, Offset: 05250000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Query_
                                                                            • String ID:
                                                                            • API String ID: 428220571-0
                                                                            • Opcode ID: 1c2924f3968a7ee2f405fceaaf16b44de3399033d6c16d9157e207fd33dc6c50
                                                                            • Instruction ID: 530c3e5034bb7e31de17e54336f0bb8f72b3c1ec2276e1847f909b617d18ba74
                                                                            • Opcode Fuzzy Hash: 1c2924f3968a7ee2f405fceaaf16b44de3399033d6c16d9157e207fd33dc6c50
                                                                            • Instruction Fuzzy Hash: 5501A271500605ABD214DF1ADC82B26FBE8FB89B20F14811AED084B741D271F516CBE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051202E8, Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: :@fq
                                                                            • API String ID: 0-3673016210
                                                                            • Opcode ID: 1b8fe71240c2f56a6f5c1054ae3ec0c813c48c6ab2cbfe863ce80aca4d833a74
                                                                            • Instruction ID: e9c9c33c62ad2a36f72bf9c4a8e1906d64ddf576aebd8548b5a2fac3710eb729
                                                                            • Opcode Fuzzy Hash: 1b8fe71240c2f56a6f5c1054ae3ec0c813c48c6ab2cbfe863ce80aca4d833a74
                                                                            • Instruction Fuzzy Hash: B1618930A05215CFCB18DF68C094A6DBBF2EF8D300F2585A9D506AB3A5DB35AC56CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05120682, Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: }
                                                                            • API String ID: 0-3934603907
                                                                            • Opcode ID: 3c92153725a342d0710b1b4c965cd95b4498ca2c28bdab899777fe4e457192e5
                                                                            • Instruction ID: da29cefed90840ee0b4994e3d9fc458e46d40b26488a79f0196d63091672895f
                                                                            • Opcode Fuzzy Hash: 3c92153725a342d0710b1b4c965cd95b4498ca2c28bdab899777fe4e457192e5
                                                                            • Instruction Fuzzy Hash: 0241B231A082448FD3147B36EC1D63D3B63FB847017158579F582EA2B4DF365C899BA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05120690, Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: }
                                                                            • API String ID: 0-3934603907
                                                                            • Opcode ID: 62390f6dbdd0cc40714318047955adffce883b9a0ebf962b66e7ad3b13875edf
                                                                            • Instruction ID: 90c5b270c71e992cd6446afa5c33dd0a95eb0ff78ab4542e1dd3aab151c6e6f9
                                                                            • Opcode Fuzzy Hash: 62390f6dbdd0cc40714318047955adffce883b9a0ebf962b66e7ad3b13875edf
                                                                            • Instruction Fuzzy Hash: 15419231A082059FD3187B36EC0D62D3763FF847457158539F542EA2B4DF3A6C899BA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05128830, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: r*+
                                                                            • API String ID: 0-3221063712
                                                                            • Opcode ID: 1077ed59af21a97f3d7272bd8371652d13f5f7ab44d0461179a6d3d6b5edce39
                                                                            • Instruction ID: f3a3492e0955e233f6e4811b0a8255a616858f46f80f6cfc2067047b7d7aad86
                                                                            • Opcode Fuzzy Hash: 1077ed59af21a97f3d7272bd8371652d13f5f7ab44d0461179a6d3d6b5edce39
                                                                            • Instruction Fuzzy Hash: AC415B34E04319EFCB28DFA5C5456BEBBB2FF84300F1184AAD402A7664DB359A11CF52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051250E0, Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: d@q
                                                                            • API String ID: 0-1277414842
                                                                            • Opcode ID: 06d21f93f2c7f2ba0ac10823a8c194883c0e89e4a8396dbe85ccda174d9ad714
                                                                            • Instruction ID: c2698ca963c85b635069cc3d5f6915b1fec2e060cebe5849f5e8bb173191908c
                                                                            • Opcode Fuzzy Hash: 06d21f93f2c7f2ba0ac10823a8c194883c0e89e4a8396dbe85ccda174d9ad714
                                                                            • Instruction Fuzzy Hash: 2D217E30E003199FDB04DFAAC4546AEBBF7AF89300F168429D50AAF355EB70A945CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512DEB9, Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID: 0-3162483948
                                                                            • Opcode ID: 624592d437a917c6c93cb63959fdb173b20e4d8e578a2e2228d0045a430b8408
                                                                            • Instruction ID: e62a5996fe0f8aebba02d97671834c55c927d314da022d8de573b2355c060fe9
                                                                            • Opcode Fuzzy Hash: 624592d437a917c6c93cb63959fdb173b20e4d8e578a2e2228d0045a430b8408
                                                                            • Instruction Fuzzy Hash: 18219131608264CBC729CB74E4007BEBBE7AB88315F1544AAE446AB740DB39AC678795
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051250D0, Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: d@q
                                                                            • API String ID: 0-1277414842
                                                                            • Opcode ID: a4dbddc6f74ed9b069b586026b144012eb428f65f2b54682044ef46ff73f1ac8
                                                                            • Instruction ID: f2ac6717964306eced6b1ac0cff5ca5aeaabf7f794fd488aacacbc693132d02d
                                                                            • Opcode Fuzzy Hash: a4dbddc6f74ed9b069b586026b144012eb428f65f2b54682044ef46ff73f1ac8
                                                                            • Instruction Fuzzy Hash: 0D118E31D053599FDF04CFA5C8546DEBFB2AF89300F154429C506BF251E774668ACB81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05126C8A, Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: _
                                                                            • API String ID: 0-701932520
                                                                            • Opcode ID: 755ad3124389521b38f199797db38f920a45567dc04fcbe23eee0641a44a4dd0
                                                                            • Instruction ID: 82dad73e50cf629f018b844dea5a4c4310aec4d5324aef40470e20eb2d03583a
                                                                            • Opcode Fuzzy Hash: 755ad3124389521b38f199797db38f920a45567dc04fcbe23eee0641a44a4dd0
                                                                            • Instruction Fuzzy Hash: 6201A23120C2E49DD72AE775B8146A57F25EB82224F0805ABD1495A4E2CF6A49B8C761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512F2A8, Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `
                                                                            • API String ID: 0-4168407445
                                                                            • Opcode ID: ac1f57af9bb7d91727a2f7de5c20009ff15ccbed7019b61ee18ff101cc59fb47
                                                                            • Instruction ID: 3e12aaf46de313876610570e866876a78d96600982431d89c4ac7fae4082247f
                                                                            • Opcode Fuzzy Hash: ac1f57af9bb7d91727a2f7de5c20009ff15ccbed7019b61ee18ff101cc59fb47
                                                                            • Instruction Fuzzy Hash: CCF027367092A95FDB01C6689C119BE7FA6DFC2254B1589AFD445DB383CA738C0683D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512E17B, Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @
                                                                            • API String ID: 0-935976969
                                                                            • Opcode ID: fa624a15e683a27c92e57ac55ed79ba67c88458c0191d244e8998e56b639e455
                                                                            • Instruction ID: aaedbad14e5a350a265edef722a564d3c137ba9769233f24bb6d24a41c46e18b
                                                                            • Opcode Fuzzy Hash: fa624a15e683a27c92e57ac55ed79ba67c88458c0191d244e8998e56b639e455
                                                                            • Instruction Fuzzy Hash: 3DF0A7312056608FC315C65999209763BAACBC2710305857ED44ACF752DA358C1687B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512E188, Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @
                                                                            • API String ID: 0-935976969
                                                                            • Opcode ID: 3ad4477a15aebc59d08f74ee94875229d33e83c981961b9569b1cfb2cef55bc7
                                                                            • Instruction ID: 25c84d19c8a2fada49f324fce397c5e85c300c8eda58d4f88d875c998ff60979
                                                                            • Opcode Fuzzy Hash: 3ad4477a15aebc59d08f74ee94875229d33e83c981961b9569b1cfb2cef55bc7
                                                                            • Instruction Fuzzy Hash: 95E0DF323002208B8324D65AC82197A779ECBC1720301883ED50A9F341EF72DC0287E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051202A0, Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Lm
                                                                            • API String ID: 0-3864954704
                                                                            • Opcode ID: 4a8c07c982a8ecce816dd45b13508c1461463f7fa7318232d7e5bcd96940ff4c
                                                                            • Instruction ID: eafa0416e027f24ff2f11cef26f0d5516cc64bf12ff98a879a9e2067249b77d2
                                                                            • Opcode Fuzzy Hash: 4a8c07c982a8ecce816dd45b13508c1461463f7fa7318232d7e5bcd96940ff4c
                                                                            • Instruction Fuzzy Hash: 57E08C3010E7908FC3A69378A4599913FF1AF4E6003164A8FE0829B569C721BC188B51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512F2B8, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `
                                                                            • API String ID: 0-4168407445
                                                                            • Opcode ID: b9cc9144abc113f8bdc94a8f764e330e23cd3f4f9aba078dbd63e8a7ac53b137
                                                                            • Instruction ID: 4386707fcb3f15cb1c9a377f1399281a28875b15646ecf62755169943401e261
                                                                            • Opcode Fuzzy Hash: b9cc9144abc113f8bdc94a8f764e330e23cd3f4f9aba078dbd63e8a7ac53b137
                                                                            • Instruction Fuzzy Hash: ADD0A73230022867A608E5ACC81297A738EDBC5724305CC7EB50AEB382CD72DC0243E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051212A0, Relevance: .5, Instructions: 460COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9af4a93df3debe6f9855a696b93db6165f73fd15aeb6b52a8573c83ee2e8254b
                                                                            • Instruction ID: 5d45e076e03e7bd130fb7a9cbc2a6c2d93ad2be042a254307cd1416cededb393
                                                                            • Opcode Fuzzy Hash: 9af4a93df3debe6f9855a696b93db6165f73fd15aeb6b52a8573c83ee2e8254b
                                                                            • Instruction Fuzzy Hash: C222F234A00655DFCB28DF28D480A6AB7F2FF88310B11C5A9D85AAB765DB38ED45CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512AD10, Relevance: .3, Instructions: 269COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: be160e40fd054690f4bdcc0e7e1ec93eacdef4cf5e5aea626e5cc5c5cba3d947
                                                                            • Instruction ID: 833f7ea22eb5b6330cefd3fc8fd42448b925ad94e42b355429ee3263f711f18e
                                                                            • Opcode Fuzzy Hash: be160e40fd054690f4bdcc0e7e1ec93eacdef4cf5e5aea626e5cc5c5cba3d947
                                                                            • Instruction Fuzzy Hash: 469107307006199BD704EB68C45AB7E7BA3FFC4304F21856DE2069B699DFB49C0587E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05126220, Relevance: .2, Instructions: 241COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8e02083ff92b150c4e992eb4728a58369d234811bbce5cf200b05265a814b032
                                                                            • Instruction ID: e8fdf53ef01e0877ae9b096946d9ffcfff89ed17b38ce6052ea27359b4ce0fb9
                                                                            • Opcode Fuzzy Hash: 8e02083ff92b150c4e992eb4728a58369d234811bbce5cf200b05265a814b032
                                                                            • Instruction Fuzzy Hash: 39818131A00529CFCF15CF14C880A9AB7B3AF89304F15C594D90AAF255DB75AE9ACF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512BE89, Relevance: .2, Instructions: 222COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5cae6d0d39e3e5c94d2aa941412686e332b138dfc84b17d501a4056638ee3e07
                                                                            • Instruction ID: 152ffbb3bbea87554ae91e6619dbd255edec629ad0f44bc9d8c2d2842706fa7f
                                                                            • Opcode Fuzzy Hash: 5cae6d0d39e3e5c94d2aa941412686e332b138dfc84b17d501a4056638ee3e07
                                                                            • Instruction Fuzzy Hash: 0871043220C3A19FC319CF18C894A69BBB6FF85314B1A85AAD186CF652D334AC55CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05124DB8, Relevance: .2, Instructions: 187COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7ef68e6ca53bc6b149a74583ab26c3a944d2067d7e81afa75a71b5969c3da5e7
                                                                            • Instruction ID: 59d6f64213bf5ac7a91d6bcae772f38fe2b17e3256f78173d6dea8a1a9b3404c
                                                                            • Opcode Fuzzy Hash: 7ef68e6ca53bc6b149a74583ab26c3a944d2067d7e81afa75a71b5969c3da5e7
                                                                            • Instruction Fuzzy Hash: 176100302082658FCB19DB78D494D7D7BA3FFC8300716C46AD5468F2A6CB78AC66CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512EA98, Relevance: .2, Instructions: 184COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d7ceb0626416630e37b963fa6a3939edfefda5fb6b33018fc5c2bdacfaf7a207
                                                                            • Instruction ID: 57cde751dd6525a4a626fe0611c09997904c48a2c2da7596136ccd50b50fe09e
                                                                            • Opcode Fuzzy Hash: d7ceb0626416630e37b963fa6a3939edfefda5fb6b33018fc5c2bdacfaf7a207
                                                                            • Instruction Fuzzy Hash: FD713B34A04618DFDB28CF69C494BBABBF6BF48320F158659D416A7361CB31E8A5CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512E330, Relevance: .2, Instructions: 164COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 04d1c380064fd5d6d32fbc3be67e9fa5bbf7b9f915fc2a0ab2c366f095f45d98
                                                                            • Instruction ID: 6f7bfb65fd2c0ef996282391f30a5aee8e1b7e553da145b1821ddc68001a0eea
                                                                            • Opcode Fuzzy Hash: 04d1c380064fd5d6d32fbc3be67e9fa5bbf7b9f915fc2a0ab2c366f095f45d98
                                                                            • Instruction Fuzzy Hash: 3151B431A00129DFCF18DF94C4848BEBBBBFF88310B558569E90AAF255DB30AD55CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051276D8, Relevance: .2, Instructions: 161COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3cff93188263a0feb2852e17354d4fbbece9f74fe9e2e1c54a9af600284f6153
                                                                            • Instruction ID: 2fefafd879e7623d89237bc0c619418b20ba08029972ccbcddf97e7bfabcdf2d
                                                                            • Opcode Fuzzy Hash: 3cff93188263a0feb2852e17354d4fbbece9f74fe9e2e1c54a9af600284f6153
                                                                            • Instruction Fuzzy Hash: 34311931900629CFDF25CF54C8586DABBB2EF85304F528494D5097B155DB70BA9ACFD0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05127328, Relevance: .2, Instructions: 159COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8464160c100eae5ee3d2c544c305d47b882bd4fe43b23cd2fe6b26e86e242c2d
                                                                            • Instruction ID: 33e63367816ef09c01a375043bab7ed32b01345a95731d873e32e2f20c018e17
                                                                            • Opcode Fuzzy Hash: 8464160c100eae5ee3d2c544c305d47b882bd4fe43b23cd2fe6b26e86e242c2d
                                                                            • Instruction Fuzzy Hash: 68513131F002198BCB18DBB9C454AAEB7F3FF88310B258569C44AAB395DF35AD51CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05127C18, Relevance: .1, Instructions: 147COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d119d62655df2f567bdc96ac2365ec8a980c8ba6f28be779c7c6d5f74fa4e3cd
                                                                            • Instruction ID: a4fcd103ddbd31a01d397c1fd92b3a7fb8d9fd3671b41d5b8820aca8cf2bf8a4
                                                                            • Opcode Fuzzy Hash: d119d62655df2f567bdc96ac2365ec8a980c8ba6f28be779c7c6d5f74fa4e3cd
                                                                            • Instruction Fuzzy Hash: EC513775D00229CFCB28CFA8C98469EBBF2FF48310F21856AD45AB7294E7316955CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512A5D8, Relevance: .1, Instructions: 144COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cf1e9d6bfc932968a231f286d71ec269696dd9dacbf1b14a3f94d196776cfd16
                                                                            • Instruction ID: 16716219a3d87e0fba5e4d0de13de7d65ddcdde2d03867a90aeaa3cfe52f563e
                                                                            • Opcode Fuzzy Hash: cf1e9d6bfc932968a231f286d71ec269696dd9dacbf1b14a3f94d196776cfd16
                                                                            • Instruction Fuzzy Hash: 0141F530B042118FC728AB28C49467ABFB3FF85304F25C99AD14A8F646DB75EC56CB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05127EE9, Relevance: .1, Instructions: 143COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a0bf32c4d6c459ec297bc0e16269019de344c5704b1a347c29a46f485ed9d398
                                                                            • Instruction ID: c1bd8fc7624b79b5ec6fa2243381c2480ab7abdcb006cb244be81599e2e25c56
                                                                            • Opcode Fuzzy Hash: a0bf32c4d6c459ec297bc0e16269019de344c5704b1a347c29a46f485ed9d398
                                                                            • Instruction Fuzzy Hash: BB510534A04329DFCB24DB78C598BAD7BF2FB85300F6181A9D41A9B295DB34DC52CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05120BC0, Relevance: .1, Instructions: 132COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cab88d8bbebbcc54c3a526e989523d7a15815ed646c9cf0d9d518ddadee8ad0d
                                                                            • Instruction ID: c89833d57eef2610173c3259d5334a4c8ddccc29a677f0d6c7bce39687f0d43a
                                                                            • Opcode Fuzzy Hash: cab88d8bbebbcc54c3a526e989523d7a15815ed646c9cf0d9d518ddadee8ad0d
                                                                            • Instruction Fuzzy Hash: 3741E631B051188FC719DB68C4186AEB7E7EF89310F1685AAE80AAF361CF71DD168791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05120980, Relevance: .1, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b97aa371d99848016a24481d44f297454947983bdcc78d15b0e424afadde947c
                                                                            • Instruction ID: 32ff533649e81cccd27c85d6e96ba90c391fe85ab08686ec1a72a4e9d035e724
                                                                            • Opcode Fuzzy Hash: b97aa371d99848016a24481d44f297454947983bdcc78d15b0e424afadde947c
                                                                            • Instruction Fuzzy Hash: D4411831B002149FCB28DBA8C4987BEB7F2FF89304F614659E5869B390CB71AC15C791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512E1C8, Relevance: .1, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f9639cfdcdad6fc1e1cee1544b511e3a6fac065ec13eb02a54fd54974ae602de
                                                                            • Instruction ID: a7405aafe1452e1d4a656d4668859a8b8f16d76803e5b903c840aa8319b86eef
                                                                            • Opcode Fuzzy Hash: f9639cfdcdad6fc1e1cee1544b511e3a6fac065ec13eb02a54fd54974ae602de
                                                                            • Instruction Fuzzy Hash: 7E418331A05225CFC728DF64C544ABEBBFABF49210F15866AE44BEB241D7309851CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05121458, Relevance: .1, Instructions: 128COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cedce7d608a62b72591e9ec239687fac6c7726cedc046f2e17fa791c8cba4652
                                                                            • Instruction ID: 1bc99903d7157d018073f96aef5621b37490f5ef8c0355f9f95ae2d31009121b
                                                                            • Opcode Fuzzy Hash: cedce7d608a62b72591e9ec239687fac6c7726cedc046f2e17fa791c8cba4652
                                                                            • Instruction Fuzzy Hash: 2251E034A04258CFCB28DF64D894BADBBB2BF49304F1140E9D50AAB365CB399D88CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125920, Relevance: .1, Instructions: 126COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 84f76b2af10b3d569688cd9b98b4111ee4615caf7b8bd0e8f441bbc533ac808c
                                                                            • Instruction ID: 86a0c413d026329a5d7953e6eb2df260f30da9295cbb47f2b76de17042e9a79a
                                                                            • Opcode Fuzzy Hash: 84f76b2af10b3d569688cd9b98b4111ee4615caf7b8bd0e8f441bbc533ac808c
                                                                            • Instruction Fuzzy Hash: 4A41C230B182218FDF18AB76989973E26D76F88610B16847DD407EF394EF39DC518B51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512B090, Relevance: .1, Instructions: 120COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 69470dc343ecce37cfd30f4aacfe29d8c1aa818bf739aa11afd04f8089e2b5eb
                                                                            • Instruction ID: e9e87f7a369cf42e40f0f1ca9b6cc0c4943d6b42e1c39b2e4ba3ffb739376f01
                                                                            • Opcode Fuzzy Hash: 69470dc343ecce37cfd30f4aacfe29d8c1aa818bf739aa11afd04f8089e2b5eb
                                                                            • Instruction Fuzzy Hash: 06411571B082649FCB09DBA9D8945BEBBF2FF89310B20442AE446D7741DB31EC51CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05129228, Relevance: .1, Instructions: 117COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8844216cf85211f6ae18bf6d709fd0a0206f3707d0f391059a07b15f67680c2f
                                                                            • Instruction ID: 0ad149a968f32ba596d9b03d05e34904251a7edaa718e92e23c55469f1a13efb
                                                                            • Opcode Fuzzy Hash: 8844216cf85211f6ae18bf6d709fd0a0206f3707d0f391059a07b15f67680c2f
                                                                            • Instruction Fuzzy Hash: 9D41063060D2A18FC31ADB7C84589757FFAEF46300F1A85ABD04ACB692C7759C94CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05126EB8, Relevance: .1, Instructions: 115COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5db7738edf2d1fb5dc942a8fc27d03129a8717d7c0dd41d2353589b7a6cd7211
                                                                            • Instruction ID: 2af2b126e27108dad07c76dd9c52235cee74c09fcf975283c64f29316a0567c5
                                                                            • Opcode Fuzzy Hash: 5db7738edf2d1fb5dc942a8fc27d03129a8717d7c0dd41d2353589b7a6cd7211
                                                                            • Instruction Fuzzy Hash: 4C41AF38B01210CF8709AF75D05456D7BA7FB8D310758407CEA06AB3A2DF3AAC55DBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05128678, Relevance: .1, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a329e98bef0e67f6e27b9c6d778ee8c9037e13ca20947cd7fc926de3993aef26
                                                                            • Instruction ID: 5b4b744bd030ecc89629a9fc5afe4802bba33a4cbadeb33dbc72ac86c036ea53
                                                                            • Opcode Fuzzy Hash: a329e98bef0e67f6e27b9c6d778ee8c9037e13ca20947cd7fc926de3993aef26
                                                                            • Instruction Fuzzy Hash: D631C230614314EFCB19EB38E45996D3FA7FF85345B16896DE042AB264DF399C01CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05128510, Relevance: .1, Instructions: 108COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f209a1c8825a687dbd26e25db8854d2f4d1d02136039c33f3dde54b34824ad0c
                                                                            • Instruction ID: 7e2ade3a4a177a31c975c1bba64a16fc924dfe4675f72fd294322c991118d1ec
                                                                            • Opcode Fuzzy Hash: f209a1c8825a687dbd26e25db8854d2f4d1d02136039c33f3dde54b34824ad0c
                                                                            • Instruction Fuzzy Hash: 3D41DB35A00226EFCB14CB68D4949AAFBB1FF45320F25C6BAD4168B251C730E866CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051202DA, Relevance: .1, Instructions: 107COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 56c63ad6af83a56aac12690d61d7c060e7a620f07aa166d5ac8591434bfe71e6
                                                                            • Instruction ID: 4ae5eee6ddb2ad83c709676432b426f02af55fbcdf512577d4b1516a70869928
                                                                            • Opcode Fuzzy Hash: 56c63ad6af83a56aac12690d61d7c060e7a620f07aa166d5ac8591434bfe71e6
                                                                            • Instruction Fuzzy Hash: 83415B30A05215CFDB28CB68C058BAE7BF2EF8D710F24856DD542AB3A5DB71AC51CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512E320, Relevance: .1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 07656aa3ab33cbeee71a96693acfa8379fb57c7cccaeed210852bcd89c0327c7
                                                                            • Instruction ID: 663fb04fb438a2536decfecb81845294fbf969f2a287486657cbc1758f649804
                                                                            • Opcode Fuzzy Hash: 07656aa3ab33cbeee71a96693acfa8379fb57c7cccaeed210852bcd89c0327c7
                                                                            • Instruction Fuzzy Hash: 7E31C131A04259DFCB18DBA4C844DBEBBBBFF88301F414569E506AB261EB31AD25CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051209A9, Relevance: .1, Instructions: 105COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 29871aa3a2ab1fb74cf1cf17ff86026a6ee3907786d4bdcc23aba1b6e1401058
                                                                            • Instruction ID: 2c3fb4b92e734969deba54215ec2a5b30a9b0269fffd76415800ba07d4961c62
                                                                            • Opcode Fuzzy Hash: 29871aa3a2ab1fb74cf1cf17ff86026a6ee3907786d4bdcc23aba1b6e1401058
                                                                            • Instruction Fuzzy Hash: D9416F35B001159FCB04DFA9D898A6DB7F6FF88304F658168E546AB364CB31AC16CB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05121290, Relevance: .1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 33cf260bfe0038b17dc93ffeaa376c8a9a69036c9333aef222d9cc3350960db6
                                                                            • Instruction ID: 62a8ee9c1a27b6318fe9634732eff129ff88a06eaaac3df0f3424e6439f3fb18
                                                                            • Opcode Fuzzy Hash: 33cf260bfe0038b17dc93ffeaa376c8a9a69036c9333aef222d9cc3350960db6
                                                                            • Instruction Fuzzy Hash: F5410634A04229EFCB68DF65D884BADBBB2FF49350F1140A9D50AAB354DB349D84CF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512ACFF, Relevance: .1, Instructions: 99COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bc5500334e049e7f393df8af354d6a663bb602da9eaacf7abe8e4fcfa1a256ab
                                                                            • Instruction ID: e5c997c3d999404a2666f77cd37d756f9cd4935223acb355c7b92dd0b95f6ef4
                                                                            • Opcode Fuzzy Hash: bc5500334e049e7f393df8af354d6a663bb602da9eaacf7abe8e4fcfa1a256ab
                                                                            • Instruction Fuzzy Hash: EB314D30B102199FDB049BA9C859B7EBBF6BFC9700F254069E106DB2A5DF719C058B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051245C8, Relevance: .1, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8d0e3e2f7bc8d5a5d615c38ccbe244c785066352870195373c9f80fcc8d98856
                                                                            • Instruction ID: 5677b8769358b8341a052909d93e6a0cecc79bc664cd2354492a9f777e5953ec
                                                                            • Opcode Fuzzy Hash: 8d0e3e2f7bc8d5a5d615c38ccbe244c785066352870195373c9f80fcc8d98856
                                                                            • Instruction Fuzzy Hash: C3214171F0012A9BDF18DAA5D881AFEB3BAFB88604F208125E619E7140EBB05915C7A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512ED88, Relevance: .1, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 66da522ef045dc7b119bfdd6704db353659ff6a38fae2da44a5556d86ff1e28c
                                                                            • Instruction ID: c83a17e2a13709525dff61b4e854b54d16aed92b9dbc768c1f840331b61d2c09
                                                                            • Opcode Fuzzy Hash: 66da522ef045dc7b119bfdd6704db353659ff6a38fae2da44a5556d86ff1e28c
                                                                            • Instruction Fuzzy Hash: CB410671904B60CFD739CB2AC544776BBF6BF85305F54896EC09B86AA0DB76A491CB00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512CE60, Relevance: .1, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 68fe0af0ebf2dd4c44d8a1845201466bcce7cc74f6cb4fa1807482008d37d3cb
                                                                            • Instruction ID: fe96d1b86afabae966493dccb8633e2ad6631ed8af6a94574ad5c245606b83ab
                                                                            • Opcode Fuzzy Hash: 68fe0af0ebf2dd4c44d8a1845201466bcce7cc74f6cb4fa1807482008d37d3cb
                                                                            • Instruction Fuzzy Hash: 07318730A04215DFC728DFB5C85866F7BF3EB88314F518529D552A7290DB39AC91CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512E778, Relevance: .1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3f843a9264ae7c98273991ee32861621b22c8e1fa25dfc30872d4a043b1c2416
                                                                            • Instruction ID: 79853fa3cfbdbbf9e40b517f6c85aaafca33fede1ead3fbef701995a85baea38
                                                                            • Opcode Fuzzy Hash: 3f843a9264ae7c98273991ee32861621b22c8e1fa25dfc30872d4a043b1c2416
                                                                            • Instruction Fuzzy Hash: 6C316D34B00254CFCB28DF698485ABEBBF6BF88700F60456DE546AB754DB35E842CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05128800, Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5af131bf08ed16a645b3ff6a18ecd608bd5cf634fcc955ffcc2b245814750231
                                                                            • Instruction ID: f796a7b52bed63b32cc95a963c2d0dbfc0337de138e44c9c1bae8713434fac92
                                                                            • Opcode Fuzzy Hash: 5af131bf08ed16a645b3ff6a18ecd608bd5cf634fcc955ffcc2b245814750231
                                                                            • Instruction Fuzzy Hash: 25319830D08359EFCB28DBB4C4452ADBFB2FF45300F1584AAD442EB691EB319A15CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125B51, Relevance: .1, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a8c740915eedbf860cb2b9765cd18ae986399ed64df68adbc86485cf66c945dc
                                                                            • Instruction ID: f8a41f427df20517f0917d1c96264202c483a9b625a22eba313c749ea5160c2a
                                                                            • Opcode Fuzzy Hash: a8c740915eedbf860cb2b9765cd18ae986399ed64df68adbc86485cf66c945dc
                                                                            • Instruction Fuzzy Hash: BD210631B041148FCB18DBB984902BEB6E79FC9610B26847ED407EF341EE35CC2187A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051243D0, Relevance: .1, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bb524c143ec42e91db917a7570d19c56d2448ff16acc701347f9ad8da1c4750b
                                                                            • Instruction ID: 8babd6519b9b81d27464fdcb3e1ee468c65d548ca35f1185e91a8a0ea9ad8143
                                                                            • Opcode Fuzzy Hash: bb524c143ec42e91db917a7570d19c56d2448ff16acc701347f9ad8da1c4750b
                                                                            • Instruction Fuzzy Hash: 3C31C235600215CFCB08EF68D848D9D7BF2FF483047158169E506AF275DB3AAD69EB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051255E8, Relevance: .1, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a0655e10b5056138250e9db4964eb223097d5ce3f07900f9dc9f2751ebe49110
                                                                            • Instruction ID: 82d5bf1a7302135781bfe36bf6d601f600f22f5d678f76cd7f537df2d40c77fe
                                                                            • Opcode Fuzzy Hash: a0655e10b5056138250e9db4964eb223097d5ce3f07900f9dc9f2751ebe49110
                                                                            • Instruction Fuzzy Hash: 9C210330B402148FDB189B79C4957AEBBE7AB88710F1A406AE502FF390DFB64C45CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512A4C0, Relevance: .1, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e9514fd1d1a1fd82f2bed6eee5cfaaa18cfa92b4cfacdb03a8d53e405107dd49
                                                                            • Instruction ID: e9a7a874f76746f19121dc7ac9acf8e6e32847903ae2a81e93cd346220cb0e29
                                                                            • Opcode Fuzzy Hash: e9514fd1d1a1fd82f2bed6eee5cfaaa18cfa92b4cfacdb03a8d53e405107dd49
                                                                            • Instruction Fuzzy Hash: 59214631B042159FCB28DF74D845AAEB7B6FF88740F11496DE502AB254EB70ED54CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05128688, Relevance: .1, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d37ee528a845fdd980fff5d7dab5761e3d09f13a09cf4becef3ab79b43c85a9a
                                                                            • Instruction ID: d165912fcb1f634040f78eacfe6edd2c5c49c23c29f73a58806bc5aed42d28ab
                                                                            • Opcode Fuzzy Hash: d37ee528a845fdd980fff5d7dab5761e3d09f13a09cf4becef3ab79b43c85a9a
                                                                            • Instruction Fuzzy Hash: 4C216B34A10314EFC758EB38E45992E3BA7EB84351B568979E006EB394DF39AC41CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125B60, Relevance: .1, Instructions: 80COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 196c915f1003c02788b9845d3d08483d8954089779598860a7131e461a2dc4c8
                                                                            • Instruction ID: 0e49af3c8cf555511366fa8bba881df7dcb307f6b90d14f011672509c09e6569
                                                                            • Opcode Fuzzy Hash: 196c915f1003c02788b9845d3d08483d8954089779598860a7131e461a2dc4c8
                                                                            • Instruction Fuzzy Hash: 9521A431B052149FCB18DB7984D06BEB6EB9BCC610F12843AD40BEB341EE35DD6187A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05122C58, Relevance: .1, Instructions: 79COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b1e357a33ce3e465cbbeb8bc9552c1bd8da8dbd8d8e36b7b49aa9df95c61ea12
                                                                            • Instruction ID: 2ec5d924b276907cceed3c3ce09b235685f6e64d1f3e31eae963282a4cf52901
                                                                            • Opcode Fuzzy Hash: b1e357a33ce3e465cbbeb8bc9552c1bd8da8dbd8d8e36b7b49aa9df95c61ea12
                                                                            • Instruction Fuzzy Hash: ED210738608265DFC729CB24D88493DBBA6FF85310B164967E56ECB2A2C7719C34C792
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05126CE3, Relevance: .1, Instructions: 79COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6af8cd70cf99d03d6b08f6654aecf001b99bf1c185bfcf8438f4cd00bcd1eb3f
                                                                            • Instruction ID: 1f7dd75d18bfaa62561bec402b5871df760f8ce7f540d3a0f221cd42f1cb705f
                                                                            • Opcode Fuzzy Hash: 6af8cd70cf99d03d6b08f6654aecf001b99bf1c185bfcf8438f4cd00bcd1eb3f
                                                                            • Instruction Fuzzy Hash: A8317F396103048BC718AF34D05956D3FA6EB8534476086BDE20B9F399DF3AEC46DB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051221E9, Relevance: .1, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 03f9b86690ca51b5a27934c989ea949dc354944e9ab237a9c2ecea338ad5d974
                                                                            • Instruction ID: e6046734d33fc4d9363832ed0a0586145a1c1da70918ed99031ab375ad1e51aa
                                                                            • Opcode Fuzzy Hash: 03f9b86690ca51b5a27934c989ea949dc354944e9ab237a9c2ecea338ad5d974
                                                                            • Instruction Fuzzy Hash: 9C318C38D08219DFCB68DFA5C1416BDBBB2FB44300F51416AD422A7264DB369E54CF52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051225DE, Relevance: .1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1b5f61479773d43039da00ee06fbb2c9c640905714a284945748655acf4ca926
                                                                            • Instruction ID: 5ea4d55460898251b85a6eb098a31ef76ab7ba30523c5678e68e9ca186d36f40
                                                                            • Opcode Fuzzy Hash: 1b5f61479773d43039da00ee06fbb2c9c640905714a284945748655acf4ca926
                                                                            • Instruction Fuzzy Hash: B3318A34A00249CFDB24CF66D84475EBBB6FF84304F24C229C014AB265DB789989CF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05128C16, Relevance: .1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b5e1cbea79504c0eb428c16e9babe5caaf5168050e20339d98aa28ec0cdc93bc
                                                                            • Instruction ID: fb5a0c56341c841b6351c4c3ef7fe9206aa71e83131b3d7c5a98a0456386b937
                                                                            • Opcode Fuzzy Hash: b5e1cbea79504c0eb428c16e9babe5caaf5168050e20339d98aa28ec0cdc93bc
                                                                            • Instruction Fuzzy Hash: 2F317874A003598FCB24DF66D44865ABFB2FF44314F15D569E005AB254CF74A485CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512A4B0, Relevance: .1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 751969238cb18a91d4b3ef759b6213f5c63c93e734654e1640e5564ac9b4f01e
                                                                            • Instruction ID: 17e9c79cbfca8232e62466812db18baade88b1a66fd0ddbcd242252ffb1a29e0
                                                                            • Opcode Fuzzy Hash: 751969238cb18a91d4b3ef759b6213f5c63c93e734654e1640e5564ac9b4f01e
                                                                            • Instruction Fuzzy Hash: 44113631B042649BCB28DA74C801ABF7BB7FF88700F11456DE543AB240EBB0EC148B90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05126CC1, Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 549faf8d834b4ea48d79cdf91539fe439e225c7e6a9d0f676e59503a3d8cf7d6
                                                                            • Instruction ID: c6cadd60313b0a5df2ad2a831c8e6e5ba7cf67fc03a1594afcadcbaaaea06041
                                                                            • Opcode Fuzzy Hash: 549faf8d834b4ea48d79cdf91539fe439e225c7e6a9d0f676e59503a3d8cf7d6
                                                                            • Instruction Fuzzy Hash: DD21B039600204CBC718EB74E04556D3BA2EB85344720867EE20B9F399DF3ADC56DB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125840, Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3dfb3a65bb85e3d8d4e76b91d87ab0cc8fce352d81eef165d63c155d47569a63
                                                                            • Instruction ID: dfc1ebaf3f53ce18d70ea9a55e122beef5004a14eac9340c9da681d4b9139d31
                                                                            • Opcode Fuzzy Hash: 3dfb3a65bb85e3d8d4e76b91d87ab0cc8fce352d81eef165d63c155d47569a63
                                                                            • Instruction Fuzzy Hash: 1D11B631B101249BCB1CE7BAC494A7FB6EBAFC9610B524539D0179F796DE718C1047A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512E620, Relevance: .1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5af8b281668337e5d7a5264dfe89bff30c4d3dd7fb5bfcb7d32b0263e790b350
                                                                            • Instruction ID: ced5ba963db1ae4040988d6de686dde3d0ea6ce65c5fb2452f7e22038d5db18a
                                                                            • Opcode Fuzzy Hash: 5af8b281668337e5d7a5264dfe89bff30c4d3dd7fb5bfcb7d32b0263e790b350
                                                                            • Instruction Fuzzy Hash: 9B215171A00124DFCB68DF99C555ABEBBFAFB48710F21C26AD406E7240D731AD21CBA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125000, Relevance: .1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 780bf00a0c8033bb0ed2050e592bc2f14875bc78f981d3ce858add7a85444ff0
                                                                            • Instruction ID: 895183e6b441a42175a84cbc4b84a896a4b189e3cf7ee2e154ab5058e754d542
                                                                            • Opcode Fuzzy Hash: 780bf00a0c8033bb0ed2050e592bc2f14875bc78f981d3ce858add7a85444ff0
                                                                            • Instruction Fuzzy Hash: 9B11A231B042258FCB58EBB8989076E76A3EB88600B568039C506AB341EF349D5187EA
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051248C8, Relevance: .1, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 65c3c205cd37d68c0300dd4013b4a1dcc4014f53018e79b342ef9f0839aa88f6
                                                                            • Instruction ID: bbc9bfa20df124cc5fd4b7897a79cf90be430e8642d557b010e21b71a3eff38f
                                                                            • Opcode Fuzzy Hash: 65c3c205cd37d68c0300dd4013b4a1dcc4014f53018e79b342ef9f0839aa88f6
                                                                            • Instruction Fuzzy Hash: 1E11C632F0412A9BCF19DAB4C8509FFB7B7ABC8710B454429D907B7240DF746E168BA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512E610, Relevance: .1, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 53c17c7cfc3c769f6f8d57759a8b27db13d66019406c01d31080db0af097a2ca
                                                                            • Instruction ID: 2cc0b1af0065c58010af323b99c0ad853ec57cc729dbce3c0e8a8c73c01bd6d4
                                                                            • Opcode Fuzzy Hash: 53c17c7cfc3c769f6f8d57759a8b27db13d66019406c01d31080db0af097a2ca
                                                                            • Instruction Fuzzy Hash: D2216070A05128DFCB68DF58C544AFEBBFAFB48310F15C65ED446A3200D331A965CB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512C5E1, Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e973b2cba48ec06700783d8f4cb244a3ebcd959d4439f28ec006147aea873b6b
                                                                            • Instruction ID: 8cb91a88544899803e0f8f117e86d7e1f1427d5213f4c9acc77fae5272705fc5
                                                                            • Opcode Fuzzy Hash: e973b2cba48ec06700783d8f4cb244a3ebcd959d4439f28ec006147aea873b6b
                                                                            • Instruction Fuzzy Hash: 761122307143509FC3019B38984472E3BA7FBC9710F0648ADE406EB395CE389C82D794
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512C9F8, Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 46dcd0c30f96ea35fc975930cb35f8291b57bfa90d31474a9e2fa9ff4b852e3e
                                                                            • Instruction ID: c3b937a676b1ea44bd3d41fc064a5419c59c8ea00a8a7dba67f9dae0e99a1632
                                                                            • Opcode Fuzzy Hash: 46dcd0c30f96ea35fc975930cb35f8291b57bfa90d31474a9e2fa9ff4b852e3e
                                                                            • Instruction Fuzzy Hash: 9711B631218250ABC328D778C91053DBBA79FC2308355899EA14A9F282EF72DC4387E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05124520, Relevance: .1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 57e1a538321d5441ab28b5a17e68b7cfbad259cb982d7c6ca6e910be49ecce1c
                                                                            • Instruction ID: 16f55676465f625a0550510888499316447d36b3ce83776a2fcaeef5853157c4
                                                                            • Opcode Fuzzy Hash: 57e1a538321d5441ab28b5a17e68b7cfbad259cb982d7c6ca6e910be49ecce1c
                                                                            • Instruction Fuzzy Hash: 6D01AD36F041258BCF18DA59A4002EFB3A79FC9321F05403EAD46AB340DBF6996587D0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512C8D8, Relevance: .1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c94a7784e6b8524dbfb471bfe39a462065e7e0222df57b6af1156ad3531b8324
                                                                            • Instruction ID: cbaae05b9cd8bddd2d5c41793f4d184aeddbbf73567ef87a54d19827d7d36956
                                                                            • Opcode Fuzzy Hash: c94a7784e6b8524dbfb471bfe39a462065e7e0222df57b6af1156ad3531b8324
                                                                            • Instruction Fuzzy Hash: 7A119134B04124ABC718EB69C450A7EB7E7EFC97547258069E50ADB395CF32EC12C794
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05120B18, Relevance: .1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a7caf8feef369e971f6e33db384c680dbe9260c9ed8928a82ff86df5f3b50b52
                                                                            • Instruction ID: 5e02ebbd12bdd7f3167ba765cfaac2c63c0dd90977bba47632e83b9d674bbb64
                                                                            • Opcode Fuzzy Hash: a7caf8feef369e971f6e33db384c680dbe9260c9ed8928a82ff86df5f3b50b52
                                                                            • Instruction Fuzzy Hash: 9711E529B58135EACB38D7348CD9B7E62A7574C74DF2247669803E7580DB30C9608791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512CA08, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2d92032bad1960fb1dfbd881b9f6c02e0097ef5450adf18f8024314f9286ebd1
                                                                            • Instruction ID: 74e02368bb01581e841697c81383a8c461578694296d85b1fd9520a42bf80451
                                                                            • Opcode Fuzzy Hash: 2d92032bad1960fb1dfbd881b9f6c02e0097ef5450adf18f8024314f9286ebd1
                                                                            • Instruction Fuzzy Hash: 091194313182109BC328E768C55153DBB939FD2348755C96EA24B6F381EF72EC438795
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AC087C, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.904922184.0000000002AC0000.00000040.00000040.sdmp, Offset: 02AC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dfd0d0096fab15064715bb1659f8b459b2fcd8bf3582c5f068d66bd371776686
                                                                            • Instruction ID: 8c69276d77755855d7431dd703decabddb556586b56b2aa9fe2f7d25dcefdb92
                                                                            • Opcode Fuzzy Hash: dfd0d0096fab15064715bb1659f8b459b2fcd8bf3582c5f068d66bd371776686
                                                                            • Instruction Fuzzy Hash: E511B434208384DFD715CB54D580B26BBA1AB48718F34C9ACE9490B652CB7BD813CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512A3B1, Relevance: .1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: adc7003b6bc17f4e9ba8a3be7cd331350e5969686c268b6a8bc4eb4844436a37
                                                                            • Instruction ID: 17b36f2c4e95e8f4a9a44b4c121a263bc2e230692e52fc30704005ffe8dd9649
                                                                            • Opcode Fuzzy Hash: adc7003b6bc17f4e9ba8a3be7cd331350e5969686c268b6a8bc4eb4844436a37
                                                                            • Instruction Fuzzy Hash: 33119430B042659FCB29DA64984167E77B3BF88740F15456EE103EB285EBA0DC148790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051211DF, Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3002c7bd4c5726a166518177289f25936c8d2e2e8425b082696138568fd52cc5
                                                                            • Instruction ID: ea9db08ae4795f7b1a228d05fa7aac0186d57627356b6cdfbba9f35ad130dc11
                                                                            • Opcode Fuzzy Hash: 3002c7bd4c5726a166518177289f25936c8d2e2e8425b082696138568fd52cc5
                                                                            • Instruction Fuzzy Hash: B81152313091909FC71ED738D4589697FF6AF8A60072641EBE146CF2B6CF654C09CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05126BD8, Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1ffab87ca4e9e1b52e30d8be8b0c8d466b01f3369d92b9bc2232f853447f5d60
                                                                            • Instruction ID: d03e4c2f6b8c2013affd64c0a2b20b076a3c95bdbe2f7f4f4668579974ee30a6
                                                                            • Opcode Fuzzy Hash: 1ffab87ca4e9e1b52e30d8be8b0c8d466b01f3369d92b9bc2232f853447f5d60
                                                                            • Instruction Fuzzy Hash: 1611A171E042098FDB14DF78A8417EEBBB1EB48224F10057AC609E7291E7394A55CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512A3F0, Relevance: .1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b663c6ad96d651c468c31deab28b94318bf50bd518b7f82071dd90384406c3f0
                                                                            • Instruction ID: 9dff97b71938b5dca8569f9d9f480170bd999749f3038600a454aa92d0428c7e
                                                                            • Opcode Fuzzy Hash: b663c6ad96d651c468c31deab28b94318bf50bd518b7f82071dd90384406c3f0
                                                                            • Instruction Fuzzy Hash: 5C01C4316042E48BC768DB34C458ABA7FB2DF89614F29446DC18397640CBA1ED178781
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051205B9, Relevance: .1, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a22c6d53a82019a0d1724f4e0c157b152dec9126266fe754fb9f07e3a2a056af
                                                                            • Instruction ID: 5d3aa72e210e067b978a3b06cc9794b94cefc4ea0afe18098f146d99564390a4
                                                                            • Opcode Fuzzy Hash: a22c6d53a82019a0d1724f4e0c157b152dec9126266fe754fb9f07e3a2a056af
                                                                            • Instruction Fuzzy Hash: A20126313041640FC759673D84215BE7B9BDFCAA5871980AEF146EF385CE689C4683E6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512DD38, Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5f76848c1d5eec338346ef3c3db469be672d551ab43a9eb6353014f1b14798ed
                                                                            • Instruction ID: d7d66cfa65cd4b842db9d3fe0e3a80b5611ce21735253603b8e5a11e95cc2fbc
                                                                            • Opcode Fuzzy Hash: 5f76848c1d5eec338346ef3c3db469be672d551ab43a9eb6353014f1b14798ed
                                                                            • Instruction Fuzzy Hash: D601A7717012289FCB182BBA980862F7A9BFFC9724B114439E507E7395DE35CC0187B0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512A400, Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 90ddf3b15953682d76b512f97b2ef7e0f060434bb603059d84c5dfc6de982d6c
                                                                            • Instruction ID: e00cafb6edf4b16fad59c60571cd4c7439382d1b8277f25d7d980fdaa835ac37
                                                                            • Opcode Fuzzy Hash: 90ddf3b15953682d76b512f97b2ef7e0f060434bb603059d84c5dfc6de982d6c
                                                                            • Instruction Fuzzy Hash: 0A019231A041A4CBCB28DA54D858ABFBBB6DF84214F19446AC107A7640CBB1ED168B92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05127B28, Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0efc3b6c63434f5e70ad448c98281a7425a9895ac786e0dd6819a90c377ba846
                                                                            • Instruction ID: 62f41876fb5be96bc4fdde4333f5d192e40971f3ad2e56123a68b50e75a18556
                                                                            • Opcode Fuzzy Hash: 0efc3b6c63434f5e70ad448c98281a7425a9895ac786e0dd6819a90c377ba846
                                                                            • Instruction Fuzzy Hash: 10019E32A081289FCB28DA54C895BBFBBB2EB84610F15446AC116E72C2CB71AD118BD1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125740, Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0ac01d4087053ff505137aa0932c7f8fc558b89e072fc4466fbd732d663d1f31
                                                                            • Instruction ID: ec3b3e44272f288a2a8ea98d0e2eebb9ae4c114e381369bcb8e491985671d60c
                                                                            • Opcode Fuzzy Hash: 0ac01d4087053ff505137aa0932c7f8fc558b89e072fc4466fbd732d663d1f31
                                                                            • Instruction Fuzzy Hash: DC117C30A50205CFDB18EFB5E9816AE77B3FB48280F614139D505AB254D7399D11CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125508, Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a071e8f4a82493fb1dc54a9770ffcee614033231529304359318d298e82c88b9
                                                                            • Instruction ID: 80a4112bf290b760716110fc9f016428f9750c0efffc132fe14e6d7eff33d65e
                                                                            • Opcode Fuzzy Hash: a071e8f4a82493fb1dc54a9770ffcee614033231529304359318d298e82c88b9
                                                                            • Instruction Fuzzy Hash: 4811A134A212058FCB48EFB4E845AAE7BB7FB8C300B10443DD215EB260DB395900DB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05127B18, Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 09598fc94c2d4bc998396b35c41f685c4e952cd8112d09448a92227065516332
                                                                            • Instruction ID: aa430da624abb52e852f5163f392e76f8b08353371ed30b7eface23713775347
                                                                            • Opcode Fuzzy Hash: 09598fc94c2d4bc998396b35c41f685c4e952cd8112d09448a92227065516332
                                                                            • Instruction Fuzzy Hash: 30016931A081649ECB29DB24C494ABBBBB2DB85704F29459DC057EB6C2CB71A9168B80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512A260, Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e9cf038fe9b105029fe7aca113760bd47ae1a0d3f9a293fbe43871e93b16808e
                                                                            • Instruction ID: 73ffdc014d2457d1c6c64e6d34d03903e5290bf2d673efe99ae95d9776d15a4d
                                                                            • Opcode Fuzzy Hash: e9cf038fe9b105029fe7aca113760bd47ae1a0d3f9a293fbe43871e93b16808e
                                                                            • Instruction Fuzzy Hash: 56F0723230C36417C72866BC5C44BBD6B4BAFC2334BB2426AE0059F3CACE528C0583B2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512AAA0, Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0e8874e886568a454e1844f5c2bbf826807f0a54c653da0976c903851b932fcd
                                                                            • Instruction ID: ca415c3c4cccb8543f9e655080c01fb54b4677f4854b833f39f454d80ef8f417
                                                                            • Opcode Fuzzy Hash: 0e8874e886568a454e1844f5c2bbf826807f0a54c653da0976c903851b932fcd
                                                                            • Instruction Fuzzy Hash: 1901DF30A002198FCB54EF7898487AFBFF6EB48600F20456EE644E7240EF359900CBD1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05127562, Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 857c580715b8a9210ab417e45893361945cf6ab28b2c7060354f8cb4ce6c5875
                                                                            • Instruction ID: f4ce271f2b51a4340d3b4feb0cff0916d7b8148a8c2dc6d03a46a5af961fa65b
                                                                            • Opcode Fuzzy Hash: 857c580715b8a9210ab417e45893361945cf6ab28b2c7060354f8cb4ce6c5875
                                                                            • Instruction Fuzzy Hash: 56F0262130C39416C724663C9840B7AAB87ABC2324B66465EE0099F2C9DE158C0543A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512AAB0, Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9b99c1eb1676b1a43a55892471198f470a06668f62cd6d1d2cf093177478ea0d
                                                                            • Instruction ID: 60ac36b0df56af0613fc5ceb402e48a8a685b298955aa1581ffff7bb5714772a
                                                                            • Opcode Fuzzy Hash: 9b99c1eb1676b1a43a55892471198f470a06668f62cd6d1d2cf093177478ea0d
                                                                            • Instruction Fuzzy Hash: F5014B71A002199FCB54EFB9A8457AFBBF5EB84210F10467AD609E3240EF769910CBE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051205C8, Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cf54540cdb95c97e09a691e90ee60043cfac7c90ed1c1df13c6312e438aa5dfa
                                                                            • Instruction ID: 4669e7d1fd8c9394b232a245b16690e9d2bb003c30eaf5a9b4910d39e15ba305
                                                                            • Opcode Fuzzy Hash: cf54540cdb95c97e09a691e90ee60043cfac7c90ed1c1df13c6312e438aa5dfa
                                                                            • Instruction Fuzzy Hash: 0BF054327001240BC71C767E941267F629BDBCDB58765852EF106EB384CD79AC4753E6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05124798, Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ad0cdf8f7d308665ce1052a135e92e615fdb78e4b322ddf07baf5dd1d8d7cc21
                                                                            • Instruction ID: 7dc7323d028813fbb0f9237009dadcad1c91bfac8fd7234cf72d15004bbed850
                                                                            • Opcode Fuzzy Hash: ad0cdf8f7d308665ce1052a135e92e615fdb78e4b322ddf07baf5dd1d8d7cc21
                                                                            • Instruction Fuzzy Hash: 37014B71F0021A8FCB94EFBC84442AEBBE7EB89350F108439C109E7280EA354A4697E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05126BE8, Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 901e1f6e0b386bec21061ad4894a9fc7c5edded6e9d290b321d60e0916ee429b
                                                                            • Instruction ID: 29a701fdff85d8ea5497704cde0ec3a5659235f456c74faf6e743d279d89c0c4
                                                                            • Opcode Fuzzy Hash: 901e1f6e0b386bec21061ad4894a9fc7c5edded6e9d290b321d60e0916ee429b
                                                                            • Instruction Fuzzy Hash: 2C016271F002199FDB54EFB9E8417AEBBF5EB88220F10413AD608E7290EB345960CBD1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512A1F1, Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0f026103b08ab7c6c9743819638a0e57563fd0cf5d18878f77b276e5f16a009e
                                                                            • Instruction ID: 0c2f1d103d4925bd6ca485cd0e04806b035fbcec58e61714d25a4a26301f1568
                                                                            • Opcode Fuzzy Hash: 0f026103b08ab7c6c9743819638a0e57563fd0cf5d18878f77b276e5f16a009e
                                                                            • Instruction Fuzzy Hash: E201F9322092845FC315537894255B87F77DFC731475988AEE149CB392DE739C4787A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512AC20, Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c73ebecced3788334682dd85852445b48da0b589791f4357c2eae2b4c52084f1
                                                                            • Instruction ID: 36c15d90bd168c61987e726d46ac668869833d2639f47ce488ee8191d1be64e5
                                                                            • Opcode Fuzzy Hash: c73ebecced3788334682dd85852445b48da0b589791f4357c2eae2b4c52084f1
                                                                            • Instruction Fuzzy Hash: EF01B1352043409FC719EB74941A4697FB7EF8930171A88BEE10A9B365DF759C058791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05124710, Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b6fb7cdd84a31fa70ea2f68890c93a0662c962fcec1080f12c4adb5f34b23571
                                                                            • Instruction ID: fe8f8594b0b986e9f61c23ca37497402860ca8a47bbe7e6d32570ed185c72053
                                                                            • Opcode Fuzzy Hash: b6fb7cdd84a31fa70ea2f68890c93a0662c962fcec1080f12c4adb5f34b23571
                                                                            • Instruction Fuzzy Hash: 3DF02B363012305BCE2867B5540577D32DBD7C9650F55003EE216C7741DE758C524361
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05121218, Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f6dd7cc6a768fc4c37ee710233d77a75b5f96624d046492000837517e064bac0
                                                                            • Instruction ID: 8185282905c3e5b8f974d8c30d9913312e6f3b0a55c1ebc841c710377fb71b8c
                                                                            • Opcode Fuzzy Hash: f6dd7cc6a768fc4c37ee710233d77a75b5f96624d046492000837517e064bac0
                                                                            • Instruction Fuzzy Hash: EC014B303041209FC61CDB28D058969B7EAEBC9700B3240AAF106CB274CF769C098B81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05128500, Relevance: .0, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c3540e2cd7e54ab622f1d65368b0480d047a45a2df1d01f1da8c8961d39d8a96
                                                                            • Instruction ID: 8c1aa108916d82eb689d9c98e4a2955fe64f9b92dc409f681b335c1662d16fc5
                                                                            • Opcode Fuzzy Hash: c3540e2cd7e54ab622f1d65368b0480d047a45a2df1d01f1da8c8961d39d8a96
                                                                            • Instruction Fuzzy Hash: A6F0F634A0C3A5FFC715C774A8608BFBFF2EF82140B1645ABD042D7552D73188258B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512A551, Relevance: .0, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f879451a2a4c19c49c3c1854f99e078ec4ad170efc9c56fa92a736008a0aa8aa
                                                                            • Instruction ID: 39b90fa5ec32787439d9cd58d034d0b88b8fa027c7df151fd2474b8ffb66cd22
                                                                            • Opcode Fuzzy Hash: f879451a2a4c19c49c3c1854f99e078ec4ad170efc9c56fa92a736008a0aa8aa
                                                                            • Instruction Fuzzy Hash: D8F08131B102199BCB15EBB4D982AAEB362FF88704F108529E6016F289DF74DD018BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05127570, Relevance: .0, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3baeaa3bbc36e169044c003a126ba4b9ea90c3c24de19469db64f7efc4d67076
                                                                            • Instruction ID: 22d790ddae01f8c0a0eb8995455bdc12372a00c44dbc147705424dffbb742117
                                                                            • Opcode Fuzzy Hash: 3baeaa3bbc36e169044c003a126ba4b9ea90c3c24de19469db64f7efc4d67076
                                                                            • Instruction Fuzzy Hash: 21F0B43130822413C628666D5881B7EA68BFBC53747B1432DA11A9F3CCDF159C1543F6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05126210, Relevance: .0, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e7e7701548955d481fe6ea64d4744a0cfdfb47429cc69d9bbb96558dce88308b
                                                                            • Instruction ID: c77a3470638e9d94424113272e2038f740ab5ef452d9474dd9b3e11493a56f93
                                                                            • Opcode Fuzzy Hash: e7e7701548955d481fe6ea64d4744a0cfdfb47429cc69d9bbb96558dce88308b
                                                                            • Instruction Fuzzy Hash: 62F08B31B081649FCB2486389410ABE7BA7C78C650F4000A9C906D32C5EF255D258BC1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512A270, Relevance: .0, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 561e4b99128ecb9b0ecefb12712b8b133fa0ca8dbf23002368e9c0e006a89bf3
                                                                            • Instruction ID: 9e48b2339fd5791f64abde0cd5e3024e62f7fea3ba27a272641818bf3ae3e858
                                                                            • Opcode Fuzzy Hash: 561e4b99128ecb9b0ecefb12712b8b133fa0ca8dbf23002368e9c0e006a89bf3
                                                                            • Instruction Fuzzy Hash: BBF0E93170C32413C62866AD5C81B7D668BBFC5334BB28329A11ADF3CCCE558C4543B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125DE8, Relevance: .0, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cf8508f44d1abde8443af0b24a8e75865b9c82ae9ed1ffce5e8fd7373f92bd2e
                                                                            • Instruction ID: b6620f4dbf78f06f5a9e92394c79ba761e18f44b13f500cc4cb9bcaac16574f6
                                                                            • Opcode Fuzzy Hash: cf8508f44d1abde8443af0b24a8e75865b9c82ae9ed1ffce5e8fd7373f92bd2e
                                                                            • Instruction Fuzzy Hash: 09F059317192794FCF26B3B400640B93BA38F4A73031A09EFC0A79F253DA144C768351
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05126619, Relevance: .0, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1a7f08f125bbfc504d6c4188d8ed7713802443e129b1f7cda4854f8070078ca1
                                                                            • Instruction ID: 22ee3ee37e91c95a22806a55bf2f6237b9040948f193a9613cf9660ddda5aa1d
                                                                            • Opcode Fuzzy Hash: 1a7f08f125bbfc504d6c4188d8ed7713802443e129b1f7cda4854f8070078ca1
                                                                            • Instruction Fuzzy Hash: 80F02B31F043299FD76996389850AFF77B7E78A760F00856AC506972C0EF391D15C2C5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125CD0, Relevance: .0, Instructions: 38COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e7218187df8a89a27eb8a06ab8272155829344c22035748d51bfda41c349638a
                                                                            • Instruction ID: 4e52c3cc6ac8bd7f72f5672968d5cce60d0dd2998b94c0ac118585da91957457
                                                                            • Opcode Fuzzy Hash: e7218187df8a89a27eb8a06ab8272155829344c22035748d51bfda41c349638a
                                                                            • Instruction Fuzzy Hash: 72F0C231E041158FCF84DF7C944169EBBF6EF88624B15017AC408E7211EB3499518BE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05126628, Relevance: .0, Instructions: 38COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 32a177fcb07c61edc07836eadf36e0b5ed154890e76b08db36e868941cc40e7b
                                                                            • Instruction ID: 10a884d49bea7b5e60cb70afc2fb9e7e1df2b64bcee696330b08999bb90cf248
                                                                            • Opcode Fuzzy Hash: 32a177fcb07c61edc07836eadf36e0b5ed154890e76b08db36e868941cc40e7b
                                                                            • Instruction Fuzzy Hash: BCF0B431B041359B8B29D2649850ABF77A79789690F01856AC906932C0EF295E2582D2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512EA28, Relevance: .0, Instructions: 38COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8a1d958a1782e0beb4128b97a90bfcd7d5c4fd19c140f4751e751cbb9b46b55c
                                                                            • Instruction ID: 36f4ae7b34550229fe0b792f265ad8d3fa726662bdd68683986528c3897047ab
                                                                            • Opcode Fuzzy Hash: 8a1d958a1782e0beb4128b97a90bfcd7d5c4fd19c140f4751e751cbb9b46b55c
                                                                            • Instruction Fuzzy Hash: 6FF0E96290C3F04AE73A816858883B95F5FBB82224F0E03FBD8CBDB143D674095983A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125E20, Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0676de0098de08495f4f3f1b44f1038df55bdeb4e2cc3ccecad16dc7b79048db
                                                                            • Instruction ID: ed2d62b7e2258078443bd3dc5da3ab90b81724702b19a947e99f77a7f3582e01
                                                                            • Opcode Fuzzy Hash: 0676de0098de08495f4f3f1b44f1038df55bdeb4e2cc3ccecad16dc7b79048db
                                                                            • Instruction Fuzzy Hash: FEF09071E002199ECB61EFB8A8454EEFBB5FE45361F10016AD809E7140F3358151CBE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512C8CB, Relevance: .0, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7a4e4251b0b30ca8a8f6202785590c14e4efe6c05c9fb3af11fdd3278150077e
                                                                            • Instruction ID: c4ce9741b9eadc086089ef10d4f7d9f1244b22ea6a90279bf973d3d7fbd4ba95
                                                                            • Opcode Fuzzy Hash: 7a4e4251b0b30ca8a8f6202785590c14e4efe6c05c9fb3af11fdd3278150077e
                                                                            • Instruction Fuzzy Hash: 96F05C32B091702FC35A2278181077F2A978BCE621319426AE145D7782CF321C1283F5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05120918, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1436d7bfde5ee3d60ab6e7c11d291280d5e955e638597700af43afbf9115e035
                                                                            • Instruction ID: a5a7ddbc3f4ce1239a0794ec503f022f8f0de64ffc4dd2dc6d0fcb4ced8e6a07
                                                                            • Opcode Fuzzy Hash: 1436d7bfde5ee3d60ab6e7c11d291280d5e955e638597700af43afbf9115e035
                                                                            • Instruction Fuzzy Hash: 3AE0E532E192389BDF249AF99D0C1AFB7AAD789650F0346779D0BA3204DB71982582D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051245B9, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a0f9170742658d5de2592719115ee4530010a18a066e484dae22dfaab78b5da4
                                                                            • Instruction ID: 66a708a2e07828a650ef2b1f16c5a52c6f7864a2769fd830533b276c9bf36e23
                                                                            • Opcode Fuzzy Hash: a0f9170742658d5de2592719115ee4530010a18a066e484dae22dfaab78b5da4
                                                                            • Instruction Fuzzy Hash: D7F0BE31E083A95FCB51CBB89C01AAABFF8AF8A210F1441AED558E7192E2645918C761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125CE0, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 17367f201f657820d17c0a05194d532dec65dae4b36883e34a425f17b4835570
                                                                            • Instruction ID: 986aba562d85c10db92eef7a1714aaa3854db4b87e0356823fd1b466081b60db
                                                                            • Opcode Fuzzy Hash: 17367f201f657820d17c0a05194d532dec65dae4b36883e34a425f17b4835570
                                                                            • Instruction Fuzzy Hash: 95F01275E001199F8B84EFBD544569FBBFAEB88620B11413AD509F3341EB3499118BE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051287A1, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7b66de76d1b8ae24b95bcdf0475b01548598ee610ee1ecfcb7749e2be32a75eb
                                                                            • Instruction ID: b2cfeef97e14fbf6885568c0129b0ffaf2889f370c0847e6a974019bcd4c12bc
                                                                            • Opcode Fuzzy Hash: 7b66de76d1b8ae24b95bcdf0475b01548598ee610ee1ecfcb7749e2be32a75eb
                                                                            • Instruction Fuzzy Hash: 68F0E935A043645FC72517B898146603FF7DB4D65032540AED4C2E7351DE614C018BD1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512E9A8, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 56fd6617a9ec86dd761846de2055685b6cc3612c79d2056d2480d427f2242506
                                                                            • Instruction ID: 8133a7c1b59ffb9bd61e30f6d488374c0c0c4ba8e622536715869420ac4f66b7
                                                                            • Opcode Fuzzy Hash: 56fd6617a9ec86dd761846de2055685b6cc3612c79d2056d2480d427f2242506
                                                                            • Instruction Fuzzy Hash: F4F089312097A44BCB56D66C95219B97F5A8B832143054A6FD48697743DB27881687A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512B1E0, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: da2e75cfbfd17876156e201b29b9d9deb448ea20b36e54ce24d65415079d2e41
                                                                            • Instruction ID: 190c0e922a349d6e8e4fdbf62d79661546ce241db3bc236786d8b3ba070e1fad
                                                                            • Opcode Fuzzy Hash: da2e75cfbfd17876156e201b29b9d9deb448ea20b36e54ce24d65415079d2e41
                                                                            • Instruction Fuzzy Hash: CAF0A0326097544FC3358F6AA800456FFFABEC262431D8A6FD1D983506DB60A9098BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AC0938, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.904922184.0000000002AC0000.00000040.00000040.sdmp, Offset: 02AC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                                            • Instruction ID: af92b9bd071d720c1d412b3165fcd60aea7e03f327bba4d056a17afa581106b5
                                                                            • Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                                            • Instruction Fuzzy Hash: C9F01D35108644DFC706CF40D580B25FBA2EB89718F24C6ADE9490B762C737D813DB81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512E9F9, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6d216d2670a7db5d503411cbeb9e11ac7902cdd6744f2234cc597f2a82444b9d
                                                                            • Instruction ID: b90e66ce27b546fa7cc023e711b6bd47846c34d2d9bdcc3ca45227a7d7190edc
                                                                            • Opcode Fuzzy Hash: 6d216d2670a7db5d503411cbeb9e11ac7902cdd6744f2234cc597f2a82444b9d
                                                                            • Instruction Fuzzy Hash: BEE0923111E2B5CBC739C655A8101B5BF7EFA421693160AEFD0CAAB402D751686987D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051274FF, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 48db5b3937eb78496088c08c7705af8464f59dd0bed1c8df080119ef30572b90
                                                                            • Instruction ID: fae7c7e3007f4a487bdb54579af1855c2d47a890d8e6aa3c8838c65c951fab48
                                                                            • Opcode Fuzzy Hash: 48db5b3937eb78496088c08c7705af8464f59dd0bed1c8df080119ef30572b90
                                                                            • Instruction Fuzzy Hash: 8DE09B35F051214BCB44B7B9982476E6652DFC8514F404038C556DF7C1EF314D55C792
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051257A2, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fc51c3da85df39213a9dbbca1d453cf64a772e9a527101975105b7096189f57d
                                                                            • Instruction ID: eed497ef984860aea1dd28e9563d4923445930133f12b582add57df7805ddcd4
                                                                            • Opcode Fuzzy Hash: fc51c3da85df39213a9dbbca1d453cf64a772e9a527101975105b7096189f57d
                                                                            • Instruction Fuzzy Hash: 33F0A031F58110CBCB5CFBB9E8906AC33A3AF88204B62C139D216EE191EF385C108751
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512CBFE, Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1d29d070972952d27400aeeb626bf244d1ae863d3a58dac7aa9e138249d1b922
                                                                            • Instruction ID: a196e23abfdee5112f5593379e3e5464560dda37943d5bfef58770b05f3d8f9d
                                                                            • Opcode Fuzzy Hash: 1d29d070972952d27400aeeb626bf244d1ae863d3a58dac7aa9e138249d1b922
                                                                            • Instruction Fuzzy Hash: 2DE092363091A0AF863D9378502117D37979FCA16A32B84ABE20ACB165CE654C25C3A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512AB5F, Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3f7cb8ff0fa0c0b85bdeb96db2fcf687552d0f034808ed8226712bc59b5bf05f
                                                                            • Instruction ID: e5729c65aae4ecb8d5769c8c42b5cedae78e9291452783dacc6d4c0f9df14a29
                                                                            • Opcode Fuzzy Hash: 3f7cb8ff0fa0c0b85bdeb96db2fcf687552d0f034808ed8226712bc59b5bf05f
                                                                            • Instruction Fuzzy Hash: 2BF02B357083904FC746677451291693FF79F8B60572508DED046DB363CE228C128712
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512BE38, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 38c000b0ea6d440f207862e8c0db702ecb4b2c50fcea3ff182d9dd8fa833d551
                                                                            • Instruction ID: bcb6fe87b3ab26dacf6e1e5a44ae1501db4a550925d9d94c26920777887b579b
                                                                            • Opcode Fuzzy Hash: 38c000b0ea6d440f207862e8c0db702ecb4b2c50fcea3ff182d9dd8fa833d551
                                                                            • Instruction Fuzzy Hash: 95F03A36608B40CFC335CF69E540816FBF6EF85620306CAAAD1AA87A60D330F8488B55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AC05F6, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.904922184.0000000002AC0000.00000040.00000040.sdmp, Offset: 02AC0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 238637235c5e5ea164d97e5d7ee2306af54a4b52f3b28da907af4a2fc4b64b17
                                                                            • Instruction ID: 9cd9f83d01d289567d4b012163105990df4e5ec065b1a6fcd542de8db5508cfc
                                                                            • Opcode Fuzzy Hash: 238637235c5e5ea164d97e5d7ee2306af54a4b52f3b28da907af4a2fc4b64b17
                                                                            • Instruction Fuzzy Hash: D0E06D76A406009BD650CF0AEC41492FBD8EB88630718C06FDC1D8B701E576B504CEA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512E9B8, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8e26774985493cfcc075215e09cc05e7c47cd449211b74794e944488d010f132
                                                                            • Instruction ID: efa175358d03dfcae6a1cc29a5fc8e308ab96c754e9badf5388d86ff0338deed
                                                                            • Opcode Fuzzy Hash: 8e26774985493cfcc075215e09cc05e7c47cd449211b74794e944488d010f132
                                                                            • Instruction Fuzzy Hash: 29E04F322046349B8B68EA6DC42197A779EDBC6720351893FD54A9B342EF72DC1647A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051246B8, Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a7e41cf6222bc5a560d6d2850cf5cd2eab0a7272812a479b1859ae816d2553df
                                                                            • Instruction ID: 498780d7553823a1ae004ba3837f3c96e16aba01a31f28ce3eccce93f3d60757
                                                                            • Opcode Fuzzy Hash: a7e41cf6222bc5a560d6d2850cf5cd2eab0a7272812a479b1859ae816d2553df
                                                                            • Instruction Fuzzy Hash: C7E0863170002497CA2466F9A4156BE338BEF41354B158066F10ACB651DE57DC1183D6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512B198, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7762d1b3566cceee3adf831eed4c9c060ef16fb02e34f5eb09f404c5e79f13ee
                                                                            • Instruction ID: 89af9ba18b0d06fb7f76736940c9d2c438bf039f6677ff1080845e58856dc9b8
                                                                            • Opcode Fuzzy Hash: 7762d1b3566cceee3adf831eed4c9c060ef16fb02e34f5eb09f404c5e79f13ee
                                                                            • Instruction Fuzzy Hash: ECE0ED30508664CFC764CA5BE590662B7E6FF44361BA0582AE047C7E14E7B1F8908B41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512CC10, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2c238c1870cf0c69e59d8317f095c6a0764c84151b06af2c2ecf921288b9725b
                                                                            • Instruction ID: 70485b7a1970ceba5a9528aadbbe792141aa8ffce21f52f060672847ec0f7926
                                                                            • Opcode Fuzzy Hash: 2c238c1870cf0c69e59d8317f095c6a0764c84151b06af2c2ecf921288b9725b
                                                                            • Instruction Fuzzy Hash: 11E01231304024BB453CA65D901247E769BDAC56AA716946AA30F8B254DE529C7183E6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051223A0, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5b406e142ffccabf150d119871f08ace82ce30f651ddde05fe30ece06d1f5b85
                                                                            • Instruction ID: b834fa5d5450f5848e71a9410aa6a7717af970be4330696648334ca938ddf188
                                                                            • Opcode Fuzzy Hash: 5b406e142ffccabf150d119871f08ace82ce30f651ddde05fe30ece06d1f5b85
                                                                            • Instruction Fuzzy Hash: 26E03970D142298BCB28CF688840A9EBEB5AB4C300F00006E9215A3340EB7018508B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512F2F0, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f2859ccfe0fd901ebc2549b83d5ce6f1165cb05aaa20358c2840704b82672d2d
                                                                            • Instruction ID: 293bc5a97cf852ed17e2a8ce027d5b06b485b1c6e718ed8c47b13c44c864bcee
                                                                            • Opcode Fuzzy Hash: f2859ccfe0fd901ebc2549b83d5ce6f1165cb05aaa20358c2840704b82672d2d
                                                                            • Instruction Fuzzy Hash: C8D02B2488EBC84FCF5243B058150DC7FA04C13200B4C05CFC8C9871D3D99D041ACB01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05126110, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5dfd16d6981b90341b023507cbe4fe7916cac5047f8f3de8b4be94bbab0eeb48
                                                                            • Instruction ID: b14feb295c0298cfd37e4168a03d790fd94ad4042bcf0cfdadd508c58a204d1f
                                                                            • Opcode Fuzzy Hash: 5dfd16d6981b90341b023507cbe4fe7916cac5047f8f3de8b4be94bbab0eeb48
                                                                            • Instruction Fuzzy Hash: A7D0A7217402291B9A146B7B9C01A3E334FEBC0B55711852DE507EB380EE19EC0243E5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051265D8, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d6e2f87a3d6963dbf43c4d3b98a6a640d1a9f16d6f75f3bd9ba6523edc05e5c8
                                                                            • Instruction ID: a2c3b6a220d8edffe33f7d3186a32a42d66754c92b3040aca7ccfdb104e82712
                                                                            • Opcode Fuzzy Hash: d6e2f87a3d6963dbf43c4d3b98a6a640d1a9f16d6f75f3bd9ba6523edc05e5c8
                                                                            • Instruction Fuzzy Hash: 7FD02B3120C4368BD314239DA800668358EAB41290F05003AD907D22D1CF9ACCE04396
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512A3BE, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 78d6a2c2a70fa6d37431244e130cfb0c44a78110208b6d45a30617bd153c67c6
                                                                            • Instruction ID: 1966a91084bae31bd401d34a684108c2c2464763b178b52c5d4199c9a0673e26
                                                                            • Opcode Fuzzy Hash: 78d6a2c2a70fa6d37431244e130cfb0c44a78110208b6d45a30617bd153c67c6
                                                                            • Instruction Fuzzy Hash: 8BE0C23100C770DBC33D8635A508FA6B7EB6F05604F06045EE2830AD40C7E1E0A8C393
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05122D20, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3c1de2c4813f4c45f322a82e5cf11bb3648b2a7d8c5041805b1c57cd0782bb55
                                                                            • Instruction ID: 8b977752d39e795181446914f279c91c5a066bf04b2a59286dd8a7da3f235bbf
                                                                            • Opcode Fuzzy Hash: 3c1de2c4813f4c45f322a82e5cf11bb3648b2a7d8c5041805b1c57cd0782bb55
                                                                            • Instruction Fuzzy Hash: C9D05B3C14D3ECAFC376876468157A93F369B1B611F1909D3D0EA9C0A3C6226435C756
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051261B0, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4bfa7f842fff71d0b607579295a64e488fc36139b2256bfd11520aec3e775209
                                                                            • Instruction ID: f831b471f9d44a951f57b62797bdb5950283deb2b336addb5ee3e38dd47af106
                                                                            • Opcode Fuzzy Hash: 4bfa7f842fff71d0b607579295a64e488fc36139b2256bfd11520aec3e775209
                                                                            • Instruction Fuzzy Hash: ABD0A72234022867E608E6ACC812C7A738EDBC5724715C86EA50AEB382CD63DC0243E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512E1D8, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5a5286970c683d3b5644609bd8845f5d6b6163788e8b95d9de68d137de6c4f95
                                                                            • Instruction ID: fcb75f599dc25cf99c2a039bef1b9b686353197ca792c116b75a2c179e0024ac
                                                                            • Opcode Fuzzy Hash: 5a5286970c683d3b5644609bd8845f5d6b6163788e8b95d9de68d137de6c4f95
                                                                            • Instruction Fuzzy Hash: 5BD05E31108334DBC63CD66694049B3B79FBB19662B564B7BF54F8E500CB21A82187D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051257F6, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 08e2be472f99cbc048ddd21500e45e3278f7bfabe9583b13eef35e57f3a3bf89
                                                                            • Instruction ID: 14c320065d17544792aa586317d7410a4cdd99335c38f1dede25bda938c4ea3b
                                                                            • Opcode Fuzzy Hash: 08e2be472f99cbc048ddd21500e45e3278f7bfabe9583b13eef35e57f3a3bf89
                                                                            • Instruction Fuzzy Hash: C4D01235F08114CBCB58E7E5A9555EC7BB3AB881247025076C117EA502EF7148658792
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512064F, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1fcf21f33fceeec34e78c88dac472019fd55d3c6e9a1a58d619ca3e9b612e399
                                                                            • Instruction ID: 33eaf36582830bcc890bb8894fe726519f8d097b1a040b67e1bcaea938375110
                                                                            • Opcode Fuzzy Hash: 1fcf21f33fceeec34e78c88dac472019fd55d3c6e9a1a58d619ca3e9b612e399
                                                                            • Instruction Fuzzy Hash: A4D0953144A320CFC35D5E721C0D4F53716DB85100F00CA72E44041421D23D7D63C6D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05127698, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e225f6fa0a8a7c1bc6774c147bd22a69d60bf634c70d803f6dde821acf323e0d
                                                                            • Instruction ID: 9abb3b8830a96323ea49df7a1178317eb39f9b7c4928497e7074def08bf95a49
                                                                            • Opcode Fuzzy Hash: e225f6fa0a8a7c1bc6774c147bd22a69d60bf634c70d803f6dde821acf323e0d
                                                                            • Instruction Fuzzy Hash: 6ED0C23100D330CAE339E67EA4047B3B7DAEB47204F06845E80430A690D761A0A4C3E2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05129350, Relevance: .0, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bcf0eb18038371023df5171ff45230fbe5df77a63675d93a5bf05d917526397c
                                                                            • Instruction ID: 7aa047b41a9110e2fee774d70bac1a1668da8fcf32a6ad77ae6ef73931096831
                                                                            • Opcode Fuzzy Hash: bcf0eb18038371023df5171ff45230fbe5df77a63675d93a5bf05d917526397c
                                                                            • Instruction Fuzzy Hash: 9AD05B3148C358DFC3595B7C5C09F647B79AB02B10F424492D14B590D2A35454B0C35E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512864D, Relevance: .0, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ec62daba4a1f7cf9ed091f956b4a5daab720e563f686786efee26ae711376a02
                                                                            • Instruction ID: 47bcbb0a5dd4f210a0e58dbb881ef694e1cfa43fde256ae14330df36a1e9c3bd
                                                                            • Opcode Fuzzy Hash: ec62daba4a1f7cf9ed091f956b4a5daab720e563f686786efee26ae711376a02
                                                                            • Instruction Fuzzy Hash: F8E01A3241034EEFCB14DF24E4989993B65FB44748B118A2AE4054B168DB3A9929DF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125DF8, Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ad4e3f810b729f040bd79e37db43aeb37bcf83b76c38c742743ac4c65786b2f9
                                                                            • Instruction ID: 5418ace978b577575f083023ed1045efc6935cb69ba0f6907a15d1fb69824668
                                                                            • Opcode Fuzzy Hash: ad4e3f810b729f040bd79e37db43aeb37bcf83b76c38c742743ac4c65786b2f9
                                                                            • Instruction Fuzzy Hash: FDC08031725135578F3CB1B9145147F71CF06C9A31382493F901B9F341ED514C6003D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512862F, Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 93597291613e9ab58e3b4e89598957b735f4dfb4afd1e137b952e9dacda423b8
                                                                            • Instruction ID: 4a58acb9a9ec5872c5ae9d1799f09b673ba3014402a9a395f663f6e26948a8e4
                                                                            • Opcode Fuzzy Hash: 93597291613e9ab58e3b4e89598957b735f4dfb4afd1e137b952e9dacda423b8
                                                                            • Instruction Fuzzy Hash: 36E0EC3101035ADBCB24DF14E88899C3B66FB40744B11CA1AF4015A128DF3AED29DB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05127148, Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                                                            • Instruction ID: 500b7c955538c39d19c87e87afe081d40e9acb39a82fbb88838e0f245dff7327
                                                                            • Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                                                            • Instruction Fuzzy Hash: 46D0423AA00004CFC704CB88D5849DAF7F2FB88225F28C1A6D915A7251C732ED56CA50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512EA08, Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1f1d707c6127ce0f6023790be83915ba3b3f543f7252d312cb47762d567b9d82
                                                                            • Instruction ID: 9672ca3ca7d1434ec3aa2af45fe49036c882c3914625cb9f07ff962fd0f6757b
                                                                            • Opcode Fuzzy Hash: 1f1d707c6127ce0f6023790be83915ba3b3f543f7252d312cb47762d567b9d82
                                                                            • Instruction Fuzzy Hash: 8BD0C931129235DB823CDA55E4554B6777EBA456623024AAAD00B6B6009B62F8608B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125D5F, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4cf0bb02646668572308894f504977e929678b8aa3158d0bb629f8063e0d6b0c
                                                                            • Instruction ID: 50bd436e98af78a685a7fad43fe47f5c90a09966eee33dc4f25d1c8eb0c13d0f
                                                                            • Opcode Fuzzy Hash: 4cf0bb02646668572308894f504977e929678b8aa3158d0bb629f8063e0d6b0c
                                                                            • Instruction Fuzzy Hash: 13D0C93404D7D58FC7569F74A8A87643FB59E0311430A05E6D4898E432DA655899C762
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125478, Relevance: .0, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 88db105e4235f961d44103b8e4bda08ee85e5bd67e31f9feab14a0851c87a7e1
                                                                            • Instruction ID: 82878169cb54fc6bf3cd180612d6711563bbc60ec8ee6af7d5b0ccc2eb8eb441
                                                                            • Opcode Fuzzy Hash: 88db105e4235f961d44103b8e4bda08ee85e5bd67e31f9feab14a0851c87a7e1
                                                                            • Instruction Fuzzy Hash: 21D0C93040C2948FD62457AA6D8D72DBA7BA700206B060091E05694432EB2259E8CA22
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05127E66, Relevance: .0, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 180eb57cb564e8db5cfae6b90b5a88f0f01ca722b67ad70942392077c7d62058
                                                                            • Instruction ID: af94884b2e70c9ce707322119bf179f01125e5e5ce9af26b32e569df0afab233
                                                                            • Opcode Fuzzy Hash: 180eb57cb564e8db5cfae6b90b5a88f0f01ca722b67ad70942392077c7d62058
                                                                            • Instruction Fuzzy Hash: B3D05E30900219DFD719CF71D95409D77F2EB0C2207110329E502BB3A1E7345C509B14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05120180, Relevance: .0, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 95a91f2105837d488b7c54aa5ad9aa88e335f2e604e59a42ff3789f5d7686dcc
                                                                            • Instruction ID: 09b0ee38304525c3d456b448dede5fba6869e1d568ac7d871a6a5e8cf090bfa6
                                                                            • Opcode Fuzzy Hash: 95a91f2105837d488b7c54aa5ad9aa88e335f2e604e59a42ff3789f5d7686dcc
                                                                            • Instruction Fuzzy Hash: 2AD01230211304CFCB097BB1E41D51C37A5AB48205300087CD80697760DF3BE891CA04
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05122D30, Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6e95b084b24aed264253eede03948a9b2ad42edd51a5f826c315a67b582ea32b
                                                                            • Instruction ID: 71776dc8bbad95df1a5a067202dd9f315bed2af21d4ad8fee59efe9cd901e13d
                                                                            • Opcode Fuzzy Hash: 6e95b084b24aed264253eede03948a9b2ad42edd51a5f826c315a67b582ea32b
                                                                            • Instruction Fuzzy Hash: 7AC09B3C18C62CF6D57C97457C19FFC311AD71C701F120401612F1C0B5577151308456
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05125D70, Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 68e44437db3cbfdc8e5f0774112e0a9f8e882c3d4d2bb56ce0e41e78b035a1c5
                                                                            • Instruction ID: 48455cad8a6be36da5157503cbefe6c928485b74a26444740dfc982a3bb2abda
                                                                            • Opcode Fuzzy Hash: 68e44437db3cbfdc8e5f0774112e0a9f8e882c3d4d2bb56ce0e41e78b035a1c5
                                                                            • Instruction Fuzzy Hash: 08C08C30604A088FDA1827B26D4E62D3B5A5B400043810128B44ECE030EF29A0500245
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512C9D9, Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: daa517508b37bd4f64eb1d8d6a8531428353e2bc8c7ea97bd5ea28d8bece1f75
                                                                            • Instruction ID: 0e0c3468d281f0eb8aad6150a70f44844f53be1bf60f363e2479138a5e6af553
                                                                            • Opcode Fuzzy Hash: daa517508b37bd4f64eb1d8d6a8531428353e2bc8c7ea97bd5ea28d8bece1f75
                                                                            • Instruction Fuzzy Hash: 07D0122040E3C18FDB278B3048680463F329E4320970908DFE0D1EA263C42A8548CB11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05122EC0, Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0b2579d8338fd1057ce5ea2eb213f6baae53945e6d39be1f1028a14a05e7c4ff
                                                                            • Instruction ID: a93df81d471628fd64a433838448650e251cefbb93ae079404fbc1765d5722cf
                                                                            • Opcode Fuzzy Hash: 0b2579d8338fd1057ce5ea2eb213f6baae53945e6d39be1f1028a14a05e7c4ff
                                                                            • Instruction Fuzzy Hash: 76B092313542090BEB509BBA7848B6A338C9780619F8400A1B81CC5912E65AE4E03140
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05120660, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: afdcab30805f01d3bbcc8284f6c8dcd18c3248d6132b2cbd4aa34db46c890b6f
                                                                            • Instruction ID: c4229bb92c7b3d99fdb00db083ec03d855033b07c99aac3439e17d4aa23c6fd2
                                                                            • Opcode Fuzzy Hash: afdcab30805f01d3bbcc8284f6c8dcd18c3248d6132b2cbd4aa34db46c890b6f
                                                                            • Instruction Fuzzy Hash: 0BC02B3004A234CEC27C97731C0D43E721A97C4304300C435A541000308B3778B1C861
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051261F1, Relevance: .0, Instructions: 9COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5288a8336788ba552fb3194765228dc19a58dee03b5c4169c5009043a99d48dd
                                                                            • Instruction ID: 14248c7f98a8af72c6fd938cb0286a9231ec75df005073a7d89df2e66f774b52
                                                                            • Opcode Fuzzy Hash: 5288a8336788ba552fb3194765228dc19a58dee03b5c4169c5009043a99d48dd
                                                                            • Instruction Fuzzy Hash: 35C0924AA0E3C08EDB8303382C354947F70AD770003CD19DFCAC28639BE10A090AC332
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512716C, Relevance: .0, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                                                            • Instruction ID: 6d7a9a1c9f5ee4bd2b731dae216a4fcdda87a9939951a99d66b80a5803cec46a
                                                                            • Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                                                            • Instruction Fuzzy Hash: 27B092B7A04018C9DB14CA85B4413EFF721EB90225F104023C31152140C33201748691
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0512F300, Relevance: .0, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ca51f4fcfe797c84b560967682e519522c9e3bcf83a8ff451c29b44410924bbd
                                                                            • Instruction ID: 8398c848bd506e485592aa2f98884d5828bf08fb2e82deeda6795d26491c1a06
                                                                            • Opcode Fuzzy Hash: ca51f4fcfe797c84b560967682e519522c9e3bcf83a8ff451c29b44410924bbd
                                                                            • Instruction Fuzzy Hash: 0DB01234681A0C8BCDC033F5F80C01C774C0F401007C00411580D43253BE6964550861
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 051201B8, Relevance: 5.1, Strings: 4, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.906362997.0000000005120000.00000040.00000001.sdmp, Offset: 05120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: hf$hf$hf$hf
                                                                            • API String ID: 0-2615542122
                                                                            • Opcode ID: 51a1e7fb6ea7b3d92e6c6f8271de2994a37b7c6bed0618d00000602102318037
                                                                            • Instruction ID: 63853b01fab48ba108bf268ff3d39e5f0e03e570242d33f542c70ced7e307114
                                                                            • Opcode Fuzzy Hash: 51a1e7fb6ea7b3d92e6c6f8271de2994a37b7c6bed0618d00000602102318037
                                                                            • Instruction Fuzzy Hash: 0C214FB07012159FEB108E68D884F2A77EAFFC9784F60056AF505AB384EA75FC518B64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Analysis Process: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6888 Parent PID: 968 256ec8f8f67b59c5e085b0bb63afcd13.exeCOMMON

                                                                            Executed Functions

                                                                            Function 06CB06E5, Relevance: 3.4, Strings: 2, Instructions: 898COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.717667167.0000000006CB0000.00000040.00000001.sdmp, Offset: 06CB0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ($>_kq
                                                                            • API String ID: 0-3093543653
                                                                            • Opcode ID: aa44150b1945f18c93cb90192fa0a8366ad35321fcb2700e503647a16ab5f7b6
                                                                            • Instruction ID: ac45cb4e850e04d45b96e63b88ffca141d3901b457ff7f0847aa60dc60465a56
                                                                            • Opcode Fuzzy Hash: aa44150b1945f18c93cb90192fa0a8366ad35321fcb2700e503647a16ab5f7b6
                                                                            • Instruction Fuzzy Hash: A0820270E45229CFEBA4DF25C898BEDB7B5BB4A304F14A1E9804DA7690DB744AC4CF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C0868, Relevance: 3.2, Strings: 1, Instructions: 1909COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `-Qp
                                                                            • API String ID: 0-3646087301
                                                                            • Opcode ID: d91994a0e58c5dc52573bc9006508aa7d9527f011cdcba9e929b02f598b97481
                                                                            • Instruction ID: f67fbde5cbe8fc573a4d3c7a9958c203559de16e73cad12aa88903fd12a70367
                                                                            • Opcode Fuzzy Hash: d91994a0e58c5dc52573bc9006508aa7d9527f011cdcba9e929b02f598b97481
                                                                            • Instruction Fuzzy Hash: 1D13F534A41219CFDB65DB24C894AE9B7B2FF8A304F5541F8E509AB361CB35AE85CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C0878, Relevance: 3.2, Strings: 1, Instructions: 1903COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `-Qp
                                                                            • API String ID: 0-3646087301
                                                                            • Opcode ID: 59d32db799b902b2af6613e2dc1f9e2acca2262a0ff52babb44a6cc169392940
                                                                            • Instruction ID: 083c4139ddda7c290deab5726ee89bf5e8ec76fbc5643a666ef14ec6bcb4ea1c
                                                                            • Opcode Fuzzy Hash: 59d32db799b902b2af6613e2dc1f9e2acca2262a0ff52babb44a6cc169392940
                                                                            • Instruction Fuzzy Hash: 6E13F534A41219CFDB65DB24C894AE9B7B2FF8A304F5541F8E509AB361CB35AE85CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C0608, Relevance: .2, Instructions: 169COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e1fdb482a080e1d14548212af833798ea0f8cdb7d252136cd158c5b25fe81db1
                                                                            • Instruction ID: 1dc27e5966bf46bbf6109900928bd5d3020ebe23ee7b70e5643bbe987ecbaec0
                                                                            • Opcode Fuzzy Hash: e1fdb482a080e1d14548212af833798ea0f8cdb7d252136cd158c5b25fe81db1
                                                                            • Instruction Fuzzy Hash: 1D71B370D01219CFDB24DFAAC894A9EBBB3BF89304F20856DD419AB355DB359986CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C30D0, Relevance: .2, Instructions: 153COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 88aa9da629a5d1775e2ec6c6dd7fe3da252f212956e30486528f7e52d3e50ad3
                                                                            • Instruction ID: 4411a98aa241d08e6388e6bedfc9becee407a44a8ca6c9ba5f9b07904cf4c110
                                                                            • Opcode Fuzzy Hash: 88aa9da629a5d1775e2ec6c6dd7fe3da252f212956e30486528f7e52d3e50ad3
                                                                            • Instruction Fuzzy Hash: 48617EB4E04208DFDB14DFE9D884AADBBF2BF88310F20C46AD80AAB255DB345941CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C30C0, Relevance: .2, Instructions: 151COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c914fe8ba3a79b9e834c55c4fce7e03bc439c50e3756ccee2a633d79e62fa430
                                                                            • Instruction ID: 911c0e7d89c5bb8f83e58fd3fabb3987ff66124075a585a697b185fcc7b25367
                                                                            • Opcode Fuzzy Hash: c914fe8ba3a79b9e834c55c4fce7e03bc439c50e3756ccee2a633d79e62fa430
                                                                            • Instruction Fuzzy Hash: 89519EB4E04208DFDB14DFE9D884A9DBBF2BF88311F20846AD80AAB255DB355945CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C2F1F, Relevance: .1, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 09858600497f90169cce6527927806c91db50e07dfed3c805953fa5f8d318cbd
                                                                            • Instruction ID: a02fc9bef2ecf5b8504f2e8676194f22eb61b70aeaa93efd31572e02d1161f28
                                                                            • Opcode Fuzzy Hash: 09858600497f90169cce6527927806c91db50e07dfed3c805953fa5f8d318cbd
                                                                            • Instruction Fuzzy Hash: F55190B5D05208DFDB08DFAAC9447EDBBF2BF88304F2484A9D405B72A0D7B55A85DB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C9950, Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b0e6209409b140777d2bb4f08dad643a23340d0d3dadc83890fdf4b7224e2c1c
                                                                            • Instruction ID: 001f43db7632e579ff3e201bce2a5c6bb656f1aaa057d6cfc0b749d428b15ac5
                                                                            • Opcode Fuzzy Hash: b0e6209409b140777d2bb4f08dad643a23340d0d3dadc83890fdf4b7224e2c1c
                                                                            • Instruction Fuzzy Hash: 4D216771D056099BEB18CFABD84469EBEF3BFC8300F14C57AD809AA258EB3455468F50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C9960, Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7ee790a6d284c7a80e52f989dd1d8a9aa61ea1b380b4aa164390363d53bdbd7a
                                                                            • Instruction ID: 8a992a018af35a2c1858400f0b4c04f7c2501408f846b32495f5eec65a8bb540
                                                                            • Opcode Fuzzy Hash: 7ee790a6d284c7a80e52f989dd1d8a9aa61ea1b380b4aa164390363d53bdbd7a
                                                                            • Instruction Fuzzy Hash: 88119A71D056099BEB18CFABD84469EFAF3BFC8300F14C57AC808AB258EB3415028F40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C99F6, Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 919fb15c9ee6119f794efd09af5263ce97a7968bccd5d5b07b679a289216fe41
                                                                            • Instruction ID: 5b0ed46fb534f4447b9ca5498286be9c2002bddace5951309c1b763bdd59f401
                                                                            • Opcode Fuzzy Hash: 919fb15c9ee6119f794efd09af5263ce97a7968bccd5d5b07b679a289216fe41
                                                                            • Instruction Fuzzy Hash: 4E1186B1D05609DFEB08CFA7C84469DFEF7BBC9300F14D56AC409AA258DB3415028F50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DAC22, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 014DACD1
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: 5938f58a69785a0db585175d402be721f846f7cc7acca4adc1347091eb6b9a9a
                                                                            • Instruction ID: 5d45b243212a6cb53e89bb160f2c38d621f633cb38dd8de98ed085ba3112350a
                                                                            • Opcode Fuzzy Hash: 5938f58a69785a0db585175d402be721f846f7cc7acca4adc1347091eb6b9a9a
                                                                            • Instruction Fuzzy Hash: 4131A4725047846FE7228F25DC45F67BFECEF05720F0884AAED819B152D264E549CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DAD19, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,DE3AAB13,00000000,00000000,00000000,00000000), ref: 014DADD4
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: 03483a248c76839894b98dcd41c466b66b7d96abb1d608833edb835921e45e45
                                                                            • Instruction ID: c7446a8a0114ed9a89fdf5ffca4ef9a8e851a8ae81fb77c1b1e2ccb14e9ab8ee
                                                                            • Opcode Fuzzy Hash: 03483a248c76839894b98dcd41c466b66b7d96abb1d608833edb835921e45e45
                                                                            • Instruction Fuzzy Hash: AF3193715097845FEB22CF25CC44FA3BFF8EF06320F18849AE9858B263D264E549CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DA2AC, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 014DA346
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ConsoleCtrlHandler
                                                                            • String ID:
                                                                            • API String ID: 1513847179-0
                                                                            • Opcode ID: fd556e9ba4ca3bb519759bf94dff7ea9255f43d24e93eb84bcd8745c1aaf28b8
                                                                            • Instruction ID: 2ec1deb854fd84c7b269dafd3b1db879589a1c79ea4d7aefd223ffe83b4bb40b
                                                                            • Opcode Fuzzy Hash: fd556e9ba4ca3bb519759bf94dff7ea9255f43d24e93eb84bcd8745c1aaf28b8
                                                                            • Instruction Fuzzy Hash: 4821C97140D7C06FD7138B259C51B22BFB8EF47620F0A40DBE884CB6A3D125A919C772
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DAC52, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 014DACD1
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: da5e6ebab07dcf46735cc0a3e3326a0bcb4aba5712b1747d9ac51a00feca0481
                                                                            • Instruction ID: 539bc3e45df6aae04f0e52f14d01e754f11497984c758bc69dc173155ada3389
                                                                            • Opcode Fuzzy Hash: da5e6ebab07dcf46735cc0a3e3326a0bcb4aba5712b1747d9ac51a00feca0481
                                                                            • Instruction Fuzzy Hash: 09219F72500704AFEB219F59DC84F6BFBECEF08720F14845AED419B256D634E5498BB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05700361, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DrawTextExW.USER32(?,?,?,?,?), ref: 057003E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.715414387.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DrawText
                                                                            • String ID:
                                                                            • API String ID: 2175133113-0
                                                                            • Opcode ID: de19e2168344e208fa9a7f2c2346040665a17843e68f0e70827057087d9323f2
                                                                            • Instruction ID: 47e882d35980b0e0d137ca01f4222db7015ff6525e8bb5cf3aaa412933d9743d
                                                                            • Opcode Fuzzy Hash: de19e2168344e208fa9a7f2c2346040665a17843e68f0e70827057087d9323f2
                                                                            • Instruction Fuzzy Hash: F32192715097849FD722CF25DC44B62BFF4EF06220F09849AE9858B252D375E808DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DB977, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SystemParametersInfoW.USER32(?,00000E2C,?,?), ref: 014DB9FA
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: InfoParametersSystem
                                                                            • String ID:
                                                                            • API String ID: 3098949447-0
                                                                            • Opcode ID: 96c07bdac9ba1188d9b250118ffdc3170d1a6cd01d64a0ef2729e3029cb2e424
                                                                            • Instruction ID: 688bb7ed3dabe7d09ea4c04c3232a8b0b138dc4c4436088968ea298958d9c9bc
                                                                            • Opcode Fuzzy Hash: 96c07bdac9ba1188d9b250118ffdc3170d1a6cd01d64a0ef2729e3029cb2e424
                                                                            • Instruction Fuzzy Hash: C12105715483806FC312CF25DC41F76BFB8EF86620F09819BED848B642D231A915CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DAD5A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,DE3AAB13,00000000,00000000,00000000,00000000), ref: 014DADD4
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: de4f28d93fb8e11220dc2f9b3036c80fdc51404cb3bd7f4291f8663419630af1
                                                                            • Instruction ID: 8a12375704c8e107998ec7f4197dc333abd7f3f0c19e9f2b987a739591fd130b
                                                                            • Opcode Fuzzy Hash: de4f28d93fb8e11220dc2f9b3036c80fdc51404cb3bd7f4291f8663419630af1
                                                                            • Instruction Fuzzy Hash: 87218171600704AFEB21CE19DC84FA7BBECEF04720F14845AE9458B666D774E545CA71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05700D2C, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05700DAC
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.715414387.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: af459c18fd57bb8a4e2ab12bc0f21033d87136494f0e99020cf6e3fdf3ef22ab
                                                                            • Instruction ID: 902d486e6d7db8a10848b10029f7a48a559e3f112d03fa2cb93c65a86f6eae02
                                                                            • Opcode Fuzzy Hash: af459c18fd57bb8a4e2ab12bc0f21033d87136494f0e99020cf6e3fdf3ef22ab
                                                                            • Instruction Fuzzy Hash: FD21B3761097C09FD7128F25DC45A96FFF4EF07220F0984DFD9858B5A3D224A849DB21
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DB379, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 014DB3F5
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoadShim
                                                                            • String ID:
                                                                            • API String ID: 1475914169-0
                                                                            • Opcode ID: 479d4441fd13084e3daf4fb6bc6d81bb77183cec770fc07c9afebf6247b403dc
                                                                            • Instruction ID: ec9c83f4c7334919dca4faa7ebc364ffe913acc664a74814de7b284a7614cd45
                                                                            • Opcode Fuzzy Hash: 479d4441fd13084e3daf4fb6bc6d81bb77183cec770fc07c9afebf6247b403dc
                                                                            • Instruction Fuzzy Hash: AA2193715093805FDB22CE15DC44B63BFE8EF06614F09809BED85CB2A3D275E508C761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 057005B9, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 05700620
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.715414387.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: 2fa4e90555e273621823ede30ceeecf6573dc3ca76b5df5a36025d7b36c92afd
                                                                            • Instruction ID: 981ce9aebe5c3568ee276b42d3de15cea735d7873777e045a02cfe157f045858
                                                                            • Opcode Fuzzy Hash: 2fa4e90555e273621823ede30ceeecf6573dc3ca76b5df5a36025d7b36c92afd
                                                                            • Instruction Fuzzy Hash: 4111A2725093809FD712CF25DC54B52BFA4EF42224F0884DBED858F693D275A908CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05700E8D, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 05700F01
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.715414387.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 5114e8fa5374f5c01f0c8c5f41cb785d5c0736f54a9e299273c82709ca020126
                                                                            • Instruction ID: 63aed0b93886764c949a833880006ce8650bafaf5bad487bf9e7a291b4a6c5fe
                                                                            • Opcode Fuzzy Hash: 5114e8fa5374f5c01f0c8c5f41cb785d5c0736f54a9e299273c82709ca020126
                                                                            • Instruction Fuzzy Hash: DF218E714093C09FDB238F25DC44A52FFB4EF07220F0984DBE9848F163D225A958DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DA5FB, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 014DA666
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: f3334f1534d27ba80c77febe51c048125e3818436724c34570b16e7a24709969
                                                                            • Instruction ID: dfe451364be746a92b397291a11d334167bc67aa307f9321721d98ee85851af6
                                                                            • Opcode Fuzzy Hash: f3334f1534d27ba80c77febe51c048125e3818436724c34570b16e7a24709969
                                                                            • Instruction Fuzzy Hash: E4117272409780AFDB238F55DC44B62FFF4EF4A210F08849AED858B663D275A418DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05700C8B, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05700CF0
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.715414387.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: f300c175d8682674165c50d9b93ce7de2908fec9d7e82aacb58a8d6b22e27427
                                                                            • Instruction ID: 8415d98529676ec0c07a170efcd44706124b2d0a9f9252a18c743ddc0f5ad75b
                                                                            • Opcode Fuzzy Hash: f300c175d8682674165c50d9b93ce7de2908fec9d7e82aacb58a8d6b22e27427
                                                                            • Instruction Fuzzy Hash: 8011D3760097809FDB228F21DC44B62FFF4EF06220F08809EED858B663C275A458DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0570121F, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 05701289
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.715414387.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: a47976bcc4c8fa5311974d2ea0bd7c7f11c507be8bb65aadc36073b27b36fe94
                                                                            • Instruction ID: b279100b93e2601d6b19c6223c2e50f9803ee83722c03231824ee00b1f441269
                                                                            • Opcode Fuzzy Hash: a47976bcc4c8fa5311974d2ea0bd7c7f11c507be8bb65aadc36073b27b36fe94
                                                                            • Instruction Fuzzy Hash: BA11D0725097809FDB228F15DC85F62FFB4EF06324F08849EED858B6A3C275A418DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05700BE4, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetThreadContext.KERNELBASE(?,?), ref: 05700C43
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.715414387.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: cade0591da29df363efedeb98c2a4bc1084428153c247405959b50514d25e847
                                                                            • Instruction ID: 21ea1d5369b47fc4c1544df7f154096f89dd27a380f5b8f84636ec6c2e611da4
                                                                            • Opcode Fuzzy Hash: cade0591da29df363efedeb98c2a4bc1084428153c247405959b50514d25e847
                                                                            • Instruction Fuzzy Hash: 991182755093849FD721CF15DC85B63FFE8EF05220F0980AEED458B2A2D274E848DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05700392, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DrawTextExW.USER32(?,?,?,?,?), ref: 057003E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.715414387.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DrawText
                                                                            • String ID:
                                                                            • API String ID: 2175133113-0
                                                                            • Opcode ID: 47efc74a3e24401feb0daf13fcdff22c12bb61e613518719bdc1ce796835cb6d
                                                                            • Instruction ID: d3a19dab3356bbce8d63dca633481d5f6cb9e8e16f27c361b27a9e8809eb339d
                                                                            • Opcode Fuzzy Hash: 47efc74a3e24401feb0daf13fcdff22c12bb61e613518719bdc1ce796835cb6d
                                                                            • Instruction Fuzzy Hash: C4115A71504704DFDB21CF66D888B62FBE8FF04320F4894AAED458B692E375E404DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DAEF0, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 014DAF50
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AllocVirtual
                                                                            • String ID:
                                                                            • API String ID: 4275171209-0
                                                                            • Opcode ID: 1e8ec343c764e2ddf0da0b1092b29f1974fd9f71944129b86732ea13cf56ec3a
                                                                            • Instruction ID: 0c9ffac5a7dbf04033119f084b5b237e092e7c5bc7c3c5b06260f70d371bc25a
                                                                            • Opcode Fuzzy Hash: 1e8ec343c764e2ddf0da0b1092b29f1974fd9f71944129b86732ea13cf56ec3a
                                                                            • Instruction Fuzzy Hash: EB118C72409780AFDB228F15DC44A52FFF4EF09220F0884DEE9854B662C375A458CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DAAEC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LongWindow
                                                                            • String ID:
                                                                            • API String ID: 1378638983-0
                                                                            • Opcode ID: 3b3d8e9d7b432b46427a558a53fe53c4a31cbbd7d0f473e48d07e00506ec5f0c
                                                                            • Instruction ID: 7734c38a8b0c1c01eb62b2f53f4c775d432e12d11df5c93fc28b5b654f50a8e3
                                                                            • Opcode Fuzzy Hash: 3b3d8e9d7b432b46427a558a53fe53c4a31cbbd7d0f473e48d07e00506ec5f0c
                                                                            • Instruction Fuzzy Hash: C81170314097849FD7228F15DC85B52FFB4EF05220F08849AED854B263D375A458CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DA42A, Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ResumeThread.KERNELBASE(?), ref: 014DA480
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ResumeThread
                                                                            • String ID:
                                                                            • API String ID: 947044025-0
                                                                            • Opcode ID: bc56b3919d9eb7aed39daf23ce1e1e3f8860056877639ef9c802aea383f3a39b
                                                                            • Instruction ID: 157446886cbecea3c4ec8666bbed1a0b78151d890dd4f273783493b303201f8b
                                                                            • Opcode Fuzzy Hash: bc56b3919d9eb7aed39daf23ce1e1e3f8860056877639ef9c802aea383f3a39b
                                                                            • Instruction Fuzzy Hash: 6D018475409384AFDB228F15DC44B62FFA8DF46624F0880DAED854B253D275A908CB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05700D66, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05700DAC
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.715414387.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: bbeae59c7eea666368a02c08b0be1ffa10bd4266ee252e4065493e7314f915a3
                                                                            • Instruction ID: 2e5e19961f03fb19574c6d9f615c1c2de38fb8591b9c466ced73a17fae4fe3af
                                                                            • Opcode Fuzzy Hash: bbeae59c7eea666368a02c08b0be1ffa10bd4266ee252e4065493e7314f915a3
                                                                            • Instruction Fuzzy Hash: 42015B39600644DFDB21CF1AD888B66FBE4EF04320F0884AADD468B696D375E459DB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DB9AA, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SystemParametersInfoW.USER32(?,00000E2C,?,?), ref: 014DB9FA
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: InfoParametersSystem
                                                                            • String ID:
                                                                            • API String ID: 3098949447-0
                                                                            • Opcode ID: 7ba06bada832e772eccfb4ba271a46f13a6971e9fbced017b565e1377669fa30
                                                                            • Instruction ID: 3f60ec73a37e782007bada3a666fd9f3205fb10c7a8992fa3f38fc1fb8a5d0ed
                                                                            • Opcode Fuzzy Hash: 7ba06bada832e772eccfb4ba271a46f13a6971e9fbced017b565e1377669fa30
                                                                            • Instruction Fuzzy Hash: 05017171500600AFD754DF1ADC85B36FBA8FB89B20F14856AED089B741E231F915CBA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DB3AA, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 014DB3F5
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LibraryLoadShim
                                                                            • String ID:
                                                                            • API String ID: 1475914169-0
                                                                            • Opcode ID: 654c149292a61f3697cfffaefe5e492dc6a8899a0123bbddacad1a4f883e7491
                                                                            • Instruction ID: 1d84db8d015576ffcce26bce6a92d91fda9b2c04629311517caf2147e90056ab
                                                                            • Opcode Fuzzy Hash: 654c149292a61f3697cfffaefe5e492dc6a8899a0123bbddacad1a4f883e7491
                                                                            • Instruction Fuzzy Hash: 430180716006408FEB60CE1AD884B26FBE8EF05620F08806ADD498B752D674E404CB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DA622, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 014DA666
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 9735456823d43061cd5158979d9e134cccb148c4800c108365c402453b5d47c1
                                                                            • Instruction ID: 2c05ab93606cf64d387bc2324912ff597a95284781ff1aec380d93875d1a3dcc
                                                                            • Opcode Fuzzy Hash: 9735456823d43061cd5158979d9e134cccb148c4800c108365c402453b5d47c1
                                                                            • Instruction Fuzzy Hash: B6015B32500740DFDB228F55D944B56FFA4EF48320F1888AADE894B666D275E414CF62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05700C06, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetThreadContext.KERNELBASE(?,?), ref: 05700C43
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.715414387.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: 598b6d691600a410d613809e2af24731917c49f1acebddf545b310d2f9cfecdd
                                                                            • Instruction ID: d16c97fa5457b68129104f796b197945c2fe72e2316bd45781dfc212692b74cb
                                                                            • Opcode Fuzzy Hash: 598b6d691600a410d613809e2af24731917c49f1acebddf545b310d2f9cfecdd
                                                                            • Instruction Fuzzy Hash: DF017175604644CFDB20CF16D888BA6FBE4EF04730F48D0AADD458B696E374E444DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 057005EE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 05700620
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.715414387.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: 25ea60db7c58a3a90b372316b9fde9a004d3568f4b94e2bae8c65cb387b798a6
                                                                            • Instruction ID: 98d6266b26dcd80b93f73622cc6382a6ea60e591abb8aad2604b6f8bdeaeb2fe
                                                                            • Opcode Fuzzy Hash: 25ea60db7c58a3a90b372316b9fde9a004d3568f4b94e2bae8c65cb387b798a6
                                                                            • Instruction Fuzzy Hash: 84019E71500640CFDB50CF5AD888B66BBE5EB40220F0880AADD498B686D274E404CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05700CB2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05700CF0
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.715414387.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: f92c795c32c456091aa192dfec3be64b762a2c4073e9910b92b46d31dcfaff55
                                                                            • Instruction ID: 23345cb26525638894683bd4318f2c1217682ff9f33920d12ca42ba242be8310
                                                                            • Opcode Fuzzy Hash: f92c795c32c456091aa192dfec3be64b762a2c4073e9910b92b46d31dcfaff55
                                                                            • Instruction Fuzzy Hash: F6019E36500740DFDB208F56D844B66FBE5EF04320F0884AEDD464B696D275E458DB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DA2F6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 014DA346
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ConsoleCtrlHandler
                                                                            • String ID:
                                                                            • API String ID: 1513847179-0
                                                                            • Opcode ID: 3ca0aacebca27976adecf18a416eb6157a1fdc8ba1203431c6ee1ae977cf7ada
                                                                            • Instruction ID: b8275b93e957e5a1c4292e839e49e4bd99ab6b040d7c2295e63af313407c20ea
                                                                            • Opcode Fuzzy Hash: 3ca0aacebca27976adecf18a416eb6157a1fdc8ba1203431c6ee1ae977cf7ada
                                                                            • Instruction Fuzzy Hash: 9201A271500600ABD224DF1ADC82B36FBA8FB89B20F14815AED084B741E231F516CBE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0570124E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 05701289
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.715414387.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 85b7a06df744959bb2ed085c73c90df4c43b1bc8e3ead8a84f5d93b0f810f071
                                                                            • Instruction ID: 9096aad130d28dbc0396782b7331dd72db92f558aa3f206a9b0b361bdfccfefd
                                                                            • Opcode Fuzzy Hash: 85b7a06df744959bb2ed085c73c90df4c43b1bc8e3ead8a84f5d93b0f810f071
                                                                            • Instruction Fuzzy Hash: 04019E31600740CFDB20CF56DC84B65FBE4EF08320F08809ADD458AA96D275E458DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DAF12, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 014DAF50
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AllocVirtual
                                                                            • String ID:
                                                                            • API String ID: 4275171209-0
                                                                            • Opcode ID: e56d959169822efd0e5c507951f0230818a9c796ce504a593f6c75490ffeb57b
                                                                            • Instruction ID: 4ed5734b0570ca87c1129fa9f73abd4df3e0693b6f68ae07fc8c179d02d67fcb
                                                                            • Opcode Fuzzy Hash: e56d959169822efd0e5c507951f0230818a9c796ce504a593f6c75490ffeb57b
                                                                            • Instruction Fuzzy Hash: 50017C725007409FDB218F46D844B66FBA0EF08320F1884DEDE490B6A6D375E459CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05700EC6, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 05700F01
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.715414387.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 58dfc1438802e91163198bc5e3a09f528e51e9e7d2b34d600f23afbd6261abe5
                                                                            • Instruction ID: d01003538788e0c2eac2c722d0ed19411a0b9c6abed3c2dbe457672a7f22ff4a
                                                                            • Opcode Fuzzy Hash: 58dfc1438802e91163198bc5e3a09f528e51e9e7d2b34d600f23afbd6261abe5
                                                                            • Instruction Fuzzy Hash: 00018B71500740DFDB20CF56D888B66FBE1EF08320F08D49ADE494B696D375E558EBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DAB0E, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LongWindow
                                                                            • String ID:
                                                                            • API String ID: 1378638983-0
                                                                            • Opcode ID: a318831c43ed33ff14ed0485cdba3798f0b3ff95eb3752ad5e09f748ae0a6a0b
                                                                            • Instruction ID: acdf3279d3a6c711d2a00c393958829dc81fdfe614f955a4a6f7ea5e582c7e21
                                                                            • Opcode Fuzzy Hash: a318831c43ed33ff14ed0485cdba3798f0b3ff95eb3752ad5e09f748ae0a6a0b
                                                                            • Instruction Fuzzy Hash: DA01AD315047408FDB208F0AD884B22FBA0EF04720F18C89ADE460B766D3B5E409CFB2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DA44E, Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ResumeThread.KERNELBASE(?), ref: 014DA480
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702846756.00000000014DA000.00000040.00000001.sdmp, Offset: 014DA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ResumeThread
                                                                            • String ID:
                                                                            • API String ID: 947044025-0
                                                                            • Opcode ID: 34e1eeb96934b27ce2e1a3cf7aaf0957c75f2f75d98061480b84e40e641a1ff9
                                                                            • Instruction ID: 6dd302594a56cf0aa30e5f49eb9e1100eab0e5c1d670bb878166b9e94375a528
                                                                            • Opcode Fuzzy Hash: 34e1eeb96934b27ce2e1a3cf7aaf0957c75f2f75d98061480b84e40e641a1ff9
                                                                            • Instruction Fuzzy Hash: C5F0A4355043408FDB208F1AD888761FB94DF04320F18C4ABDD454B756E279E444CEA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0312025D, Relevance: .4, Instructions: 436COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.703142065.0000000003120000.00000040.00000040.sdmp, Offset: 03120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5be7bca56c53f505083f2094ce88c978bc066b4e024d39a807aa18298d156169
                                                                            • Instruction ID: 1f30cbd788ba5fbe8a9a7333dd23185c96ce55d5b6431e707b66b170032ba3a7
                                                                            • Opcode Fuzzy Hash: 5be7bca56c53f505083f2094ce88c978bc066b4e024d39a807aa18298d156169
                                                                            • Instruction Fuzzy Hash: 8E31312254E7C24FD7038B74A8612A0BFB0AE47225B0E85EBC4C5CF5A3D25D599AC732
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C014A, Relevance: .3, Instructions: 288COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 234d11f7d2d168d68a22877b5c294cc798eef540aa0a1a37f74d53c5887b44b7
                                                                            • Instruction ID: a0377c7db60a3de3e987a8ee6a44d311baba1fe1549d635cc1843d764acd8329
                                                                            • Opcode Fuzzy Hash: 234d11f7d2d168d68a22877b5c294cc798eef540aa0a1a37f74d53c5887b44b7
                                                                            • Instruction Fuzzy Hash: B2D1AF74E01209CFCB54DFA8D494A9DBBB2FF89312F20856AD905AB364DB35AD42CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C0158, Relevance: .3, Instructions: 281COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f7d64d81302db570c7cb47b6b8dda0685996a8dba8673a44c84602c717b85b50
                                                                            • Instruction ID: dc7dd836ad52eb3ced3b249bc5f2d827b358596de859c2cd91e557dd9a0633e6
                                                                            • Opcode Fuzzy Hash: f7d64d81302db570c7cb47b6b8dda0685996a8dba8673a44c84602c717b85b50
                                                                            • Instruction Fuzzy Hash: 9CD1BD74E01209CFCB54DFA8D49499DBBB2FF89312F20856AD905AB364DB35AD42CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C34F1, Relevance: .2, Instructions: 195COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b40517fb50ceef392f9f514986b94c3637b3381c729710e4669d5dd111ebc360
                                                                            • Instruction ID: e0b3e2bc7e2c479e9d81a02ba91f60c9f700eda6870dfdf5128da474e72d56de
                                                                            • Opcode Fuzzy Hash: b40517fb50ceef392f9f514986b94c3637b3381c729710e4669d5dd111ebc360
                                                                            • Instruction Fuzzy Hash: F691F274E00228DFDB24DFA8C884BEDBBB2BF09314F1185D9D509AB261DB719A85CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 06CB1674, Relevance: .2, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.717667167.0000000006CB0000.00000040.00000001.sdmp, Offset: 06CB0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 01c190e0164652a833fabacc9bbf71e91bd5ecee7335a6804502f49ade0600e5
                                                                            • Instruction ID: 6feea47dbc2849a4234dcda8e6338ef96e5a6df65509eb18806f55f1076dccdf
                                                                            • Opcode Fuzzy Hash: 01c190e0164652a833fabacc9bbf71e91bd5ecee7335a6804502f49ade0600e5
                                                                            • Instruction Fuzzy Hash: 46716B70C45229CFEBA4CF25C8587ECB7B5BB46304F14A1EAC01AA3691DB744AC8CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C28B0, Relevance: .1, Instructions: 136COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 920d370fc1f4955834a023cf00ac1c75f358b32b37bc0f6e915d8efa20afc118
                                                                            • Instruction ID: bd9b4788f6b2c0412d3f39852ea7e5aadf533cbe367a37d91148ca05facf6c52
                                                                            • Opcode Fuzzy Hash: 920d370fc1f4955834a023cf00ac1c75f358b32b37bc0f6e915d8efa20afc118
                                                                            • Instruction Fuzzy Hash: EB51E378D04258DFDB18DFE6D8487EDBBB2BF88304F108069D4456B294DBB95A85CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C28A0, Relevance: .1, Instructions: 115COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 485412937ef9444156fcc2eee8963c11814796a816677eee7930c3fcd6863e36
                                                                            • Instruction ID: 33b541fae86abee60aa2e9eeda459f3d09451faaa32d1228a2eaaa28143fc7d6
                                                                            • Opcode Fuzzy Hash: 485412937ef9444156fcc2eee8963c11814796a816677eee7930c3fcd6863e36
                                                                            • Instruction Fuzzy Hash: CA41C279D012489FDB14DFE5D8447EEBBB2FF88304F208069D8056B2A4D7795A86CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C0006, Relevance: .1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ed2480c32aaf1ff07f0b11eb3c7f0d39ec1477e2bfdf3e5f06627af717481372
                                                                            • Instruction ID: b516e82a1d3fb90ef1a414e0373437b2d2b7060d9f474a610bc70b0816429cb5
                                                                            • Opcode Fuzzy Hash: ed2480c32aaf1ff07f0b11eb3c7f0d39ec1477e2bfdf3e5f06627af717481372
                                                                            • Instruction Fuzzy Hash: A2115E6145E3C44FC7079BB4986AA997FB0AF03215B0A48EFC880DB1A3D66C9849C766
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0312075C, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.703142065.0000000003120000.00000040.00000040.sdmp, Offset: 03120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cd35b90b71bc63f820173f6c86f972ae4c025f8a6e76eb000e166907b91a5e6d
                                                                            • Instruction ID: d542b74e2bddfb2e13d0eebcded9c3b44996af72f64b41577f604118f7916f52
                                                                            • Opcode Fuzzy Hash: cd35b90b71bc63f820173f6c86f972ae4c025f8a6e76eb000e166907b91a5e6d
                                                                            • Instruction Fuzzy Hash: FD11A235204644DFD315CB14C980B26BF95AB4C708F28C6ACE9890B652C77BD853CE51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03120818, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.703142065.0000000003120000.00000040.00000040.sdmp, Offset: 03120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                                            • Instruction ID: 368de3f51a663e7641879940324e2fe44cdee0e98e0817329de4cb842e7e636a
                                                                            • Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                                            • Instruction Fuzzy Hash: 64F0FB35104644DFC206CB40D940B26FBA6EB8D718F24C6A9E9890B762C337D823DA81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C3308, Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 88c654f1961185905ea3bc8088708058a7cde1077eea671375bd74d4d642cfae
                                                                            • Instruction ID: 98e1d8e8b29d8c9e52180b6ebc7fa854a9db45fec2a1be58c4725b9a0b2e7a4a
                                                                            • Opcode Fuzzy Hash: 88c654f1961185905ea3bc8088708058a7cde1077eea671375bd74d4d642cfae
                                                                            • Instruction Fuzzy Hash: 22F030328881089FC714DADCE8457997FB8FB04732F2585AADC0497391C6396545DB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 031205F6, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.703142065.0000000003120000.00000040.00000040.sdmp, Offset: 03120000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 92d6b0c9be5b0d1fb1d91a77cd89bf8e407653d2370b753ef86f2b0c8a6a1a42
                                                                            • Instruction ID: 8b5c517de4acea591ece3d99fa59dae9cc7ce40df95a1f5b573391352ca1184d
                                                                            • Opcode Fuzzy Hash: 92d6b0c9be5b0d1fb1d91a77cd89bf8e407653d2370b753ef86f2b0c8a6a1a42
                                                                            • Instruction Fuzzy Hash: 7BE06D766046005BD650CF0AEC41862FBD8EB84630718C06BDC0D8B701E535F5048EA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C0070, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a1ea4c46d18defc291b50241e9b9fee5fd85986d06ff7f320e0028d5fa9d5587
                                                                            • Instruction ID: 0f5957972e245560c85444dc40acaf7efcf01f764039b0f58331ec1553c98066
                                                                            • Opcode Fuzzy Hash: a1ea4c46d18defc291b50241e9b9fee5fd85986d06ff7f320e0028d5fa9d5587
                                                                            • Instruction Fuzzy Hash: E2E0DF708622089AC708FBB8800992DBFB0AB42205F0019BD800137290DE35A921C799
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C3360, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4507f7f6257017d37c92374e5ccf2c5cb850923055737d8a0c6b789275c777d9
                                                                            • Instruction ID: 738cbfdddc729c0b1a4c55fbbf14b75ee0342775c4101b50ea4c118e434aced6
                                                                            • Opcode Fuzzy Hash: 4507f7f6257017d37c92374e5ccf2c5cb850923055737d8a0c6b789275c777d9
                                                                            • Instruction Fuzzy Hash: 3FE06D31C441089FCB10DE98E44579CBBB4FB04322F1081AADC0467341C7346541CB85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C00C0, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 49516420690c7966ebd55c39c34d4e67913ea106720e6727cb6a0cd877a6bfbe
                                                                            • Instruction ID: 0bf8a9d61b89517d317f1351d01573783417d395bc1e5308b730317dd4268f3c
                                                                            • Opcode Fuzzy Hash: 49516420690c7966ebd55c39c34d4e67913ea106720e6727cb6a0cd877a6bfbe
                                                                            • Instruction Fuzzy Hash: D6E02270109248CFC701DBB8E808A4C7BB8FB01326B21418AC809A7272DB706E00CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 06CB069C, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.717667167.0000000006CB0000.00000040.00000001.sdmp, Offset: 06CB0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dffd6f59ef78bf20a8bbbdecb5ca733570d39f851372152a845abbcea4f6bca1
                                                                            • Instruction ID: 359ddb60d661607cccb7c9efd61be4a98339d79898a6f37f3ded91b8deaad42f
                                                                            • Opcode Fuzzy Hash: dffd6f59ef78bf20a8bbbdecb5ca733570d39f851372152a845abbcea4f6bca1
                                                                            • Instruction Fuzzy Hash: 0AF03075D042189FDB10CF51CC49BEDBBB8AB19311F0450D5A20EA61D0CB705B84DF64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055CDA90, Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e60fe58ab395e1ec58f4527550ee6ad970fb1b9840b47728cd4c1cea74fb1e4c
                                                                            • Instruction ID: 4b935da541a531a124544e71dda98a188cf4887790f77bbada85b111bd0c7c5f
                                                                            • Opcode Fuzzy Hash: e60fe58ab395e1ec58f4527550ee6ad970fb1b9840b47728cd4c1cea74fb1e4c
                                                                            • Instruction Fuzzy Hash: 11E08C30909208DFDB14FFA0E849ABDBFB5FB46306F1052A8C9096739ADB716D45CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055CA0F3, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 315febc67139a5922434eff822a1646e4cf925e8553c8f7687ea86340bc7c2f7
                                                                            • Instruction ID: f57043197b156a88b38291dfd0e5d66b8d3823c6589b7bd7c5516dcd246cc6ca
                                                                            • Opcode Fuzzy Hash: 315febc67139a5922434eff822a1646e4cf925e8553c8f7687ea86340bc7c2f7
                                                                            • Instruction Fuzzy Hash: A6F06274901259CFCB60DFA4D958798BBB1FB48315F1085DAC80EA6295DB305E85CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 055C00D0, Relevance: .0, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.714943198.00000000055C0000.00000040.00000001.sdmp, Offset: 055C0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2262438a16676a77df71366b9c22a5b8d3eb84b77163280e378ad5e432cc721c
                                                                            • Instruction ID: 9c47b16b35c22a4e8262d73e52f41378cc17a8c33ac4a10f68b1b42926bc34af
                                                                            • Opcode Fuzzy Hash: 2262438a16676a77df71366b9c22a5b8d3eb84b77163280e378ad5e432cc721c
                                                                            • Instruction Fuzzy Hash: 77E0C270501208DBCB10EFB8E408A5C7BA8FB00325F20459DC90967264DFB06E00CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014D23F4, Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702836721.00000000014D2000.00000040.00000001.sdmp, Offset: 014D2000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 080ad6026d8ffa4e13a91af2c772730978055c4fccee3b56cbe5ebf1e78f2c47
                                                                            • Instruction ID: 723ab6d850aaa526d196417b50e54f295fa7e1ccc0997715faee8fb17fbc3767
                                                                            • Opcode Fuzzy Hash: 080ad6026d8ffa4e13a91af2c772730978055c4fccee3b56cbe5ebf1e78f2c47
                                                                            • Instruction Fuzzy Hash: A2D05E79205AA14FE7278A1CC1B8F963FE4AB51B04F4644FAEC008B777C3A9D681D200
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014D23BC, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.702836721.00000000014D2000.00000040.00000001.sdmp, Offset: 014D2000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 58cb0843ca87925a06523081292d8e489abf739b15160f6c209436e17e6c53b7
                                                                            • Instruction ID: 7d3f07262de79ef42588d39f7bb4ac2a6058d8529ed514ef80356d854d5aee27
                                                                            • Opcode Fuzzy Hash: 58cb0843ca87925a06523081292d8e489abf739b15160f6c209436e17e6c53b7
                                                                            • Instruction Fuzzy Hash: 53D05E342002814BDB15DB1CC1A4F5A3BD4AB81B00F0644E9ED008B376CBF4D881C600
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Analysis Process: dhcpmon.exe PID: 2460 Parent PID: 968 dhcpmon.exeCOMMON

                                                                            Executed Functions

                                                                            Function 05EF06E5, Relevance: 3.4, Strings: 2, Instructions: 898COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.724086021.0000000005EF0000.00000040.00000001.sdmp, Offset: 05EF0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ($>_kq
                                                                            • API String ID: 0-3093543653
                                                                            • Opcode ID: 9aa3d2fe5f1904e2dbb21c94dfd632effc8766f8d5103c9960607126733c0868
                                                                            • Instruction ID: f2a189987d8ef015bdaddc1f16f543b3ce07a8d4218c7432fbb4b4097d259ff9
                                                                            • Opcode Fuzzy Hash: 9aa3d2fe5f1904e2dbb21c94dfd632effc8766f8d5103c9960607126733c0868
                                                                            • Instruction Fuzzy Hash: 4082E170D46229CFDB64DF65C848BEDB7B6BB49304F10A1E9818EA7291EB744AC5CF01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02560006, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.713112579.0000000002560000.00000040.00000001.sdmp, Offset: 02560000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ClassUnregister
                                                                            • String ID:
                                                                            • API String ID: 3159089293-0
                                                                            • Opcode ID: 073d863d8ae9c3b70eb63d546675ce4b4bbaf45de55b605792634726dbf3493e
                                                                            • Instruction ID: 6f74fc5238713824fc36b4fc089a6b9c55750854b2b42de51a8967ee7b36657a
                                                                            • Opcode Fuzzy Hash: 073d863d8ae9c3b70eb63d546675ce4b4bbaf45de55b605792634726dbf3493e
                                                                            • Instruction Fuzzy Hash: B6215B6049F3C05FC71797745C765AA7F709E43204B0A84EBD0C1DB0A3D52C592AD366
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04C70361, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DrawTextExW.USER32(?,?,?,?,?), ref: 04C703E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.719916558.0000000004C70000.00000040.00000001.sdmp, Offset: 04C70000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DrawText
                                                                            • String ID:
                                                                            • API String ID: 2175133113-0
                                                                            • Opcode ID: 6ae7bee4d8217218a59f3d85b83aca9e1229851257a7c02096b643073ed3b68f
                                                                            • Instruction ID: 68ee0cea3ba11d4f39a4d4d4428480dcb60853ed56e2ba9b92244ff08cae65b8
                                                                            • Opcode Fuzzy Hash: 6ae7bee4d8217218a59f3d85b83aca9e1229851257a7c02096b643073ed3b68f
                                                                            • Instruction Fuzzy Hash: 1F2190715093849FDB22CF25DC44B52BFF4EF06214F09859AE9848F563D275E908CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04C70D2C, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04C70DAC
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.719916558.0000000004C70000.00000040.00000001.sdmp, Offset: 04C70000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: 1e04eb52af63b4715cfc1becabb6bcf71ccc4a7edcb666fab18d7f7f134e6395
                                                                            • Instruction ID: 180cf3111375f4b6f95bb71f7166111d5e96b318067ea7b2b78715ec5bc90147
                                                                            • Opcode Fuzzy Hash: 1e04eb52af63b4715cfc1becabb6bcf71ccc4a7edcb666fab18d7f7f134e6395
                                                                            • Instruction Fuzzy Hash: 2B21AF761097C09FD7128F25DC85A96FFB4EF06210F0984DEE9858B563D224A948DB21
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04C70E8D, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 04C70F01
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.719916558.0000000004C70000.00000040.00000001.sdmp, Offset: 04C70000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 146723e7887904efb06bec8fcca171fa8cd7cc20944ebe19ebe8de206adf27d1
                                                                            • Instruction ID: 994a72ca9641fe8c5cbdf219d7642ff188d6265330cd7713511790fa245bf780
                                                                            • Opcode Fuzzy Hash: 146723e7887904efb06bec8fcca171fa8cd7cc20944ebe19ebe8de206adf27d1
                                                                            • Instruction Fuzzy Hash: ED219A724093C09FDB238F25DC44A92FFB4EF07220F0985DBE9848F163D225A918DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04C70C8B, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04C70CF0
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.719916558.0000000004C70000.00000040.00000001.sdmp, Offset: 04C70000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: 754e0757d6b392a3e801e11d954bdc1372eb346eb1722ec2f14a8070449e2980
                                                                            • Instruction ID: 74f6456450d95f79c9e70099dc26c936723243c8f0ace71c4cfee7a31daaa8f4
                                                                            • Opcode Fuzzy Hash: 754e0757d6b392a3e801e11d954bdc1372eb346eb1722ec2f14a8070449e2980
                                                                            • Instruction Fuzzy Hash: 2F11E2760097809FDB228F21DC40A52FFB4EF06220F08C0DEED858B563C275A558DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04C7121F, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 04C71289
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.719916558.0000000004C70000.00000040.00000001.sdmp, Offset: 04C70000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 5dfbf778eee095aff7244b02841a4b7c438e108bb484ec7bd60339892e887199
                                                                            • Instruction ID: 6eebcfc55548a8977e2bd711ca31d2247ce4ff335ef3a73a9102327ee5b6dcba
                                                                            • Opcode Fuzzy Hash: 5dfbf778eee095aff7244b02841a4b7c438e108bb484ec7bd60339892e887199
                                                                            • Instruction Fuzzy Hash: F1119071509780AFDB228F15DC45B62FFB4EF06224F08849EED858B663D275A518CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04C70BE4, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetThreadContext.KERNELBASE(?,?), ref: 04C70C43
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.719916558.0000000004C70000.00000040.00000001.sdmp, Offset: 04C70000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: c42fd9efe5b5f534b437f58bf27b5956a92f99e627a8aedda7c0a0fc555b8d68
                                                                            • Instruction ID: 1d7e82fcc06289681c3bece2f23ea0a7caec68a7ef7702215c3bd591bf5106bd
                                                                            • Opcode Fuzzy Hash: c42fd9efe5b5f534b437f58bf27b5956a92f99e627a8aedda7c0a0fc555b8d68
                                                                            • Instruction Fuzzy Hash: 76119E755093849FD721CF26DC85B52FFE8EF06220F0984AEED458F262D274E948CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04C70392, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DrawTextExW.USER32(?,?,?,?,?), ref: 04C703E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.719916558.0000000004C70000.00000040.00000001.sdmp, Offset: 04C70000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DrawText
                                                                            • String ID:
                                                                            • API String ID: 2175133113-0
                                                                            • Opcode ID: ddade24467e60741d75b31c4bf60776031fa841eaf04eded98cc7764f77f8d6c
                                                                            • Instruction ID: 402d7f229176b2cd25d0f6f1b0de63275ac1ce757c0164c5ac11de31970494de
                                                                            • Opcode Fuzzy Hash: ddade24467e60741d75b31c4bf60776031fa841eaf04eded98cc7764f77f8d6c
                                                                            • Instruction Fuzzy Hash: C1117C716003449FEB20CF66D884B62FBE8EF04320F0884AADD458B652E775F504DB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04C70D66, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04C70DAC
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.719916558.0000000004C70000.00000040.00000001.sdmp, Offset: 04C70000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: 79764b225f063f85dec08c5c46cc109244e1eccd25737e61b8496b7eb7beac3f
                                                                            • Instruction ID: 80bd89cc056c01e4440b9e556d7260810d6cc2d08f5355b6159d9dc1284e1573
                                                                            • Opcode Fuzzy Hash: 79764b225f063f85dec08c5c46cc109244e1eccd25737e61b8496b7eb7beac3f
                                                                            • Instruction Fuzzy Hash: 6E01AD356007008FDB20CF1AD884BA6FBE4EF14320F08C0AADD458B656D375F508DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04C70C06, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetThreadContext.KERNELBASE(?,?), ref: 04C70C43
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.719916558.0000000004C70000.00000040.00000001.sdmp, Offset: 04C70000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: 85461f1a6c40a70b0166542c2ceb1b5e765cc6cd6541ae9354db989a3c3fa4ab
                                                                            • Instruction ID: 860b68660b30d1b86625420efe80b08338df4569ad43b082254acef2d161e998
                                                                            • Opcode Fuzzy Hash: 85461f1a6c40a70b0166542c2ceb1b5e765cc6cd6541ae9354db989a3c3fa4ab
                                                                            • Instruction Fuzzy Hash: 14017C756012448FEB208F1AD884B66FFE8EF04720F08C4AADD458B656E774E948CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04C70CB2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04C70CF0
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.719916558.0000000004C70000.00000040.00000001.sdmp, Offset: 04C70000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: 770c4064d9c819841e1c913d9187970400070a1f7d93c7275aebbcb4f7e83b7d
                                                                            • Instruction ID: c51b0c974c035721524c8a1ef36960b692be5afd76187c0a16f626c53e4df701
                                                                            • Opcode Fuzzy Hash: 770c4064d9c819841e1c913d9187970400070a1f7d93c7275aebbcb4f7e83b7d
                                                                            • Instruction Fuzzy Hash: 95019E326007409FDB208F56D844B66FFA4EF08320F08C4AEDD454B656D275F458DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04C7124E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 04C71289
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.719916558.0000000004C70000.00000040.00000001.sdmp, Offset: 04C70000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 91fa27268e909ea11c0df717a264158d832a81459a5bc6d1fdd583eea7b48611
                                                                            • Instruction ID: 890fa886f982c7b801f271b2a289201c80a32b41e8599c2c927edf87aacb8313
                                                                            • Opcode Fuzzy Hash: 91fa27268e909ea11c0df717a264158d832a81459a5bc6d1fdd583eea7b48611
                                                                            • Instruction Fuzzy Hash: 0901BC316007409FDB208F5AD884B66FBA0EF04320F0CC1AEDE458BB56E675E518DBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04C70EC6, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 04C70F01
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.719916558.0000000004C70000.00000040.00000001.sdmp, Offset: 04C70000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: e2be8409d24bad29b81abfa62eb5cfb1ca6d9dc1a29dfa90603db136af0aef30
                                                                            • Instruction ID: cc6b2d50830bd876d1ca5a49c6355daefb014b3b5c9e2afbf3bf0ba4c5119ece
                                                                            • Opcode Fuzzy Hash: e2be8409d24bad29b81abfa62eb5cfb1ca6d9dc1a29dfa90603db136af0aef30
                                                                            • Instruction Fuzzy Hash: 14018B315003409FDB208F56D884B66FBA0EF08320F08C49ADE894B656E375F558DBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02560070, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.713112579.0000000002560000.00000040.00000001.sdmp, Offset: 02560000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ClassUnregister
                                                                            • String ID:
                                                                            • API String ID: 3159089293-0
                                                                            • Opcode ID: 89879d960f09cb9633b71feab2a212ee7c5511af6353d757a884f531777e7436
                                                                            • Instruction ID: 3514073dce27f76194e2058c59cdb22712d9075cf50afa4a09feeb488219e10b
                                                                            • Opcode Fuzzy Hash: 89879d960f09cb9633b71feab2a212ee7c5511af6353d757a884f531777e7436
                                                                            • Instruction Fuzzy Hash: 82E04F71A62208AACB18FBB8945A66DBF70AF42304F1058BD940523290DE39A961C799
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05EF1674, Relevance: .2, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.724086021.0000000005EF0000.00000040.00000001.sdmp, Offset: 05EF0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 047f36fa5c92c09a8cd94fd4567e1e28c3e873ce6ea43325049b6da8bf774f6e
                                                                            • Instruction ID: b69d9369317dc4a7c33a007c4e4d553d30bb4b69d19036d03ca97d85148d3412
                                                                            • Opcode Fuzzy Hash: 047f36fa5c92c09a8cd94fd4567e1e28c3e873ce6ea43325049b6da8bf774f6e
                                                                            • Instruction Fuzzy Hash: 8D715A70D4522DCFDB28DF25C8447ECB7B6BB46304F10A1E9C19AA2191EB744AC5CF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02620726, Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.713226766.0000000002620000.00000040.00000040.sdmp, Offset: 02620000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1c472c2379115c87fc7ac2d2aba4722565210910b827b70fdc1fdaffe829bbf3
                                                                            • Instruction ID: ce8a451ca0fe7df8d1327b4533c15c56c2c84a4fd4d78c4204ed4d63026d74f1
                                                                            • Opcode Fuzzy Hash: 1c472c2379115c87fc7ac2d2aba4722565210910b827b70fdc1fdaffe829bbf3
                                                                            • Instruction Fuzzy Hash: 6E216D361097C09FD703CB20D851B55BFB1AF57714F2986DAD8848B6A3C73A981ACB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0262075C, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.713226766.0000000002620000.00000040.00000040.sdmp, Offset: 02620000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2115279d3fcd5b8f466c77b5ab4217b6f0e0ac0923b854abdcf89a77c2b611d3
                                                                            • Instruction ID: 24499edbb6f298b30450f01b0243b5f676d721aa028da4560c472fab45e77ff3
                                                                            • Opcode Fuzzy Hash: 2115279d3fcd5b8f466c77b5ab4217b6f0e0ac0923b854abdcf89a77c2b611d3
                                                                            • Instruction Fuzzy Hash: 5F11D634204744DFD715CB14C980B26BB95EB58708F24C5ACE9490B752C77BD807CE51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 026205CF, Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.713226766.0000000002620000.00000040.00000040.sdmp, Offset: 02620000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 39d9ab5918edc7bda79cc183fcde110702f23ef8daf14313196b8484e89117f7
                                                                            • Instruction ID: 1afb2ae12db16b5b7fa0f69991a0cff74a7c7ab605dfe382f1fe4052ec9d3b79
                                                                            • Opcode Fuzzy Hash: 39d9ab5918edc7bda79cc183fcde110702f23ef8daf14313196b8484e89117f7
                                                                            • Instruction Fuzzy Hash: 68F0F9765097806FC7118F16EC41893FFE8DF8623070984ABEC89CB212D125B909CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02620818, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.713226766.0000000002620000.00000040.00000040.sdmp, Offset: 02620000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                                            • Instruction ID: 92317c43fc9087e7d4b6dcf4f009a908218388763da1a934d15318a398bb267a
                                                                            • Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                                            • Instruction Fuzzy Hash: 1AF01D35108644DFC706CF40D940B26FBA2EB89718F24C6ADE9490B762C337D813DE81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 026205F6, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.713226766.0000000002620000.00000040.00000040.sdmp, Offset: 02620000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7ac40d36008766c92591560f7252cc192e9fd5eccd74d6967f472d093167b567
                                                                            • Instruction ID: 6d2adf52397f420842934357f1835cdea3cd3b496e31ea7c5080c3dfeea75eb1
                                                                            • Opcode Fuzzy Hash: 7ac40d36008766c92591560f7252cc192e9fd5eccd74d6967f472d093167b567
                                                                            • Instruction Fuzzy Hash: 4AE092766007005BD650CF0AEC41462FBD8EB84630B18C07FDC0D8B701E535F504CEA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05EF069C, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000008.00000002.724086021.0000000005EF0000.00000040.00000001.sdmp, Offset: 05EF0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dffd6f59ef78bf20a8bbbdecb5ca733570d39f851372152a845abbcea4f6bca1
                                                                            • Instruction ID: c39d1bdacba6e9f95c64534fd46049c6c9952792284eaec0d76c53bd15c21dc2
                                                                            • Opcode Fuzzy Hash: dffd6f59ef78bf20a8bbbdecb5ca733570d39f851372152a845abbcea4f6bca1
                                                                            • Instruction Fuzzy Hash: 04F01C75D042289EDB10CB51CC49BECBBB9AB09300F0090D5A24EA6191DA705B80DF64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Analysis Process: dhcpmon.exe PID: 7160 Parent PID: 3424 dhcpmon.exeCOMMON

                                                                            Executed Functions

                                                                            Function 06B506E5, Relevance: 3.4, Strings: 2, Instructions: 898COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.733947974.0000000006B50000.00000040.00000001.sdmp, Offset: 06B50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ($>_kq
                                                                            • API String ID: 0-3093543653
                                                                            • Opcode ID: e6495150cc3a6ca32371f97b7f125ece02e8f807a1b93afde6965aceafca537c
                                                                            • Instruction ID: 1aae61a6d3bec2c4c9565a6c5006da5dcad122c1ee25aa234b84acfa18c487a6
                                                                            • Opcode Fuzzy Hash: e6495150cc3a6ca32371f97b7f125ece02e8f807a1b93afde6965aceafca537c
                                                                            • Instruction Fuzzy Hash: F682F4B0D46229CFEBA4EF28C8487EDB7B5AB4A304F1191E9C45DA7291DB744AC4CF41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F0868, Relevance: 3.2, Strings: 1, Instructions: 1914COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `-Qp
                                                                            • API String ID: 0-3646087301
                                                                            • Opcode ID: 68c44ba11cf0287d7ba7bb2e335dd60d4255c2f827622e081e572986b06ab3f6
                                                                            • Instruction ID: 26a2a222086aeeecca18c56708414750716da9f1250ff3f298c1b8070b1e1159
                                                                            • Opcode Fuzzy Hash: 68c44ba11cf0287d7ba7bb2e335dd60d4255c2f827622e081e572986b06ab3f6
                                                                            • Instruction Fuzzy Hash: 3613E734A41219DFDB65DB24C894AE9B7B2FF4A308F5541F8E409AB361CB35AE85CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F0878, Relevance: 3.2, Strings: 1, Instructions: 1903COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `-Qp
                                                                            • API String ID: 0-3646087301
                                                                            • Opcode ID: 2e9ec36ad8c00d26868665e274036b3b19c15fb383ff3f423403cb4ddbef6fc4
                                                                            • Instruction ID: 4c713691275dc158eee585051f149fd00571301d324b1feb6d8258ef4463ad39
                                                                            • Opcode Fuzzy Hash: 2e9ec36ad8c00d26868665e274036b3b19c15fb383ff3f423403cb4ddbef6fc4
                                                                            • Instruction Fuzzy Hash: 6C13E734A41219DFDB65DB24C894AE9B7B2FF4A308F5541F8E409AB361CB35AE85CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F0608, Relevance: .2, Instructions: 169COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1a0e26a2c4ba63e125d95ccc3e81a0dcd9080d3728057be40b7c7932e9027847
                                                                            • Instruction ID: 6e1c8e17f386327f45bdaf13ef4bacec15e7ec8d274fa092fc11e9eeb6dcbb8d
                                                                            • Opcode Fuzzy Hash: 1a0e26a2c4ba63e125d95ccc3e81a0dcd9080d3728057be40b7c7932e9027847
                                                                            • Instruction Fuzzy Hash: CF71C270D01219CFDB28DFA9C890A9EBBB3BF89304F20856DD509AB355DB359985CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F30C0, Relevance: .2, Instructions: 161COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 71eb5df1f4e0f4f3a6f13f1ea1524f64c50b187e9342b072c2f26675af319913
                                                                            • Instruction ID: c990ed21e00fe769229f9e939b7b20050045d250e2d197d041e38741a2310847
                                                                            • Opcode Fuzzy Hash: 71eb5df1f4e0f4f3a6f13f1ea1524f64c50b187e9342b072c2f26675af319913
                                                                            • Instruction Fuzzy Hash: 3661A2B4E09248DFDB24DFA9D844A9EFBF6BF89300F20806AD909AB355D7355945CF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F30D0, Relevance: .2, Instructions: 153COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: def70afa31f4fcb54dc257af1eccf05054cb745a6b45deae7745aad8831af5c9
                                                                            • Instruction ID: bb41af2b3f2e5d7e8c76e74a272d4226375e37218f1706f89f4be14c66175abb
                                                                            • Opcode Fuzzy Hash: def70afa31f4fcb54dc257af1eccf05054cb745a6b45deae7745aad8831af5c9
                                                                            • Instruction Fuzzy Hash: 136192B4E09208DFDB54DFA9D884A9EFBF6BF88300F20816AD909A7354DB345945CF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F2F30, Relevance: .1, Instructions: 122COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: baa1464b6bbd09c15f7007bcb9d371bd4ec7fac72070ba88bff3fa5b58af6f2b
                                                                            • Instruction ID: 918f3304ae2423b688c81d6f50592d06a0211d3618c98a032f3bf4eb30151c5e
                                                                            • Opcode Fuzzy Hash: baa1464b6bbd09c15f7007bcb9d371bd4ec7fac72070ba88bff3fa5b58af6f2b
                                                                            • Instruction Fuzzy Hash: C1517FB4D01208DFEB08DFAAC5447AEFBF2BF88304F2480A9D505A7361D7759A85DB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F9950, Relevance: .1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cb975b2dc718d2dad94d3a4ea30b633d1c789bf2fa962558cf7e54a1e97ce228
                                                                            • Instruction ID: dd7d93c904bef1c534f7ac46a935d83ef5aa4c7ecfaa4e96129ae642f0a658ab
                                                                            • Opcode Fuzzy Hash: cb975b2dc718d2dad94d3a4ea30b633d1c789bf2fa962558cf7e54a1e97ce228
                                                                            • Instruction Fuzzy Hash: 8C21EB71D056499BEB19CFABD84429EFFF7BFC9204F18C1AAD948A7259EB3005068B11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F9960, Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e2e9b6a8f2130cd9f9004285a7309b645fff1e2f90eb7fc669145ed2864194a0
                                                                            • Instruction ID: 4ebe61e898c932cc48c4a62d5e3d032348fd12ea2b8e558dc6016a73606d6c97
                                                                            • Opcode Fuzzy Hash: e2e9b6a8f2130cd9f9004285a7309b645fff1e2f90eb7fc669145ed2864194a0
                                                                            • Instruction Fuzzy Hash: 45118671E056199BEB18DFABD94469EFAF7BFC8304F14C17AD908A6218EB3405068F40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F99F6, Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 683de70e0f995ab5e2c9ae700076364f9a5b9ede7914ba21a6e1b0df6a915e2a
                                                                            • Instruction ID: 182b61fea0cb458ee82614f31bc574712c3e7f35f0e88ed7c3e512a3f059b07f
                                                                            • Opcode Fuzzy Hash: 683de70e0f995ab5e2c9ae700076364f9a5b9ede7914ba21a6e1b0df6a915e2a
                                                                            • Instruction Fuzzy Hash: 021183B1E05619DBEB18CFABC94469EFAF7BFC8304F14C16AD509A6218EB3409068F10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05810361, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DrawTextExW.USER32(?,?,?,?,?), ref: 058103E3
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.731584021.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DrawText
                                                                            • String ID:
                                                                            • API String ID: 2175133113-0
                                                                            • Opcode ID: e258cb564dab182dcb49ec421d49da4354f2fe9ed080bb2ae91701b71ad8f01c
                                                                            • Instruction ID: b5b2c99819ae5eee4958703be5bfebb5f9c3de5c660580dcf212be0d87caedfc
                                                                            • Opcode Fuzzy Hash: e258cb564dab182dcb49ec421d49da4354f2fe9ed080bb2ae91701b71ad8f01c
                                                                            • Instruction Fuzzy Hash: A92190715093849FDB22CF25DC84B62BFF8EF06214F09849AED85CB562D275E848CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05810D2C, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05810DAC
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.731584021.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: aa68f42ef60fa98ea9cff5f988cf780d8eb50b2957b4b5281d1f0dcb5ca7d80e
                                                                            • Instruction ID: 66b08b07fa844a0a9079c753f741899f1f588367e9619f4d5e78c3370b643625
                                                                            • Opcode Fuzzy Hash: aa68f42ef60fa98ea9cff5f988cf780d8eb50b2957b4b5281d1f0dcb5ca7d80e
                                                                            • Instruction Fuzzy Hash: E921B0765097C09FD7228B25DC85AA6FFF4EF07210F0984DEEC858B563D224A848DB22
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05810E8D, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 05810F01
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.731584021.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 73401cdc7fd7d5456ee095e79989593cf008c31a39528828fa347b3fd17cc1ae
                                                                            • Instruction ID: 6795a5d63978ac788b08ca2ba550f6065f0cc487523825ee71cbe8a0412fdc1d
                                                                            • Opcode Fuzzy Hash: 73401cdc7fd7d5456ee095e79989593cf008c31a39528828fa347b3fd17cc1ae
                                                                            • Instruction Fuzzy Hash: 50218C714093C09FDB238B25DC44A62FFB4EF07210F0984DBED848F163D225A958DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05810C8B, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05810CF0
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.731584021.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: 85e8c950982a906b4268def13666d875931c92fee424139e312d9c9b75eb4438
                                                                            • Instruction ID: 831504db249a2d31ffe1de9faf45f7ec2b05acc4e7be635ea0454facd17c779a
                                                                            • Opcode Fuzzy Hash: 85e8c950982a906b4268def13666d875931c92fee424139e312d9c9b75eb4438
                                                                            • Instruction Fuzzy Hash: 6811B2764097849FDB228F25DC44A62FFB4EF06320F0885DEED858B563C275A858DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0581121F, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 05811289
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.731584021.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: ecaae3617ee52b548efd1421fd03651273672f78a2be39e8842f1748a02957bd
                                                                            • Instruction ID: dc6f8183cdf446a9e08b4627a645bd8c349c2408f335027a6edec446fde09913
                                                                            • Opcode Fuzzy Hash: ecaae3617ee52b548efd1421fd03651273672f78a2be39e8842f1748a02957bd
                                                                            • Instruction Fuzzy Hash: C01190755097809FDB228F15DC45B62FFB4EF06224F08849EED858B663C275A818CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05810BE4, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetThreadContext.KERNELBASE(?,?), ref: 05810C43
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.731584021.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: 3e4c9d1aeca228ff5e1ea4a936dac1085794fc81dc031c8c9216bf685286ce73
                                                                            • Instruction ID: c4605f662f25c6edc1efef86fbd1e15ad549c4e4f94daa3e922751522161fe91
                                                                            • Opcode Fuzzy Hash: 3e4c9d1aeca228ff5e1ea4a936dac1085794fc81dc031c8c9216bf685286ce73
                                                                            • Instruction Fuzzy Hash: C2118C755093849FD7218B15DC89E62FFE8EF06220F0980AAED45CB262D274E848CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05810392, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DrawTextExW.USER32(?,?,?,?,?), ref: 058103E3
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.731584021.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DrawText
                                                                            • String ID:
                                                                            • API String ID: 2175133113-0
                                                                            • Opcode ID: 1efa2c7e9a2fe8d5bef2c5c39ce9d5ea781fb1d82fdf25ff5c498d61525e26c3
                                                                            • Instruction ID: ad86bbc80786772c33007b2a1a159b1c18fa16ff379e8841ffcb0961f9e248d8
                                                                            • Opcode Fuzzy Hash: 1efa2c7e9a2fe8d5bef2c5c39ce9d5ea781fb1d82fdf25ff5c498d61525e26c3
                                                                            • Instruction Fuzzy Hash: C2112571504308DFDB20CF66D988B62BBA8EB04624F0884AADD45CB656E275E844CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05810D66, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05810DAC
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.731584021.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: e9d77a10d3c4b4f2163ac689741a24d3e4045a32a6cede698374b4a825c30feb
                                                                            • Instruction ID: a6a02c89fe1a74baeed33b3b9ca7690c0b472a34d3a6dd055cca89448bdb2de7
                                                                            • Opcode Fuzzy Hash: e9d77a10d3c4b4f2163ac689741a24d3e4045a32a6cede698374b4a825c30feb
                                                                            • Instruction Fuzzy Hash: 37018E39600604CFDB20CF15DC84B66FBA8EF04220F08C16ADD458B655D375E858CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05810C06, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetThreadContext.KERNELBASE(?,?), ref: 05810C43
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.731584021.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: 4db7cc5620b45bcbcdbe1a6005b1115b0ade5f7767f5951ec7a2e5f3f2d78450
                                                                            • Instruction ID: d9105f20d50fe104fa3815219241574a8d9eb8cea7f907666dd1eb3b8cce9889
                                                                            • Opcode Fuzzy Hash: 4db7cc5620b45bcbcdbe1a6005b1115b0ade5f7767f5951ec7a2e5f3f2d78450
                                                                            • Instruction Fuzzy Hash: 99017175604245CFDB20CF16DC88B66FBD8EF05620F08C0AADD45CB656E274E884CF62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05810CB2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05810CF0
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.731584021.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: b9d42a1e476c847e0a0a09b854d228089c076ec8b74c037287dea13b2ff75286
                                                                            • Instruction ID: 33e47a9ad3018bb1de85b94e42eabd3da8036cf15c45fc85f3d323fffc852cbc
                                                                            • Opcode Fuzzy Hash: b9d42a1e476c847e0a0a09b854d228089c076ec8b74c037287dea13b2ff75286
                                                                            • Instruction Fuzzy Hash: 5E018C36500604DFDB208F56DC84B66FBA4EF04320F0884AEDD468A656D275E858CF62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0581124E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 05811289
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.731584021.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 2e7e4e439ff80070bc82a53127d977efca770f4c59c407fbbb936b14271bd8b0
                                                                            • Instruction ID: 700991af51a80d79c484c3aa2bdf15f58a0eedfc06d8d2cfb7b97b823e4cbf4f
                                                                            • Opcode Fuzzy Hash: 2e7e4e439ff80070bc82a53127d977efca770f4c59c407fbbb936b14271bd8b0
                                                                            • Instruction Fuzzy Hash: E601B135A007048FDB20CF56D884B66FBA4EF04320F08C09EDE458BA56D375E818CB66
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05810EC6, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 05810F01
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.731584021.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 947771a43f6dcc4fea5fa59687d6978e3ad398d56bce5f45f0df898efce1d5f0
                                                                            • Instruction ID: 924a9ff5c0510907a2c851ee2f777f455b41e45ad2d7e8f8f578cbd219afa056
                                                                            • Opcode Fuzzy Hash: 947771a43f6dcc4fea5fa59687d6978e3ad398d56bce5f45f0df898efce1d5f0
                                                                            • Instruction Fuzzy Hash: 36017C35900344DFDB208F56D889B66FBA4EF08320F08C49ADD894A656D375E958CBA6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F0110, Relevance: .3, Instructions: 307COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 720978bc99f8540df3aef7583366d90e2719f263453d7c454ee26e1c832bf8a8
                                                                            • Instruction ID: 5d5b3fcd5089e41f075f1e53a4003d5bcfeb5ec48bd9a738fecbb654a4f2068c
                                                                            • Opcode Fuzzy Hash: 720978bc99f8540df3aef7583366d90e2719f263453d7c454ee26e1c832bf8a8
                                                                            • Instruction Fuzzy Hash: 93D1BF34A01209CFCB18EFA8D495A9EBBB2FF49305F208269E915AB354DB35AD45CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F0150, Relevance: .3, Instructions: 286COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 57965530fcde9a2689a620e21aa33aba9eeea2d40ea0a1dd402db0dae85bd11b
                                                                            • Instruction ID: bbb031dd76a7c6cc3161c1c4bf32c0e49b37a4200b3f19fbf84499667a647701
                                                                            • Opcode Fuzzy Hash: 57965530fcde9a2689a620e21aa33aba9eeea2d40ea0a1dd402db0dae85bd11b
                                                                            • Instruction Fuzzy Hash: 82D1B234E01209CFCB18EFA8D495A9EBBB2FF49305F208269D915AB354DB35AD45CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F0158, Relevance: .3, Instructions: 281COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 80215a800eca892d7985e0c91a204b03e03a8b6ea6ba7e3a45e7ff22627d91b3
                                                                            • Instruction ID: a32cb209d89ede3e0582dcb9736eab2734776fe1f33d07969298ee1673a110de
                                                                            • Opcode Fuzzy Hash: 80215a800eca892d7985e0c91a204b03e03a8b6ea6ba7e3a45e7ff22627d91b3
                                                                            • Instruction Fuzzy Hash: 3CD1B334E01209CFCB18EFA8D495A9EBBB2FF49305F208269D915AB354DB35AD45CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F34F1, Relevance: .2, Instructions: 195COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9f66f582b0121b2dbf32d920e70241bc5566307904edacf6ac1b6e53eb9c814b
                                                                            • Instruction ID: 5ba467045da6a3cbefe625e457d25a28e4835233606980ba796b4fbab943d13e
                                                                            • Opcode Fuzzy Hash: 9f66f582b0121b2dbf32d920e70241bc5566307904edacf6ac1b6e53eb9c814b
                                                                            • Instruction Fuzzy Hash: AF91E074D00228CFDB25DFA8C884B9EFBB2BF49314F148199D609AB351DB719A85CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 06B51674, Relevance: .2, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.733947974.0000000006B50000.00000040.00000001.sdmp, Offset: 06B50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c8c9f6d4a25c743fa9eb98f54396cd436e5deae9bc00a0da1e2d8825a8304921
                                                                            • Instruction ID: 0bbd5a454ea30e89b82af32f9907526e5f015a202c3c155a7f61cd313b945475
                                                                            • Opcode Fuzzy Hash: c8c9f6d4a25c743fa9eb98f54396cd436e5deae9bc00a0da1e2d8825a8304921
                                                                            • Instruction Fuzzy Hash: D67149B0D45229CFEBA4DF28C8447ECB7B5BB4A308F1191E9C51EA2291DB744AC9CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F371A, Relevance: .2, Instructions: 162COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0293e4152a1621592e8003cec5353ec6e4f28b44ae78aa70701b7742445f7961
                                                                            • Instruction ID: 9d65208c50dcead096fdec69b142bbf3b71f3ef7a24660ed830d66bbf542e094
                                                                            • Opcode Fuzzy Hash: 0293e4152a1621592e8003cec5353ec6e4f28b44ae78aa70701b7742445f7961
                                                                            • Instruction Fuzzy Hash: D971BE74A01228CFDB24DF68C884BAEFBB2BF45314F2481E9D609A7351DB709A85CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F28B0, Relevance: .1, Instructions: 136COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 559924e4fec13a1208c8c3a07df4b972061dbdecb77a5dda9da3795759fe84e2
                                                                            • Instruction ID: ab9fbe103bd26289970a3869e60fe0bdbff52fb7e62947789cff33f25ac09058
                                                                            • Opcode Fuzzy Hash: 559924e4fec13a1208c8c3a07df4b972061dbdecb77a5dda9da3795759fe84e2
                                                                            • Instruction Fuzzy Hash: 0D51EE74D002589FDB18DFAAD8487EEFBB2BF88304F208069D90567395DB784A85CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F28A0, Relevance: .1, Instructions: 120COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ea3e26fa8c0be24812d3a51b1039f7df74b04cbd52cc8d4f5102a8a0e887c7ca
                                                                            • Instruction ID: bdcd6da300f58ce9b4e2a2dd507794822405cda995b7c6f9feb2f9bfab1f049f
                                                                            • Opcode Fuzzy Hash: ea3e26fa8c0be24812d3a51b1039f7df74b04cbd52cc8d4f5102a8a0e887c7ca
                                                                            • Instruction Fuzzy Hash: 2E51D374D052489FDB18DFA9D8447EEFBB2BF89304F208069D505A73A5DB784A45CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F2F1F, Relevance: .1, Instructions: 113COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c7fa6cd0af07e89d7cd2a621b786b320acb69b2dd7365b74064ed0b2f0de0068
                                                                            • Instruction ID: ef8711fed33657841488afda8c7e4643c90237b40e9d7fa068be93f47349fe28
                                                                            • Opcode Fuzzy Hash: c7fa6cd0af07e89d7cd2a621b786b320acb69b2dd7365b74064ed0b2f0de0068
                                                                            • Instruction Fuzzy Hash: AB41DEB0D05208DFDB08CFA9C9447AEFBF2BF49304F2480AAD504AB3A1D7759A45DB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F0015, Relevance: .1, Instructions: 90COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 971d54f59c9bd8492203d27d39450e1413c5acf007e3ea2bf140aaa1d30766db
                                                                            • Instruction ID: 951b7a69c303f650cc523289c827812c55b942186da0db3d29a944b225e7f7a3
                                                                            • Opcode Fuzzy Hash: 971d54f59c9bd8492203d27d39450e1413c5acf007e3ea2bf140aaa1d30766db
                                                                            • Instruction Fuzzy Hash: 6F21932145E3C19FC313ABBC8C245AABFB2AE13214B0D45EFD484DB2A3C6695C55C767
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F3308, Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b9bd4ca948fbc3d4b665f4b9b127cde6ea036e9a28fd4926514c176d50532b48
                                                                            • Instruction ID: 2917e85148c31eadf13da83d735b767cb0d4f754faa969a8498f2194e3371934
                                                                            • Opcode Fuzzy Hash: b9bd4ca948fbc3d4b665f4b9b127cde6ea036e9a28fd4926514c176d50532b48
                                                                            • Instruction Fuzzy Hash: 11115E7180D384DFDB36DAAC98156AABFB8FF22300F1940EED648D7362DA759844CB11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03080726, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728712060.0000000003080000.00000040.00000040.sdmp, Offset: 03080000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2416928fe1dc09037bf16e7e8bfad3166370e47118178ea7538555349cfec6eb
                                                                            • Instruction ID: 0f05bd49484c4df72076f916ae43147fef1cd91520810df3014c12d78fc6901a
                                                                            • Opcode Fuzzy Hash: 2416928fe1dc09037bf16e7e8bfad3166370e47118178ea7538555349cfec6eb
                                                                            • Instruction Fuzzy Hash: 0D21473550E3C49FD713DB20C890B15BFB1AF47204F1E85EAD4848F6A3C63A980ADB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0308075C, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728712060.0000000003080000.00000040.00000040.sdmp, Offset: 03080000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 949e3fe8e19f2f1a1317ee4fa5f8407d371090a9fd3315bfbfe609ebe6b4721c
                                                                            • Instruction ID: 927774e122ec881a79955f79fab0ed6b679dce37406f87f2822b91c1e962c60a
                                                                            • Opcode Fuzzy Hash: 949e3fe8e19f2f1a1317ee4fa5f8407d371090a9fd3315bfbfe609ebe6b4721c
                                                                            • Instruction Fuzzy Hash: 8511B434605784EFD315DB14C980B2ABBD5EB48B08F28C9ACE9890B652C77BD847CE51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 030805CF, Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728712060.0000000003080000.00000040.00000040.sdmp, Offset: 03080000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d59525621b9b9a300547f2e64ba922b7273c34e59e0f6ca9ab8c067f27128b2b
                                                                            • Instruction ID: 4c3512035a627350d5c7bee2694aefe61e088ea8dad299815ee9ca80303f7c72
                                                                            • Opcode Fuzzy Hash: d59525621b9b9a300547f2e64ba922b7273c34e59e0f6ca9ab8c067f27128b2b
                                                                            • Instruction Fuzzy Hash: 590162765097806FD7128B16EC41863FFA8EF86620709C4DFEC499B652D225B909CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F3339, Relevance: .0, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2168754f58dcae6291b762f7db3bbae23bc0c04933d439298a4fd662bbf676a8
                                                                            • Instruction ID: 3f236de88a32256e2fb8ce2a7449df5c684ff3fd71516e1acd20f563124ebdac
                                                                            • Opcode Fuzzy Hash: 2168754f58dcae6291b762f7db3bbae23bc0c04933d439298a4fd662bbf676a8
                                                                            • Instruction Fuzzy Hash: 1EF0493194D288AFDB65DBBCD8506AABFB8FF16300F1840DEDA04D3362CA306944DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03080818, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728712060.0000000003080000.00000040.00000040.sdmp, Offset: 03080000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                                            • Instruction ID: 7e42c734abd2dbc91278ebc4bb9e024b1cc6b23062de958719b8d1da46e4579d
                                                                            • Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                                            • Instruction Fuzzy Hash: 5CF0FB35604644DFC206DB40D940B26FBA6EB89718F24CAA9E9890B752C337D817DE81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F3360, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4b617bc62e160ca4f8346d2c9e24ec26e9cf6e344ce9dce660112c7b5a5ead63
                                                                            • Instruction ID: 2e3f7c8bbeb92a1c2e2d0f799d74dca96acaa6d3cef9dd441e4d0a8368593abe
                                                                            • Opcode Fuzzy Hash: 4b617bc62e160ca4f8346d2c9e24ec26e9cf6e344ce9dce660112c7b5a5ead63
                                                                            • Instruction Fuzzy Hash: 8FF01571C0A248DFDB24DFACD5059AEBFB4FF66300F1082AED904A3341DA319A04CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 030805F6, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728712060.0000000003080000.00000040.00000040.sdmp, Offset: 03080000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b9d1da26fd666c09d508334b6e6603b4c1a1a335aa996c4b13e86d3c2df0d266
                                                                            • Instruction ID: 0e9d661758387a8a0f4bddb1366a804baa3bcab4641ab6f74e81937b4015aa9f
                                                                            • Opcode Fuzzy Hash: b9d1da26fd666c09d508334b6e6603b4c1a1a335aa996c4b13e86d3c2df0d266
                                                                            • Instruction Fuzzy Hash: C5E06D76A006005BD650CF0AEC81462FBD8EB84630B18C06FDC0D8B701E535B504CEA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F0070, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d01d7278b3502199d260ee9d95a12071b3e265c2ea45bacc9e59c6c0772a8738
                                                                            • Instruction ID: bf70531eac021e7346087429cf2785f4111c12fdb98acf070f0548bf5b4c1bb7
                                                                            • Opcode Fuzzy Hash: d01d7278b3502199d260ee9d95a12071b3e265c2ea45bacc9e59c6c0772a8738
                                                                            • Instruction Fuzzy Hash: 2BE04F719A22089AC718FBB8941566EBF74EF42604F1058BDD50523240DE39AE65C799
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F00C0, Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 449a426c79cdf6af8618a042a60a15806c226c12b5e60d531c0056429820dcc4
                                                                            • Instruction ID: 778eb48a2c79d340a41087d678bfcbb1a693685e0dd51f41a2f4917c905dbfc0
                                                                            • Opcode Fuzzy Hash: 449a426c79cdf6af8618a042a60a15806c226c12b5e60d531c0056429820dcc4
                                                                            • Instruction Fuzzy Hash: 67E0E570A02245CFC725EB6CD40466DBB39FB11300F20429ED84593316DBB04E04CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 06B5069C, Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.733947974.0000000006B50000.00000040.00000001.sdmp, Offset: 06B50000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5a4ba6ab9ddb8edecc96a1de721cefbce9323ff7c85ecb090aa1772e8b2cfb73
                                                                            • Instruction ID: ce676f0b355eee4f56f59821358086f53711fb866d01b09968643bf206675721
                                                                            • Opcode Fuzzy Hash: 5a4ba6ab9ddb8edecc96a1de721cefbce9323ff7c85ecb090aa1772e8b2cfb73
                                                                            • Instruction Fuzzy Hash: AAF030B5D042289FDB10DF50CC49BEDBBB8AB09350F0090D5E20EA6191CBB05B80DF64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FDA90, Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b2d93e3a41f34ac8573bb15b21630bb09bd797739d51235485f6d725bf8cc5d6
                                                                            • Instruction ID: 386e38682f3d678d16ed4b4fe2e2d4286dfd3e6186ef3a3a2b9b83829729ea36
                                                                            • Opcode Fuzzy Hash: b2d93e3a41f34ac8573bb15b21630bb09bd797739d51235485f6d725bf8cc5d6
                                                                            • Instruction Fuzzy Hash: F4E04F30905208DBD724FFA4E449AAEBB78EB45305F10419CCA0523348DB706E49CB84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FA0F3, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7e18b0b5fe30bab75dda281952627f8f0168faaf70801cb56795dda967c041fe
                                                                            • Instruction ID: f0635295500b16b36d157909bab25c43253a8c6c1f95dc654d747748f9fa94b2
                                                                            • Opcode Fuzzy Hash: 7e18b0b5fe30bab75dda281952627f8f0168faaf70801cb56795dda967c041fe
                                                                            • Instruction Fuzzy Hash: 89F06274901269CFDBA4DF64D948B98BBB5FB48309F1081DAD91EA3354DB305E85CF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F3370, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e6ec2133c3c0ec2c81b5e444bff7259b5eee89a5f4b73f73311d5c2ea2e0fab6
                                                                            • Instruction ID: e1d4aba8076d427ebf4e4c671d98ed802b653059ed27832b9dacf1eeb5bf3482
                                                                            • Opcode Fuzzy Hash: e6ec2133c3c0ec2c81b5e444bff7259b5eee89a5f4b73f73311d5c2ea2e0fab6
                                                                            • Instruction Fuzzy Hash: 97E0B674D09208EBCB24EFA8D5456ADBBB8FF48300F1081ADD90563345DA305A54CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F00D0, Relevance: .0, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000A.00000002.728620565.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8103ea533aa135eb4f80aba3dd41c2ecbb46c473a63ae889195d9c3550756885
                                                                            • Instruction ID: 93065a94c85e6c1dacc74f0de588e20d2d92f6c4db26c0c587f1b46da655fc5c
                                                                            • Opcode Fuzzy Hash: 8103ea533aa135eb4f80aba3dd41c2ecbb46c473a63ae889195d9c3550756885
                                                                            • Instruction Fuzzy Hash: 91E0127450210DDBD724FFACE908A5EBB69FB41714F20465DDD0553344DE719E04DB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Analysis Process: 256ec8f8f67b59c5e085b0bb63afcd13.exe PID: 6260 Parent PID: 6888 256ec8f8f67b59c5e085b0bb63afcd13.exeCOMMON

                                                                            Executed Functions

                                                                            Function 05633850, Relevance: 2.0, Strings: 1, Instructions: 760COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: >_kq
                                                                            • API String ID: 0-4149988037
                                                                            • Opcode ID: a5893ac04a052676e639e9269cc71f13124b7210f98b0bb6679d39a55d2d9d06
                                                                            • Instruction ID: 6fae5bcc4e5b15355837f668f8b575c5868135d870f4ffabfe1fc2714d8b4a83
                                                                            • Opcode Fuzzy Hash: a5893ac04a052676e639e9269cc71f13124b7210f98b0bb6679d39a55d2d9d06
                                                                            • Instruction Fuzzy Hash: A452B171B0421ADFCB14CF58C88596AFBB6FF85300B1989AAD8159F356D731EC46CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 056323A0, Relevance: .5, Instructions: 505COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b074f040ce316048e39aa549f155154af24c810cc477cb27dca6c75273241ce5
                                                                            • Instruction ID: 1fe2e1e0553b72d2be42ee30debe80c585f0b5189319bedddb8e11715daf6642
                                                                            • Opcode Fuzzy Hash: b074f040ce316048e39aa549f155154af24c810cc477cb27dca6c75273241ce5
                                                                            • Instruction Fuzzy Hash: F7129938A04225CFDB24CF69C4A566EBBF3FF88314F24C16AD416AB355DB749886CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05632FA8, Relevance: .2, Instructions: 239COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e13645651b3a7567c20a95e448bb09a916e5409de79dc9e41a599c431ed1e6ad
                                                                            • Instruction ID: aa6a08571e8697ada1ac3c65cfff47ff3603cb158de92ea38f3064c97d9a66b9
                                                                            • Opcode Fuzzy Hash: e13645651b3a7567c20a95e448bb09a916e5409de79dc9e41a599c431ed1e6ad
                                                                            • Instruction Fuzzy Hash: 3F819C32F011159BDB14DB69C895A6EBBF3AFC8310F2A8568D416EB355DE31DC42CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05632D58, Relevance: 2.6, Strings: 2, Instructions: 125COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $>_kq
                                                                            • API String ID: 0-1412446344
                                                                            • Opcode ID: fd82e1e4d1811d63a6d2405e2baef3159cc5bc5fe1bd2cdae0fbfce3cc545597
                                                                            • Instruction ID: 6a763c7ec4461a6547a25958ef004703b789de71fea3985f42528a03858bbb19
                                                                            • Opcode Fuzzy Hash: fd82e1e4d1811d63a6d2405e2baef3159cc5bc5fe1bd2cdae0fbfce3cc545597
                                                                            • Instruction Fuzzy Hash: 6641C138F082158BCB24CF69C8525BEBBB3FBC4214B29C466C4129BB05C734E847CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 057601F4, Relevance: 1.6, APIs: 1, Instructions: 102synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMutexW.KERNELBASE(?,?), ref: 0576019D
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.722226362.0000000005760000.00000040.00000001.sdmp, Offset: 05760000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID:
                                                                            • API String ID: 1964310414-0
                                                                            • Opcode ID: a1f9ffb4558b39ebd380f6946200dac2978c96191c17d7618ef93f6598015656
                                                                            • Instruction ID: f8ea6b0e950720f955537b8c8bd78228ca7ba2177d003f5742d06a6b3df05d0a
                                                                            • Opcode Fuzzy Hash: a1f9ffb4558b39ebd380f6946200dac2978c96191c17d7618ef93f6598015656
                                                                            • Instruction Fuzzy Hash: D031D6715093809FE712CF25DD89B66BFA4EF02324F0884EBDD848F653D2759909CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EAA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 015EAAB1
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: 2e518036adbdbd3b2bc85c300059fe9e4bddb19d95054c9f3ec7c634990b652d
                                                                            • Instruction ID: ef5e404507213797820363937589faae9ba28207944632dd4d48b10d7ff6220e
                                                                            • Opcode Fuzzy Hash: 2e518036adbdbd3b2bc85c300059fe9e4bddb19d95054c9f3ec7c634990b652d
                                                                            • Instruction Fuzzy Hash: 0331D4B25047846FE7228F25CC45FA7BFECEF05310F0884AAED809B152D264E949CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 057600F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMutexW.KERNELBASE(?,?), ref: 0576019D
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.722226362.0000000005760000.00000040.00000001.sdmp, Offset: 05760000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID:
                                                                            • API String ID: 1964310414-0
                                                                            • Opcode ID: a2053720c3807e19925e679ccbe45fc82eac330aeb35d68751cfa42231ae552d
                                                                            • Instruction ID: 971612d3a73e8cace078d2754ee56b28804868882c4f1736f2d64ed07428f88a
                                                                            • Opcode Fuzzy Hash: a2053720c3807e19925e679ccbe45fc82eac330aeb35d68751cfa42231ae552d
                                                                            • Instruction Fuzzy Hash: 2B3181B15097806FE722CB25DC84F56BFE8EF06310F18849AE9858B292D375E909CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EAAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,FEBE2D73,00000000,00000000,00000000,00000000), ref: 015EABB4
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: 4f55a95963b2c2c88f459b8479d7ce603b1aa4fe213622da15592b287ca6cd71
                                                                            • Instruction ID: 79cdaf200b6f45034f1da2c2dea882ea57dc3a2f000574afd4d95200b5ccd9f4
                                                                            • Opcode Fuzzy Hash: 4f55a95963b2c2c88f459b8479d7ce603b1aa4fe213622da15592b287ca6cd71
                                                                            • Instruction Fuzzy Hash: 79318F725097846FEB22CF25CC44F96BFECEF06320F18889AE9858B153D264E548CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EAF50, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 015EAFEA
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ConsoleCtrlHandler
                                                                            • String ID:
                                                                            • API String ID: 1513847179-0
                                                                            • Opcode ID: e1996a445e9c731a9859be5914cf1693932d690fe11d480bf0a83272866e8297
                                                                            • Instruction ID: c4947c41c31cdeac742f083bdd390eadb859e070e555f5739372fa0de1820a59
                                                                            • Opcode Fuzzy Hash: e1996a445e9c731a9859be5914cf1693932d690fe11d480bf0a83272866e8297
                                                                            • Instruction Fuzzy Hash: 3B21837540D7C06FD7138B258C55B61BFB8EF87610F0A41DBE984CB5A3D128A919C772
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EAA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 015EAAB1
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: 7f61b879270baa69ce939005b1b0ca60cc570135f4873d452bab8ff80d104db8
                                                                            • Instruction ID: c955ae6e7a90114c95ace5ec1268ae92b574fcb856d2293a00c7c0d149eda714
                                                                            • Opcode Fuzzy Hash: 7f61b879270baa69ce939005b1b0ca60cc570135f4873d452bab8ff80d104db8
                                                                            • Instruction Fuzzy Hash: A121C272900704AEE7218F69CD88F6AFBECEF04320F14845AED419B642D664E5088B71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0576012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMutexW.KERNELBASE(?,?), ref: 0576019D
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.722226362.0000000005760000.00000040.00000001.sdmp, Offset: 05760000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID:
                                                                            • API String ID: 1964310414-0
                                                                            • Opcode ID: 180f34ab83e5ffdf34609c8f60c1cef154ec45a6e689c5d23243455b87bdd049
                                                                            • Instruction ID: 1ec4a969e10d510575ddefcecd2799193acae255e556e414d819488177e25f7c
                                                                            • Opcode Fuzzy Hash: 180f34ab83e5ffdf34609c8f60c1cef154ec45a6e689c5d23243455b87bdd049
                                                                            • Instruction Fuzzy Hash: A721CF71604340AFE724CF29CC88F6AFBE8EF04310F14846AED458B241E375E904CA71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EAB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E2C,FEBE2D73,00000000,00000000,00000000,00000000), ref: 015EABB4
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: 28a793e578f1a9413e306ba7096526e984adf3422b3737561fcdb50f9d9be269
                                                                            • Instruction ID: 99ac46d4610ed3269e748bcc433b8165437240d10bc3a33a977fad2b1a5e948f
                                                                            • Opcode Fuzzy Hash: 28a793e578f1a9413e306ba7096526e984adf3422b3737561fcdb50f9d9be269
                                                                            • Instruction Fuzzy Hash: D8218E71A00304AFEB21CF29DC84F66FBECEF04720F14896AE9459B652D764E408CA71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EA51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015EA58A
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 39337e1b4d8e05983b632a763a938f0796fefd3c45b2ca75b818afd7cc2d5290
                                                                            • Instruction ID: a9ac4d1860b7aab44dec4970deddcb72be303270c0fddafc3eb69d609bbc358b
                                                                            • Opcode Fuzzy Hash: 39337e1b4d8e05983b632a763a938f0796fefd3c45b2ca75b818afd7cc2d5290
                                                                            • Instruction Fuzzy Hash: 5D117271409780AFDB228F65DC44A62FFF4EF4A210F08859BED858F552C375A418DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EB7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 015EB841
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 01f57e0f11718dc28dd3c016a2d8a9098aec2716748b6b54f5a120cd2bf22de6
                                                                            • Instruction ID: a57f8b97dbd407c725eb2d7fc0d879cb0a9eb77cd137f7faec419805fcc5b782
                                                                            • Opcode Fuzzy Hash: 01f57e0f11718dc28dd3c016a2d8a9098aec2716748b6b54f5a120cd2bf22de6
                                                                            • Instruction Fuzzy Hash: 23216D714097C09FDB128B25DC54A92BFB0EF16214F0D84DAE9844F263D265A958DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EBB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 015EBBB9
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 3a10723cce61f8be89be0da676b12b78154bc719613142f8ec4cef30ad613d44
                                                                            • Instruction ID: 393e34a0bde1f35085dd27583c87fde0267f5abf224cb9d97def54f42782da03
                                                                            • Opcode Fuzzy Hash: 3a10723cce61f8be89be0da676b12b78154bc719613142f8ec4cef30ad613d44
                                                                            • Instruction Fuzzy Hash: 6311D0355097C0AFDB228F25DC85B52FFB4EF06220F0885DEED858F663D265A418CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 057604EF, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 05760550
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.722226362.0000000005760000.00000040.00000001.sdmp, Offset: 05760000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: 742ffd58186dcbaeb91332019140d0959fe437b049113dc2d5aefa5020b76c93
                                                                            • Instruction ID: 6e479848cec6e0638c7a33fe3ad846a260b3821859fe30cab09eec455a7765ae
                                                                            • Opcode Fuzzy Hash: 742ffd58186dcbaeb91332019140d0959fe437b049113dc2d5aefa5020b76c93
                                                                            • Instruction Fuzzy Hash: E01190715093809FDB128F25DC85B52BFB8EF06224F1884EBED858F653D275A818CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EBE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DispatchMessageW.USER32(?), ref: 015EBE70
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DispatchMessage
                                                                            • String ID:
                                                                            • API String ID: 2061451462-0
                                                                            • Opcode ID: 4e44baea06ce3e6002ae50dc228b02b8b791a85b3f45d56e7fa392fa27c7ba81
                                                                            • Instruction ID: ee9d3d53f78caf7c5d9a88b94a4fe04301e98356a8476d9c2d76b55769354767
                                                                            • Opcode Fuzzy Hash: 4e44baea06ce3e6002ae50dc228b02b8b791a85b3f45d56e7fa392fa27c7ba81
                                                                            • Instruction Fuzzy Hash: C9117C758093C0AFDB138B25DC44B61BFB4EF47624F0984DAED848F263D2696808CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EB71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateIconFromResourceEx.USER32 ref: 015EB78A
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateFromIconResource
                                                                            • String ID:
                                                                            • API String ID: 3668623891-0
                                                                            • Opcode ID: eca007bc877aa00688f96b8bcaa3742bcd649425ee55703332e66cd2e9c4cdb4
                                                                            • Instruction ID: e3f42a58aac934ee15a43e891714a91d33af23ebded61f54f713573f5a619e6c
                                                                            • Opcode Fuzzy Hash: eca007bc877aa00688f96b8bcaa3742bcd649425ee55703332e66cd2e9c4cdb4
                                                                            • Instruction Fuzzy Hash: A71160714087809FDB228F55DC84A56FFF4EF49210F09859EED858F562C375A458CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EBEB4, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetCurrentDirectoryW.KERNELBASE(?), ref: 015EBF0C
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CurrentDirectory
                                                                            • String ID:
                                                                            • API String ID: 1611563598-0
                                                                            • Opcode ID: 065acb08da620043149cdbd3dbfbd0365d35b10e17364f5af71ca0b8240ebee9
                                                                            • Instruction ID: d4f00e70caedc19e4f65c583ca2d53c45224e58aeadbd85cd8af85fdd74e7832
                                                                            • Opcode Fuzzy Hash: 065acb08da620043149cdbd3dbfbd0365d35b10e17364f5af71ca0b8240ebee9
                                                                            • Instruction Fuzzy Hash: 5C11A3719093809FD715CF29DC84B56BFE8EF46221F0884EAED55CF252D274E848CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EA75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Initialize
                                                                            • String ID:
                                                                            • API String ID: 2538663250-0
                                                                            • Opcode ID: fdcfd00b35317f874d8e06b4f9a8cfbfe82050b17a35d7d8e608e85e3c1f3fc9
                                                                            • Instruction ID: 4dd0a77c58ed30f651f232122ed5bc901818fda337697b77a7f801c874e3c133
                                                                            • Opcode Fuzzy Hash: fdcfd00b35317f874d8e06b4f9a8cfbfe82050b17a35d7d8e608e85e3c1f3fc9
                                                                            • Instruction Fuzzy Hash: CB11C1718493849FD712CF25DC44B52BFB4EF02220F0984EBED458F253C279A848CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EA8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LongWindow
                                                                            • String ID:
                                                                            • API String ID: 1378638983-0
                                                                            • Opcode ID: fff420d6c6404f47fdf7c5e8cdbf20d2fd5ed954c6f54cc3fc7a7b32f9a61a15
                                                                            • Instruction ID: fdaf0ca34050401a1a0bf085f4c443a436345eb7538956f1f0ec0c6057760153
                                                                            • Opcode Fuzzy Hash: fff420d6c6404f47fdf7c5e8cdbf20d2fd5ed954c6f54cc3fc7a7b32f9a61a15
                                                                            • Instruction Fuzzy Hash: 37117C354097849FD7228F65DC89A52FFF4EF46220F09C49AED858F262C375A818CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EBED2, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetCurrentDirectoryW.KERNELBASE(?), ref: 015EBF0C
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CurrentDirectory
                                                                            • String ID:
                                                                            • API String ID: 1611563598-0
                                                                            • Opcode ID: f7919e1499a155570011d4af058d9df5bac1b2b8dfce2e5524e50807ecda20b7
                                                                            • Instruction ID: 99a75ed7e4d1f42109623aa8ac49f126cdc4c9f57b8dddc02d3c9c325ec9d549
                                                                            • Opcode Fuzzy Hash: f7919e1499a155570011d4af058d9df5bac1b2b8dfce2e5524e50807ecda20b7
                                                                            • Instruction Fuzzy Hash: E1019E71A043008FDB64CF6AD888766FBD8EF00221F08C4AADD59CF646D679E404CE62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EA546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015EA58A
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 1ddc6b9748d8095d7c00aab44cd4e73dc9b531c8bf8f8dc8d7fc6af4faf41e93
                                                                            • Instruction ID: 6bc7ebfd0bb4288bf4d6a5ea3bd3548605fba4629516e45d204709b3bd97b3a7
                                                                            • Opcode Fuzzy Hash: 1ddc6b9748d8095d7c00aab44cd4e73dc9b531c8bf8f8dc8d7fc6af4faf41e93
                                                                            • Instruction Fuzzy Hash: 1A015B319007009FDB218FA5D944B56FFE0EF08320F08C9AADE494BA16D375E414CF62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EB746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateIconFromResourceEx.USER32 ref: 015EB78A
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateFromIconResource
                                                                            • String ID:
                                                                            • API String ID: 3668623891-0
                                                                            • Opcode ID: 13b8cb93b21e3ddc7c647d9a50f651f4bfa5a9f6d0da983514996a9df456b445
                                                                            • Instruction ID: 0f57c02ae7792759e0400d245fdee194bb7874c1edf07b48fd32533e7f0a475a
                                                                            • Opcode Fuzzy Hash: 13b8cb93b21e3ddc7c647d9a50f651f4bfa5a9f6d0da983514996a9df456b445
                                                                            • Instruction Fuzzy Hash: 89015B719047009FDB218F95D984B56FBE0FF08321F0889AADE894EA26D375E418DF62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0576051E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 05760550
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.722226362.0000000005760000.00000040.00000001.sdmp, Offset: 05760000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: 20ddffc49d82aecded82523698914b5d3326b8113ee361e1c13da4ca0b42b9dd
                                                                            • Instruction ID: 8a1e6861e5fed7cb2790a49e7e8700244fec8937d8bbd745d33a72b8a0be4017
                                                                            • Opcode Fuzzy Hash: 20ddffc49d82aecded82523698914b5d3326b8113ee361e1c13da4ca0b42b9dd
                                                                            • Instruction Fuzzy Hash: EC017175504740CFDB50CF5AD989B66FB94EF44320F18C4AADD498B656D274E408CA72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EAF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 015EAFEA
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: ConsoleCtrlHandler
                                                                            • String ID:
                                                                            • API String ID: 1513847179-0
                                                                            • Opcode ID: 42aa4a09b88ce1dbd1d5aa2abb0ba6dea3b153cceac2c90d13476d55f51fd444
                                                                            • Instruction ID: 00c7826e0d5e7f8b7835f4807cd5b629a4de1a6760cd60f79716d202ac581d02
                                                                            • Opcode Fuzzy Hash: 42aa4a09b88ce1dbd1d5aa2abb0ba6dea3b153cceac2c90d13476d55f51fd444
                                                                            • Instruction Fuzzy Hash: 7901A271900600ABD714DF1ADC82B26FBE8FB89B20F14815AED085B741D235F516CBE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EBB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 015EBBB9
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 032ddda94eaa4180aeda6047edee4a4f5bc7bc16e64093068b3ffa71514f6644
                                                                            • Instruction ID: e37ff9c68ff05c779d575f596d5c61d17e4df6751dcd8f87d7808e136246f15a
                                                                            • Opcode Fuzzy Hash: 032ddda94eaa4180aeda6047edee4a4f5bc7bc16e64093068b3ffa71514f6644
                                                                            • Instruction Fuzzy Hash: BB01B1359047008FDB218F1AD884B65FBE4EF04321F08C49EDD458BA66D375E418CF62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EA78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Initialize
                                                                            • String ID:
                                                                            • API String ID: 2538663250-0
                                                                            • Opcode ID: 1075d89dcc34276a93c9850a68fe5191dd8225c873de694130cb8c65c183d1bd
                                                                            • Instruction ID: 950ce505873a327030b886881c971e953acaa53fbab57aecd2505bf5f5d9bda6
                                                                            • Opcode Fuzzy Hash: 1075d89dcc34276a93c9850a68fe5191dd8225c873de694130cb8c65c183d1bd
                                                                            • Instruction Fuzzy Hash: AC01AD749043408FDB20CF2AD888765FFE4EF44220F18C4AADD498F606D278A404CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EB806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 015EB841
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 92b28284114479b344d734b512c9a6207c41a264cd2e22d6397cfd182e5b978b
                                                                            • Instruction ID: 45f8d3baa04fcc4679facdd4a0fc57b81fea52f1e0a5182c26040ccb331a1a05
                                                                            • Opcode Fuzzy Hash: 92b28284114479b344d734b512c9a6207c41a264cd2e22d6397cfd182e5b978b
                                                                            • Instruction Fuzzy Hash: 880178319047409FDB218F5AD888B65FBE0EF08321F08C49ADE890A726D375A518CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EA8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: LongWindow
                                                                            • String ID:
                                                                            • API String ID: 1378638983-0
                                                                            • Opcode ID: 2b99ebec2c27ffdc99cce550a162d3f59477f945f25bef2f056249b4c9ece2e8
                                                                            • Instruction ID: f8c74489d2d59b7ad635bfc87699de8930ff0101fb63dce05614fad966396738
                                                                            • Opcode Fuzzy Hash: 2b99ebec2c27ffdc99cce550a162d3f59477f945f25bef2f056249b4c9ece2e8
                                                                            • Instruction Fuzzy Hash: 3C018B359006008FDB208F6AD889755FFE0EF04720F08C4AADE868F656D375A418CA72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015EBE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DispatchMessageW.USER32(?), ref: 015EBE70
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720612829.00000000015EA000.00000040.00000001.sdmp, Offset: 015EA000, based on PE: false
                                                                            Similarity
                                                                            • API ID: DispatchMessage
                                                                            • String ID:
                                                                            • API String ID: 2061451462-0
                                                                            • Opcode ID: 663a86149f3081ed857b6b89aca0d040b57fe93e3a9816a713b48f14e1b8d21b
                                                                            • Instruction ID: e3677407ceca0aa05de853ce0877fd89f089e2fff17072829e35f3da1f07b8f3
                                                                            • Opcode Fuzzy Hash: 663a86149f3081ed857b6b89aca0d040b57fe93e3a9816a713b48f14e1b8d21b
                                                                            • Instruction Fuzzy Hash: 06F087359046408FDB208F1AD988765FBE0EF04321F18C4AADE494F656D3B9A408CAA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 056302E8, Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: :@fq
                                                                            • API String ID: 0-3673016210
                                                                            • Opcode ID: caa5a26bc00f51bf3c000221f8ed021acc2feea8215d8ff37806fb957d2130fd
                                                                            • Instruction ID: 55c0f72fdb5e4170570ac6b64cd4a7d08722b43f5a0484fbb20a02e3166465cf
                                                                            • Opcode Fuzzy Hash: caa5a26bc00f51bf3c000221f8ed021acc2feea8215d8ff37806fb957d2130fd
                                                                            • Instruction Fuzzy Hash: C1518D30A05206CFDB18DF68C45466EBBF3FF89320F248469D506AB765DB31AD4ACB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 056321F8, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: r*+
                                                                            • API String ID: 0-3221063712
                                                                            • Opcode ID: 06dc2b81f2ba20a396b6513b43b7e3456af9c6f59f216ac1caf3891b97748fd2
                                                                            • Instruction ID: 5f405110b6450275cff98cc7446f475b0227b2d20632c9c7e181e38086ea4d70
                                                                            • Opcode Fuzzy Hash: 06dc2b81f2ba20a396b6513b43b7e3456af9c6f59f216ac1caf3891b97748fd2
                                                                            • Instruction Fuzzy Hash: 97414E38E09209CFDB64DFA5C8566BEBBF2FF48300F10806AC416A7664D7359A46CF52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 056312A0, Relevance: .5, Instructions: 460COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 80f7f4be5d3ebee3cebbfe3c25fb21973ef325f30f49239e2e200bce74124a82
                                                                            • Instruction ID: 66a4756467136ebb3daa82d16c08eec081107c91cc8e2aacb2b2102498713739
                                                                            • Opcode Fuzzy Hash: 80f7f4be5d3ebee3cebbfe3c25fb21973ef325f30f49239e2e200bce74124a82
                                                                            • Instruction Fuzzy Hash: A522E234A00656CFDB24DF28C490A6ABBF2FF89310F14859AD85A9B755DB34ED86CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 056309A5, Relevance: .2, Instructions: 175COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ec3cc78beca6358ba52b734397bf9056fc14e66543f5117b39d0e37a54dda7cc
                                                                            • Instruction ID: 8a8a2051fc4b0acd19b92d2c5fe1bf9ab23f2ece29ef02fca9fd4aaa30124d83
                                                                            • Opcode Fuzzy Hash: ec3cc78beca6358ba52b734397bf9056fc14e66543f5117b39d0e37a54dda7cc
                                                                            • Instruction Fuzzy Hash: E551D335B04215DFCB15DBA8D859ABEB7F6BF88324F208465E4479B354CB319D0ACB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05630BC0, Relevance: .1, Instructions: 132COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c50ba282f12bad7c7716e9235aa0c4edba05c3aa368590086f97f0e41d33fc6a
                                                                            • Instruction ID: 7c32cb65201c5580e296ca68d5406cbfd3aa20839983b52020d42ca59829af3b
                                                                            • Opcode Fuzzy Hash: c50ba282f12bad7c7716e9235aa0c4edba05c3aa368590086f97f0e41d33fc6a
                                                                            • Instruction Fuzzy Hash: 5A41A931B041189FC719DB69C4186AE77E7BF85720F15806AE806EF7A1CEB1DD0AC791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05630681, Relevance: .1, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8d75f29806fd134387c5de69188858952870a837715cdd97b2b5029dae1ccfde
                                                                            • Instruction ID: 6b73bc4e02542b526f866cf3fcbd5992aff2d24be30f24744415d874d712c1d2
                                                                            • Opcode Fuzzy Hash: 8d75f29806fd134387c5de69188858952870a837715cdd97b2b5029dae1ccfde
                                                                            • Instruction Fuzzy Hash: 21414E356042568FD728AB39E81D66D3BB7BFC0725B14856AE402CB2A8DF344C46CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05631458, Relevance: .1, Instructions: 128COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ba653b356e6dc870a808f2ebfaa715a87913214614b8a05d8d72eb84d28c48c4
                                                                            • Instruction ID: ad5dd0407621ee7ef093a876835b5e988be4a1c67375d77a6fa778d7c911f719
                                                                            • Opcode Fuzzy Hash: ba653b356e6dc870a808f2ebfaa715a87913214614b8a05d8d72eb84d28c48c4
                                                                            • Instruction Fuzzy Hash: 3051D274A04259CFDB24DF64C894B9DBBB2BF4A304F1041EAD40AAB365CB359D89CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 056302D9, Relevance: .1, Instructions: 105COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d47cce2c3603d0ce289e2ee0e5644c7b56afe6e34940fb6e12baa746123c1962
                                                                            • Instruction ID: d981a5ee820b0bac08f378ef308adc52b057729cd73287a11258bee8480e1337
                                                                            • Opcode Fuzzy Hash: d47cce2c3603d0ce289e2ee0e5644c7b56afe6e34940fb6e12baa746123c1962
                                                                            • Instruction Fuzzy Hash: 1D414F30B05205CFEB18CB68C459BBE7BB3EF89320F144469D502AB765DB359D4ACB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05630007, Relevance: .1, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a8d00724ce7c36b1f5c213eb06a1b916abcfb327d3046e836e500ef28ca65003
                                                                            • Instruction ID: c6d7f511b6f1fa1620ac97a6ba2836ff8a84363ff439ff0962fb80debd55d821
                                                                            • Opcode Fuzzy Hash: a8d00724ce7c36b1f5c213eb06a1b916abcfb327d3046e836e500ef28ca65003
                                                                            • Instruction Fuzzy Hash: AB314F3450D3828FDB05EB74D8A91587FB2FF42310F1585ABE086CB296EB78994AC713
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05631290, Relevance: .1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 83c678173e77e9a8efe465230dbc223de6479d9571972eb34faad8848eec7cb3
                                                                            • Instruction ID: 4c911b9f42549ca244cfdac84d22a2c349ebf9e931d0e82b7c4ca6fd5ca654c3
                                                                            • Opcode Fuzzy Hash: 83c678173e77e9a8efe465230dbc223de6479d9571972eb34faad8848eec7cb3
                                                                            • Instruction Fuzzy Hash: 33410270E04219DFDB24DF69C895BADBBB2BF4A344F0040AAD40AAB754DB309D85CF61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 056320D0, Relevance: .1, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6a4d8bc5cd8b43012f53a892c80b40b4f626abb951a30090c328f7b6ae251195
                                                                            • Instruction ID: ffd8fe375cced793001923aaccefdb45710cbb90afec18d0df648a0c3c370d33
                                                                            • Opcode Fuzzy Hash: 6a4d8bc5cd8b43012f53a892c80b40b4f626abb951a30090c328f7b6ae251195
                                                                            • Instruction Fuzzy Hash: F531B738B04205DFCB04DF68C9A267E7BB3FF85300B2181AAC6569B285DB30AC43C791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05632C58, Relevance: .1, Instructions: 79COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: df5a1fc783cb13094377dad619bedc046ccae4de393c0e004e9e4504eb87bd34
                                                                            • Instruction ID: 1cf68fe207d7d77bf222252ec0b8367384dcbff351f314dee9e619d0a027f8b3
                                                                            • Opcode Fuzzy Hash: df5a1fc783cb13094377dad619bedc046ccae4de393c0e004e9e4504eb87bd34
                                                                            • Instruction Fuzzy Hash: 4C21463860C242DFC764CB28D4E9979BBF6BF46224B1981A7D546CB7B2C7309C02C792
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 056321E9, Relevance: .1, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bb6cb1048099baeafc0e2f4c24c0a95d49e0194d0c6d5d615d04d5ad939ddd10
                                                                            • Instruction ID: 3d96d455fb5a8e7d150b8f39b2af00c9624c5366ecf751ad138e7374f3d5acd6
                                                                            • Opcode Fuzzy Hash: bb6cb1048099baeafc0e2f4c24c0a95d49e0194d0c6d5d615d04d5ad939ddd10
                                                                            • Instruction Fuzzy Hash: 37315138D08209DFCB64DFA8C8666BDBBF2FF44300F10409AC456AB655DB359A46CF92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 056325DE, Relevance: .1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1c6f00a9e6a09f3f16e52bbde845fc175249c31c08a633d2e6707e3a1ab2bd93
                                                                            • Instruction ID: c241627d46d033d8f897d5ab8de4e49aca0b55bffc83b462a63d5e15bab51a8d
                                                                            • Opcode Fuzzy Hash: 1c6f00a9e6a09f3f16e52bbde845fc175249c31c08a633d2e6707e3a1ab2bd93
                                                                            • Instruction Fuzzy Hash: D1314A78A04349CBDB64CF66D45566ABBF2BF89314F24C22AC0099B258DB749889CF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05634190, Relevance: .1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 670eebf1dcefc2df615e9e44b75291f1fbb445b9b2ff20750332882df1420c5a
                                                                            • Instruction ID: 8b3320a41701d89bd5e57d803e7b962154201b0396e13b740878df4c7b24ec1d
                                                                            • Opcode Fuzzy Hash: 670eebf1dcefc2df615e9e44b75291f1fbb445b9b2ff20750332882df1420c5a
                                                                            • Instruction Fuzzy Hash: E911DA31B042168BDF24E7B5D81D6BFB6ABAF85341F51412FC407A7244DE758905C792
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0302087C, Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720774826.0000000003020000.00000040.00000040.sdmp, Offset: 03020000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 93128a51267e0339e307e6468beda3140b35b34e590a419ce446d50b67d80cf9
                                                                            • Instruction ID: fc10172d43f14009f21be3188d87f5004ccb8744b08c10a3036a8c2d24b45fd9
                                                                            • Opcode Fuzzy Hash: 93128a51267e0339e307e6468beda3140b35b34e590a419ce446d50b67d80cf9
                                                                            • Instruction Fuzzy Hash: 0E11B134205384DFD355CB15C944B2ABFD5AB88718F28C9ADE98A0B652C77BD813CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0563238F, Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9edb38d0c030011ffc6c0a7898dc26f9d846e683dc7f36fa4f08d32f744350a2
                                                                            • Instruction ID: 5387325fea405fef155c974309b5f52f998d02785bb880f1b6511b835c4c6673
                                                                            • Opcode Fuzzy Hash: 9edb38d0c030011ffc6c0a7898dc26f9d846e683dc7f36fa4f08d32f744350a2
                                                                            • Instruction Fuzzy Hash: AD11467890824ADFDB24CFA4C5626AEBBB2FF45300F10866AC503AB705DB715883CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 056311DF, Relevance: .1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 96d83bac64ecc91c4916a9579e776c2283eade633a0fd5e29be422093a0f263c
                                                                            • Instruction ID: ac60058248abf5d01c945c7ae0c6a2e8572eec89ffc88cbee0873a88bb345255
                                                                            • Opcode Fuzzy Hash: 96d83bac64ecc91c4916a9579e776c2283eade633a0fd5e29be422093a0f263c
                                                                            • Instruction Fuzzy Hash: A1115E307092808FC7259B28D458969BFF6AF8760171541EBE446CF266CF758C4ACB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 056305B9, Relevance: .1, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8b82ff95c9032a75754136e0e776b864f45fa973065e22f0f1e66c91b620b4c4
                                                                            • Instruction ID: 395eb0998484c03fd4b3286079a13c7390957bf5969b42740655987ba00a7784
                                                                            • Opcode Fuzzy Hash: 8b82ff95c9032a75754136e0e776b864f45fa973065e22f0f1e66c91b620b4c4
                                                                            • Instruction Fuzzy Hash: 830126217041550FC709763D94211AE6B9BAFC6954718446EE002DF388CD68AC0783D6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 056305C8, Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f51a2e9f628785ab2d9183672ecc839565ae312638303e04973b508929104e38
                                                                            • Instruction ID: 026105bbef37a703bf1a37db38ee927cb14062480eda169965ca436b71010742
                                                                            • Opcode Fuzzy Hash: f51a2e9f628785ab2d9183672ecc839565ae312638303e04973b508929104e38
                                                                            • Instruction Fuzzy Hash: 4FF0B4317001250BC709B67E941667F66CFABC9A58754443EF106EF388CD78AC4B53D6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 030205D2, Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720774826.0000000003020000.00000040.00000040.sdmp, Offset: 03020000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1491947e50158bb255dab5bbe5f40ef3548c60655c6bf21085756765cb5307a7
                                                                            • Instruction ID: 0028fd77ec733221d8d3dba15bba081741e9bacb860ab3575bc3bb907562ef89
                                                                            • Opcode Fuzzy Hash: 1491947e50158bb255dab5bbe5f40ef3548c60655c6bf21085756765cb5307a7
                                                                            • Instruction Fuzzy Hash: 9B0186B650D7806FD7128F16EC40862FFF8DB86620719C49FED49CB612D239A909CB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03020846, Relevance: .0, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720774826.0000000003020000.00000040.00000040.sdmp, Offset: 03020000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ce023008bfbbd53c7365f88604851628d3ccb92390dbd439356214438b8d94ec
                                                                            • Instruction ID: 164c97fca8c26f51c8a4fbf2498462a9a40a5be51e26a59c8264a73151b6ba23
                                                                            • Opcode Fuzzy Hash: ce023008bfbbd53c7365f88604851628d3ccb92390dbd439356214438b8d94ec
                                                                            • Instruction Fuzzy Hash: D8115E351497859FD706CB14D540B16BFA2FB8A718F28C6EDD9890B752C3379813CB81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05631218, Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4a2f039817e39570ea5e76483cfcb8eaa6a61f49ff525670b5cb41dfb5c695da
                                                                            • Instruction ID: 1ac41b44264630b86e52d3d300351ec88064dde22c6a0222bb09e2b18e6405a4
                                                                            • Opcode Fuzzy Hash: 4a2f039817e39570ea5e76483cfcb8eaa6a61f49ff525670b5cb41dfb5c695da
                                                                            • Instruction Fuzzy Hash: 01011D303141148BC728DB29D059969B7EBBFC6600B2541AAE406CB765CFB59C4AC781
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0302086C, Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720774826.0000000003020000.00000040.00000040.sdmp, Offset: 03020000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fda4c2ad858e18bc1f43030613aa9644b7745b2f5b44d5ba58dd73d280a91677
                                                                            • Instruction ID: 283d4941cbfa99b27f9153460dbce107255ff6dfd78a49a9410bdd7c15a69340
                                                                            • Opcode Fuzzy Hash: fda4c2ad858e18bc1f43030613aa9644b7745b2f5b44d5ba58dd73d280a91677
                                                                            • Instruction Fuzzy Hash: 841130351493859FD706CB11C550B15BFB1EB46714F28C6EED9894B6A2C33AD816CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 030205B2, Relevance: .0, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720774826.0000000003020000.00000040.00000040.sdmp, Offset: 03020000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 06b81a84c704c61acd663689e8cec369fade4a0470936aa2e03ed01f4eae2f5d
                                                                            • Instruction ID: 268200907e46df61274ffa79bad1ac062d8ff9fd8598dde7fc654b1191268210
                                                                            • Opcode Fuzzy Hash: 06b81a84c704c61acd663689e8cec369fade4a0470936aa2e03ed01f4eae2f5d
                                                                            • Instruction Fuzzy Hash: 5BF0C2B6508B406FD710CF06EC41857FFE8EB85230B14C46FEC4987601D235B508CBA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05634180, Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fe1f475374fc8c13a12238b7eeda7a22a5d394ecee936b5db2dcedc90eb718c5
                                                                            • Instruction ID: 24b8d554c1b4cf719935df9a4d66046c6197cf101c1834b9b1a9d1a377bb116b
                                                                            • Opcode Fuzzy Hash: fe1f475374fc8c13a12238b7eeda7a22a5d394ecee936b5db2dcedc90eb718c5
                                                                            • Instruction Fuzzy Hash: 46F0A774609789DFCF219F74A80E4BBFF79EE8719230145ABD913C6102DBB1441AC761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05630908, Relevance: .0, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ee1725c630132d2c77eacabcd73b8a0df82303b48151bcd623efbde3fc970b1d
                                                                            • Instruction ID: b1742996f42972257a9063bc3b96ee68447e788895c6cf32f61ff0dd89cffbf7
                                                                            • Opcode Fuzzy Hash: ee1725c630132d2c77eacabcd73b8a0df82303b48151bcd623efbde3fc970b1d
                                                                            • Instruction Fuzzy Hash: 33F02730A093485FE71096B94C2E2AF7FEF5F86230B071497884797286ED74980FC291
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05630918, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 36a030af20d87231398942244a98317ae8c87487bec4371748d2b8d27292c2e1
                                                                            • Instruction ID: d61f0b4e5570a3f299c08991b1af0a286c01cda429d54f78231a3f1f6f6a3d08
                                                                            • Opcode Fuzzy Hash: 36a030af20d87231398942244a98317ae8c87487bec4371748d2b8d27292c2e1
                                                                            • Instruction Fuzzy Hash: 7EE0E532F192189BDB10D9F5AD0E1AFB7AA9785670F014567990793244EE70880EC2D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 030205C2, Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720774826.0000000003020000.00000040.00000040.sdmp, Offset: 03020000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 73732baba123d8658a1d5e8765c6f808a6e54c63ec5825b1948f276046362347
                                                                            • Instruction ID: a4372e2a8eae1cd3cbdc12060ecec21e6b324fb712136bf4481358226d04e296
                                                                            • Opcode Fuzzy Hash: 73732baba123d8658a1d5e8765c6f808a6e54c63ec5825b1948f276046362347
                                                                            • Instruction Fuzzy Hash: FFF0A0B6A00A009FD750CF0AEC42856FBD4EB84630B18C86FEC0D97B01D23AB515CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03020938, Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720774826.0000000003020000.00000040.00000040.sdmp, Offset: 03020000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                                            • Instruction ID: 1b85a48c5f2597a827624fa86a55125de086731d8a27e91d9f8e8c3c6af2c411
                                                                            • Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                                            • Instruction Fuzzy Hash: F3F0FB35104644DFC206CB04D540B26FBA6EB89718F24CAA9E9890B752C337D813DB81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 030205F6, Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720774826.0000000003020000.00000040.00000040.sdmp, Offset: 03020000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1289848fde9d3b171db60ab947e03780e31379878bd23b83b952e7ccaea9e1b4
                                                                            • Instruction ID: f70d6e55d68fd7a8d54691f1e2bf22b299787bbac2f406e555978fc96fc1d7b1
                                                                            • Opcode Fuzzy Hash: 1289848fde9d3b171db60ab947e03780e31379878bd23b83b952e7ccaea9e1b4
                                                                            • Instruction Fuzzy Hash: 32E06D76A046005BD650CF0AEC41452FBD8EB84630728C06BDC0D8B700E639B5048EA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 056302A0, Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9ba32fee70b4fb11aa142b7c5fc6592a5f3b3f65cf1376739e2c7b61070bee40
                                                                            • Instruction ID: 16ebaa6aee65db90a7718a146dbd432fb964ef08c0a9f350d563758a0b28331f
                                                                            • Opcode Fuzzy Hash: 9ba32fee70b4fb11aa142b7c5fc6592a5f3b3f65cf1376739e2c7b61070bee40
                                                                            • Instruction Fuzzy Hash: 7AE0EC3480D740CBC7659B18E45A8617BB1FF467113058A9BE8879A556CB60BC85CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05630170, Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 41769e999af325a0acb44d0639f0d7cfb3050ec9751b3b10f59db6de57bc09d3
                                                                            • Instruction ID: 05f8080965f43c96949b2a3e24d9c794e3a2f20bea834bb7d9cfd39243b87d06
                                                                            • Opcode Fuzzy Hash: 41769e999af325a0acb44d0639f0d7cfb3050ec9751b3b10f59db6de57bc09d3
                                                                            • Instruction Fuzzy Hash: 93E08C3410A344CFC7162FB0A019018BB76EF8B31571088ABE8028A243DF3AE845CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0563064F, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 87db81281a3c6d3cf1dc7190f16c9c5bbc361a13adf6321a81d7b34034026d26
                                                                            • Instruction ID: c217462db0bbf87c11a41921b4967ae78533e2f4fc0e1bf69c47d8cad7bb4023
                                                                            • Opcode Fuzzy Hash: 87db81281a3c6d3cf1dc7190f16c9c5bbc361a13adf6321a81d7b34034026d26
                                                                            • Instruction Fuzzy Hash: 75D0A7724493888FC3555671186F4FC3B66DFD362470888B6D8414E816867135DBE651
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05632D20, Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ae8eed6f6c19a7b46cc7e20683fa1e6bff5ef4c8ec27f4b9de246e66bd7825cd
                                                                            • Instruction ID: c3cd18613daf20573019cb3238f18b06f893bcaa6800ff7e44c352e832446fe0
                                                                            • Opcode Fuzzy Hash: ae8eed6f6c19a7b46cc7e20683fa1e6bff5ef4c8ec27f4b9de246e66bd7825cd
                                                                            • Instruction Fuzzy Hash: BDD05E3C04D3C59ED32287989C377747F36AB0B605F0809D3D28A8C0A7C9516013C722
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015E23F4, Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720606322.00000000015E2000.00000040.00000001.sdmp, Offset: 015E2000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2955e49e114e3c9de1a07352c112c13bd2f54c8b4a504c2e0999516f96f1aae9
                                                                            • Instruction ID: ce428c24b9ecd608db86e933937a5807073b9f918019b8e8e4d2513e5b02da7e
                                                                            • Opcode Fuzzy Hash: 2955e49e114e3c9de1a07352c112c13bd2f54c8b4a504c2e0999516f96f1aae9
                                                                            • Instruction Fuzzy Hash: 7FD05E79605B914FE32A8B1CC1A8B993FE8BB51B04F4644F9E8008F66BC369D681D200
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 015E23BC, Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.720606322.00000000015E2000.00000040.00000001.sdmp, Offset: 015E2000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 39e9f4a83a83ff8a8328cc0b0800735d61a56983c022dd787bb538f082a06471
                                                                            • Instruction ID: 58a55095ee910987ebdaac88b8b503fd426f724fdc416003de99e44c42f26d9c
                                                                            • Opcode Fuzzy Hash: 39e9f4a83a83ff8a8328cc0b0800735d61a56983c022dd787bb538f082a06471
                                                                            • Instruction Fuzzy Hash: 97D05E346003814BD719DB0CC198F5D3BD8BB45B00F1A44E8AD008F26AC7A4D881CA00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05630180, Relevance: .0, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 151be2805c67661d9f9b2ba6009a24acb3307d6bd888742cb629b7d9196ab96e
                                                                            • Instruction ID: 3df9ff74a1ed0c369277aaaf8f4b49c7b9d9ed8ac33d65238bf287bb8d6b07aa
                                                                            • Opcode Fuzzy Hash: 151be2805c67661d9f9b2ba6009a24acb3307d6bd888742cb629b7d9196ab96e
                                                                            • Instruction Fuzzy Hash: 4CD01238211304CFCB297B70E01E42C77AAAB8A31A310487EE80687744EF3AE881CB44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05632EC0, Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 48dfa2db777b8c8e743a4d8f0844970a82a6249147aaccd2b4029caf708b2481
                                                                            • Instruction ID: 16d626f2e787bd808ee8680c682575153835b8f5da363e06f5b5945f8df1558b
                                                                            • Opcode Fuzzy Hash: 48dfa2db777b8c8e743a4d8f0844970a82a6249147aaccd2b4029caf708b2481
                                                                            • Instruction Fuzzy Hash: 37B092392542080BEB6096B5784AB66738C9B80A69F4400A6B90CC5A00E646E4E0A241
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05630660, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 0000000B.00000002.721479803.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4e560000a6b97c2acafa324c2db540ecfa1e7332126633990397de4b027415ac
                                                                            • Instruction ID: 80b7d2b02ff452c6aed22df96e41e25e1df8cb6fb9e9cf5dcb2ba336edf21040
                                                                            • Opcode Fuzzy Hash: 4e560000a6b97c2acafa324c2db540ecfa1e7332126633990397de4b027415ac
                                                                            • Instruction Fuzzy Hash: 22C02B30045258CFC3689672180F43D721B57C2324300C436E401000188B3274D7C911
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions